[Samba] Samba 3.0 PDC + LDAP: Workstation account disappearing
Hello, I've a Debian 3.1 box with Samba 3.0.9 acting as a PDC with OpenLDAP 2.1.30, smbldap-tools 0.8.5, libnss-ldap version 220-1. The problem is this: Yesterday suddenly a user from a workstation already joined to the domain could not log on any more. The log message was: Workstation HPDX02$: no account in domain Digging into LDAP I've found that the entry in the LDAP DB exists (I can see it with slapcat), but the strange thing is the following: - from getent passwd I can see the hpdx02$ user Output: hpdx02$:x:1128:515:Computer:/dev/null:/bin/false - finger hpdx02$ reports this: Login: hpdx02$ Name: Computer Directory: /dev/nullShell: /bin/false Never logged in. No mail. No Plan. - id hpdx02$: # id hpdx02$ id: hpdx02$: No such user - doing pdbedit -L the hpdx02$ is not listed. Si it seems that the entry is in the LDAP but Samba cannot see it anymore. Let me know if you need some more info the track down the problem. Kind regards, luca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disk Space Error
On Thursday 27 January 2005 12:39, Michael Gargiullo wrote: No matter if I connect from my Linux laptop, or my WinXP desktop I receive the error stating Not Enough Free disk space (From the windows macine), and cp: writing `public-share/gmp-4.1.4.tar.gz': No space left on device from the linux machine. SNIP path = /home/samba-share Are you by chance trying to connect or copy files using the command line? According to your smb.conf file, the path is /home/samba-share, and the share that is available on the network is \\workgroup\public Where does the public-share in the error message come from? I would guess it's a typo in your commandline connection attempt If that doesn't ring your bell, try confirm that home is mounted check the unix permissions on your share directory -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Write list access to Read only share
I have been at this problem for almost a week on my own... I am running Samba 3.0.4 on a linux 2.4.26 kernel. I have a share that I want to be read only to the world and writable by members of the write list: [Content] path = /mnt/win/Content read only = yes quest ok = yes write list = sam I set a password for sam using smbpasswd. I believe all of the UNIX permissions are set correctly. I can access the share fine in read only mode. But as user sam on a Windows machine, I try to copy a file to the share and on the first attempt, I get a message Invalid MS-DOS function. On the second attempt, I get the message Access is denied. By looking at the logs, I see that I get an NT_STATUS_WRONG_PASSWORD for sam; since the Windows share password has no value yet, nothing is sent during the session setup. I see that I am connected as the guest user, initially during the session setup and when I try to copy the file. The guest user then gets a Permission denied message when open_file is called which makes sense because guest has only read privilege. Shouldn't I see a prompt on my Windows system to provide a share password? And then once I provide a share password, I should be connected as sam? (I have another share which is accessible only by a valid user list and that is the behavior when I first try to connect to it). Thanks Tony Gaddis - Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Best practices for long-running Samba server
On Thu, 27 Jan 2005 14:14:46 -0800, Spike Burkhardt [EMAIL PROTECTED] wrote: Paul David, Good points that I agree with but at least at three managers I've had want to the uptime get bigger bigger. Something about the 99.95% uptime industry standard. :-((( Ridiculous. They are wrong. Tell them gently that they should not confuse uptime with availability. A planned reboot at 03:00 that has no effect on the availability of the server is much better than an unexpected outage at 14:25 because a leaking database backend ate all your shared memory segments. That does wonders for availability. If you can't trust your machines to reboot themselves unattended and bring themselves back up to operational status then you have shall have to bring a pair of pyjamas into work and set up a cot in the machine room. 99.95% is about 4 and half hours per year. Ask your managers to cover you for the allowance of having a server being offline one whole afternoon per year. Ask for it in writing. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] make: *** [dynconfig.o] Error - [SUMMARY]
Hi List. Thanks to those who looked at the original Q. You can find that below. This post is for those who will face the same issue in the future and to make goggling easier. :-) There was the following sequence of events on the affected Solaris 9 server, which led to the issue. July 2004 - OpenLDAP was upgraded to 2.2.8 Aug 2004 - SAMBA was upgraded to 3.0.7 Sept 2004 - OpenLDAP was upgraded to 2.2.15 After that both SAMBA 3.0.7 and SAMBA 3.0.10 couldn't be built... After a good advice I checked the location of LDAP_CONST in OpenLDAP header files and found that it was moved from ldap.h to ldap_schema.h. Doing manually #include ldap_schema.h in include/proto.h fixed that issue but a new one popped up, this time with passdb/pdb_ldap.c (pwd samba-3.0.10/source) ... Compiling passdb/pdb_ldap.c passdb/pdb_ldap.c: In function `ldapsam_modify_entry': passdb/pdb_ldap.c:1554: error: `ber_tag_t' undeclared (first use in this function) passdb/pdb_ldap.c:1554: error: (Each undeclared identifier is reported only once passdb/pdb_ldap.c:1554: error: for each function it appears in.) passdb/pdb_ldap.c:1554: error: parse error before numeric constant passdb/pdb_ldap.c:1555: error: parse error before numeric constant passdb/pdb_ldap.c: In function `ldapsam_alias_memberships': passdb/pdb_ldap.c:2758: warning: passing arg 5 of `smbldap_search' from incompatible pointer type make: *** [passdb/pdb_ldap.o] Error 1 At that point I decided that it must be something wrong with OpenLDAP and upgraded the one to the latest and greatest stable 2.2.23. This made the trick. All headers etc were nicely understood by SAMBA. No changes in environment variables like FLAGS, CPPFLAGS has been done. I didn't use any specific place for keeping application-specific headers and libraries - all lives in /usr and /usr/local by default. A. Alexei Monastyrnyi wrote: Hi List! I've got a problem building samba 3.0.10 on Solaria 9 box. Configuration is successful with ./configure --with-pam --with-syslog --with-ldapsam --with-automount But make gives the following output. alien make Using FLAGS = -O -Iinclude -I/usr/local/src/samba-3.0.10/source/include -I/usr/local/src/samba-3.0.10/source/ubiqx -I/usr/local/src/samba-3.0.10/source/smbwrapper -I. -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -I/usr/local/src/samba-3.0.10/sourceLIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -ldl LDSHFLAGS = -G -lthread LDFLAGS = -lthread Generating smbd/build_options.c Building include/proto.h creating /usr/local/src/samba-3.0.10/source/include/proto.h Building include/wrepld_proto.h creating /usr/local/src/samba-3.0.10/source/include/wrepld_proto.h Building include/build_env.h creating /usr/local/src/samba-3.0.10/source/nsswitch/winbindd_proto.h creating /usr/local/src/samba-3.0.10/source/web/swat_proto.h creating /usr/local/src/samba-3.0.10/source/client/client_proto.h creating /usr/local/src/samba-3.0.10/source/utils/net_proto.h creating /usr/local/src/samba-3.0.10/source/utils/ntlm_auth_proto.h Compiling dynconfig.c In file included from include/includes.h:926, from dynconfig.c:21: include/proto.h:587: error: parse error before LDAP_CONST make: *** [dynconfig.o] Error I used to build 3.0.7 no the same host (running OpenLDAP 2.2.18 as well) without any problems, but now 3.0.7 gives the same error output... Something must have been changed in my environment but I get blank of what... Any hints are highly appreciated. Sorry if it is off-topic... A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Write list access to Read only share
Had a similar problem a few weeks ago. I found out that your config only works if you have set security = user in the global section. Then, a login box should pop up the first time you try to access the share. For some reason, Windows remembers what you enter in this box, even if you don´t check Remember Username/Password, so be careful with it. Good Luck, Jörg - Original Message - From: Tony Gaddis [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, January 28, 2005 9:47 AM Subject: [Samba] Write list access to Read only share I have been at this problem for almost a week on my own... I am running Samba 3.0.4 on a linux 2.4.26 kernel. I have a share that I want to be read only to the world and writable by members of the write list: [Content] path = /mnt/win/Content read only = yes quest ok = yes write list = sam I set a password for sam using smbpasswd. I believe all of the UNIX permissions are set correctly. I can access the share fine in read only mode. But as user sam on a Windows machine, I try to copy a file to the share and on the first attempt, I get a message Invalid MS-DOS function. On the second attempt, I get the message Access is denied. By looking at the logs, I see that I get an NT_STATUS_WRONG_PASSWORD for sam; since the Windows share password has no value yet, nothing is sent during the session setup. I see that I am connected as the guest user, initially during the session setup and when I try to copy the file. The guest user then gets a Permission denied message when open_file is called which makes sense because guest has only read privilege. Shouldn't I see a prompt on my Windows system to provide a share password? And then once I provide a share password, I should be connected as sam? (I have another share which is accessible only by a valid user list and that is the behavior when I first try to connect to it). Thanks Tony Gaddis - Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with Browse List
On Thursday 27 January 2005 15:07, Marvin Bonilla wrote: Unable to resolve my problem after long time of reading and searching I decide to ask for help to the experts. The problems is that there is no browse list even thought everything works fine. I can share files with others machines but don't see anything on network neighborhood. We use the OpenBSD 3.6 box with Samba 2.2 only for DNS and Wins. Please Help! Did you paste your smb.conf file twice? You have duplicate sections Try running the command testparm on the server and see what it says about your configuration file If your computers are all on the same subnet, you don't need remote announce. If you do need remote announce, the correct form of the part after the equals sign is the IP address of the remote network(s) # remote announce = 10.3.100.5 10.6.50.1 10.4.100.1 10.7.50.1 remote announce = yes I'm not sure this announce as parameter is correct. I don't know if it makes any difference... but it might. announce as = NT Server Check to see if your windows clients are actually configured to query the wins server. Do you in fact have an entry for pcguest in your /etc/password file? Depending on the client OS, you may have trouble browsing shares if there is no functioning guest account. -- add pcguest if necessary, or comment out the line and let samba use nobody, which is the default. # Uncomment this if you want a guest account, # you must add this to /etc/passwd # otherwise the user nobody is used guest account = pcguest Take a look at the man page for nmblookup. Use this command to find the master browser, query the master browser, etc. I think the equivalent windows command is nbtstat Investigate the contents of wins.dat and browse.dat files on your server. They can be deleted and smb/nmb restarted, then it may take about fifteen minutes for new wins information to be re-established -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Bug report
Hi, Shortly after removing the wins.dat files as John T suggested, the nmb process died with the following backtrace. I restarted it, and all seems well. The Samba version is that from latest FC3 (samba-3.0.10-1.fc3). I can post config info if required: [2005/01/28 00:34:51, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295) become_domain_master_browser_bcast: querying subnet 192.168.0.7 for domain master browser on workgroup HOME [2005/01/28 00:34:55, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup HOME on subnet 192.168.0.7 [2005/01/28 00:34:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113) * Samba server FILESTORE is now a domain master browser for workgroup HOME on subnet 192.168.0.7 * [2005/01/28 00:35:14, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server FILESTORE is now a local master browser for workgroup HOME on subnet 192.168.0.7 * [2005/01/28 00:38:53, 0] lib/fault.c:fault_report(36) === [2005/01/28 00:38:53, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 16184 (3.0.10-1.fc3) Please read the appendix Bugs of the Samba HOWTO collection [2005/01/28 00:38:53, 0] lib/fault.c:fault_report(39) === [2005/01/28 00:38:53, 0] lib/util.c:smb_panic2(1504) PANIC: internal error [2005/01/28 00:38:53, 0] lib/util.c:smb_panic2(1512) BACKTRACE: 8 stack frames: #0 nmbd(smb_panic2+0x8a) [0x6df1bd] #1 nmbd(smb_panic+0x19) [0x6df3e9] #2 nmbd [0x6ca929] #3 /lib/tls/libc.so.6 [0x153a48] #4 nmbd(refresh_my_names+0x45) [0x675421] #5 nmbd(main+0x4da) [0x66be97] #6 /lib/tls/libc.so.6(__libc_start_main+0xe3) [0x140e33] #7 nmbd [0x66a661] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] printing Problems in Samba 3.0.10
Hi all, we are using Samba for a year in our departement. It replaced a dedicated win2k-server for printer and file sharing. We are quite happy with it, but we have still some problems. Does anyone of you know solutions to this: 1. We are using HP Laserjet 4300 in our departement. Driver ( origial PS drivers from HP website) installation was successfull and basic functionality works, but some features like collate and n-up are missing on the options panels of the driver. We tested these drivers on a Windows server before, and there they hadd these options. 2. From time to time our samba server forgets all options of the printer: The Driver name, additional installed components (duplex unit, second tray) and the long, friendly printer name. 3. Since today enumprinter returns for a single printer two printers: one with the friendly name, the other with the share name. If i open the properties dialog, they both show the same dialog for thr printer with the logn name. In smb.conf there is only a signle entry defined for this printer. Sample smb.conf is appended Thanks for your help Christoph [global] workgroup = CIP-POOL realm = WIWI.UNI-KARLSRUHE.DE netbios name = fwi-fortuna allow trusted domains = No winbind use default domain = yes winbind trusted domains only = yes server string = %h server (Samba %v) security = ADS username map = /etc/samba/usermap restrict anonymous = 2 load printers = No printcap name = cups dns proxy = No invalid users = root printer admin = smbop, christophk, @lpadmin printing = cups #APW Skripte enumports command=/usr/bin/enumports addprinter command=/usr/bin/addprinter deleteprinter command=/usr/bin/deleteprinter [printers] comment = All Printers path = /tmp force user = zbenutzer create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /usr/share/samba/printers write list = smbop, christophk, @lpadmin force user = smbop browseable = No [hp43cps] path = /tmp printable = Yes printer name = fwi-hp4300c [PDF] path = /tmp printable = Yes printer name = PDFPrinter [hp43dpc] path = /tmp printable = Yes printer name = FWI-HP4300D [hp43apc] path = /tmp printable = Yes printer name = fwi-hp4300a [hp43aps] path = /tmp printable = Yes printer name = fwi-hp4300a [hp45pcl] path = /tmp printable = Yes printer name = fwi-cip-hp4500n [hp45ps] path = /tmp printable = Yes printer name = fwi-cip-hp4500n [hp46bpc] path = /tmp printable = Yes printer name = fwi-hp4600b [hp46bps] path = /tmp printable = Yes printer name = fwi-hp4600b [hp43cpc] path = /tmp printable = Yes printer name = fwi-hp4300c [hp46apc] path = /tmp printable = Yes printer name = fwi-hp4600a [hp46aps] path = /tmp printable = Yes printer name = fwi-hp4600a [hp43dps] path = /tmp printable = Yes printer name = FWI-HP4300D [hp43bps] path = /tmp printable = Yes printer name = fwi-hp4300b [hp43bpc] path = /tmp printable = Yes printer name = fwi-hp4300b -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] String overflow with random characters
Hi, I've got a problem with a 2.2.2 samba server. It has, a number of times,
recorded the following lines for a short period of time of 10 seconds, and
then not again for days. Has anyone seen these before? It all appears to be
random characters. It has only happened from 2 machines out of 30 or so.
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 363 in safe_strcpy
[^?AA96AAA^PèAAª]AA¡ÅAA#AAA5^AA^PèA]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 165 in safe_strcpy
[^]tAAA6A82^?GAnA81^]tA6A6A^NnLAnA^R^]tAAA6AðnLA¨AAA*6AA*6A]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 44 in safe_strcpy
[¨ÙßÓ^Bá8Ev¤åAÅESC¬99ãÓEá8E«â^D85Èá8E«âÌ^Y*¥T8Fä8AX!ãG8Fä8A
X!ãG8Fä]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 94 in safe_strcpy
[A9AA9AA6A6Aó)©Cþ^ZÙò('A8AA9Da^D^SAAAbAAA^P)©Cþ^ZÙò('A8AA9Da^D^E
]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 646 in safe_strcpy
[qx76n6AAAô]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 723 in safe_strcpy
[^Vñ^CH¼ñÖ¼ñÖ.±^P^SY^K|²9Có^\J^A80ESC¥Nè¾?Þ¾^_Ñ^QFWWÿÿëF96^T98äÖ^CWF
]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 479 in safe_strcpy
[Â82pWêýCØLC86xL98J:Lx:ëxkë98^FpkêLkCLê9YJpý8BLc86Lú86Lë86ØL
]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 118 in safe_strcpy [Íõ8C£èÂÛíBÔ.À81^\º®
í^DÃ^P80Ù* '~ ô^\ñȸò97S^VüÛöA_8C8F69BùâÌý]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 2267 in safe_strcpy
[99Ê99â^V9090ëwA!ß^EA_8C8F69BùâÌýðA^Ow^R^S9FÁAtæAãlª!ß^EA_
8C8F69Bù]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 128 in safe_strcpy
[$³ê82x^F:98FJ82²¥L`ÇÇÇJSê:82ªYê^F98Cë²p~ë8B86^FS9Cd̳ê98ê
pWêú¥]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 1218 in safe_strcpy
[=]=]=]=]=]=]=]=]=]^^AtA6AbÒAA]Ã]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 2279 in safe_strcpy
[Sª»AB+»A86HA80²Ï^GAA6A86A6AAA5âAAÅ]
[2005/01/13 09:33:29, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 1264 in safe_strcpy
[76]
[2005/01/13 09:33:30, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 3110 in safe_strcpy
[^\6AAAÚ]
[2005/01/13 09:33:30, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 1847 in safe_strcpy
[õ^T92^PbAA6AAA6AAAL¨AAA¨AAAé9C!976ßAAª¨A]
[2005/01/13 09:33:30, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 167 in safe_strcpy
[¸^T92^PÒ6AbAAA6956Ab^SAâ½88^KõÖ76´95AAâb^S]
[2005/01/13 09:33:30, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 1847 in safe_strcpy
[õ^T92^PbAA6AAA6AAAL¨AAA¨AAAé9C!976ßAAª¨A]
[2005/01/13 09:33:30, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 167 in safe_strcpy
[¸^T92^PÒ6AbAAA6956Ab^SAâ½88^KõÖ76´95AAâb^S]
[2005/01/13 09:33:30, 0] lib/util_str.c:safe_strcpy(877)
ERROR: string overflow by 1427 in safe_strcpy
[^X^T92Aô¨A*AAA6AAAªô¨ALô¨AAÎðÀþñ76ÕgAAô¨]
Thanks,
Dave
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Active Directory + Samba 3.0.10 - how to deal with owners and permissions
Hi. I've a running samba system that works with a ADS auth. All looks like to work. I can get the list of Domain users and groups (wbinfo -u, wbinfo -g), and getent passwd works too. Now I want to share a directory(or volume) and that the DOMAIN/Administrator be the owner of this share to get the control of it. I don't know how samba deals with resource owners and permissions in a AD context? Do I need to change the owner by hand to DOMAIN/Administrator in the samba system to this share? Is it possible to say to samba that this share is owned by DOMAIN/Administrator?. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printing Problems in Samba 3.0.10
On Fri, 28 Jan 2005 10:55:30 +0100, Christoph Klein [EMAIL PROTECTED] wrote: Hi all, we are using Samba for a year in our departement. It replaced a dedicated win2k-server for printer and file sharing. We are quite happy with it, but we have still some problems. Does anyone of you know solutions to this: 1. We are using HP Laserjet 4300 in our departement. Driver ( origial PS drivers from HP website) installation was successfull and basic functionality works, but some features like collate and n-up are missing on the options panels of the driver. We tested these drivers on a Windows server before, and there they hadd these options. I've had the same problems with a HP Color Laserjet 5500. HP's drivers use EMF to provide the n-up (and probably collate) functionality. Now, EMF runs on the server side and Samba doesn't support it. Our solution passed by using Adobe's PS drivers. When properly configured they give you the exact same functionality, altough you loose all of HP's eye candy in the print gui. 2. From time to time our samba server forgets all options of the printer: The Driver name, additional installed components (duplex unit, second tray) and the long, friendly printer name. 3. Since today enumprinter returns for a single printer two printers: one with the friendly name, the other with the share name. If i open the properties dialog, they both show the same dialog for thr printer with the logn name. In smb.conf there is only a signle entry defined for this printer. I don't know about 2) but about 3): if I recall correctly you have an option in smb.conf to force Windows to use the samba printer name, as the printer name (Windows automatically uses the print driver name instead of the printer name, IIRC). Search the mailing lists and you'll find more about this. HTH, manuel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] please help
Sir Sarang here (fresher for LDAP and Samba) I am working in project of Samba frontend and LDAP backend (i.e smbldap tools.) I have added users by command smbldap-useradd command I want to allocate quota and ACL to them by smbcquotas smbcacls command. Since I don't know how to use this command. but I am unable to understand with the help of manual pages given as below http://www.hmug.org/man/1/smbcquotas.html http://www.hmug.org/man/1/smbcacls.html Since Iam not understanding the exact syntax of smbquotas and smbcacls. I need some documentation or examples of smbcquotas and smbcacls , which will be very much helpful to me. regards sarang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba And Win98/XP Hidden File attribute
Hi people.. I brought up to date mine samba to 3.0.10 and enable PDC to control my wind98/XP, all works fine, but i cant set some file attributes, like Hidden file but i can write/change all files... I have samba 3.0.10, FreeBSD 5.3-stable, unix file permissons are 0777, samba have line force user = root on all shares.. someone have any ideia? Tks for all. Hugs Tiago N. Sampaio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory + Samba 3.0.10 - how to deal with owners and permissions
[EMAIL PROTECTED] wrote: Hi. I've a running samba system that works with a ADS auth. All looks like to work. I can get the list of Domain users and groups (wbinfo -u, wbinfo -g), and getent passwd works too. Now I want to share a directory(or volume) and that the DOMAIN/Administrator be the owner of this share to get the control of it. I don't know how samba deals with resource owners and permissions in a AD context? Do I need to change the owner by hand to DOMAIN/Administrator in the samba system to this share? Is it possible to say to samba that this share is owned by DOMAIN/Administrator?. Thanks. I would just leave the filesystem to sort that out: mkdir mydirectory chown DOMAIN/Administrator mydirectory (be aware of winbind seperator =) add the share to samba normally Now when users browse to it (if they have permission) they will be able to see the owner is administrator) This is a nice way to administer the base of a share system: -fileroot (shared as fileroot$, browseable no, read list @ntadmin, write list @ntadmin) -- share1 (shared normally) -- share2 -- share3 -- share4 Like this, i can open up fileroot$ and set permissions on shares easily, also I have a back door to shares that may otherwise lock me out. Hope that helps, H signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbldap-tools and sambaPasswordMustChange
On Thursday 27 January 2005 05:36 pm, news.gmane.org wrote: 2147483647 is a unix timestamp (number of seconds since some date in 1970) I believe. Yes, for very far in the future. I've been trying a few things. I had OpenLDAP set to use exop to update the password. I changed it to clear. I also took away the pam password change = yes in smb.conf because I don't know what it does. I have ldap password sync = yes in there, but it looks like the right thing. If I manually use smbldap-passwd to change a user's password, I get the following output: 30 82 01 2E 02 01 04 66 82 01 27 04 3D 63 6E 3D 0..f..'.=cn= 4D 69 73 74 79 20 53 74 61 6E 6C 65 79 2D 4A 6F Misty Stanley-Jo 6E 65 73 2C 6F 75 3D 70 65 6F 70 6C 65 2C 6F 75 nes,ou=people,ou 3D 43 4F 52 50 2C 64 63 3D 62 6F 72 6B 68 6F 6C =CORP,dc=mycomp 64 65 72 2C 64 63 3D 63 6F 6D 30 81 E5 30 3A 0A any,dc=com0..0:. 01 02 30 35 04 0F 73 61 6D 62 61 4C 4D 50 61 73 ..05..sambaLMPas 73 77 6F 72 64 31 22 04 20 44 34 36 44 43 37 46 sword1. blahblah 44 46 42 45 46 39 31 43 42 32 35 41 44 33 42 38 blahblahblahblah 33 46 41 36 36 32 37 43 37 30 1C 0A 01 02 30 17 blahblahblahblah. 04 0E 73 61 6D 62 61 41 63 63 74 46 6C 61 67 73 ..sambaAcctFlags 31 05 04 03 5B 55 5D 30 3A 0A 01 02 30 35 04 0F 1...[U]0:...05.. 73 61 6D 62 61 4E 54 50 61 73 73 77 6F 72 64 31 sambaNTPassword1 22 04 20 36 34 43 45 42 36 30 37 34 46 45 31 37 . blahblahblahblah 36 39 41 44 34 34 34 39 35 35 34 33 46 43 33 39 blahblahblahblahblah 42 35 34 30 24 0A 01 02 30 1F 04 0F 73 61 6D 62 bla$...0...samb 61 50 77 64 4C 61 73 74 53 65 74 31 0C 04 0A 31 aPwdLastSet1...1 31 30 36 39 32 31 38 38 31 30 27 0A 01 02 30 22 1069218810'...0 04 12 73 61 6D 62 61 50 77 64 4D 75 73 74 43 68 ..sambaPwdMustCh 61 6E 67 65 31 0C 04 0A 31 31 31 34 36 39 37 38 ange1...11146978 38 31 __ __ __ __ __ __ __ __ __ __ __ __ __ __ 81 That date translates to Thu Apr 28 09:17:51 2005 which is perfect. But it is not getting put into the LDAP server. So I am wondering if this might be some openLDAP problem. Will explore further. One thing I am not sure about is why is there a 1 after every attribute name: sambaPwdMustChange1 ... might be some debug output thing though. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbldap-tools and sambaPasswordMustChange
Ugh, please ignore all this. It's not Samba or OpenLDAP, it's phpLDAPAdmin displaying it wrong! Thank goodness for GQ! Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RID/SIDs
Hey Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and how to generate them properly? -Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Recycler problem
zheka wrote:
Christian Marx wrote:
Hi folks,
I have Samba 3.0.10 with SuSE 9.1 running and a problem with the
recycler feature of Samba.
Following setup:
- User A deletes file F1 in directory D
- Samba produces file .recycler/D/F1
- D has permissions -rwx--, F1 has permissions -rwxrw-r-- (owner A)
- User B deletes file F2 in directory D
- F2 doesn't show up in .recycler/D
So all files User B deletes in directory D are lost.
Any suggestions on that?
--- smb.conf
...
create mask = 775
directory mask = 0775
vfs objects = recycle
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes
recycle:maxsize = 0
recycle:exclude = *.tmp|~$*
recycle:noversions = *.doc|*.xls|*.ppt
...
--- smb.conf end
Thanks,
Christian Marx
AFAIK, it's intended behaviour. See lines 216 and 234 in vfs_recycle.c.
2 independent ways to resolve the issue:
1. Set default ACL for recycle dir:
# setfacl -d -m g:some_group:rwx ./.recycle
2. Quick and dirty patch to vfs_recycle.c:
line 216:
mode = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | IXGRP | IWGRP
This should add rwx rights to group on newly created directories under
.recycle
Well, that somewhat limits the use of the recycle feature, since it
simply doesn't work on shares accessed by multiple users.
In my opinion the behaviour should be controllable via the smb.conf file.
Anyway, thanks for your thoughts, but I chose to fix this shortcoming in
a more clumsy way, I guess. But I might check the acl stuff sometime.
--- crontab
-* * * * * root/usr/bin/find /srv/samba/*/.recycle -type d
-exec /bin/chmod g+rwx {} \;
--- contab end
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trying to change the owner of a file in ADS
Hi again. Now I can access the shares (thanks to force user = %D/%U) in Active Directory, but when I try (from a AD account) to change the owner of a directory/file I get an alert window saying: Access Denied. Is it a problem with the samba/linux directories permissions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] disappointed with complete lack of help.
I sent a request for help on the 21st of JanuaryI waited.I sent it again on the 24thI waited I sent the same question crafted differently on the 25th I waited. The help on this list is horrible. I am sorry for whining. I talk up open source regularly and I help when I can. but, the claim of better support from the open source community because there are so many active people is a farce I see people discussing the semantics of what uptimes should or should not be, but no help. So, I will struggle on my own a bit longer. So, I thank the Samba group for a great tool, I just can't thank them for the help, and yes, in the past I have made financial contributions to the group. Small, but more than many. Michael J Barber WPTZ/WNNE Computer Services Administrator p 518-561- x563 m 518-572-6639 f 518-561-5940 I sent a request for help on the 21st of JanuaryI waited.I sent it again on the 24thI waited I sent the same question crafted differently on the 25th I waited. The help on this list is horrible. I am sorry for whining. I talk up open source regularly and I help when I can. but, the claim of better support from the open source community because there are so many active people is a farce I see people discussing the semantics of what uptimes should or should not be, but no help. So, I will struggle on my own a bit longer. So, I thank the Samba group for a great tool, I just can't thank them for the help, and yes, in the past I have made financial contributions to the group. Small, but more than many. Michael J Barber WPTZ/WNNE Computer Services Administrator p 518-561- x563 m 518-572-6639 f 518-561-5940 = This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Information Services HelpDesk ([EMAIL PROTECTED]) immediately by e-mail and delete the original message. = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory + Samba 3.0.10 - how to deal with ownersand permissions
[EMAIL PROTECTED] wrote: I would just leave the filesystem to sort that out: mkdir mydirectory chown DOMAIN/Administrator mydirectory (be aware of winbind seperator =) add the share to samba normally Now when users browse to it (if they have permission) they will be able to see the owner is administrator) This is a nice way to administer the base of a share system: -fileroot (shared as fileroot$, browseable no, read list @ntadmin, write list @ntadmin) -- share1 (shared normally) -- share2 -- share3 -- share4 Like this, i can open up fileroot$ and set permissions on shares easily, also I have a back door to shares that may otherwise lock me out. Then, do I need to manually (or through an script) change the permissions and ownership of the files? is not there an automatic mechanism? I dont understand what you want? If you have a directory there already, you can change ownership with chmod, if you want all the files in the directory, you can chmod -R /dir/name/* Files created by users will be owned by them, unless you use force user. If you connect to the files through windows, you can set ownership and permissions through the normal windows method. signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] question about libsmbclient
Hello! I'm writing a file scanner that searches shares in SMB network (http://sf.net/projects/fsmbsearch if it matters). I would like to use libsmbclient to scan remote server. However, there is a problem, that I cannot solve. Out network is quite large (more than 2000 hosts). There is no strong administration, so each user choose whatever name for his computer. As a result, there many hosts have the same names. To scan them, I've tried to use IP instead of name. It works well for the most part of network. However, there are some old machines running Win98 and this method doesn't work for them. After googling I found that Win98 requires NetBIOS name to be specified: http://lists.samba.org/archive/samba/2004-April/085175.html http://www.spinics.net/lists/samba/msg33123.html So, if I use only name I can't properly scan machines with the same names. If I use only IP - I can't scan machines with Win98. The solution is to use both! smbclient already allows to specify both name and IP (via -I cmdline option). But the libsmbclient doesn't have such ability. Functions like smbc_open get URL in form of //host/share or //ip.ip.ip.ip/share, but not both. I suggest adding this feature to libsmbclient. What is the best way to specify ip? I've seen sources of the libsmbclient and found that there are some options. Currently supported options are ?mb=all, ?mb=any. Maybe new option like ?ip=x.y.z.t can be added? However, with current code options and URL cannot be specified at the same time. Another idea is to put this into SMBCCTX structure... I can create a patch that add this functionality. What should be done for it to be applied upstream? What coding style/policy/etc should I follow? Do you see another solution for this problem? PS. Sorry for my terrible English. With best regards, Alexander. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] custom print processing
Hi all, I've got a printserver working using cups/samba,ADS. I'm want to pass any jobs through a custom script which will do various things, including checking user quotas from a custom database (I know there are print quota solutuions out there that will fit in nicely with cups and samba, but I need to do this a different way due to some custom things we need to do) I've tried adding a line like 'print command = /path-to-script.pl`, to a test perl script which just logs some things to a file (with the intention of douing what I need with the user data then sending the job to lpr), but any print jobs are just sent to the printer without going through my script. Can anyone give me any clues on what I need to do to acheive this? Many thanks, Ian. -- Ian Taylor Technical Support Internet Assist Ltd Tel: +44 (0)1621 840014 Fax : +44 (0)1621 853 959 Web: http://www.i-a.co.ukEmail : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
The help on this list is horrible. I am sorry for whining. Looking back on your questions, it seems like the cause is most likely phrasing of your issue. It has been stated often that a well crafted question with all pertinent info will get better response than a hard to understand issue. I believe yours is the latter. Granted that I didn't read all your messages, but the first two were definately the latter. You start off by posting your smb.conf, then 40+ lines of debug info, then somewhere in there is a vaugly crafted issue. You have not stated what your goal is, your system config, and/or what you have done to troubleshoot your issue, which I reiterate, has not clearly been stated either. Have you read the documentation? Have you tried to follow an example? We have a very good book on pure documentation and a book on examples, I recommend both. They are available free online and for money in print. This is a fairly high volume list, I think I had 40 messages when I logged on this morning just from overnight. The quick to answer or suggest questions get first attention, then if somebody is bored they might try to figure out what some random post was trying to infer. I can't offer any help personally, since from what I can guess, you're running an NT4 domain and having some random winbind issue, and I run neither, but if you structure your question such that somebody who does can see what your problem is, your milage may improve. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] disappointed with complete lack of help.
I humbly submit this response: I suppose the adage You get what you pay for would be appropriate here. However, given that the Samba maintainers have bothered to set up a list for support and discussion of their software, I'd say that is far better than absolutely nothing. Add to that the reams of documentation that have been provided gratis. I will not discount your disappointment at the lack of a resolution to your problem, sir. I too, as many others I'm sure, do not always find the answers I need, especially in a timely fashion. But I challenge you to find any proprietary product where you achieve a 100% satisfactory tech response to all of your issues. I'm sure you'll be hard pressed to do so. Samba _is_ an excellent tool. One that has provided many the opportunity to maintain interoperability in diverse systems. The developers' time and effort put into this project are (probably) immeasurable. My suggestion is to read and reread any and all documentation you have and document the steps you take in building and configuring your Samba server. I know that in the past, that has improved my knowledge of the software and lessened the likelihood of me having made a mistake because I made too many changes and introduced too many variables into the equation. So it is that I propose this adage: You get as much out of something as you put into it. ry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 28, 2005 9:43 AM To: samba@lists.samba.org Subject: [Samba] disappointed with complete lack of help. I sent a request for help on the 21st of JanuaryI waited.I sent it again on the 24thI waited I sent the same question crafted differently on the 25th I waited. The help on this list is horrible. I am sorry for whining. I talk up open source regularly and I help when I can. but, the claim of better support from the open source community because there are so many active people is a farce I see people discussing the semantics of what uptimes should or should not be, but no help. So, I will struggle on my own a bit longer. So, I thank the Samba group for a great tool, I just can't thank them for the help, and yes, in the past I have made financial contributions to the group. Small, but more than many. Michael J Barber WPTZ/WNNE Computer Services Administrator p 518-561- x563 m 518-572-6639 f 518-561-5940 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Domain admins not getting local admin rights
Hi there, Thanks to everyone for their suggestions. Unfortunately, I must be missing something, I did delete the group_mappings.tdb and re-create my groups. This has not improved the situation unfortunately. Where else might I look? An aside question: how can I be sure, from the perspective of the Windows workstation, what exactly Windows sees my group memberships/priveleges? I don't know of a way to determine this, some little utility or applet? Thanks, mtoal John H Terpstra wrote: On Thursday 27 January 2005 16:00, Dana Forte wrote: Looks like there are 2 Domain Admin ntgroups, each with a different SID. Delete the one that doesn't match the domain portion of the output of 'net getlocalsid', then make sure the one that is left is mapped to the correct unixgroup. Alternately, stop samba then delete the group_mapping.tdb file, restart samba and then remap your groups. Example: net groupmap modify ntgroup=Domain Admins unixgroup=flyingpigs Cheers, John T. Morgan Toal [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi there, I switched servers yesterday. The old server was running 2.2.7a-1 on RedHat 8.0. The new server is 3.0.8-0.pre1.3 on Fedora Core 3. I did the migration by copying the following: /etc/passwd /etc/group /etc/shadow /etc/samba/* I then copied /home and fixed all the permissions on stuff. I then started up samba on the new server, and unplugged the old one. Most everything went smoothly, everyone could log in, we did not have to re-join client comptuters to the domain. However, I am not understanding why my domain administrator accounts are now not getting local administrator priveleges when logged in. This always worked fine on Samba 2.2.7a-1! I now cannot, when logged in on a W2K workstation as a domain user called nsu, which is a member of domain admins, modify files in C:\WINNT, or modify the local registry, etc. On a W2K orkstation, In the Local Users and Groupsd8 applet I can see that the local Administrators does in fact contain PD/Domain Admins and it gines a partial listing of the group's SID. I cannot confirm if this is the same SID as my SID in samba for Domain Admins. It should be the same, right? Can anyone suggest a tool I could use to confirm this? I *really* don't want to have to add a domain group of people who should be local administrator to the local administrators group on each workstation, as we have quite a number of workstations, so I have not tried this yet... Can someone else suggest something for me to check or try? Thanks! mtoal - [EMAIL PROTECTED] ~]# net groupmap list System Operators (S-1-5-32-549) - -1 Domain Users (S-1-5-21-2634632689-992284068-1313363551-513) - -1 Domain Admins (S-1-5-21-2634632689-992284068-1313363551-512) - domainadmin Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-2634632689-992284068-1313363551-514) - -1 Domain Users (S-1-5-21-3505514775-834951346-1128776050-513) - -1 Domain Admins (S-1-5-21-3505514775-834951346-1128776050-512) - -1 Domain Guests (S-1-5-21-3505514775-834951346-1128776050-514) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - domainadmin Administrators (S-1-5-32-544) - domainadmin cid (S-1-5-21-2634632689-992284068-1313363551-2045) - cid Account Operators (S-1-5-32-548) - -1 seint (S-1-5-21-2634632689-992284068-1313363551-2157) - seint Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 - [EMAIL PROTECTED] ~]# cat /etc/samba/smb.conf log level = 4 netbios name = pd1 workgroup = pd os level = 200 preferred master = no domain master = yes local master = no wins support = no wins server = 192.168.18.14 name resolve order = wins lmhosts enhanced browsing = no security = user encrypt passwords = yes domain logons = yes logon path = logon drive = Z: logon home = \\%L\%u logon script = logon.bat add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u use client driver = yes host msdfs = yes guest account = guest map to guest = bad user username map = /etc/samba/smbusers admin users = @domainadmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] disappointed with complete lack of help.
Hi, Maybe I can help reduce that disappointement. When you say in you 25th January message Directory and file permissions should probably be 700? What directory are you talking about? Home dir? If so, then your right... Still assuming you're talking only about home dirs, I assume that dirname=unix_username=win_username. If so, then it's not difficult to make a bash/perl/whatever script which does: chown -R user:Domain Users userdirectory I think this may still be the best approach. As for your comments, you should be thankful that people, who receive nothing for doing it, take their time to read your messages. I too have posted here some questions with no reply whatsoever, and that doesn't mean i'll start say that the claim of better support from the open source community because there are so many active people is a farce Best regards, Bruno Guerreiro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 28 de Janeiro de 2005 14:43 To: samba@lists.samba.org Subject: [Samba] disappointed with complete lack of help. I sent a request for help on the 21st of JanuaryI waited.I sent it again on the 24thI waited I sent the same question crafted differently on the 25th I waited. The help on this list is horrible. I am sorry for whining. I talk up open source regularly and I help when I can. but, the claim of better support from the open source community because there are so many active people is a farce I see people discussing the semantics of what uptimes should or should not be, but no help. So, I will struggle on my own a bit longer. So, I thank the Samba group for a great tool, I just can't thank them for the help, and yes, in the past I have made financial contributions to the group. Small, but more than many. Michael J Barber WPTZ/WNNE Computer Services Administrator p 518-561- x563 m 518-572-6639 f 518-561-5940 I sent a request for help on the 21st of JanuaryI waited.I sent it again on the 24thI waited I sent the same question crafted differently on the 25th I waited. The help on this list is horrible. I am sorry for whining. I talk up open source regularly and I help when I can. but, the claim of better support from the open source community because there are so many active people is a farce I see people discussing the semantics of what uptimes should or should not be, but no help. So, I will struggle on my own a bit longer. So, I thank the Samba group for a great tool, I just can't thank them for the help, and yes, in the past I have made financial contributions to the group. Small, but more than many. Michael J Barber WPTZ/WNNE Computer Services Administrator p 518-561- x563 m 518-572-6639 f 518-561-5940 = This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Information Services HelpDesk ([EMAIL PROTECTED]) immediately by e-mail and delete the original message. = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] custom print processing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ian Taylor wrote: | Hi all, | | I've got a printserver working using cups/samba,ADS. I'm | want to pass any jobs through a custom script which will | do various things, including checking user quotas from | a custom database | | I've tried adding a line like 'print command = /path-to-script.pl`, | to a test perl script which just logs some things to a | file (with the intention of douing what I need with the user | data then sending the job to lpr), but any print jobs are just sent | to the printer without going through my script. | | Can anyone give me any clues on what I need to do to | acheive this? set 'printing = bsd' in the printer service in question. The 'print command', et. al. is ignored when 'printing = cups' cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+mAHIR7qMdg1EfYRAi/MAJ0bpFY+UzwnBxxngxCMxseLUJtPEQCdG0t1 jH86nvDSQiox/Lx/r/rM6S8= =RPjn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Apology
I must apologize to the list for venting my frustrations. I never intended to diminish the value or volume of the help the members on the list offer. I spoke in haste without taking a step back first. Some of the things I said were just blatantly wrong and should not have been said. I usually do not make such comments and I am always disappointed in those that do make them (including myself). Once again, my conduct was not professional or proper and I apologize. Please know that I do appreciate any and all help received. Thanks, Michael J Barber WPTZ/WNNE Computer Services Administrator p 518-561- x563 m 518-572-6639 f 518-561-5940 I must apologize to the list for venting my frustrations. I never intended to diminish the value or volume of the help the members on the list offer. I spoke in haste without taking a step back first. Some of the things I said were just blatantly wrong and should not have been said. I usually do not make such comments and I am always disappointed in those that do make them (including myself). Once again, my conduct was not professional or proper and I apologize. Please know that I do appreciate any and all help received. Thanks, Michael J Barber WPTZ/WNNE Computer Services Administrator p 518-561- x563 m 518-572-6639 f 518-561-5940 = This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Information Services HelpDesk ([EMAIL PROTECTED]) immediately by e-mail and delete the original message. = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RID/SIDs
On Friday 28 January 2005 07:52, Daniel Corbe wrote: Hey Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and how to generate them properly? The SID is generated automatically by Samba. If you change a Samba server name or workgroup name a new SID will be generated. This is a strong argument in favor of backing up the SID. You can obtain the SID of the Samba server by executing: net getlocalsid SID for domain FRODO is: S-1-5-21-726309263-4128913604-1168186429 The SID can be restored by executing: net setlocalsid S-1-5-21-726309263-4128913604-1168186429 In a Windows NT4 or ADS domain the RID is generated as the account is created. The user SID = domain_SID+RID, in the above case the SID for my user account is S-1-5-21-726309263-4128913604-1168186429-4214. Samba uses an algorithm to create a RID from the users UID. The default algorithm is: RID = (UID x 2) + 1000 The best source of documentation for how this is handled in Samba is in the source code. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I've only joined the list recently, but please be mindful of the fact that the people on this list a dedicating their free time without any kind of incentive... Remember, getting help is a privelidge, not a constitutional right! Regards, Pascal de Bruijn http://members.home.nl/keizerflipje/sambapdc/sambapdc.pdf [EMAIL PROTECTED] wrote: | I sent a request for help on the 21st of JanuaryI waited.I sent it | again on the 24thI waited I sent the same question crafted | differently on the 25th I waited. | | The help on this list is horrible. I am sorry for whining. | | I talk up open source regularly and I help when I can. but, the claim | of better support from the open source community because there are so | many active people is a farce | | I see people discussing the semantics of what uptimes should or should not | be, but no help. | | So, I will struggle on my own a bit longer. | | So, I thank the Samba group for a great tool, I just can't thank them for | the help, and yes, in the past I have made financial contributions to the | group. Small, but more than many. | | Michael J Barber | WPTZ/WNNE | Computer Services Administrator | p 518-561- x563 | m 518-572-6639 | f 518-561-5940 | | | I sent a request for help on the 21st of JanuaryI waited.I sent it | again on the 24thI waited I sent the same question crafted | differently on the 25th I waited. | | The help on this list is horrible. I am sorry for whining. | | I talk up open source regularly and I help when I can. but, the claim | of better support from the open source community because there are so | many active people is a farce | | I see people discussing the semantics of what uptimes should or should not | be, but no help. | | So, I will struggle on my own a bit longer. | | So, I thank the Samba group for a great tool, I just can't thank them for | the help, and yes, in the past I have made financial contributions to the | group. Small, but more than many. | | Michael J Barber | WPTZ/WNNE | Computer Services Administrator | p 518-561- x563 | m 518-572-6639 | f 518-561-5940 | | | | | = | This e-mail message is intended only for the personal | use of the recipient(s) named above. If you are not | an intended recipient, you may not review, copy or | distribute this message. | | If you have received this communication in error, | please notify the Hearst Information Services HelpDesk | ([EMAIL PROTECTED]) immediately by e-mail and | delete the original message. | = | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+mXiOauq/dYfFnQRAo/PAJ9G/5yanMvWGBX5Y8/S86h0LtBH4ACdED8Q Ymh9MPU1ReZ6vcnR9h1M+d0= =H71r -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba password server without Unix users?
Hello, I am setting up a samba server that will be used only for password checking. It is configured with the ldapsam backend. - is there a way to configure samba to not check the existence of users on the underlying Unix OS? I mean, the search performed in the LDAP server provides all the useful passwd information that is available with getpwnam(), namely: uid uidNumber gidNumber homeDirectory. The existence of a corresponding Unix user is only important on the client samba servers that will provide data (shares, home, etc). Here is the LDAP search performed by samba when checking a password: SRCH base=dc=unige,dc=ch \ scope=2 \ filter=((uid=test)(objectClass=sambaSamAccount)) \ attrs=uid uidNumber gidNumber homeDirectory sambaPwdLastSet \ sambaPwdCanChange sambaPwdMustChange sambaLogonTime \ sambaLogoffTime sambaKickoffTime cn displayName \ sambaHomeDrive sambaHomePath sambaLogonScript \ sambaProfilePath description sambaUserWorkstations \ sambaSID sambaPrimaryGroupSID sambaLMPassword \ sambaNTPassword sambaDomainName objectClass \ sambaAcctFlags sambamungeddial sambabadpasswordcount \ sambabadpasswordtime sambapasswordhistory \ modifyTimestamp sambalogonhours modifyTimestamp To make the password checking work, I had to configure nss_ldap, which causes the following LDAP search: SRCH base=dc=unige,dc=ch scope=2 \ filter=((objectClass=posixAccount)(uid=test)) \ attrs=uid userPassword uidNumber gidNumber cn homeDirectory \ loginShell gecos description objectClass If nss_ldap is not configured, samba complains with the debug message: User test in passdb, but getpwnam() fails! It would be nice to avoid that useless secondary LDAP search (and the trouble of configuring nss_ldap). Best regards, -- Mr Dominique Petitpierre Email: [EMAIL PROTECTED] Division Informatique User=Dominique.Petitpierre University of Geneva Domain=adm.unige.ch -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RID/SIDs
Hi, does this mean that, in an ads domain, the net getlocalsid command must return the sid of the ads domain ? Thanks for your answers, Christian -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg]De la part de John H Terpstra Envoyé : vendredi 28 janvier 2005 17:08 À : samba@lists.samba.org; Daniel Corbe Objet : Re: [Samba] RID/SIDs On Friday 28 January 2005 07:52, Daniel Corbe wrote: Hey Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and how to generate them properly? The SID is generated automatically by Samba. If you change a Samba server name or workgroup name a new SID will be generated. This is a strong argument in favor of backing up the SID. You can obtain the SID of the Samba server by executing: net getlocalsid SID for domain FRODO is: S-1-5-21-726309263-4128913604-1168186429 The SID can be restored by executing: net setlocalsid S-1-5-21-726309263-4128913604-1168186429 In a Windows NT4 or ADS domain the RID is generated as the account is created. The user SID = domain_SID+RID, in the above case the SID for my user account is S-1-5-21-726309263-4128913604-1168186429-4214. Samba uses an algorithm to create a RID from the users UID. The default algorithm is: RID = (UID x 2) + 1000 The best source of documentation for how this is handled in Samba is in the source code. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Partition setup recommendations
Hallo Jason Williams, What I was hoping to get from some people here are some recommended partition setup schemes. What works well, what is necessary/unnecessary etc. I know partitioning is a personal thing, I just like to hear options and ideas from others here. I thing you should use LVM to be very flexible on partitioning and growing. mount /home to a LV-Volume mount /srv/samba/apps to a LV-Volume (for Programms) mount /srv/samba/groups to a LV-Volume (for Special Groups) mount /srv/samba/profiles to a LV Volume (for Profiles) Let 5-15% (or more, when you at the time doesnt now how fast every Mointpoint will grow or need space) free Space on the Volume Group for unexpected Situations. Hope to give some hints Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Phanton domain controller problem...
tor, 27,.01.2005 kl. 18.04 -0700, skrev John H Terpstra: On Thursday 27 January 2005 17:37, Ruth Ivimey-Cook wrote: John H Terpstra wrote: Stop Samba. Delete your wins.dat file and browse.dat file in /var/lib/samba Thanks, that did it. The files are in /var/cache/samba on FC3 Can I ask: in trying to sort this out, I discovered I wasn't running winbindd. Now, I've no other WINS server, although there is a DNS server. Do I need winbindd? You need winbind to handle users who use workstations that are NOT part of your domain. ?! Why? I've used samba with workstations that are not part of my domains lots of times without using winbind. I though winbind was for using samba as a memberserver in a domain controlled by another samba/windows PDC. Tarjei - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- Tarjei Huse [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RID/SIDs
On Friday 28 January 2005 09:26, Christian HAESSIG wrote: Hi, does this mean that, in an ads domain, the net getlocalsid command must return the sid of the ads domain ? The domain SID for a remote domain can be obtained by executing: net getlocalsid 'DOMAIN' -S [PDC | BDC] - John T. Thanks for your answers, Christian -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg]De la part de John H Terpstra Envoyé : vendredi 28 janvier 2005 17:08 À : samba@lists.samba.org; Daniel Corbe Objet : Re: [Samba] RID/SIDs On Friday 28 January 2005 07:52, Daniel Corbe wrote: Hey Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and how to generate them properly? The SID is generated automatically by Samba. If you change a Samba server name or workgroup name a new SID will be generated. This is a strong argument in favor of backing up the SID. You can obtain the SID of the Samba server by executing: net getlocalsid SID for domain FRODO is: S-1-5-21-726309263-4128913604-1168186429 The SID can be restored by executing: net setlocalsid S-1-5-21-726309263-4128913604-1168186429 In a Windows NT4 or ADS domain the RID is generated as the account is created. The user SID = domain_SID+RID, in the above case the SID for my user account is S-1-5-21-726309263-4128913604-1168186429-4214. Samba uses an algorithm to create a RID from the users UID. The default algorithm is: RID = (UID x 2) + 1000 The best source of documentation for how this is handled in Samba is in the source code. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
On Fri, Jan 28, 2005 at 09:27:38AM -0600, Paul Gienger wrote: Looking back on your questions, it seems like the cause is most likely phrasing of your issue. It has been stated often that a well crafted question with all pertinent info will get better response than a hard to understand issue. I believe yours is the latter. Granted that I didn't read all your messages, but the first two were definately the latter. Even well-phrased questions with debugging output and dumps frequently stay unanswered. I still cannot print with smbprint to our Domain Server, and no help here. The bugzilla entry (1481) has gone unanswered since June 2004 (that's seven months). Samba has gone the way of many successful projects: The principal developers are busy with writing books and talking at conferences while the mailing lists get flooded with clueless newbie requests. Nobody knowledgeable finds the time to answer requests at all. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Oplocks with concurrent access from same client
I am observing the following behaviour with samba-2.2.12 (Yes, I know, it's old) and MS-Access XP on a Win2K box: The client opens a .mdb file and gets a level2 oplock. Then it opens the .mdb file again and loses the oplock (at least I assume it does: The server sends an SMBlockingX request to the client and waits for another SMBlockingX request from the client before sending the Reply to the SMBntcreateX request). Then the client closes the second file handle to the .mdb file and continues to use the first one, which has now lost the oplock, so there is a lot of network traffic and the query is rather slow. My question is, is this the expected behaviour from the server? Could the server, if a file is opened a second time from the same client, assume that it is the client's responsibility to keep data in its cache of the file consistent, and keep the oplock (and maybe even grant it on the second filehandle, too)? Or to ask the same question from a different viewpoint: On the client system, who is managing oplocks and caching? The application or the OS? If it's the application, the server can clearly not assume that two different filehandles will maintain a consistent state of the file (they may belong to different processes). If it's the OS, it would at least be technically feasible to maintain a common cache on the client side for all file handles, and if Windows does this, it would be possible for the server to take advantage of this. Finally, if the server can make this optimization, does a newer version of Samba (3.x or 4.x) do it? hp -- _ | Peter J. Holzer | If the code is old but the problem is new |_|_) | Sysadmin WSR / LUGA | then the code probably isn't the problem. | | | [EMAIL PROTECTED]| __/ | http://www.hjp.at/ | -- Tim Bunce on dbi-users, 2004-11-05 pgpkgIcx2Ck5C.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
On Friday 28 January 2005 11:44 am, Marc Haber wrote: Nobody knowledgeable finds the time to answer requests at all. It is so sad that you think that. This list has enabled me to set up a damned good Samba solution for my company. I read it every day because of the knowledge that it contains. It's people with bad attitudes who ruin it for the rest of us. If you don't like it, please unsubscribe. Thanks, Misty Greetings Marc -- --- -- Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Phanton domain controller problem...
On Friday 28 January 2005 09:39, Tarjei Huse wrote: tor, 27,.01.2005 kl. 18.04 -0700, skrev John H Terpstra: On Thursday 27 January 2005 17:37, Ruth Ivimey-Cook wrote: John H Terpstra wrote: Stop Samba. Delete your wins.dat file and browse.dat file in /var/lib/samba Thanks, that did it. The files are in /var/cache/samba on FC3 Can I ask: in trying to sort this out, I discovered I wasn't running winbindd. Now, I've no other WINS server, although there is a DNS server. Do I need winbindd? You need winbind to handle users who use workstations that are NOT part of your domain. ?! Why? I've used samba with workstations that are not part of my domains lots of times without using winbind. I though winbind was for using samba as a memberserver in a domain controlled by another samba/windows PDC. Not quite! If your Samba server will be accessed from domains other than the Samba domain, or if you have access from machines that are not domain members winbind will permit the allocation of UIDs and GIDs from the assigned pool that will keep the identity of the foreign user separate from users that are members of the Samba domain. Of course the Samba domain members are local users on the host that Samba is running on. For example: If you have a user called george on the Samba server, and the samba domain is called BIGDOGS, this user will be BIGDOGS\george. A user called george who has a local account on a notebook running Windows 2000, where the notebook is called HOLYCOWS will be recognized as HOLYCOW\george only if winbind is running. In this case winbind will allocate a separate UID for HOLYCOW\george and he will NOT be given access as if he is the Windows user BIGDOGS\george. If you are happy to map the HOLYCOW\george automatically to the user on the UNIX host called george there is no need to run winbind. I hope that helps to clarify things. - John T. Tarjei - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] disappointed with complete lack of help.
Not to start a flame war (it is starting to smell like charred flesh in here...) but I agree with Misty. In response (again, humbly) to Mr. Haber's comment: Nobody knowledgeable finds the time to answer requests at all. Then become the knowledgeable submitter. As I suggested in a previous post, read and reread any and all documentation you can find. Run tests and document every thing you do. It's helped me and I'm sure it can help others. And believe you me, I understand that as a sys admin finding time to exhaustively research a subject can be tough, near impossible. But for those of us that love what we do and are excited at the possibilities of a project like Samba (I use it as a file server and Squid authenticator), we make the time. ry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Misty Stanley-Jones Sent: Friday, January 28, 2005 11:48 AM To: samba@lists.samba.org Subject: Re: [Samba] disappointed with complete lack of help. On Friday 28 January 2005 11:44 am, Marc Haber wrote: Nobody knowledgeable finds the time to answer requests at all. It is so sad that you think that. This list has enabled me to set up a damned good Samba solution for my company. I read it every day because of the knowledge that it contains. It's people with bad attitudes who ruin it for the rest of us. If you don't like it, please unsubscribe. Thanks, Misty Greetings Marc -- --- -- Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
On Friday 28 January 2005 16:44, Marc Haber wrote: On Fri, Jan 28, 2005 at 09:27:38AM -0600, Paul Gienger wrote: Looking back on your questions, it seems like the cause is most likely phrasing of your issue. It has been stated often that a well crafted question with all pertinent info will get better response than a hard to understand issue. I believe yours is the latter. Granted that I didn't read all your messages, but the first two were definately the latter. Even well-phrased questions with debugging output and dumps frequently stay unanswered. I still cannot print with smbprint to our Domain Server, and no help here. The bugzilla entry (1481) has gone unanswered since June 2004 (that's seven months). Samba has gone the way of many successful projects: The principal developers are busy with writing books and talking at conferences while the mailing lists get flooded with clueless newbie requests. Nobody knowledgeable finds the time to answer requests at all. Not my experience one little bit! I recently hosted one of those principal developers in the UK for several weeks. Yes he *has* written books (damn good ones), and he *did* speak at conferences whilst over here - all paid for with his own money and for no fee. He even did a training course whilst over here for free, therefore contributing no revenue to set against the cost of the trip. Almost all of his *spare* time was spent working on Samba, and answering countless questions on this list. How do I know? - I watched it, he was my guest. Ever heard the phrase don't judge someone until you've walked a mile in their shoes?. I hope you don't experience this as an attack. It's not meant to be. I just want you, and the members of this list, to hear another point of view. In my view the Samba team do an excellent job, with hardly any *positive* feedback. Ever check the proportion of 'requests for support' to 'Success Stories' on your average F/L/OSS mailing list? We should all remember that before complaining about 'lack of support'. Just my 0.02 Euros. Regards, Mark Taylor Greetings Marc -- --- -- Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- Mark Taylor Chief Executive Officer Sirius - www.siriusit.co.uk Tel +44 (0)870 608 0063 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP and memberUid in Domain Users
From: Jerome Tournier [EMAIL PROTECTED] To: samba@lists.samba.org Subject: Re: [Samba] LDAP and memberUid in Domain Users Date: Thu, 27 Jan 2005 17:57:13 +0100 Le Thu, Jan 27, 2005 at 10:41:24AM +0100, Randy Starr a ecrit: Using usrmgr.exe I have small problem with memberrUid field. When I add new user to a domain, the memberUid field with the name of this users is added to Domain Users. But when I delete this user, the memberUid field with his name isn't removed from Domain Users. I think that is a small bug in samba, because, when I use smbldap-userdel from command line, the field is removed. Can anybody confirm or negate this information. For the first time I thought, that is a problem with access in LDAP, but I analysed openldap log, and didn't find any error. Do you have the following entries in smb.conf : -=-=-= delete user script = /usr/local/sbin/smbldap-userdel %u delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g -=-=-= ? Yes, I have. It's strange for me, that removed user isn't visible under usrmgr.exe as members of Domain Users (it's good), but when I do slapcat, I can see: cn Domain Users gidNumber 513 objectClass posixGroup objectClass sambaGroupMapping sambaGroupType 2 sambaSIDS-1-5-21-1771745803-971260854-622856654-513 description Netbios Domain Users displayName Domain Users memberUid removed_user_1 memberUid removed_user_2 memberUid removed_user_3 memberUid removed_user_4 memberUid removed_user_5 memberUid removed_user_6 memberUid removed_user_7 sambaSIDList userPassword -- Randy _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Thanks! You are a great customer
Hello, We tried contacting you awhile ago about your low interest mort[g]age rate. You have qualified for the lowest rate in years. You could get over $380,000 for as little as $500 a month! Bad cr[e]dit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli[g]ation consultation visit: http://fallout.lpjsjfv.info/ajrrg Best Regards, Mihalis Gees, Account Manager Harrison Group LLC. r.mv - http//lpjsjfv.info/index.php -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Domain admins not getting local admin rights
On 01/28/2005 10:33 AM, Morgan Toal wrote: Hi there, Thanks to everyone for their suggestions. Unfortunately, I must be missing something, I did delete the group_mappings.tdb and re-create my groups. This has not improved the situation unfortunately. Where else might I look? ... I saw a problem like this when testing Samba 3 on Solaris 9. I had to make sure that the domain admin group mapped to the unix group that I wanted *and* that unix group had to be the PRIMARY group for the user in question. Under Samba 2 I had several users that were in the unix ntadmin group as one of their secondary groups and my smb.conf was set accordingly. Everything worked as expected. Under Samba 3 I mapped the Domain Admin group o the same unix group - but the users never received the administrative privileges. I payed around for a bit and finally tried mapping Domain Admin to my primary group and then I was able to receive the administrative privileges. I asked on the list at the time if this was the expected behavior - which is to say Samba ignored the user's secondary group for this role, or if I had happened upon a bug. I did not receive an answer at the time. -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP and memberUid in Domain Users
Yes, I have. It's strange for me, that removed user isn't visible under usrmgr.exe as members of Domain Users (it's good), but when I do slapcat, I can see: So, why are you slapcatting? The transactions hasn't been committed out of the journal to the database. DO NOT USE SLAPCAT TO CHECK DATA!!! With slapcat your dodging the DSA. Do an 'ldapsearch cn=Domain Users' and I'll wager you won't see the deleted users. This may also by symptomatic that you haven't configured a checkpoint value in slapd.conf cnDomain Users gidNumber 513 objectClass posixGroup objectClass sambaGroupMapping sambaGroupType2 sambaSID S-1-5-21-1771745803-971260854-622856654-513 description Netbios Domain Users displayName Domain Users memberUid removed_user_1 memberUid removed_user_2 memberUid removed_user_3 memberUid removed_user_4 memberUid removed_user_5 memberUid removed_user_6 memberUid removed_user_7 sambaSIDList userPassword -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Weird IP's in WINS
Colleagues- I'm experiencing a very odd problem that seems to be the root of some cross-subnet domain logon / browsing problems I am experiencing. Basically, I have a Samba 3.0.8 box acting as a PDC and WINS server for an NT style domain that is primarily on one subnet, but has a few users on others. On subnets other than the one the server resides on, domain logons fail sporadically. Sometimes it takes 3-4 tries before it will logon, but once it does, it works fine. The error that the users get is that their password is incorrect or logon has been denied, or that a domain server cannot be found. I have discovered that in the wins.dat file on this machine the entries for itself and for the domain it is processing logons for contains some IP addresses that do not exist. Here are the relevant entries from wins.dat (with the real IP replaced with x.x.x.x): OAK#00 1107196727 x.x.x.x 192.168.0.3 192.168.0.1 66R OAK#03 1107196727 x.x.x.x 192.168.0.3 192.168.0.1 66R OAK#20 1107196727 x.x.x.x 192.168.0.3 192.168.0.1 66R SLSD#1b 1107196727 x.x.x.x 192.168.0.3 64R SLSD#1c 1107196727 x.x.x.x 192.168.0.1 e4R SLSD is the domain, and OAK is the logon server for that domain. Other than replacing my real IP with x.x.x.x, those lines are untouched. Any idea where these 192.168.0.x addresses might be coming from? I only use that IP range on a heavily firewalled subnet in my shop, and this machine should have nothing to do with it. I am hoping that if I can get rid of the spurious WINS entries that my domain logons in other subnets will become more reliable. Does it look like this might be the right track? I tried manually removing those addresses from the file, but they re-appeared after restarting nmbd... -- -Best Regards- -Quentin Hartman- Technology Coordinator South Lane School District 45j3 Cottage Grove, Oregon (541)767-3778 http://www.slane.k12.or.us -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherit permissions question (Please help)
Hallo David Wilson, M... I wonder what else I could try ? Perhaps it would easier if I configure ACL support and just set the permissions manually each time a new file is copied to the users' areas by a Domain Admin ? I think you doesn't need in this case ACL support because the Problem is still the same, or not ? Manually change the Permission seems to be the only way. Must you do this very often ? When yes, write a little Skript that change the Permissions for you on all userx/ Directory (maybe as a post exec script in the Share Definition). Greetings Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Weird IP's in WINS
On Fri, 2005-01-28 at 09:51 -0800, Quentin Hartman wrote: Colleagues- I'm experiencing a very odd problem that seems to be the root of some cross-subnet domain logon / browsing problems I am experiencing. snip I tried manually removing those addresses from the file, but they re-appeared after restarting nmbd... I think I managed to get this solved. Shortly after I sent my previous message I came across the thread Phantom domain controller problem... which sounded fairly similar, and it is likely that the IP's in question were assigned to this server while I built it. Rather than the slash and burn technique described there I simply deleted the offending entries in wins.dat as I have several static entries and whatnot that I did not want to lose. Hopefully this will resolve my spotty off-subnet domain logons, as the wins entries are now correct. Why does nmbd hang on to those old IP's for so long? This machine hasn't had those 192.168.x.x addresses for 6 months or more! -- -Best Regards- -Quentin Hartman- Technology Coordinator South Lane School District 45j3 Cottage Grove, Oregon (541)767-3778 http://www.slane.k12.or.us -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
On Fri, Jan 28, 2005 at 05:44:39PM +0100, Marc Haber wrote: Even well-phrased questions with debugging output and dumps frequently stay unanswered. I still cannot print with smbprint to our Domain Server, and no help here. The bugzilla entry (1481) has gone unanswered since June 2004 (that's seven months). Squeeky wheels get grease... If you just log a reasonable obscure bug and leave it, the likelyhood of it being addressed is low. I have many more high priority bugs (crashes, extreme performace issues, correctness issues etc.) to work on. Samba has gone the way of many successful projects: The principal developers are busy with writing books and talking at conferences while the mailing lists get flooded with clueless newbie requests. Nobody knowledgeable finds the time to answer requests at all. :-). I wish I had time to write a book :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Processes at the server
Why are new processes forked at the server i.e. for smbd, even when the same client machine and the same loginuser tries to mount mulltiple shares during the same session ? Yahoo! India Matrimony: Find your life partneronline. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Domain admins not getting local admin rights
I saw a problem like this when testing Samba 3 on Solaris 9. I had to make sure that the domain admin group mapped to the unix group that I wanted *and* that unix group had to be the PRIMARY group for the user in question. This sounds a lot like the secondary user not recognized bug that affected solaris boxes running LDAP for their posix data. This has since been resolved via patch 112960-22 or it's latest rev from Sun. I can verify that it works correctly now, in my setup running with a Solaris 9 PDC. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
SOLUTION Re: [Samba] Domain admins not getting local admin rights
OK here's the deal, thanks especially to John for your time today and remedial attention :) My issue, to repeat myself, was that I was logging in as a domain administrator on a Windows box, and while I was domain administrator just fine, I was not having local administrator rights on that box. For example, I could not install software, or change the network connection, things like that which are a pain in the keester. Turns out I had several issues going on, pretty much all relating to the fact that I had simply migrated my samba v2.2 configuration in situ and expected it to just work, and mostly it just did... mostly... 1. I was still using smbpasswd, and needed to move to tdbsam. Apparently I could have done net groupmaps all day and these are ignored if you're not using tdbsam as your authentication mechanism as smbpasswd cannot tie together the SIDS and such which results in users disconnected with their appropriate group memberships. (correct me if I am wrong). So I converted it with: pdbedit -i smbpasswd -e tdbsam This process took all of 2 seconds. 2. I needed to modify the [global] section in my smb.conf to conform to v3 features. For example I did not have the add machine script directive set. I basically copied the one in the impatient section of the howto. I needed to set passdb backend = tdbsam since we're using this now. 3. I probably did not need to, but I stopped samba, blew away my old /var/cache/samba/group_mapping.tdb and restarted samba. 4. I had to remap my groups, since i nuked group_mapping.tdb: net groupmap modify ntgroup=Domain Admins unixgroup=domainadmin 5. I logged out on my windows box as the domain admin user, and logged back in as that same user. Lo and behold, I am local administrator again. Whoo-hoo!!! :) thanks again! mtoal Morgan Toal wrote: Hi there, I switched servers yesterday. The old server was running 2.2.7a-1 on RedHat 8.0. The new server is 3.0.8-0.pre1.3 on Fedora Core 3. I did the migration by copying the following: /etc/passwd /etc/group /etc/shadow /etc/samba/* I then copied /home and fixed all the permissions on stuff. I then started up samba on the new server, and unplugged the old one. Most everything went smoothly, everyone could log in, we did not have to re-join client comptuters to the domain. However, I am not understanding why my domain administrator accounts are now not getting local administrator priveleges when logged in. This always worked fine on Samba 2.2.7a-1! I now cannot, when logged in on a W2K workstation as a domain user called nsu, which is a member of domain admins, modify files in C:\WINNT, or modify the local registry, etc. On a W2K orkstation, In the Local Users and Groups applet I can see that the local Administrators does in fact contain PD/Domain Admins and it gines a partial listing of the group's SID. I cannot confirm if this is the same SID as my SID in samba for Domain Admins. It should be the same, right? Can anyone suggest a tool I could use to confirm this? I *really* don't want to have to add a domain group of people who should be local administrator to the local administrators group on each workstation, as we have quite a number of workstations, so I have not tried this yet... Can someone else suggest something for me to check or try? Thanks! mtoal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RID/SIDs
Every user has to have a unique SID right? Here's my problem The smbldap-adduser function works fantastically for adding new accounts to the system. I already have existing accounts though in LDAP that I need to add all the Samba attributes to. I was just going to write a quick and dirty little perl script for it; however I need to understand how the individual users are assigned SIDs first. -Daniel On Fri, 28 Jan 2005 09:37:14 -0700, John H Terpstra [EMAIL PROTECTED] wrote: On Friday 28 January 2005 09:26, Christian HAESSIG wrote: Hi, does this mean that, in an ads domain, the net getlocalsid command must return the sid of the ads domain ? The domain SID for a remote domain can be obtained by executing: net getlocalsid 'DOMAIN' -S [PDC | BDC] - John T. Thanks for your answers, Christian -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg]De la part de John H Terpstra Envoyé : vendredi 28 janvier 2005 17:08 À : samba@lists.samba.org; Daniel Corbe Objet : Re: [Samba] RID/SIDs On Friday 28 January 2005 07:52, Daniel Corbe wrote: Hey Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and how to generate them properly? The SID is generated automatically by Samba. If you change a Samba server name or workgroup name a new SID will be generated. This is a strong argument in favor of backing up the SID. You can obtain the SID of the Samba server by executing: net getlocalsid SID for domain FRODO is: S-1-5-21-726309263-4128913604-1168186429 The SID can be restored by executing: net setlocalsid S-1-5-21-726309263-4128913604-1168186429 In a Windows NT4 or ADS domain the RID is generated as the account is created. The user SID = domain_SID+RID, in the above case the SID for my user account is S-1-5-21-726309263-4128913604-1168186429-4214. Samba uses an algorithm to create a RID from the users UID. The default algorithm is: RID = (UID x 2) + 1000 The best source of documentation for how this is handled in Samba is in the source code. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: | Samba has gone the way of many successful projects: The principal | developers are busy with writing books and talking at conferences | while the mailing lists get flooded with clueless newbie requests. | Nobody knowledgeable finds the time to answer requests at all. you not serious are you ? many Samba developers still take time to monitor and respond to this list. Check the archives. The problem is the signal to noise ratio. The same questions get asked over and over again. I'll also point out that screaming the support on this list is horrible is sadly one of the best ways to get people to respond (no offense to the original poster). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+ojWIR7qMdg1EfYRAosXAKCKW1Qtop8W6CrsstA9kFOn9ISAoQCfTIRl msrZCyYD2d+prgOSNHpXUA0= =dr0a -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdb_fetch failed on Printer Share
Hi,
after some Tests with Printer Driver Upload after an Upgrade from Samba
2.4 to 3.0 i found this Infos in the samba Log:
[2005/01/28 19:21:03, 1] smbd/service.c:make_connection_snum(648)
mic-nuernberg (172.30.10.7) connect to service print$ initially as
user reiss
(uid=1000, gid=1007) (pid 14785)
[2005/01/28 19:21:03, 1] smbd/service.c:close_cnum(836)
mic-nuernberg (172.30.10.7) closed connection to service print$
[2005/01/28 19:22:55, 0] smbd/connection.c:register_message_flags(220)
register_message_flags: tdb_fetch failed
[2005/01/28 19:25:09, 0] smbd/connection.c:register_message_flags(220)
register_message_flags: tdb_fetch failed
[2005/01/28 19:25:09, 0] smbd/service.c:make_connection(800)
mic-nuernberg (172.30.10.7) couldn't find service
::{2227a280-3aea-1069-a2de-08002b30309d}
What does it mean ?
Samba Version 3.0.10-Debian (from Backport.org)
Greetings
Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: | Samba has gone the way of many successful projects: The principal | developers are busy with writing books and talking at conferences | while the mailing lists get flooded with clueless newbie requests. | Nobody knowledgeable finds the time to answer requests at all. you not serious are you ? many Samba developers still take time to monitor and respond to this list. Check the archives. The problem is the signal to noise ratio. The same questions get asked over and over again. I'll also point out that screaming the support on this list is horrible is sadly one of the best ways to get people to respond (no offense to the original poster). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+ojWIR7qMdg1EfYRAosXAKCKW1Qtop8W6CrsstA9kFOn9ISAoQCfTIRl msrZCyYD2d+prgOSNHpXUA0= =dr0a -END PGP SIGNATURE- If you ask a question regarding a problem that cannot be solved by an easy google search, describe the problem you are facing in an understandable manner, and supply any related configuration files and/or logs you will generally get relatively prompt feedback from someone. Now and then you will have something so off the wall that nobody really has a clue -- I've sent a few out like that myself :), but such is life. I applaud not only the effort that the Samba team puts forth in regard to the product, but to what extent they *do* monitor this list and help others. Christian Merrill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdb_fetch failed on Printer Share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Reiss wrote: | register_message_flags: tdb_fetch failed Fixed in the 3.0.11preX releases. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+oybIR7qMdg1EfYRAn0MAKDcfLQ9rX9Vb7pVVk3FvheuwKiqjQCfftmk FqXugu2c5rtqHN8mN4D6nmo= =kPU6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC setting up user groups and policies (Help)
I have a Samba PDC, and have problems setting up user groups to limit activity and access to file folders in Windows XP. I have administrative users that work fine. New users added as power users or regular users can log into machine client but dont even have access to the local C: drive. Cant change backgrounds or even unlock the taskbar. As long as they are added as user to the machine with admin priveleges or added to admin group the account works fine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
On Fri, Jan 28, 2005 at 12:47:50PM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: | Samba has gone the way of many successful projects: The principal | developers are busy with writing books and talking at conferences | while the mailing lists get flooded with clueless newbie requests. | Nobody knowledgeable finds the time to answer requests at all. Your quoting in this is wrong :-). I (obviously) didn't write this :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: | On Fri, Jan 28, 2005 at 12:47:50PM -0600, Gerald (Jerry) Carter wrote: | |-BEGIN PGP SIGNED MESSAGE- |Hash: SHA1 | |Jeremy Allison wrote: | || Samba has gone the way of many successful projects: The principal || developers are busy with writing books and talking at conferences || while the mailing lists get flooded with clueless newbie requests. || Nobody knowledgeable finds the time to answer requests at all. | | | Your quoting in this is wrong :-). I (obviously) | didn't write this :-). Doh! foiled again in my plans to discredit you :-) Yes. Of course that was not you. Thanks for correcting that lest it end up as a quote in some trade rag Enough of my noise for one day I think. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFB+o6JIR7qMdg1EfYRAg8gAKCql62BzjpC5TnozyRGhnbqoHzM6ACVEH56 yKl3QaOM+St2KY+juDZlIA== =v7UK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Phanton domain controller problem...
On Fri, 28 Jan 2005, John H Terpstra wrote: For example: [snip] I hope that helps to clarify things. John, Yes, I am a lot clearer now :-) Ruth -- Ruth Ivimey-Cook Software engineer and technical writer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using an LDAP Directory for Samba Authentication
Alex Satrapa: Check the Samba + LDAP howto document on the IDEALX site: http://samba.IDEALX.org/smbldap-howto.fr.html Even if create a posix+sambaAccount, I have to explicitly create a samba user via smbpasswd -a username. If Samba is properly configured, use the smbldap-tools (also from the IDEALX site, IIRC) to manage accounts. Makes life so much easier. An alternative: I have no use for the IDEALX stuff in a high school with 1150+ users, who are already Unix users with a single password for LTSP, mail etc. and where we're implementing a Samba 3.0.9 PDC for 25+ Windows 2000/XP machines, 100+ users. The attached tiny script for OL 2.2.17 worked fine for me. Entering the basic machines by hand into the DSA was no great hassle - GQ 1.0b2 (www.biot.com - .org?) makes DSA administration a breeze. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC setting up user groups and policies (Help)
Ouch I assume that your XP Workstations are domain members, then, right? Jon Johnston Creative Business Solutions IBM,Microsoft, Novell/Suse, Sophos Consultants http://www.cbsol.com 952-544-1108 Blog: http://bingo.cbsol.com [EMAIL PROTECTED] wrote on 01/28/2005 01:08:29 PM: I have a Samba PDC, and have problems setting up user groups to limit activity and access to file folders in Windows XP. I have administrative users that work fine. New users added as power users or regular users can log into machine client but dont even have access to the local C: drive. Cant change backgrounds or even unlock the taskbar. As long as they are added as user to the machine with admin priveleges or added to admin group the account works fine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disk Space Error
Doh! Found it this morning. It helps to turn quota's off. Quota was on (and not needed). On Thu, 2005-01-27 at 15:39 -0500, Michael Gargiullo wrote: I have a samba server (3.0.10) that was compiled and installed this morning. I'm seeing a strange problem that I haven't seen before with Samba. No matter if I connect from my Linux laptop, or my WinXP desktop I receive the error stating Not Enough Free disk space (From the windows macine), and cp: writing `public-share/gmp-4.1.4.tar.gz': No space left on device from the linux machine. I have over 16Gb of space on the partition that the share resides. [root samba-share]# df -h FilesystemSize Used Avail Use% Mounted on /dev/hda1 726M 668M 58M 92% / /dev/hda3 194M 19M 175M 10% /var /dev/hda4 17G 318M 16G 2% /home [root samba-share]# pwd /home/samba-share smb.conf: [global] workgroup = Workgroup server string = Samba Server os level = 33 preferred master = Yes remote announce = 192.168.168.255 hosts allow = 192.168.168., 127. [homes] comment = Home Directories valid users = %S read only = No browseable = No [public] comment = Data path = /home/samba-share force user = mike force group = users read only = No guest ok = Yes Has anyone seen this error before? -Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating from NT4 to Samba - correct strategy
Hi folks, I have 2 domains: LX01 (WinNT) e LX04 (Samba) and I want consolidate them into one domain LX01. All the stations is looking for LX01. All users are equal on both servers. Can I just turn the WinNT off and rename the Samba server to LX01 ? Is there any problem ? Thanks in advance. Josir -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NTLMv2 passthrough auth fails on XP
I have an interesting situation. I'm not sure if Samba doesn't support this, or if I have something setup wrong. All Linux/BSD machines: Samba 3.0.10 Windows XP cannot connect to a Samba Server when the Samba server is a member of a Samba Domain, and authentication is restricted to NTLMv2 _IF_ The Windows XP machine has the following Security Policy turned on: Network security: Minimum session security for NTLM SSP based (including secure RPC) clients/servers Require NTLMv2 session security I would have laid this to rest, _EXCEPT_ that this setting does not harm the connections to the PDC running Samba as well. The Windows XP can login to the domain, and browse shares on the Samba PDC, but it cannot coonnect to Samba Member servers authenticating through the PDC via security = server AND password server = *. When I turn off this Windows XP setting, everything works fine. This option does not exist in = Windows 2000, therefore Windows 2000/NT is not affected. PDC and MEMBER have the following vital information in smb.conf ... # require NTLMv2 encrypt passwords = yes ntlm auth = no lanman auth = no client lanman auth = no client ntlmv2 auth = yes client plaintext auth = no ... MEMBER is set to security = server password server = * -- Aaron Zirbes Systems Administrator Environmental Health Sciences University of Minnesota -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTLMv2 passthrough auth fails on XP
On Fri, 2005-01-28 at 14:25 -0600, Aaron J. Zirbes wrote: I have an interesting situation. I'm not sure if Samba doesn't support this, or if I have something setup wrong. All Linux/BSD machines: Samba 3.0.10 I would have laid this to rest, _EXCEPT_ that this setting does not harm the connections to the PDC running Samba as well. The Windows XP can login to the domain, and browse shares on the Samba PDC, but it cannot coonnect to Samba Member servers authenticating through the PDC via security = server AND password server = *. Yes, security=server is a bad, bad thing. Use security=domain, and some things will be better. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba No Network Browsing
Unable to resolve my problem after long time of reading and searching I decide to ask for help to the experts. The problems is that there is no browse list even thought everything works fine. I can share files with others machines but don't see anything on network neighborhood. Please Help! Testparm shows the following: max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes acl compatibility = nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 name cache timeout = 660 read size = 16384 socket options = TCP_NODELAY stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = /etc/printcap disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 65 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = Yes browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/spool/samba pid directory = /var/run default service = message command = dfree command = valid chars = remote announce = 10.3.100.1/24 10.4.100.1/24 remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 NIS homedir = No source environment = panic action = hide local users = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No comment = path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = 00 inherit permissions = No inherit acls = No guest only = No guest ok = No only user = No hosts allow = 10. 127.0.0.1 hosts deny = status = Yes nt acl support = Yes profile acls = No block size = 1024 max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name = use client driver = No default devmode = No printer driver = printer driver file = /etc/samba/printers.def printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~
[Samba] Re: Winbind fails to connect to \PIPE\NETLOGON with 3.0.10 and 3.0.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ah, tracked it down to the same problem I had last year: http://lists.samba.org/archive/samba/2004-May/085624.html Was using --set-auth-user with the wrong user. Perhaps some message could be added; I'm emailing this to provide closure for google. Tom Dickson wrote: | Joining a mixed 2000 domain worked correctly for Samba 3.0.2a. | | After upgrading to either samba 3.0.9 or 3.0.10, the net ads join command | completes successfully, and wbinfo -u returns a list of users, but any | attempt to | actually authenticate those users fails with NT_STATUS_PIPE_NOT_AVAILABLE. | | wbinfo -t also does not work, and produces the log file attached. The | smb.conf is | identical to the 3.0.2 version. Joining in NT4 (rpc) mode works | correctly. Are | there changes to the smb.conf that I am not aware of? | | wbinfo -a bob | plaintext password authentication failed | error code was NT_STATUS_NO_SUCH_USER (0xc064) | error messsage was: No such user | Could not authenticate user bob with plaintext password | challenge/response password authentication failed | error code was NT_STATUS_NO_SUCH_USER (0xc064) | error messsage was: No such user | Could not authenticate user bob with challenge/response | | which produces these logs: | | [2005/01/18 10:58:48, 3] | nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(464) | ~ [25073]: pam auth crap domain: MIXEDDOMAIN user: [EMAIL PROTECTED] | [2005/01/18 10:58:48, 8] lib/util.c:is_myname(1797) | ~ is_myname(MIXEDDOMAIN) returns 1 | [2005/01/18 10:58:48, 3] | nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(498) | ~ Authentication for domain MIXEDDOMAIN (local domain to this server) not | supported at this stage | [2005/01/18 10:58:48, 2] | nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(637) | ~ NTLM CRAP authentication for user | [EMAIL PROTECTED] returned | NT_STATUS_NO_SUCH_USER (PAM: 10) | [2005/01/18 10:58:48, 10] nsswitch/winbindd.c:client_write(524) | | I know my domain isn't that great, but is it really crap? :) | | -Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFB+qTh2dxAfYNwANIRAu9sAJ9Z9KDhzYsWEx2bpNQ0SlhPw+muMACfS56v NI2u2vGgbihDyQqL3lc2sjM= =PtVk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.1x, min password lenght deprecated, smbpasswd
Hallo @all, since 3.0.10 parameter min password lenght is deprecated. If removing the entry from smb.conf, the default of min password lenght = 5 is used. smbpasswd uses this entry if creating or changing passwords. How can I set a min password lenght of 2 characters without the deprecated parameter when the passdb backend is smbpasswd? Think min password lenght will be removed in the next releases. der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba not recognizing secondary groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ed Holden wrote: | Good point re: the lack of details. This is Linux PPC with a 2.4.21 | kernel. I don't think winbind is involved, nor is anything fancy like | LDAP. Just the old flat passwd/group/shadow files with security=user. | Since I can connect via SFTP, and since other users are getting along | fine, and since allowing the user in via universal rw access helps, I'm | guessing this is an issue with Samba not reading the groups properly. | I'll take yours suggestions and download the RC of 3.0.11 when it comes | out, and perhaps that will fix it. | | So there was a known bug with multiple group membership? I can't remember all the changes since 3.0.2a. The release notes should be able to give you a clue if there was. Definitely give 3.0.11rc1 a try and file a bug if you are still having issues. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+p+1IR7qMdg1EfYRAoILAJsEZTR6jRbbh+3QKMSx0FzodWmgogCfbLEK gQUL5QreWFfFX6odzNULcZU= =3VsL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.1x, min password lenght deprecated, smbpasswd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Bork wrote: | | since 3.0.10 parameter min password lenght is | deprecated. If removing the entry from smb.conf, the | default of min password lenght = 5 is used. smbpasswd | uses this entry if creating or changing passwords. | | How can I set a min password lenght of 2 characters | without the deprecated parameter when the passdb | backend is smbpasswd? Think min password lenght will | be removed in the next releases. It's an account policy. Use pdbedit to set the value. That's why the smb.conf optionwas deprecated. It was at odds with the defined account policy. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+qg/IR7qMdg1EfYRAr0gAKDPDIj9gmlVvcmR1OlP7o8Jv7SAgACeNGA2 aZTCoQ8EcZV1UJXBAJPkbeY= =Um8x -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Renaming users with tdbsam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Francisco Cano Entrena wrote: | Hello! | | Does know anyone how to rename a user? I can't | deletecreate because I don't want to lose the passwords. You have to rename that user manually at this point. Or you could just try using a username map entry depending on your server configuration. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+qr1IR7qMdg1EfYRAjtRAKCnolRKtEH13rzRBzxKbdkT9g79rQCfbWTB QFj8aEMcLr+3xTHeRF0+we0= =e5nK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Domain admins not getting local admin rights
On 01/28/2005 01:23 PM, Paul Gienger wrote: I saw a problem like this when testing Samba 3 on Solaris 9. I had to make sure that the domain admin group mapped to the unix group that I wanted *and* that unix group had to be the PRIMARY group for the user in question. This sounds a lot like the secondary user not recognized bug that affected solaris boxes running LDAP for their posix data. This has since been resolved via patch 112960-22 or it's latest rev from Sun. I can verify that it works correctly now, in my setup running with a Solaris 9 PDC. I wondered about the bug - but I am not using LDAP - my user information in kept in NIS+. On the test system where I first saw the problem was just using flat /etc/passwd, /etc/shadow, and /etc/group. -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Typo in Samba-3 By Example Book, Chapter 5
On Thu, 2005-01-27 at 15:51 -0500, Ryan Frantz wrote: In this situation, both experience and constant monitoring are the best tools for making the kind of determination for resource allocation at a particular site. Indeed! Adding a squid proxy server with NTLM authentication, for example, will increase the load on the server, and using Samba 3.0.11rc1's 'ldapsam:trusted = yes' will dramatically reduce it. (Now just to figure out exactly what I need to have in ldap to support it, but that's my lookout :-) You always need good server monitoring anyway, so you should have some idea when your servers are bogged down. Also, make sure to leave capacity for when you loose a server (that's why you got redundancy in the first place, right?). I've had a site that was 'just handling' the load, and when we lost a server, it killed the rest. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] security=share, write / read-only mix doesn't work on Samba3
Hi, I'm having trouble migrating from Samba2 to Samba3. I'm trying to make a share that allows some users read-only access, and others read-write. In version 2.2 this worked, but not in version 3. I'm pretty sure it's my configuration, but I ran into this link on the samba bugzilla site, and now I don't know. https://bugzilla.samba.org/show_bug.cgi?id=1844 Can anyone point me in the right direction? Here's my smb.conf file: -- [global] read raw = yes guest account = nobody socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16384 SO_RCVBUF=16384 wins server = 192.168.1.1 null passwords = yes map to guest = bad user encrypt passwords = yes level2 oplocks = yes lock directory = /var/lock/subsys netbios name = myserver write cache size = 16384 server string = myserver min passwd length = 0 unix password sync = yes workgroup = mygroup os level = 20 force user = all comment = My Server security = user getwd cache = yes dont descend = /proc,/dev,/etc,/usr max log size = 2000 log level = 1 [share] comment = My Share read list = @CommonUsers user = @CommonUsers,@Administrators write list = @Administrators path = /home/users -- Thanks! Carlos Knowlton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba PDC setting up user groups and policies (Help)
Sounds like your users are not being mapped to the Domain Users ntgroup. 'net groupmap list' on the PDC will tell you what unixgroup the Domain Users ntgroup is being mapped to. Then just make sure your samba users are a member of that unixgroup. jonlists [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Ouch I assume that your XP Workstations are domain members, then, right? Jon Johnston Creative Business Solutions IBM,Microsoft, Novell/Suse, Sophos Consultants http://www.cbsol.com 952-544-1108 Blog: http://bingo.cbsol.com [EMAIL PROTECTED] wrote on 01/28/2005 01:08:29 PM: I have a Samba PDC, and have problems setting up user groups to limit activity and access to file folders in Windows XP. I have administrative users that work fine. New users added as power users or regular users can log into machine client but dont even have access to the local C: drive. Cant change backgrounds or even unlock the taskbar. As long as they are added as user to the machine with admin priveleges or added to admin group the account works fine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade path from 3.0.0 - 3.0.10
I have just taken over a redhat system with Samba 3.0.0 configured with security = user, and domain logins enabled. I've included the smb.conf at the end of this message. I would like to upgrade to 3.0.10 for a numbers of reasons, one being security and one being that password changes don't work from workstation machines because of the Windows KB828741 patch. What I want to know, is if I should expect any incompatibilities between versions or if my existing config files will work with the new version? This is a mission critical system, so I really don't want to upgrade unless there are going to be very minimal issues. Will a simple rpm -Uvh ./samba-3.0.10-1_rh9.i386.rpm put me in the clear? Thanks for your help. Here is some information about the system: - OLD RPM PACKAGE - $ rpm -qi samba Name: sambaRelocations: /usr Version : 3.0.0 Vendor: (none) Release : 2 Build Date: Thu 09 Oct 2003 05:12:20 PM PDT Install date: Sat 11 Oct 2003 10:41:04 PM PDT Build Host: *removed* Group : NetworkingSource RPM: samba-3.0.0-2.src.rpm Size: 46416163 License: GNU GPL version 2 Packager: Gerald Carter [Samba-Team] [EMAIL PROTECTED] Summary : Samba SMB client and server - NEW RPM PACKAGE - $ rpm -qpi ./samba-3.0.10-1_rh9.i386.rpm Name: sambaRelocations: /usr Version : 3.0.10Vendor: Samba Team Release : 1 Build Date: Wed 15 Dec 2004 02:04:19 PM PST Install date: (not installed) Build Host: rh9 Group : NetworkingSource RPM: samba-3.0.10-1.src.rpm Size: 45453218 License: GNU GPL version 2 Packager: Gerald Carter [Samba-Team] [EMAIL PROTECTED] Summary : Samba SMB client and server - smb.conf file - [global] netbios name = *removed* workgroup = *removed* preferred master = yes domain master = yes wins support = yes os level = 85 encrypt passwords = yes interfaces = eth0 hosts allow = *removed* invalid users = bin daemon adm sync shutdown logon path = logon drive = U: logon script = logon-%G.bat add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false -c 'Machine Account' -M %u admin users = @smbadmin printer admin = @smbadmin domain logons = Yes min protocol = NT1 [homes] comment = User Directory path = /usr/export/home/%U read only = NO browseable = NO # only user = %S [netlogon] comment = Network Logon Service path = /etc/samba/netlogon guest ok = yes browseable = no [print$] path = /var/samba/printers write list = @smbadmin guest ok = yes [printers] comment = All Printers path = /tmp guest ok = Yes printable = yes printing = lprng browseable = No -- Brent Smith [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.1x, min password lenght deprecated, smbpasswd
Gerald (Jerry) Carter wrote: | How can I set a min password lenght of 2 characters | without the deprecated parameter when the passdb | backend is smbpasswd? Think min password lenght will | be removed in the next releases. It's an account policy. Use pdbedit to set the value. That's why the smb.conf optionwas deprecated. It was at odds with the defined account policy. Thank you. Found the description in the pdbedit man page. der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.11rc1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is a release candidate of the Samba 3.0.11 code base and is provided for testing only. While close to the final stable release, this snapshot is *not* intended for production servers. If all goes well, this this version will become the final 3.0.11 stable release (with possible minor changes). Common bugs fixed in 3.0.11rc1 include: ~ o Crash in smbd when using CUPS printing. ~ o Parsing error of other SIDs included in the ~user_info_3 structure returned from domain ~controllers. Please note that documentation for 'net rpc rights' has been included in the Samba-HOWTO-Collection distributed with this release. Download Details - The uncompressed tarball and patch file have been signed using GnuPG (ID F17F9772). The source code and release notes can be downloaded from: http://download.samba.org/samba/ftp/rc/ Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+qtbIR7qMdg1EfYRAihYAKCO/MlqQO9UgF34hdpjUgJRkzjWNACgkVBv feCEQhUspbq5NN0H1S1+6gQ= =ef/T -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba No Network Browsing
On Friday 28 January 2005 12:38, Marvin Bonilla wrote: The problems is that there is no browse list even thought everything works fine. I can share files with others machines but don't see anything on network neighborhood. Can you give specific example of how you connect your windows client to the server? Are you trying to browse from a remote network? If so, you may want to read this section of the howto: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2530513 Your client computers must be configured to use the wins server. On a windows machine, open the command prompt and type ipconfig /all One of the output lines should tell you the ip address of your wins server. It should be the same address as your samba server -- is it? I'm presuming you have a samba server and windows NT/2000/XP Pro clients. I'm presuming that this samba server is the only domain server, only wins server. Are the windows machines actually members of the domain? Your samba config shows domain logons are disabled but your earlier post shows your domain is: TVGBCAST and your server's name is laxbcastdns01. I may be mistaken, but I believe a windows client will not see the domain server's shares if it is not a member of the server's domain. on the samba server type nmblookup -M what is the output? on the windows box, try nbtstat with its various flags and see what you get. wins support = yes name resolve order = lmhosts host wins bcast Your name resolve order is not correct according to the SAMBA howto. It should be: wins support = yes name resolve order = wins lmhosts bcast host -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from NT4 to Samba - correct strategy
Josir Gomes wrote: Hi folks, I have 2 domains: LX01 (WinNT) e LX04 (Samba) and I want consolidate them into one domain LX01. All the stations is looking for LX01. All users are equal on both servers. Can I just turn the WinNT off and rename the Samba server to LX01 ? Is there any problem ? you forgot to mention how many clients on each domain, sometime when clients is less than 50, starting new domain from scartch is the 'correct' way. -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherit permissions question (Please help)(disclaimer)
David, I'm kinda shooting in the dark here, but from what I remember, you need to be able to manage various user files without affecting the user ownership and while preserving the 'security' of each users files from being seen from everybody else. What I would do is create a group in /etc/groups -- called 'manager' or whatever. The member(s) of the manager group would be whoever would need read/write access to every users files. I would then set user and group ownership of the user's home directories to user.manager via chown. That way cron or whatever is running as 'manager' could do whatever is needed globally for all users while preserving the individual user security. In that vein, force group = manager would assure access to the manager. The only fly in the ointment would be if you had a common share that all needed to access while you are still trying to preserve individual security to. But, heck, if that's the case, then individual security would be irrelevant unless you simply wanted to grant write access to each. Like I said, I'm shooting in the dark, but that is my .02 on what you are looking at. Linux/samba is flexible enough from a permissions standpoint that you can do about anything you want to. The Linux basic permissions of user.group.world coupled with force user, force group and inherit permissions along with your /etc/group definitions are the basic building blocks for just about anything you can think of. One other option would be to define an 'admin users = ' for the shares you want to manage. That is another option for giving a user or group of users rwx access to any share while preserving user privacy. Hope this helps. And of course the disclaimer: I'm a lawyer, who use to be an engineer, who still 'thinks' he can stay reasonably current on his OS of choice, but has to regrettably admit that I am no authority on the finer points of coding/samba/Linux anymore. (that stopped when I quit babysitting 750,000 lines of FORTRAN known as SVDS (space vehicle dynamic simulation - the shuttle ascent launch processor in '89) (Yes that was at the time DIBS and DOLILU was coming online) (... and for the curious DOLILU = day of launch I-Load update)(uhh.. GNC, Pitch-Yaw-Roll stuff from SRB ignition to MECO)(uhh.. it's supposed to keep the wings from coming off going uphill)(and uhh.. again, ET foam shedding was never an issue while Martin-Marietta built the tank)(and uhh.. the Martin-Thiokol booster o-ring problem had been found and addressed by then [51-L] -- STS26) -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- - Original Message - From: David Wilson [EMAIL PROTECTED] To: david rankin [EMAIL PROTECTED]; samba samba@lists.samba.org Sent: Friday, January 28, 2005 12:51 AM Subject: Re: [Samba] Inherit permissions question (Please help) Hi David, Thanks for your reply. That would work but then because it's on the share for user's profiles each user would then be able to access everyone elses profile. Please correct me if I'm wrong. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. - Original Message - From: david rankin [EMAIL PROTECTED] To: samba samba@lists.samba.org Sent: Friday, January 28, 2005 6:13 AM Subject: Re: [Samba] Inherit permissions question (Please help) Sorry I'm late on this thread, but would 'force user = ' force group = ' work? -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- - Original Message - From: David Wilson [EMAIL PROTECTED] To: Craig White [EMAIL PROTECTED]; samba@lists.samba.org Sent: Wednesday, January 26, 2005 3:26 AM Subject: Re: [Samba] Inherit permissions question (Please help) Hi Craig, Thanks for your reply. My suggestions for using a preexec script is a sort of last resort option. I could rather configure a job in cron that checks permissions. Ideally I need the inherit permissions option but with the ability to also include user group ownership. To get this done samba would require root privileges to change the ownership of files to that of the parent folder - which probably wouldn't be a good idea ? Thanks for your help so far. Any assistance/input would be greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. - Original Message -
Re: [Samba] LDAP and memberUid in Domain Users
It's strange for me, that removed user isn't visible under usrmgr.exe as members of Domain Users (it's good), but when I do slapcat, I can see: So, why are you slapcatting? The transactions hasn't been committed out of the journal to the database. DO NOT USE SLAPCAT TO CHECK DATA!!! With slapcat your dodging the DSA. Do an 'ldapsearch cn=Domain Users' and I'll wager you won't see the deleted users. This may also by symptomatic that you haven't configured a checkpoint value in slapd.conf I did ldapsearch with the same result. Removed usera are still in Domain Users as memberUid's I have the checkpoint in slapd.conf: checkpoint 128 5 -- Randy _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with Access Control for Shares on Samba 2
hi again :-) u can use the unix rights to do that: === if e.g. all users are members of group win hobbit directory must have rights 2770 and has owner root.win share: [hobbit] comment = only the owner can write path = /ALPHA-DATA/hobbit5 create mode = 0640 force create mode = 0640 directory mode = 2770 force directory mode = 2770 so all users (of group win) has read access and the owner can write. the 2 bit in directory mode ensures, that newly created directories and files has the correct group (win) === if u want to access all other users, it will be something like this: [hobbit] comment = only the owner can write path = /ALPHA-DATA/hobbit5 create mode = 0644 force create mode = 0644 directory mode = 0777 force directory mode = 0777 === i prefer the first version (it's more secure) i hope thats the answer u expected... -- mit freundlichen grüssen ing. kurt weiss, A-6425 Haiming, Gartenweg 3 Tel.: +43 699 1 272 9926/Fax: +43 699 4 272 9926 E-Mail: [EMAIL PROTECTED] Web: http://www.kwnet.at/ || http://www.oberlandinfo.at/ www.kwnet.at ...one step to the future edv internet programmierung informationstechnologie mfh servicepoint west http://www.mfh.at/ empfehlungen:=== suche nach wissen: http://de.wikipedia.org legale, gute gratissoftware: http://www.sourceforge.net http://www.heise.de/software suche im internet: http://www.google.at remote schrieb: Hi all ! I have a question regarding the access control in Samba 2. I want to make shares available to the Windows Network for which only the owner of the share has write access. Other users however should be able to read and browse these shares. My smb.conf : global] workgroup = leat guest account = nobody keep alive = 30 os level = 2 kernel oplocks = false security = user [hobbit5] comment = hobbit5 path = /ALPHA-DATA/hobbit5 browseable = yes read only = no guest = ok valid user = hobbit5 ;force user = hobbit5 As far as I understand Samba, with this configuration any Samba user should be able to browse and read the hobbit5 - share, while only hobbit5 himself can write and delete within this share. However, what happens is that any Samba user can see the share in the Network Neighborhood, but except for hobbit5, none can enter it. Windows tells me that either the path is not correct or I don´t have the network privileges to do this. What do I do wrong ? Thanks, Jörg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Visual Studio/Samba Compile from Shares issue
sorry, if i answer the wrong one - i did not follow the threat from begin. here's my answer: * is it windows xp sp2? * is the compiler error similar like this one?: == fatal error C1001: INTERNER COMPILER- FEHLER (Compiler-Datei 'E:\8966\vc98\p2\src\P2\p2symtab.c', Zeile 932) Bitte klicken Sie im Menü '?' von Visual C++ auf 'Software Service', oder öffnen Sie die Hilfedatei für den Software Service, um weitere Informationen zu erhalten. == (sorry, a stupid reseller sold me vc++ as german version :-( ) * this error apears in debug version, but not in release version? - a fast workaround: * turn off precompiled headers in project... * recompile all * after that the compilation succeeds again. (seems that wixp sp2 has changed some shared libraries). i hope i'd helped... -- mit freundlichen grüssen ing. kurt weiss, A-6425 Haiming, Gartenweg 3 Tel.: +43 699 1 272 9926/Fax: +43 699 4 272 9926 E-Mail: [EMAIL PROTECTED] Web: http://www.kwnet.at/ || http://www.oberlandinfo.at/ www.kwnet.at ...one step to the future edv internet programmierung informationstechnologie mfh servicepoint west http://www.mfh.at/ empfehlungen:=== suche nach wissen: http://de.wikipedia.org legale, gute gratissoftware: http://www.sourceforge.net http://www.heise.de/software suche im internet: http://www.google.at Kelly S. Smelser schrieb: I've tried setting dos filetimes = yes and dos filetime resolution = yes, but this brought no change. The problem persists. Any more ideas? K. Gémes Géza wrote: Kelly S. Smelser írta: I've run into a problem in which Visual Studio 6.0 gives an Internal Compiler Error message when compiling from a samba share. The project compiles fine locally and from shares on Windows machines. To me this suggests that the issue is with Samba. I've tried adding full access to the share where the project is housed, but to no avail. Any ideas? We are running samba 3.0.9-1.3E.2 on a Redhat Enterprise 3 server. The clients are Windows XP machines running Visual Studio 6.0 w/ SP5. K. -- Kelly S. Smelser Labs Manager, Client Services University of Indianapolis [EMAIL PROTECTED] I've read something like this in the docs some time ago, I would suggest, to read about the dos filetimes smb.conf parameter in the smb.conf manpage. Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
On Fri, 2005-01-28 at 09:42 -0500, [EMAIL PROTECTED] wrote: I sent a request for help on the 21st of JanuaryI waited.I sent it again on the 24thI waited I sent the same question crafted differently on the 25th I waited. The help on this list is horrible. I am sorry for whining. I talk up open source regularly and I help when I can. but, the claim of better support from the open source community because there are so many active people is a farce I see people discussing the semantics of what uptimes should or should not be, but no help. So, I will struggle on my own a bit longer. So, I thank the Samba group for a great tool, I just can't thank them for the help, and yes, in the past I have made financial contributions to the group. Small, but more than many. there have been many replies to this but I thought that I would pipe in with one more observation that is important to note... Anyone who could post something similar to the above should have read: http://www.catb.org/~esr/faqs/smart-questions.html Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Samba 3.0.11rc1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is a release candidate of the Samba 3.0.11 code base and is provided for testing only. While close to the final stable release, this snapshot is *not* intended for production servers. If all goes well, this this version will become the final 3.0.11 stable release (with possible minor changes). Common bugs fixed in 3.0.11rc1 include: ~ o Crash in smbd when using CUPS printing. ~ o Parsing error of other SIDs included in the ~user_info_3 structure returned from domain ~controllers. Please note that documentation for 'net rpc rights' has been included in the Samba-HOWTO-Collection distributed with this release. Download Details - The uncompressed tarball and patch file have been signed using GnuPG (ID F17F9772). The source code and release notes can be downloaded from: http://download.samba.org/samba/ftp/rc/ Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+qt/IR7qMdg1EfYRAnXKAJsHpBdZvZChBgJy46a51E8sGm9cfwCg7/7r zOpJL54vX9apxjmvqbmK5Og= =Pa53 -END PGP SIGNATURE-
svn commit: samba r5051 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tridge
Date: 2005-01-28 09:21:19 + (Fri, 28 Jan 2005)
New Revision: 5051
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5051
Log:
initialise all elements of an array (thanks to Mike Allan for pointing
this out)
Modified:
branches/SAMBA_4_0/source/build/pidl/parser.pm
Changeset:
Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm
===
--- branches/SAMBA_4_0/source/build/pidl/parser.pm 2005-01-27 23:22:12 UTC
(rev 5050)
+++ branches/SAMBA_4_0/source/build/pidl/parser.pm 2005-01-28 09:21:19 UTC
(rev 5051)
@@ -1692,7 +1692,7 @@
pidl \t},\n;
}
}
- pidl \t{ NULL, 0, NULL, NULL }\n};\n\n;
+ pidl \t{ NULL, 0, NULL, NULL, NULL }\n};\n\n;
# If no endpoint is set, default to the interface name as a named pipe
if (! defined $interface-{PROPERTIES}-{endpoint}) {
svn commit: samba r5052 - in branches/SAMBA_4_0/source/lib/netif: .
Author: tridge
Date: 2005-01-28 11:23:31 + (Fri, 28 Jan 2005)
New Revision: 5052
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5052
Log:
minor formatting fix
Modified:
branches/SAMBA_4_0/source/lib/netif/interface.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/netif/interface.c
===
--- branches/SAMBA_4_0/source/lib/netif/interface.c 2005-01-28 09:21:19 UTC
(rev 5051)
+++ branches/SAMBA_4_0/source/lib/netif/interface.c 2005-01-28 11:23:31 UTC
(rev 5052)
@@ -187,10 +187,10 @@
ptr = lp_interfaces();
mem_ctx = talloc_init(load_interfaces);
-if (!mem_ctx) {
- DEBUG(2,(no memory to load interfaces \n));
+ if (!mem_ctx) {
+ DEBUG(2,(no memory to load interfaces \n));
return;
-}
+ }
allones_ip = interpret_addr2(255.255.255.255);
loopback_ip = interpret_addr2(127.0.0.1);
@@ -330,7 +330,6 @@
return NULL;
}
-
/* these 3 functions return the ip/bcast/nmask for the interface
most appropriate for the given ip address. If they can't find
an appropriate interface they return the requested field of the
svn commit: samba r5053 - in branches/SAMBA_4_0/source: lib libcli libcli/auth libcli/util
Author: tridge Date: 2005-01-28 11:25:01 + (Fri, 28 Jan 2005) New Revision: 5053 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5053 Log: - fix up the library dependencies so that tools that need nbt don't need to pull in the whole dcerpc subsystem - moved smbencrypt.c code into libcli/auth/ Added: branches/SAMBA_4_0/source/libcli/auth/smbencrypt.c Removed: branches/SAMBA_4_0/source/libcli/util/smbencrypt.c Modified: branches/SAMBA_4_0/source/lib/basic.mk branches/SAMBA_4_0/source/libcli/auth/config.mk branches/SAMBA_4_0/source/libcli/config.mk Changeset: Sorry, the patch is too large (569 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5053
svn commit: samba r5054 - in branches/SAMBA_4_0/source: librpc/idl utils
Author: tridge Date: 2005-01-28 11:26:51 + (Fri, 28 Jan 2005) New Revision: 5054 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5054 Log: added a nmblookup tool, based on the new nbt library Modified: branches/SAMBA_4_0/source/librpc/idl/nbt.idl branches/SAMBA_4_0/source/utils/config.mk branches/SAMBA_4_0/source/utils/nmblookup.c Changeset: Sorry, the patch is too large (544 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5054
svn commit: samba r5056 - in branches/SAMBA_3_0/source: include rpc_server
Author: jerry
Date: 2005-01-28 16:55:09 + (Fri, 28 Jan 2005)
New Revision: 5056
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5056
Log:
* correct STANDARD_RIGHTS_WRITE_ACCESS bitmask define
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
Modified:
branches/SAMBA_3_0/source/include/rpc_lsa.h
branches/SAMBA_3_0/source/include/rpc_secdes.h
branches/SAMBA_3_0/source/include/smb.h
branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h
===
--- branches/SAMBA_3_0/source/include/rpc_lsa.h 2005-01-28 14:42:30 UTC (rev
5055)
+++ branches/SAMBA_3_0/source/include/rpc_lsa.h 2005-01-28 16:55:09 UTC (rev
5056)
@@ -207,7 +207,7 @@
POLICY_VIEW_AUDIT_INFORMATION|\
POLICY_GET_PRIVATE_INFORMATION)
-#define POLICY_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS |\
+#define POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\
POLICY_TRUST_ADMIN |\
POLICY_CREATE_ACCOUNT|\
POLICY_CREATE_SECRET |\
Modified: branches/SAMBA_3_0/source/include/rpc_secdes.h
===
--- branches/SAMBA_3_0/source/include/rpc_secdes.h 2005-01-28 14:42:30 UTC
(rev 5055)
+++ branches/SAMBA_3_0/source/include/rpc_secdes.h 2005-01-28 16:55:09 UTC
(rev 5056)
@@ -251,7 +251,10 @@
#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f */
#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /*
0x0002 */
#define STANDARD_RIGHTS_READ_ACCESSSTD_RIGHT_READ_CONTROL_ACCESS /*
0x0002 */
-#define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /*
0x0002 */
+#define STANDARD_RIGHTS_WRITE_ACCESS \
+ (STD_RIGHT_WRITE_OWNER_ACCESS | \
+STD_RIGHT_WRITE_DAC_ACCESS | \
+STD_RIGHT_DELETE_ACCESS) /* 0x000d */
#define STANDARD_RIGHTS_REQUIRED_ACCESS \
(STD_RIGHT_DELETE_ACCESS| \
STD_RIGHT_READ_CONTROL_ACCESS | \
Modified: branches/SAMBA_3_0/source/include/smb.h
===
--- branches/SAMBA_3_0/source/include/smb.h 2005-01-28 14:42:30 UTC (rev
5055)
+++ branches/SAMBA_3_0/source/include/smb.h 2005-01-28 16:55:09 UTC (rev
5056)
@@ -1069,7 +1069,7 @@
#define FILE_GENERIC_READ
(STANDARD_RIGHTS_READ_ACCESS|FILE_READ_DATA|FILE_READ_ATTRIBUTES|\
FILE_READ_EA|SYNCHRONIZE_ACCESS)
-#define FILE_GENERIC_WRITE
(STANDARD_RIGHTS_WRITE_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\
+#define FILE_GENERIC_WRITE
(STD_RIGHT_READ_CONTROL_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\
FILE_WRITE_EA|FILE_APPEND_DATA|SYNCHRONIZE_ACCESS)
#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|\
Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2005-01-28 14:42:30 UTC
(rev 5055)
+++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2005-01-28 16:55:09 UTC
(rev 5056)
@@ -1134,16 +1134,21 @@
struct lsa_info *info = NULL;
SE_PRIV mask;
PRIVILEGE_SET *set = NULL;
+ struct current_user user;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, q_u-pol, (void **)info))
return NT_STATUS_INVALID_HANDLE;
- /* check to see if the pipe_user is a Domain Admin since
+ /* check to see if the pipe_user is root or a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
- if ( !nt_token_check_domain_rid( p-pipe_user.nt_user_token,
DOMAIN_GROUP_RID_ADMINS ) )
+
+ get_current_user( user, p );
+ if ( user.uid != sec_initial_uid()
+!nt_token_check_domain_rid( p-pipe_user.nt_user_token,
DOMAIN_GROUP_RID_ADMINS ) )
+ {
return NT_STATUS_ACCESS_DENIED;
+ }
set = q_u-set;
@@ -1170,16 +1175,21 @@
struct lsa_info *info = NULL;
SE_PRIV mask;
PRIVILEGE_SET *set = NULL;
+ struct current_user user;
svn commit: samba r5057 - in trunk/source: nsswitch rpc_client
Author: vlendec Date: 2005-01-28 16:56:58 + (Fri, 28 Jan 2005) New Revision: 5057 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5057 Log: Remove support for multiple smb connections to a DC from the connection cache. Volker Modified: trunk/source/nsswitch/winbindd_ads.c trunk/source/nsswitch/winbindd_cm.c trunk/source/rpc_client/cli_ds.c trunk/source/rpc_client/cli_lsarpc.c Changeset: Sorry, the patch is too large (764 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5057
svn commit: samba r5058 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: gd
Date: 2005-01-28 17:05:55 + (Fri, 28 Jan 2005)
New Revision: 5058
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5058
Log:
Due to the fragileness how windows reacts on unmapped sids sometimes,
don't leave administator-sid unmapped. Simply return Administrator
Guenther
Modified:
branches/SAMBA_3_0/source/passdb/passdb.c
trunk/source/passdb/passdb.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/passdb.c
===
--- branches/SAMBA_3_0/source/passdb/passdb.c 2005-01-28 16:56:58 UTC (rev
5057)
+++ branches/SAMBA_3_0/source/passdb/passdb.c 2005-01-28 17:05:55 UTC (rev
5058)
@@ -794,6 +794,12 @@
return True;
}
+ if (rid == DOMAIN_USER_RID_ADMIN) {
+ *psid_name_use = SID_NAME_USER;
+ fstrcpy(name, Administrator);
+ return True;
+ }
+
if (algorithmic_pdb_rid_is_user(rid)) {
uid_t uid;
struct passwd *pw = NULL;
Modified: trunk/source/passdb/passdb.c
===
--- trunk/source/passdb/passdb.c2005-01-28 16:56:58 UTC (rev 5057)
+++ trunk/source/passdb/passdb.c2005-01-28 17:05:55 UTC (rev 5058)
@@ -806,6 +806,12 @@
return True;
}
+ if (rid == DOMAIN_USER_RID_ADMIN) {
+ *psid_name_use = SID_NAME_USER;
+ fstrcpy(name, Administrator);
+ return True;
+ }
+
if (algorithmic_pdb_rid_is_user(rid)) {
uid_t uid;
struct passwd *pw = NULL;
svn commit: samba r5059 - in branches/SAMBA_3_0_RELEASE: . source/include source/param source/passdb source/rpc_server source/utils
Author: jerry Date: 2005-01-28 17:24:52 + (Fri, 28 Jan 2005) New Revision: 5059 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5059 Log: last set of changes for 3.0.11rc1; includes Administrator sid_to_name() fix, samr access checks, and deprecated parameters/tools Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt branches/SAMBA_3_0_RELEASE/source/include/rpc_lsa.h branches/SAMBA_3_0_RELEASE/source/include/rpc_secdes.h branches/SAMBA_3_0_RELEASE/source/include/smb.h branches/SAMBA_3_0_RELEASE/source/param/loadparm.c branches/SAMBA_3_0_RELEASE/source/passdb/passdb.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_lsa_nt.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_RELEASE/source/utils/testprns.c Changeset: Sorry, the patch is too large (277 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5059
svn commit: samba r5060 - in branches/SAMBA_3_0/examples/LDAP: .
Author: jerry Date: 2005-01-28 17:36:41 + (Fri, 28 Jan 2005) New Revision: 5060 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5060 Log: BUG 2286: fix typoe on sambaConfig oc definition Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema Changeset: Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema === --- branches/SAMBA_3_0/examples/LDAP/samba.schema 2005-01-28 17:24:52 UTC (rev 5059) +++ branches/SAMBA_3_0/examples/LDAP/samba.schema 2005-01-28 17:36:41 UTC (rev 5060) @@ -467,7 +467,7 @@ DESC 'Structural Class for a SID' MUST ( sambaSID ) ) -objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY +objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY DESC 'Samba Configuration Section' MAY ( description ) )
svn commit: samba r5061 - in branches/SAMBA_3_0_RELEASE: . examples/LDAP
Author: jerry
Date: 2005-01-28 17:41:10 + (Fri, 28 Jan 2005)
New Revision: 5061
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5061
Log:
fix typo in OL schema file
Modified:
branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
branches/SAMBA_3_0_RELEASE/examples/LDAP/samba.schema
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
===
--- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-01-28 17:36:41 UTC (rev
5060)
+++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-01-28 17:41:10 UTC (rev
5061)
@@ -57,8 +57,10 @@
* Allow root to grant/revoke privilege assignments.
* Correct interaction between user rights and se_access_check() on
SAMR objects.
+* BUG 2286: Fix typo OpenLDAP schema file for sambaConfig object
+ class.
-
+
o Guenther Deschner [EMAIL PROTECTED]
* Fix configure.in tests using KRB5_CONFIG variable and krb5-
config utility.
Modified: branches/SAMBA_3_0_RELEASE/examples/LDAP/samba.schema
===
--- branches/SAMBA_3_0_RELEASE/examples/LDAP/samba.schema 2005-01-28
17:36:41 UTC (rev 5060)
+++ branches/SAMBA_3_0_RELEASE/examples/LDAP/samba.schema 2005-01-28
17:41:10 UTC (rev 5061)
@@ -389,7 +389,17 @@
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+attributetype ( 1.3.6.1.4.1.7165.2.1.56 NAME 'sambaAccountPolicyName'
+ DESC 'Account Policy Name'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+attributetype ( 1.3.6.1.4.1.7165.2.1.57 NAME 'sambaAccountPolicyValue'
+ DESC 'Account Policy Value'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+
###
## objectClasses used by Samba 3.0 schema ##
###
@@ -457,7 +467,7 @@
DESC 'Structural Class for a SID'
MUST ( sambaSID ) )
-objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
+objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
DESC 'Samba Configuration Section'
MAY ( description ) )
@@ -479,3 +489,8 @@
## MUST ( sambaSID )
## MAY ( sambaPrivilegeList ) )
+objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaAccountPolicy' SUP top
STRUCTURAL
+ DESC 'Samba Account Policy'
+ MUST ( sambaAccountPolicyName $ sambaAccountPolicyValue )
+ MAY ( description ) )
+
