[Samba] Weird Profiles issue
Hi All, I am running Debian on my servers with slapd 2.1.30-3 and samba 3.0.10-1. Having some issues with the mandatory profile. When users log in (nt4 2000), sometimes they just get a message saying that the mandatory profile cannot be found. If they wait a while they can log in fine. Also if you log in locally, and ssh in, and reset the permissions to what they already are, then the user can log in fine. Any ideas? TIA, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as PDC and BDC on the same network.
Clement DIEBOLD a écrit : John H Terpstra a écrit : On Wednesday 02 March 2005 09:10, Clement DIEBOLD wrote: Mccrory, Kevin B a écrit : This is the way it should be working. The BDC handles authentication requests for the domain unless it becomes overloaded at which time the PDC steps in to take over. Refer to Chapter 4 section 4.2 of the Official Samba-3 HOWTO and Reference Guide that explains Domain Control. In fact, the two servers are running : the PDC make the authentification and the BDC make nothing. I shut down the samba PDC, then the BDC make authentification. When the PDC comes back the authentification still made on the BDC. Then if i shut down the BDC, the PDC remake the authentification, but if I restart the samba on BDC, BDC make authentification. Strange, is'nt it?? No, I am glad to see that you find Samba domain control works as it should. It would be strange if it behaved differently. - John T. OK. I have a netlogon script to map networks drives (home and temp) : @echo off echo Script de demarrage net use T: %LOGONSERVER%\temp /PERSISTENT:NO If the users are authenticated by the BDC, the share would be mounted on the BDC and not on the PDC. The users data are on the PDC and are replicated after with rsync on the BDC. So the data should be on the PDC. Then, if I put : @echo off echo Script de demarrage net use T: \\PDC\temp /PERSISTENT:NO Then, if the PDC becomes down, this script wouldn't work and i must be there to change the name of the server in the script. So, what should I do ?? Thanks for the responses. -- Clément DIEBOLD Service Informatique LMARC Université de Franche-Comté 24, chemin de l'Epitaphe 25000 Besançon Tel : 03 81 66 60 53 Fax : 03 81 66 67 00 -- Any idea ?? Thanks -- Clément DIEBOLD Service Informatique LMARC Université de Franche-Comté 24, chemin de l'Epitaphe 25000 Besançon Tel : 03 81 66 60 53 Fax : 03 81 66 67 00 -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] To the ones who may concern :: German Translation of the Samba-Docs SOON AVAILABLE AS BOOK.
Hello, John, the day before yesterday (on 03/02/2005 at 16:02) you noticed: JHT Congratulations on this achievement - I hope that your efforts will be well JHT rewarded and that the German translation will be on of many other language JHT translations that will follow it. Thanks, John ... -- Bye, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] are there known problems with NTConfig.POL with samba 3.11 ?
Hi Jerry ,hi Sambatsitas, yesterday i installed a brand new ldap smb pdc with latest smb sources ( all suse 9.2 ), and latest ldap scripts from idealx.( orginal source rpm ) All work fine ( as far i testet it ). (Usrmgr was just wow..!) So at last i did a NTConfig.POL with poledit.exe for win xp serv Pack2 on the netlogon share. I used adm modified adm files and a other poledit cause system.adm ( winxp s.2 ) from orginal ms src with orginal ms poledit didnt loaded on my xp laptop,or on another XP workstation ( would be another question why.. ) But the exec NTConfig.POL failed for unknown reasons, the default logon scipt ( also on netlogon ) work just nice.( so there is no file permissions Problem etc) I cant see a Problem at the samba log.., either in event service. My Testclient German Win xp SP2 ( with uptodate patchlevel ) is joining domain and login but it doesnt execute (load) the pol file... I have tried gpupdate force and other stuff, but didnt get closer to the problem. I tried a NTConfig.Pol file which works quite well in another domain with win 2000 / xp serv pack1 clients, but failed again. So are there known Problems to samba 3.11 or/and win xp serv pack 2 with NTConfig.POL? As i know some magic about policies i will try the setup again with a brand new install Win XP Sp2 test client and try again...but before i wanna ask if somebody had/has simular problems. Best Regards Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] secure channel
Help please. How to reset the secure channel between the domain controller on samba3 and workstation with Win XP? this workstation worked properly till today, but now it can't log in to domain . I have run a netdiag utility and has seen the issue: rust relationship test. . . . . . : Failed [FATAL] Secure channel to domain 'MYDOMAIN' is broken. [ERROR_ACCESS_DENIED] may be another way to fix it (except rejoining a domain) ?? thanx in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] OW #10.08 - Offers too good to be true
--== OFFICE WATCH ==-- The Microsoft Office newsletter from Woody's Watch. Your independent source for MS Office advice and news since 1996 4 March 2005 Vol 10 No 8 New! The Desktop Search Handbook - http://shop.woodyswatch.com/dsh/ Advertise in Woody's Watch - great rates, great reach, no hard sell. Ask Jan [EMAIL PROTECTED] 1. Editing incoming messages 2. Preventing Editing of your messages 3. Too good to be true 4. Publisher 2003 for $50 5. Save Attachments 6. Keep OW Alive and Free Got Office? Get OfficeRecovery! There is up to 99% of useful data in a file that won't open anymore. Get it back with data recovery utilities for Word, Excel, PowerPoint, Access, SQL Server, Outlook, Exchange and other applications. Available standalone and in OfficeRecovery suites. Use yourself, tell colleagues. *** Click http://ref.OfficeRecovery.com/?wow for a free demo. *** Need a new PC but cannot afford one? Buy ReCertified DELL with full warranty from http://www.tkoeducation.com - from $119! __ 1. EDITING INCOMING MESSAGES Thanks to everyone who wrote in about Outlook's ability to edit an incoming message. http://www.woodyswatch.com/office/archtemplate.asp?v10-n06 For many readers it's just a handy feature but for anyone in the legal or corporate world it could have interesting consequences. I think the best summary can from James R who wrote: After working for many years for a legal department consulting on various IT issues, it has become remarkably clear to me that the law puts way more stock in the integrity of e-mail than is deserved. Email messages are edited enroute to there final destination every day. Most times these changes are innocuous, beneficial and mostly identified by the system doing the changes. However, it is a far leap from the integrity assumed by lawyers, and to be fair the vast majority of the e-mailing population While there's a difference between the changes to the email header made enroute and changes in the substance of the message - his point is a good one. It's a mistake to treat emails as having the same verifiable integrity as a printed document. Unlike a paper document, an email can be changed without trace and that needs to be acknowledged by everyone. It's worth remembering that not only received items can usually be edited but the 'Sent Items' copy of message you send can be edited after sending. So it is possible for someone to change their record of an email that was sent. Far be it for us to give legal advice but we suspect that any savvy legal department is covering themselves by putting some form of disclaimer that says the emails supplied are as found and there's no guarantee that the messages have not been edited after receipt. The same applies to government departments subject to Freedom of Information laws. ___ New Software! ResearchPro puts a filing cabinet on your computer. Copy/paste news, articles, web pages, etc, or type in directly. Search, share, and manage your information. Import and export Access, Excel, and Word. Academic or professional research; anyone with a hobby. 25% discount: Office_P25. www.researchprosoftware.com ___ Finding your way through all those old documents and worksheets was a horrible task until the fantastic new and free tools for all Office users; Google, MSN, Yahoo, Copernic and Microsoft. They all have their pros and cons - choosing one isn't easy - so Woody's Watch has made The Desktop Search Handbook an Office Watch guide http://shop.woodyswatch.com/dsh/ Which products search not just Word and Excel documents but other formats like WordPerfect and Quattro Pro? Which ones can find documents inside compressed ZIP files? How can you search Microsoft OneNote files even though Microsoft's own products don't support it? This is the Woody's Watch teams first ebook - over 65 pages of in-depth and original info and how to's on the major desktop search products. Searchable text and color images throughout - naturally. * All new and expanded content * NO advertising - 65 pages plus appendices. * In depth reviews and how to for the major Desktop Search products o Copernic Desktop o Google Desktop Search o Lookout for Outlook o MSN Toolbar Suite o Yahoo Desktop * Simple guide to making desktop searching work even better for you. o Effective indexing o Simple searching and beyond. o Tips on how to effectively index audio, video, OneNote, web caches and PDF's. o Search Command Reference NEW - quicker delivery. Thanks to some programming smarts from Claudia and Claude we now send the link to your personal copy of the e-book fast - usually within minutes of your paid order. Even if you have a Desktop Search program The Desktop Search Handbook has tips on how to get the most from these new tools and details on any add-ons that are
[Samba] Winbind Daemon dying
Samba 3.0.11 on SLES8 on z/VM The system will be running fine then every few days the Winbind daemon will stop. Below are the last lines of the log file. [2005/03/03 14:15:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(475) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/03/03 14:15:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(475) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/03/03 14:15:01, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(475) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/03/03 14:15:01, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(475) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=17036 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=17036 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=16952 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=20416 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=20256 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=19356 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=17036 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=17036 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=16952 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=19688 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=17944 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=20336 [2005/03/03 14:27:51, 0] tdb/tdbutil.c:tdb_log(725) tdb(/usr/local/samba/var/locks/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=17528 [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03 14:27:51, 0] lib/util_sid.c:string_to_sid(301) string_to_sid: Sid BB does not start with 'S-'. [2005/03/03
Re: [Samba] Request to update slapd.conf and OpenLDAP info for Samba-Guide/happy.html
Tony Earnshaw wrote: John H Terpstra: [...] The appendix information I added to Samba-3 by Example was put there so that the information would not be lost. and so that others could use it to expand the technique to suit more complex environments. Unfortunately, the complexity barriers of Samba plus LDAP is proving a lot more than some sites are willing to endure. The discussions we have had on this mailing list regarding LDAP configuration problems as well as the importance of getting the UID=0 situation right are of benefit to many and a turn-off to a few people also. In many ways, for us and for them, it is probably better that they get turned off sooner, rather than create something that might be more negative later on. For those of us who have found the right solution Samba is liberating. John, There's a comparatively new mailing list for people who need to discuss the interoperability between (especially Open)LDAP and other products, a subject that's OT on the OpenLDAP list. A number of clued-up and helpful people (who don't all share my views :) subscribe, who don't subscribe to this list; I've written to the list master to see if he's mind if Samba people subscribe for discussion of LDAP-specific Samba questions. Typical topics might be: Which OpenLDAP version to use How to configure it best for Samba How to configure BDB DSE/DIT architecture SSL/TLS configuration ACL design Security Sources of information on the web, FAQs. We'll see if we're welcome there. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Whitch list is it? regards, -- RNuno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A probably silly thought but...
On Friday 04 March 2005 00:30, Matthew Western, IT Support, Lonsdale wrote: Not a silly thought. I've instead of spending x hunderd thousand on brandname ibm servers and sans, how you could create a RAID array of PCs running IDE hard drives. If a PC dies just plug in some more and rebuild. If you want to add more space just add more PCs. :) that would be cool. Network block device + dm. Obviously you wouldn't use it still for critical data like databases etc, but our user directory would be a good candidate. -Original Message- [snip] at the moment i'm using rsync twice a day to sync about 2TB amount of data between two hardware raids (both raid5 with 2 hot spare) advantage: if filesystem is corrupt on one raid, the other raid is normaly not affected This is the recipe for high reliability: * RAID5 protects you from hardware failure * backup protects you from human error/kernel bugs One of your RAIDs is effectively a backup. You don't really need to store it on the RAID tho, unless you want to be protected from *simultaneous* hw failure on both machines. Very unlikely. You can keep backup on plain ol' disk. -- vda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NTFS ACLs - access denied
Did you ever get it to work? I am having the same problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] idmap backend problems
Hello, I am trying out Samba + Winbind + NSS + CIFS in a test environment, which currently consists of a PDC, a fileserver, and a client, all with samba 3.0.11 I got everything working more or less, but noticed that the uid's are different on the fileserver and on the client (resulting in erroneous file ownership on the cifs mount). This is also very obvious when doing a getent passwd. The [global] portion in the smb.conf file on fileserver and client: [global] winbind separator = + realm = testwg workgroup = testwg encrypt passwords = true password server = testpdc security = DOMAIN idmap uid = 1-65000 idmap gid = 1-65000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes allow trusted domains = No unix extensions = yes After reading the docs, I get the impression that I should use a idmap backend to have consistent uid's. Am I correct? I don't have an LDAP server, and I'd prefer not to add another service to the chain, so I recompiled samba with --with-shared-modules=idmap_rid and tried adding idmap backend = idmap_rid:TESTWG=1000-5000 to both the fileserver and client smb.conf files. This breaks uid mapping. in log.winbindd, i got lots of entries like: [2005/03/04 14:21:08, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-1893565685-1185636268-3552291067-3110 [2005/03/04 14:21:08, 1] nsswitch/winbindd_user.c:winbindd_getpwent(566) could not lookup domain user Any idea? Maarten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Difference Copy and Move at inheriting
Hello, if I copy or create a file or directory, it inherits the permissions of it's parent. If I move a file from one directory to another, it will not inherit the permissions of the target-directory. Why? [daten] comment = Daten path = /samba/daten inherit permissions = yes inherit ACLS = yes nt acl support = no writeable = yes hide unreadable = yes veto files = /.*/ root preexec = /etc/samba/scripts/mk_sambadir /samba/daten/.recycle/%U %U %g vfs object = recycle recycle:repository=.recycle/%U recycle:versions=True recycle:keeptree=True Thanks for your responses. matze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind 3.0.11 breaks winbind trust if netbios disabled?
Hi all. I've just upgraded from 3.0.7 to 3.0.11 and now my server can no longer establish a trust relationship with the domain controllers. It appears to be because we have netbios turned off (in config: disable netbios = yes). I was getting this error: trusted_domains: Could not open a connection to DBG for PIPE_NETLOGON (NT_STATUS _DOMAIN_CONTROLLER_NOT_FOUND ...so I searched the list archives and found Jerry's patch: http://www.samba.org/~jerry/patches/post-3.0.11/winbind_find_dc_v2.patch But still I'm having no joy. I have a different error now: ads: trusted_domains got ldap server name [EMAIL PROTECTED], using bind path: dc=DBG,dc=ADS,dc=XXX,dc=COM IPC$ connections done anonymously Doing spnego session setup (blob length=114) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Doing kerberos session setup Ticket in ccache[MEMORY:cliconnect] expiration Sat, 05 Mar 2005 00:27:27 GMT failed tcon_X with NT_STATUS_ACCESS_DENIED Are there any other patches I need to apply? I really need to upgrade because of the security vulnerabilities, and I I'm not allowed to turn netbios back on. Any/all ideas will be appreciated. Thanks, Tim. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] idmap backend problems
After reading the docs, I get the impression that I should use a idmap backend to have consistent uid's. Am I correct? Not so much, you're on the right path tho. The idmap is primarily to give a mapping between unix uids and windows SIDs when the users come from an AD system or something of that nature. Basically if you don't have real unix users you use winbind and idmap to get it done... if I understand correctly. I don't use either. I don't have an LDAP server, and I'd prefer not to add another service to the chain, so I recompiled samba with That's essentially what you need to do unfortunately. You need to store the mapping someplace globally accessable for both machines to read it. I see the light bulb going off in your head WRT storing the idmap file on an nfs mount or some other shared filesystem, don't do it, it won't work. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error while opening Excel VBA macros in Samba PDC windows clients
Jeremy Allison wrote: On Sun, Feb 27, 2005 at 04:58:28PM -0500, Prakash Velayutham wrote: Hi, I can do a ethereal capture if that is good enough. It is 100% reproducible. I will send this info tomorrow as this is in my office. That's great. I'll be at connectathon all next week so my response time will be slow, but that's exactly what we need. Cheers, Jeremy. Hi All, This issue has been sorted out. It was a problem with the profiles of the users I was trying to test as. Sorry for bothering you all. Thanks Jeremy. Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba failed to authenticate to openLDAP
Smbldap-tools has a passwd script which will change/sync the password(s);
you can even configure samba to utilize this script when a client from a
windows machine tries to change their password, (see example below). I might
also recommend you look into a decent web-based or graphical LDAP account
manager, (LAM comes to mind, not sure what platform you're working from, but
on FreeBSD it's just a matter of installing it from the ports check the
website out - http://lam.sf.net/).
We are using LDAP, in conjunction with nss_ldap pam_ldap on the unix side
plus samba 3.0.11 on the windows side; single sign on regardless of which
machine/platform any user is on. Roaving profiles on the windows network,
and even Sun stations can share the same pam database for authentication and
nss information - all works very well, and has suited us perfectly. We are
currently using either LAM, (Ldap Account Manager - http://lam.sf.net/ ), or
manual ldap insert/delete/modify commands to administer our users. LAM takes
about ten minutes to setup and get going, and even less to figure out and
work with; gives the ability to control Unix, Posix, Samba, and other
attributes of any user, group, domain, or domain-machine (host) account.
Anyhow, just my two cents - but you should take a look into something like
LAM to save you time; (I know there are other utilities/user managers, one
in particular we tried which runs from X-win... But we found the simplicity
of LAM to be key).
Here's an example of how to configure samba to use smbldap-tools' password
script:
ldap passwd sync = yes
passwd program = /server/bin/smbldap-tools/smbldap-passwd.pl -u %u
passwd chat = Changing password for*\nNew Password* %n\n *Retype new
password* %n\n
--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate Tool Ltd.
http://www.wmplt.com/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
Zeng
Sent: Thursday, March 03, 2005 7:59 PM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: Re: [Samba] samba failed to authenticate to openLDAP
Paul and Craig,
I finally got it working. The reason it failed before is the way I built
the LDAP DIT. I also found a problem in smbldap-populate script which I
will describe below.
Here were what I did:
1) run configure.pl
2) edit smbldap-populate and change the following line:
my ($organisation,$ext) = ($config{suffix} =~ m/dc=(.*),dc=(.*)$/);
to:
my ($organisation,$ext) = ($config{suffix} =~ m/dc=(.*)$/);
The reason is I only have a single name for my domain, i.e. dc=mfelc.
but the perl script will suppose we have exactly two names, for example,
dc=idealx, dc=org. It also won't work if you have three names in your
domain. (dc=mydept, dc=mycompany, dc=com)
3) run smbldap-populate
it works perfectly to build the DIT
4) use smbldap-migrate-unix-accounts to migrate NIS accounts
5) use smbldap-migrate-unix-groups to migrate NIS group
this time when I use smbclient with a NIS account, the log will show
wrong password. So I run smbpasswd to give this account a new samba
password and run smbclient again. it works.
There are two problems here:
1) how to migrate NIS hosts into LDAP?
2) I checked the LDAP attributes and found three password fieds:
SambaLMPassword
SambaNTPassword
userPassword
How can I sync them so that I don't have to keep two or more password
for one user account?
Best Regards,
Steve
Paul,
I downloaded smbldap-tools-0.8.7 and tried the following:
1) run configure.pl
2) initialize LDAP base and then start LDAP server
dn: dc=mfelc
dc: mfelc
objectClass: top
objectClass: domain
3) run smbldap-populate
4) run the following migration tool to import users from NIS:
smbldap-migrate-unix-accounts -a -P /tmp/passwd.nis
5) run the following migration tool to import groups from NIS:
smbldap-migrate-unix-groups -a -G /tmp/group.nis
6) smbldap-useradd -a -m testuser1
smbldap-passwd testuser1
6) smbclient //enzo/testuser1 -U testuser1
got the following errors:
-
User testuser1 in passdb, but getpwnam() fails!
[2005/03/01 18:12:11, 5] auth/auth_util.c:free_server_info(1344)
attempting to free (and zero) a server_info structure [2005/03/01
18:12:11, 0] auth/auth_sam.c:check_sam_security(306)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2005/03/01 18:12:11, 5] auth/auth.c:check_ntlm_password(271)
check_ntlm_password: sam authentication for user [testuser1] FAILED
with error NT_STATUS_NO_SUCH_USER
[2005/03/01 18:12:11, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [TESTDM]
was for this SAM.
[2005/03/01 18:12:11, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: winbind had nothing to say
[2005/03/01 18:12:11, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [testuser1] -
[testuser1] FAILED with error
[Samba] Excel samba-3.0.11 slowness/hanging/lockup issues... Anyone?
Here's the problem we're encountering: ~~ Having intermittent problems regarding users opening/accessing/saving/writing MS Excel files into samba shares. When a user accesses a file on a shared volume via samba, they can open an Excel file and end up with one of two conditions; either their system hangs after opening the file for a short pause (sometimes as much as 30seconds) - then all is well, or they hang after opening Excel, but before loading the file (which is the more common issue). It's as though the file is being held or accessed by something which is preventing Excel from opening it right away; thought perhaps antivirus was the issue therein, but disabling antivirus reveals no change in the problem. So I'm assuming it has to do with a locking issue or something of the likes, but I've not encountered this before and figured I might have better luck asking around before I pull my hair out over here. Here's the scenario about as detailed as I thought neccessary: ~~ - Running two servers, both identical hardware and O/S (64bit FreeBSD on Dual AMD Opteron boxen) Both servers access the same user database and use nss_ldap pam_ldap for authentication and userinfo. - The first, which acts as the BDC using samba 3.0.11, runs the primary ldap server for single-sign-on application using posix/unix/samba account attributes combined. We're using OpenLDAP, and running slurpd to the second server which runs a slave ldap server purely for backup purposes. - The second server, which acts as the PDC using samba-3.0.8 (havn't gotten around to upgrading it yet, hesitant because of the printer drivers db, etc stored in the current config). Users login on the windows side from either W2K pro, or WinXP Pro. Their profiles are shared/stored on the BDC (all profiles mapped to BDC, regardless of which server they happen to login to). All of the office, estimating, purchasing, and accounting shares are on the BDC as well, (the PDC runs all engineering, cad, cmm, cnc, and archive data). Both machines rsync each other's data back and forth and offer the same shares in case of total system failure by one of the servers, (rsync'd daily, so worst-case, a department can roll back to previous day's data). We are running WINS, the BDC and PDC have static entries in WINS.DAT, (ironically because the BDC doesn't seem to broadcast it's pressence - but that's another issue), all name resolution has no delay; ie: ping server2 goes right through without hesitation to the correct IP address. There is also an internal DNS server which maps forward and reverse DNS entries in conjunction with the dhcp services. All client computers get their ip address and configuration information from DHCP; but all have a Novell Netware client installation as well. Novell is running on both tcp/ip and IPX/SPX, there are a few clients (namely dos machines mostly), which are not on the samba domain and use the same physical network to access a novell Netware Server via IPX, however all windows clients use tcp/ip exclusively. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmplt.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 'profiles' command with WinXP Profiles
Hi all, I have gotten the 'profiles' command to work for NT and Win2K profiles very well. In Windows XP, I am able to change the 'owner' but not the 'group' SID. It gives no errors but it just doesn't change them. A snippet of the profile in question is below: furnsrv:/data/samba/profiles/jon # profiles NTUSER.DAT |grep S-1-5 Owner SID: S-1-5-32-544 Group SID: S-1-5-21-2127521184-1604012920-1887927527-513 Perms: 000F003F, SID: S-1-5-18 Perms: 000F003F, SID: S-1-5-32-544 Perms: 1000, SID: S-1-5-18 Perms: 1000, SID: S-1-5-32-544 Owner SID: S-1-5-32-544 Group SID: S-1-5-21-1505131970-119759924-475665672-513 Perms: 000F003F, SID: S-1-5-18 Perms: 000F003F, SID: S-1-5-32-544 Perms: 1000, SID: S-1-5-18 Perms: 1000, SID: S-1-5-32-544 Owner SID: S-1-5-21-725326080-1709766072-2910717368-2060 Group SID: S-1-5-21-383998039-2845272951-4289691644-2061 Perms: 000F003F, SID: Perms: 1000, SID: S-1-5-18 Perms: 000F003F, SID: S-1-5-32-544 Perms: 1000, SID: S-1-5-32-544 Owner SID: S-1-5-32-544 Not only are the groups all wrong, but I don't even know where most of the SIDs in there came from. The S-1-5-21-383998039-2845272951-4289691644-2061 is from the old domain. The others I haven't a clue. Anyway, if I use the following syntax: profiles -c S-1-5-21-383998039-2845272951-4289691644-2061 -n S-1-5-21-725326080-1709766072-2910717368-513 /path/to/NTUSER.DAT I get no errors, but the SID doesn't really change. The user gets access denied trying to load his profile. I would rather not have to redo this user's profile, so if anyone can give me some wisdom it would be great. I did read in the man page for 'profiles' that only NT is supported, but I am hoping there might be a workaround. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Kerberos Tickets gone after reboot
Thanks for the reply. Here is the output of my files and a general way I have things setup. W2K AD Domain Controller- MIT Kerberos - WINBIND - Solaris 2.8/2.9 (same issue with both platforms.) Out from the /etc/nsswitch.conf, smb.conf, and klist. -I can add the samba server to the domain as a member. -Can authenticate local domain and trusted users to map drives to the shares. -On reboot the users can't authenticate anymore, and if I do a 'klist' the Kerberos tickets are gone.. -I took a snapshot of the files used (including the klist when the server is up before reboot.) # /etc/nsswitch.nis: # # the following two lines obviate the + entry in /etc/passwd and /etc/group. passwd: files nis winbind group: files nis winbind #=== Global Settings = [global] ## Basic Server Settings # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = EDSADDDM realm = EDSADDDM.DDM.APM.BPM.EDS.COM # server string is the equivalent of the NT Description field server string = Chucky Imaging Server log file = /var/samba/log/log.%m log level = 2 max log size = 100 security = ADS # Passwords Authentication encrypt passwords = yes ## Winbind idmap uid = 6-7 idmap gid = 8-9 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = no # Share Definitions == [rdn7] comment = Imaging Share path = /rdn7 public = no writable = yes printable = no browsable = no Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 03/03/05 09:45:35 04/10/05 15:46:57 krbtgt/[EMAIL PROTECTED] renew until 07/16/06 10:45:35 03/03/05 09:47:02 03/05/05 14:02:02 [EMAIL PROTECTED] renew until 07/16/06 10:45:35 03/03/05 09:47:03 03/05/05 14:02:03 kadmin/[EMAIL PROTECTED] renew until 07/16/06 10:45:35 *** My problem is that I have to re-join my samba server to the domain every time I reboot. I am assuming that it is because when I reboot the Kerberos ticket is gone. I have to manually issue the kinit command, then net ads join, then it all works again. Maybe the Kerberos ticket is not the problem..? Any ideas? Tschuess' -Original Message- From: Sebastian Bickel [mailto:[EMAIL PROTECTED] Sent: Thursday, March 03, 2005 10:53 PM To: Scarry, Robert Subject: Re: [Samba] Kerberos Tickets gone after reboot Has anyone had experience with MIT Kerberos tickets not valid after server reboot? After server reboot I have to do a 'kinit' to get a new ticket, re-join the AD domain, and restart samba. Then all is fine until I have to reboot the server again.. Same thing again and again. My time is synced, Kerberos tickets are good for 500d. I don't now, what's your problem, but Kerberos tickets valid for 500d is very long and could lead to a security problem. Greetings Sebastian -- DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen! AKTION Kein Einrichtungspreis nutzen: http://www.gmx.net/de/go/dsl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade question
I am currently running Samba 3.0.6 and I want to upgrade to the newest version. But before I do I want to know is there any way I can dump the user DB such that if some thing bad happens I could load it into a fresh install of samba? OS: RedHat 9 SAMBA:3.0.6 Passwd DB: tdbsam The RedHat machine is configured as an NT PDC. When I upgrade software I would like to continue to use tdbsam as my passwd db. Thanks, Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unchangeable Password must change: Fri, 13 Dec 1901 21:45:51 MET
Hello Group, I've been reading many posts but i still don't have the answer to how to force a password change or set a password lifetime. I'm using w2k clients which connect to a samba PDC version 3.0.10 on a basic SunOS 5.8 system, no ldap or so. syncing the ux-passwords and the smb-passwords works perfect, but i can't get it working to force users to change passwords. The command that should do this is ; pdbedit -P maximum password age -C 5 I know this are seconds, but just for testing Running this command as root gives; root pdbedit -P maximum password age -C 5 account policy value for maximum password age was 100 account policy value for maximum password age is now 5 root It does change the policy; account policy value for maximum password age is 5 but nothing is changed when i give the pdbedit -v command. When i run a pdbedit after i logged in/out as a user on the w2k system, nothing has happened the output is exactly the same as it was before. root pdbedit -v -u useraa Unix username:useraa NT username: Account Flags:[U ] User SID: S-1-5-21-4240529304-4054190640-1643903753-27306 Primary Group SID:S-1-5-21-4240529304-4054190640-1643903753-1021 Full Name: Home Directory: \\server\useraa HomeDir Drive: Logon Script: Profile Path: \\server\useraa\profile Domain: NETDOM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Fri, 13 Dec 1901 21:45:51 MET Kickoff time: Fri, 13 Dec 1901 21:45:51 MET Password last set:Thu, 03 Mar 2005 17:21:36 MET Password can change: Thu, 03 Mar 2005 17:21:36 MET Password must change: Fri, 13 Dec 1901 21:45:51 MET Last bad password : 0 Bad password count : 0 Logon hours : FF root Selecting the option change password at next logon is usrmgr on the w2k machine doesn't do the trick either. Does anybody have a suggestion to get this running? Or is there another way to force users once in a while to change password? (maybe some command(s) i can put in cron) All help is welcome Thanks in advance Harold -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems saving Excel sheets using Office 97 on a Sambashare
Nathan, Thanks for the tips. Most of these settings were already in place, but the ones that were not already there I set up, with the exception of the 'force group' setting. I hesitate to try this simply because many of the subfolders under the shared volume are have their access controlled by group, and I didn't want to risk preventing others from accessing their files in the middle of the day. I'm not sure it would change much though, as this doesn't exactly seem to be a permisions issue, at least not a normal one. Each folder is set with a group, and the GID is set also so it stays. Each user in the group then has full access to all folders and files in that folder except for Excel files. These users can create new files and folders, delete them, and do anything they need, but if they try to save a file that they are not the owner of, they see the error in Excel when they try to save. Could it be that we're using such an old version of Excel? Would a newer version possibly save it's files differently? Thanks! Brandon Nathan Vidican 03/03/05 03:49PM Try something like the following: [some-share] path = /some/where/files/are valid users = @groupname write list = @groupname create mask = 0660 directory mask = 0770 force group = groupname end of snippet We utilize similar configurations; by forcing the group, it will be irrelevent as to which logon group a particular user belongs to, and still it will create/save files with the permissions as expressed (group read/write/[execute for dir]). Thereby allowing all members of 'groupname' to access any file put in the share by any other user in the same group. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmplt.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brandon Laing Sent: Thursday, March 03, 2005 3:48 PM To: samba@lists.samba.org Subject: [Samba] Problems saving Excel sheets using Office 97 on a Sambashare Hey all, We're having some trouble saving Excel documents on our Samba Fileserver. We are moving people over to our Samba box, and have moved most of our documents over. Now, we have people opening their Excel documents, but are unable to save them. When something is saved, we see this message: Your changes could not be saved to 'document.xls', but were saved to a temporary document named '349rgjh928'. Close the existing document, then open the temporary document and save it under a new name. Now, these users have full access to the folder in which they're trying to save these sheets. New documents can be created an deleted without any problem, so it doesn't appear to be a permissions problem. However, if I manually set the document owner to the user trying to save the document, it seems to save without a problem. Of course, this isn't a viable option, as we have multiple people accessing these documents all the time, and as a group, they have full access to these folders. So, I'm wondering what I can do on this system to resolve this issue. I know we're using an old version of Excel, but it still works for what we need. Our version of Samba is 3.0.10-1.fc2, and we are running on a Fedora Core 2 system. The clients connecting are using Windows XP Home, and have Excel 97 SR-2. Any ideas on what I can do to clear this up? I can post config files if needed, but as of right now, it's almost the default with just the share volume set up. Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unchangeable Password must change: Fri, 13 Dec 1901 21:45:51 MET
Harold, Are you using tdbsam as your password backend? If not, then you can not do what you are attempting to do. There is no place in the smbpasswd file to store account aging information. Please confirm that you have in the globals section of your smb.conf file: passdb backend = tdbsam If you need to migrate from smbpasswd to tdbsam, after the above has been added to the smb.conf file you can migrate the data by executing: pdbedit -i smbpasswd -e tdbsam Cheers, John T. On Friday 04 March 2005 09:37, [EMAIL PROTECTED] wrote: Hello Group, I've been reading many posts but i still don't have the answer to how to force a password change or set a password lifetime. I'm using w2k clients which connect to a samba PDC version 3.0.10 on a basic SunOS 5.8 system, no ldap or so. syncing the ux-passwords and the smb-passwords works perfect, but i can't get it working to force users to change passwords. The command that should do this is ; pdbedit -P maximum password age -C 5 I know this are seconds, but just for testing Running this command as root gives; root pdbedit -P maximum password age -C 5 account policy value for maximum password age was 100 account policy value for maximum password age is now 5 root It does change the policy; account policy value for maximum password age is 5 but nothing is changed when i give the pdbedit -v command. When i run a pdbedit after i logged in/out as a user on the w2k system, nothing has happened the output is exactly the same as it was before. root pdbedit -v -u useraa Unix username:useraa NT username: Account Flags:[U ] User SID: S-1-5-21-4240529304-4054190640-1643903753-27306 Primary Group SID:S-1-5-21-4240529304-4054190640-1643903753-1021 Full Name: Home Directory: \\server\useraa HomeDir Drive: Logon Script: Profile Path: \\server\useraa\profile Domain: NETDOM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Fri, 13 Dec 1901 21:45:51 MET Kickoff time: Fri, 13 Dec 1901 21:45:51 MET Password last set:Thu, 03 Mar 2005 17:21:36 MET Password can change: Thu, 03 Mar 2005 17:21:36 MET Password must change: Fri, 13 Dec 1901 21:45:51 MET Last bad password : 0 Bad password count : 0 Logon hours : FF root Selecting the option change password at next logon is usrmgr on the w2k machine doesn't do the trick either. Does anybody have a suggestion to get this running? Or is there another way to force users once in a while to change password? (maybe some command(s) i can put in cron) All help is welcome Thanks in advance Harold -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 Available for Download
On Mon, Feb 28, 2005 at 08:11:44AM -0600, Gerald (Jerry) Carter wrote: Volker still owes some docs on it as far as I know. By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he is member of. The plain Unix model involves a complete enumeration of the file /etc/group and its NSS counterparts in LDAP. In this particular case there often optimized functions are available in Unix, but for other queries there is no optimized function available. To make Samba scale well in large environments, the ldapsam:trusted=yes option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the standard posixAccount/posixGroup model, and that the Samba auxiliary object classes are stored together with the the posix data in the same LDAP object. If these assumptions are met, ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS system to query user information. Optimized LDAP queries can speed up domain logon and administration tasks a lot. Depending on the size of the LDAP database a factor of 100 or more for common queries is easily achieved. Volker pgpndmAGjsToN.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [linux-cifs-client] Mounting directories below share level
Just FYI... I added a short annotation regarding this thread here: http://ubiqx.org/cifs/NetBIOS.html#NBT.1.1 (Click the Notes icon.) I do hope that we'll get client developers (Steve, Conrad, the Thursby folk, etc.) to implement this feature. Chris -)- -- Implementing CIFS - the Common Internet FileSystem ISBN: 013047116X Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Excel samba-3.0.11 slowness/hanging/lockup issues...Anyone?
-Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Nathan Vidican Sent: March 4, 2005 7:09 AM To: samba@lists.samba.org Subject: [Samba] Excel samba-3.0.11 slowness/hanging/lockup issues...Anyone? Here's the problem we're encountering: ~~ Having intermittent problems regarding users opening/accessing/saving/writing MS Excel files into samba shares. [Mitch says:] I've seen similar delays - sometimes when printing - sometimes when accessing attachements in Outlook - 3.0.11 eliminated the roaming profile sync errors (showed up in windows event log as 1504 iirc) but I had delays with 3.0.8 too - they aren't new for me. Haven't been able to nail down a way to reproduce it 100% or I'd do something with logging and so on to capture it - if you can reproduce, do a log 10, and look for an area which shows the delay - by adding %G to your log files (or %u), you can get group unique or use unique logs, which can make your task of finding the data a lot easier... Then look for the area in the log that shows the delay - then maybe someone more familiar with samba internals can review what you found and help from there... you would at least have enough to start a bug report at that point. Hth m/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 Available for Download
Guys. Should I add this to the HOWTO at this time? If so, should it go under the chapter on group handling? Jerry, are you intent on expanding this in any way? - John T. On Friday 04 March 2005 09:59, Volker Lendecke wrote: On Mon, Feb 28, 2005 at 08:11:44AM -0600, Gerald (Jerry) Carter wrote: Volker still owes some docs on it as far as I know. By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he is member of. The plain Unix model involves a complete enumeration of the file /etc/group and its NSS counterparts in LDAP. In this particular case there often optimized functions are available in Unix, but for other queries there is no optimized function available. To make Samba scale well in large environments, the ldapsam:trusted=yes option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the standard posixAccount/posixGroup model, and that the Samba auxiliary object classes are stored together with the the posix data in the same LDAP object. If these assumptions are met, ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS system to query user information. Optimized LDAP queries can speed up domain logon and administration tasks a lot. Depending on the size of the LDAP database a factor of 100 or more for common queries is easily achieved. Volker -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 Available for Download
On Fri, Mar 04, 2005 at 10:26:12AM -0700, John H Terpstra wrote: Should I add this to the HOWTO at this time? If so, should it go under the chapter on group handling? No idea, it probably belongs into an LDAP chapter. Jerry, are you intent on expanding this in any way? The docs or the feature as such? The work on the feature will continue (probably until passdb.h fully meets samr.idl...), but the docs are vague enough that they will stay correct even with future work. And I think more detail is not necessary, except maybe a bit more emphasis on the requirements would be in order. The ldap database needs to be really correct and fully consistent. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group Permission Conflicts
We are running samba 3.0.7 on a Solaris 9 server. This is our company's main file server (migrated over from Windows). We are having issues with properly applying file permissions to different groups. Right now, we have about 400 users. They are all members of the other group at the OS level. Beyond that, all the users are divided into groups based on their department so that they have restricted access to certain folders. For example: bash-2.05$ pwd /var/share/group bash-2.05$ ls -l total 84 drwxrwx--- 4 root aop 1024 Nov 11 14:19 Affiliate Operations drwxrwx--- 3 root aud 96 Aug 17 2004 Auditors The only share that exists on the server is /var/share/group. We do not have a separate share for each folder since there are not enough drive letters in Windows to handle them all. The problem we have is that when a user creates a directory under a top level directory, in this case Auditors, it is owned by the user and the group other with permissions 770. A user in the Auditors group should be able to access the files, but they cannot until i change the owner to root:aud. Is there a way that we can change this behavior? Thanks for any help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] idmap backend problems
I disagree. According to the Release Notes the idmap_rid does NOT require an LDAP server. The way I understand it is uses the last part of your SID to derive what your UID will be, thus you will have consistancy across your Sambas. I compiled my samba the same way and it is working however I am encountering problems with the winbind daemon while in this mode. I have submitted another topic on this problem. Did you setup your /etc/nsswitch.conf file ? Josh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Gienger Posted At: Friday, March 04, 2005 8:39 AM Posted To: Samba Conversation: [Samba] idmap backend problems Subject: Re: [Samba] idmap backend problems After reading the docs, I get the impression that I should use a idmap backend to have consistent uid's. Am I correct? Not so much, you're on the right path tho. The idmap is primarily to give a mapping between unix uids and windows SIDs when the users come from an AD system or something of that nature. Basically if you don't have real unix users you use winbind and idmap to get it done... if I understand correctly. I don't use either. I don't have an LDAP server, and I'd prefer not to add another service to the chain, so I recompiled samba with That's essentially what you need to do unfortunately. You need to store the mapping someplace globally accessable for both machines to read it. I see the light bulb going off in your head WRT storing the idmap file on an nfs mount or some other shared filesystem, don't do it, it won't work. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] idmap backend problems
I disagree. According to the Release Notes the idmap_rid does NOT require an LDAP server. The way I understand it is uses the last part of your SID to derive what your UID will be, thus you will have consistancy across your Sambas. That's what I thought. I compiled my samba the same way and it is working Interesting.. Could you post me your smb.conf files (offlist maybe?) however I am encountering problems with the winbind daemon while in this mode. I have submitted another topic on this problem. What Subject? Did you setup your /etc/nsswitch.conf file ? Yes (from the top of my head:), as the docs say passwd files winbind Maarten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] idmap backend problems
On Friday 04 March 2005 11:30, Samba wrote: I disagree. According to the Release Notes the idmap_rid does NOT require an LDAP server. The way I understand it is uses the last part of your SID to derive what your UID will be, thus you will have consistancy across your Sambas. Correct. The idmap_rid facility uses the RID as the UID. I compiled my samba the same way and it is working however I am encountering problems with the winbind daemon while in this mode. I have submitted another topic on this problem. Please check the documentation in the chapter I added to the Samba-HOWTO-Collection that is available on the Samba web site. If you have a large number of users or groups it is necessary to disable winbind user and group enumeration - otherwise performance issues will eat sambas' heart out. :) NOTE the above point please. In a site with a single domain and around 20,000 users user and group enumeration would kill the ability to use idmap_rid. With these turned off everything seems to work OK. Did you setup your /etc/nsswitch.conf file ? From the posting I am guessing the original poster had done that. - John T. Josh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Gienger Posted At: Friday, March 04, 2005 8:39 AM Posted To: Samba Conversation: [Samba] idmap backend problems Subject: Re: [Samba] idmap backend problems After reading the docs, I get the impression that I should use a idmap backend to have consistent uid's. Am I correct? Not so much, you're on the right path tho. The idmap is primarily to give a mapping between unix uids and windows SIDs when the users come from an AD system or something of that nature. Basically if you don't have real unix users you use winbind and idmap to get it done... if I understand correctly. I don't use either. I don't have an LDAP server, and I'd prefer not to add another service to the chain, so I recompiled samba with That's essentially what you need to do unfortunately. You need to store the mapping someplace globally accessable for both machines to read it. I see the light bulb going off in your head WRT storing the idmap file on an nfs mount or some other shared filesystem, don't do it, it won't work. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba failed to authenticate to openLDAP
Nathan,
I could not use smbldap-passwd and any other smbldap-x commands.
I got error like this:
# smbldap-passwd administrator
/usr/sbin/smbldap-passwd: user administrator doesn't exist
The only way I can change passwd is to use smbpasswd.
any idea why is that?
Thanks.
Steve
Smbldap-tools has a passwd script which will change/sync the password(s);
you can even configure samba to utilize this script when a client from a
windows machine tries to change their password, (see example below). I might
also recommend you look into a decent web-based or graphical LDAP account
manager, (LAM comes to mind, not sure what platform you're working from, but
on FreeBSD it's just a matter of installing it from the ports check the
website out - http://lam.sf.net/).
We are using LDAP, in conjunction with nss_ldap pam_ldap on the unix side
plus samba 3.0.11 on the windows side; single sign on regardless of which
machine/platform any user is on. Roaving profiles on the windows network,
and even Sun stations can share the same pam database for authentication and
nss information - all works very well, and has suited us perfectly. We are
currently using either LAM, (Ldap Account Manager - http://lam.sf.net/ ), or
manual ldap insert/delete/modify commands to administer our users. LAM takes
about ten minutes to setup and get going, and even less to figure out and
work with; gives the ability to control Unix, Posix, Samba, and other
attributes of any user, group, domain, or domain-machine (host) account.
Anyhow, just my two cents - but you should take a look into something like
LAM to save you time; (I know there are other utilities/user managers, one
in particular we tried which runs from X-win... But we found the simplicity
of LAM to be key).
Here's an example of how to configure samba to use smbldap-tools' password
script:
ldap passwd sync = yes
passwd program = /server/bin/smbldap-tools/smbldap-passwd.pl -u %u
passwd chat = Changing password for*\nNew Password* %n\n *Retype new
password* %n\n
--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate Tool Ltd.
http://www.wmplt.com/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
Zeng
Sent: Thursday, March 03, 2005 7:59 PM
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: Re: [Samba] samba failed to authenticate to openLDAP
Paul and Craig,
I finally got it working. The reason it failed before is the way I built
the LDAP DIT. I also found a problem in smbldap-populate script which I
will describe below.
Here were what I did:
1) run configure.pl
2) edit smbldap-populate and change the following line:
my ($organisation,$ext) = ($config{suffix} =~ m/dc=(.*),dc=(.*)$/);
to:
my ($organisation,$ext) = ($config{suffix} =~ m/dc=(.*)$/);
The reason is I only have a single name for my domain, i.e. dc=mfelc.
but the perl script will suppose we have exactly two names, for example,
dc=idealx, dc=org. It also won't work if you have three names in your
domain. (dc=mydept, dc=mycompany, dc=com)
3) run smbldap-populate
it works perfectly to build the DIT
4) use smbldap-migrate-unix-accounts to migrate NIS accounts
5) use smbldap-migrate-unix-groups to migrate NIS group
this time when I use smbclient with a NIS account, the log will show
wrong password. So I run smbpasswd to give this account a new samba
password and run smbclient again. it works.
There are two problems here:
1) how to migrate NIS hosts into LDAP?
2) I checked the LDAP attributes and found three password fieds:
SambaLMPassword
SambaNTPassword
userPassword
How can I sync them so that I don't have to keep two or more password
for one user account?
Best Regards,
Steve
Paul,
I downloaded smbldap-tools-0.8.7 and tried the following:
1) run configure.pl
2) initialize LDAP base and then start LDAP server
dn: dc=mfelc
dc: mfelc
objectClass: top
objectClass: domain
3) run smbldap-populate
4) run the following migration tool to import users from NIS:
smbldap-migrate-unix-accounts -a -P /tmp/passwd.nis
5) run the following migration tool to import groups from NIS:
smbldap-migrate-unix-groups -a -G /tmp/group.nis
6) smbldap-useradd -a -m testuser1
smbldap-passwd testuser1
6) smbclient //enzo/testuser1 -U testuser1
got the following errors:
-
User testuser1 in passdb, but getpwnam() fails!
[2005/03/01 18:12:11, 5] auth/auth_util.c:free_server_info(1344)
attempting to free (and zero) a server_info structure [2005/03/01
18:12:11, 0] auth/auth_sam.c:check_sam_security(306)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2005/03/01 18:12:11, 5] auth/auth.c:check_ntlm_password(271)
check_ntlm_password: sam authentication for user [testuser1] FAILED
with error NT_STATUS_NO_SUCH_USER
[2005/03/01 18:12:11, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [TESTDM]
was for this SAM.
[2005/03/01 18:12:11, 10] auth/auth.c:check_ntlm_password(259)
[Samba] cadastros de emails divididos por estados
listas de emails por estados Mala direta e-mails cadastro em buscadores listas de e-mails divididas por profissão: http://www.gueb.de/divulgueseusite cadastros de emails divididos por estados listas de emails por estados Mala direta e-mails cadastro em buscadores mala direta virtual, divulgação por e-mail, marketing Mala direta e-mails cadastro em buscadores listas de emails por estados Mala direta e-mails cadastro em buscadores cadastros de emails divididos por estados: http://www.gueb.de/divulgueseusite listas de emails por estados Mala direta e-mails cadastro em buscadores listas de e-mails divididas por profissão mala direta virtual, divulgação por e-mail, marketing listas de e-mails divididas por profissão Mala Direta , e-mails, lista de e-mails, lista de email cadastros de emails divididos por estados listas de emails por estados listas de e-mails divididas por profissão cadastros de emails divididos por estados Mala Direta , e-mails, lista de e-mails, lista de email listas de e-mails divididas por profissão listas de emails por estados: http://www.gueb.de/divulgueseusite -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind 3.0.11 breaks winbind trust if netbios disabled?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim wrote: | Hi all. | | I've just upgraded from 3.0.7 to 3.0.11 and now my | server can no longer establish a trust relationship | with the domain controllers. It appears to | be because we have netbios turned off (in | config: disable netbios = yes). http://samba.org/~jerry/patches/post-3.0.11/winbind_find_dc_v2.patch cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCKLlTIR7qMdg1EfYRAp3oAJ903A7MHQwEv/ib4fpjSIapxEM+QgCeOqLw pRQH49YqDsO4w6c0qJysyeM= =5eNU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] are there known problems with NTConfig.POL with samba 3.11 ? /solved
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi @ll, the policies were now loaded to the new installed full updated win xp sp2 client. So i booked it to the magics of windows software that this failed with my testing laptop ( with real many stuff installed ),to your info there is no bug anymore. But as win xp has advanced settings in the adms possible, the simple redirect of my folder produces a offline sync at default of this folder, but this behavior can be killed with setting another entry in the same adm with poledit.exe. Best Regards Robert Schetterer schrieb: | Hi Jerry ,hi Sambatsitas, | yesterday i installed a brand new ldap smb pdc with latest smb sources ( | all suse 9.2 ), | and latest ldap scripts from idealx.( orginal source rpm ) | All work fine ( as far i testet it ). (Usrmgr was just wow..!) | So at last i did a NTConfig.POL with poledit.exe for win xp serv Pack2 | on the netlogon share. | I used adm modified adm files and a other poledit cause | system.adm ( winxp s.2 ) from orginal ms src with orginal ms poledit | didnt loaded on my xp laptop,or on another XP workstation ( would be | another question why.. ) | But the exec NTConfig.POL failed for unknown reasons, the default logon | scipt ( also on netlogon ) | work just nice.( so there is no file permissions Problem etc) I cant see | a Problem at the samba log.., either in event service. | My Testclient German Win xp SP2 ( with uptodate patchlevel ) is joining | domain and login | but it doesnt execute (load) the pol file... | I have tried gpupdate force and other stuff, but didnt get closer to the | problem. | I tried a NTConfig.Pol file which works quite well in another domain | with win 2000 / xp serv pack1 | clients, but failed again. | So are there known Problems to samba 3.11 or/and win xp serv pack 2 with | NTConfig.POL? | As i know some magic about policies i will try the setup again with a | brand new install Win XP Sp2 test client | and try again...but before i wanna ask if somebody had/has simular | problems. | Best Regards Robert | - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer.org Munich / Bavaria / Germany https://www.schetterer.org \** \* gnupgp \* public key: \* https://www.schetterer.org/public.key \** -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCKMhd+Jw+56iSjEkRAotMAKCquwsKcHGCSVYNrXpehdTYzhRhSQCg04tK woUIiZrI/QCISDRkhb6oyqQ= =S5o9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Extremely slow during browsing some directories
Hello, I've read the relative thread on STATUS_OBJECT_NAME_NOT_FOUND, and I think that's part of my issue: 1. When I map the shared folder as a disk to my windowsXP and Windows2K machine, then every step exploring the mapped disk or directories under this disk, takes more than 30sec to response from the samba server. I use ethereal to trace the network, and found that there are a lot of SMB Trans2 request, QUERY_PATH_INFO and SMB Trans2 response QUERY_PATH_INFO roundtrip while my windows machine waiting. 2. When I don't map the shared folder to my windows machines, things are better -- the slowness doesn't happen frequently, but it does happend randomly. When it happens, I got STATUS_OBJECT_PATH_NOT_FOUND error reported. I just updated my Samba to 3.0.12pre-1 from 3.0.10.fc3, but it seems all my issues remain as before. Does this issue introduced in certain Samba version? Does anybody suffer the same problem as mine now or before? Regards, linwei - Original Message - From: david rankin [EMAIL PROTECTED] To: Linwei Cheng [EMAIL PROTECTED] Sent: Thursday, March 03, 2005 7:32 PM Subject: Re: [Samba] Extremely slow during browsing some directories See all of the posts from the last few days with the subject: Re: [Samba] Re: Samba errors with smb QUERY_PATH_INFO,Error: STATUS_OBJECT_NAME_NOT_FOUND -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- - Original Message - From: Linwei Cheng [EMAIL PROTECTED] To: Jason Balicki [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, March 03, 2005 7:35 PM Subject: Re: [Samba] Extremely slow during browsing some directories I disabled the web client service on my computer, but it does no good. ( There are also other sharing folders from windows machinces on my network, but I didn't suffer the same problem from those windows sharings...). And I also tried to work on the samba server machine locally using smbclient, and it seems no this kind of issue - Original Message - From: Jason Balicki [EMAIL PROTECTED] To: Linwei Cheng [EMAIL PROTECTED] Sent: Thursday, March 03, 2005 5:16 PM Subject: Re: [Samba] Extremely slow during browsing some directories Linwei Cheng wrote: hi, I am quite new on using Samba and sorry maybe ask a silly question here. I set up simple Samba server on Fedora3 using the samba rpm package comes with fedora3( version 3.0.10-1.fc3). I use the SHARE security level to make things easier. Everything goes fine so far, except that for some windows user, some times, on browsing some directories, it takes extremely long time to display the folders/files list. This seems weird because it happened radomly: sometimes for the same user, same machine and browse same directory, it works quickly, but sometimes it take about a minute to get the response from server. What's the possibilities for this issue? Deperately need help. Try turning off the webclient service on the windows client machines. --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] secure channel
On Fri, 2005-03-04 at 15:17 +0200, Alexandr Harlampov wrote: Help please. How to reset the secure channel between the domain controller on samba3 and workstation with Win XP? this workstation worked properly till today, but now it can't log in to domain . I have run a netdiag utility and has seen the issue: rust relationship test. . . . . . : Failed [FATAL] Secure channel to domain 'MYDOMAIN' is broken. [ERROR_ACCESS_DENIED] may be another way to fix it (except rejoining a domain) ?? It would involve resetting the password, which is exactly the same as joining the domain. I certainly only know of the 'join to workgroup X, join to the domain again' practice. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file locking
Is file locking dependent on the editor or we can control it via the oplocks option? here's the scenario: I usually use vi from the console. However, some of my colleagues might work on the same file from the windows machine using notepad, Jedit, dreamweaver etc. What is the best way to lock files? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file locking
On Fri, Mar 04, 2005 at 03:15:42PM -0600, sharif islam wrote: Is file locking dependent on the editor or we can control it via the oplocks option? here's the scenario: I usually use vi from the console. However, some of my colleagues might work on the same file from the windows machine using notepad, Jedit, dreamweaver etc. What is the best way to lock files? You need an oplock-aware kernel and applications that are locking-aware of each other (ie. POSIX apps that attempt to get an advisory fcntl lock over any region the read/write). I don't know of any posix apps that do this (certainly not vi). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file locking
What about editors like Joe - when I run it on two terminals to access the same file, the second (and subsequent attempts) show read only... Admittedly that's probably FILE locking - not more granular like region based etc - but certainly appriate with logs of windows apps like notepad, dreamweaver etc? m/ -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Jeremy Allison Sent: March 4, 2005 1:20 PM To: sharif islam Cc: samba mailing list Subject: Re: [Samba] file locking On Fri, Mar 04, 2005 at 03:15:42PM -0600, sharif islam wrote: Is file locking dependent on the editor or we can control it via the oplocks option? here's the scenario: I usually use vi from the console. However, some of my colleagues might work on the same file from the windows machine using notepad, Jedit, dreamweaver etc. What is the best way to lock files? You need an oplock-aware kernel and applications that are locking-aware of each other (ie. POSIX apps that attempt to get an advisory fcntl lock over any region the read/write). I don't know of any posix apps that do this (certainly not vi). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file locking
On Fri, Mar 04, 2005 at 01:23:31PM -0800, Mitch (WebCob) wrote: What about editors like Joe - when I run it on two terminals to access the same file, the second (and subsequent attempts) show read only... Admittedly that's probably FILE locking - not more granular like region based etc - but certainly appriate with logs of windows apps like notepad, dreamweaver etc? I don't know about the Joe app - is it a POSIX app ? You need to turn off oplocks and see what it does between 2 Samba clients. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file locking
On Fri, 4 Mar 2005 13:23:31 -0800, Mitch (WebCob) [EMAIL PROTECTED] wrote: What about editors like Joe - when I run it on two terminals to access the same file, the second (and subsequent attempts) show read only... Admittedly that's probably FILE locking - not more granular like region based etc - but certainly appriate with logs of windows apps like notepad, dreamweaver etc? I think this is editor specific. I get the same warning in vi if I open the same file in vi. But say if I open one in vi then in gedit, the latter doesn't warn me. But If I change something in gedit and go back to vi, vi warns me that the file has been changed since reading! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Ti sei cancellato con successo
Ecco fatto, da domani non riceverai più la mia mail quotidiana... peccato... Se vuoi dirci perchè ti sei cancellato basta rispondere in automatico a questa mail e noi la leggeremo. Se invece ti sei cancellato per sbaglio puoi reiscriverti o mandando una mail (anche vuota) a: [EMAIL PROTECTED] o andando sul sito www.tuttinudi.it Buona giornata Lo staff di tuttinudi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Timeout problem with File Explorer and Word .. .was Re: [Samba] Time out tuning ?
This morning the same user experienced another timeout, however, this time the Samba log showed a panic. What is very weird about this is that the date goes into the year 1952 during the error message. The user is still complaining that if he leaves Word open for an extended amount of time or File Explorer, he will be disconnected and have his Word documents will be corrupted. This is Samba version 3.0.2-6.3E on RHEL 3.0 U1 [2005/03/04 09:52:16, 2] smbd/open.c:open_file(240) randy opened file Program Management/eLF Accounts/eLF_Pre_Release_Accounts.xls read=Yes write=Yes (numopen=2) [2005/03/04 09:52:17, 2] smbd/close.c:close_normal_file(228) randy closed file Program Management/eLF Accounts/eLF_Pre_Release_Accounts.xls (numopen=1) [2005/03/04 09:52:17, 2] smbd/open.c:open_file(240) randy opened file Program Management/eLF Accounts/eLF_Pre_Release_Accounts.xls read=Yes write=No (numopen=2) [2005/03/04 09:52:18, 2] smbd/close.c:close_normal_file(228) randy closed file Program Management/eLF Accounts/eLF_Pre_Release_Accounts.xls (numopen=1) [2005/03/04 09:53:09, 0] lib/util_sock.c:read_socket_data(342) read_socket_data: recv failure for 4. Error = Connection timed out [2005/03/04 09:53:09, 2] smbd/server.c:exit_server(558) Closing connections [2005/03/04 09:53:09, 1] smbd/service.c:close_cnum(887) randy-vm-winxp (192.168.12.25) closed connection to service ssend_sales_share [2005/03/04 09:53:09, 2] smbd/close.c:close_normal_file(228) randy closed file Program Management/eLF Accounts/eLF_Pre_Release_Accounts.xls (numopen=1) [2005/03/04 09:53:09, 1] smbd/service.c:close_cnum(887) randy-vm-winxp (192.168.12.25) closed connection to service randy [2005/03/04 09:53:09, 2] smbd/close.c:close_normal_file(228) randy closed file ssend_rlp/eLF_TdmIntro.doc (numopen=1) [2005/03/04 09:53:09, 2] smbd/close.c:close_normal_file(228) randy closed file ssend_rlp/~WRL0005.tmp (numopen=0) [2005/03/04 09:59:46, 1] smbd/service.c:close_cnum(887) randy-vm-winxp (192.168.12.25) closed connection to service docs_pending [2005/03/04 09:59:46, 1] smbd/service.c:close_cnum(887) randy-vm-winxp (192.168.12.25) closed connection to service n_drive [1952/12/21 08:03:20, 0] lib/fault.c:fault_report(36) === [1952/12/21 08:03:20, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 29261 (3.0.2-6.3E) Please read the appendix Bugs of the Samba HOWTO collection [1952/12/21 08:03:20, 0] lib/fault.c:fault_report(39) === [1952/12/21 08:03:20, 0] lib/util.c:smb_panic(1422) PANIC: internal error [1952/12/21 08:03:20, 0] lib/util.c:smb_panic(1430) BACKTRACE: 17 stack frames: #0 smbd(smb_panic+0x13f) [0x8df08f] #1 smbd [0x8cab48] #2 /lib/tls/libc.so.6 [0x187c08] #3 /lib/tls/libc.so.6(malloc+0x8d) [0x1d0b0d] #4 smbd(talloc+0x3f) [0x8e475f] #5 smbd(talloc_memdup+0x2c) [0x8e4a1c] #6 smbd(talloc_strdup+0x3a) [0x8e4a8a] #7 smbd [0x76f7a8] #8 smbd(lp_logfile+0x2c) [0x76f90c] #9 smbd(reopen_logs+0x1f6) [0x8ca226] #10 smbd(reload_services+0x2c) [0x95581c] #11 smbd(check_reload+0x4f) [0x7c9d2f] #12 smbd [0x7c9dd5] #13 smbd(smbd_process+0x13e) [0x7ca37e] #14 smbd(main+0x505) [0x956345] #15 /lib/tls/libc.so.6(__libc_start_main+0xf8) [0x175748] #16 smbd [0x76ea32] [2005/03/04 10:25:30, 2] smbd/server.c:exit_server(558) Closing connections [2005/03/04 10:27:40, 2] smbd/process.c:timeout_processing(1138) Closing idle connection [2005/03/04 10:27:40, 2] smbd/server.c:exit_server(558) On Mon, 28 Feb 2005 10:09:50 -0800, david.j as [EMAIL PROTECTED] wrote: From: Mitch (WebCob) [EMAIL PROTECTED] To: samba@lists.samba.org Date: Mon, 28 Feb 2005 09:19:31 -0800 Subject: RE: [Samba] Time out tuning ? Hello, I have a samba server running at a customer site and they have the follwing problem: Employees of that company have for extended periods sometimes word documents opened for editing, but it happens regularly that for an half hour or more no activity takes place because they are working on something else (it's a flower seed growing company , with pc's in the glasshouses and they have to monitor the seedbeds and fill in now and then something in in word documents). When that happens the word application returns a message that , There was a sharing violation ,. Is this caused by a time out on the server? or the client? Is it possible to configure the samba server to forcefully keep the connection between the client and the server alive? [Mitch says:] Are there any VPN's, smart switches or routers involved? I've not seen any app timeout problems with my servers, but I know that some routers or VPN arrangements have short timeouts / lack keep alive and can cause this sort of behaviour. We have this same exact problem in an networked environment where clients are connected to a
[Samba] Samba as user authenticator for Windows systems
Hi Everyone: I am checking to see if there is a way to use Samba as a password server. specifically, I want the following: when someone who is logged on using windows 2000/xp/98 and changes their Win2000/xp/98 password, it also changes the password on Samba/Linux automatically. Any ideas/suggestions? I think that if I use the Samba server as a PDC and have the Windows clients login to the domain, the windows clients will only be able to access the shares and not their own respective c:drives. This is what I am trying to avoid. I would like one password so that when it is changed on the client computer, it gets automatically changed on the Samba server, and the password allows access to the client computer's c:drive. Any suggestions would be greatly appreciated. Remember - I am new to this stuff so if my question doesn't make much sense, please let me know what clarification you need. Thanks. Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file locking
I think this is editor specific. I get the same warning in vi if I open the same file in vi. But say if I open one in vi then in gedit, the latter doesn't warn me. But If I change something in gedit and go back to vi, vi warns me that the file has been changed since reading! [Mitch says:] Yeah - probably... I just tried opening a file in joe that smbstatus shows active oplocks for - it doesn't complain at all, from what I can see, I think some of the posix land programs use flock, which isn't a real lock I guess, but sort of a cooperative advisory lock... So maybe the right question is Does Samba use flock on files that are oplocked? If not by default, can it? What would be bad about this? We could hope for kernels and apps that all support oplocks - but that might be much longer in coming... m/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 Available for Download
On Pn, Mrcius 4, 2005 17:59, Volker Lendecke mondta: On Mon, Feb 28, 2005 at 08:11:44AM -0600, Gerald (Jerry) Carter wrote: Volker still owes some docs on it as far as I know. By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he is member of. The plain Unix model involves a complete enumeration of the file /etc/group and its NSS counterparts in LDAP. In this particular case there often optimized functions are available in Unix, but for other queries there is no optimized function available. To make Samba scale well in large environments, the ldapsam:trusted=yes option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the standard posixAccount/posixGroup model, and that the Samba auxiliary object classes are stored together with the the posix data in the same LDAP object. If these assumptions are met, ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS system to query user information. Optimized LDAP queries can speed up domain logon and administration tasks a lot. Depending on the size of the LDAP database a factor of 100 or more for common queries is easily achieved. is this means samba with ldap can work without nss_ldap? if it's true it can be a very important new features and can made 'samba with ldap' configuration much easier! imho in this case it should have to documented and highlighted in the release notes! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Quick question on Samba and partitioning
Just a quick question. I need to make a couple of shares to hold company data. I am planning on allowing users to have access to their private shares at /home/user Would it be better for me to configure all my space under /home? Or should I create another directory (Something like /data) and have more space allocated to / ? I know its personal preference, but I want to get this right hte first time and not re-do it. Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Extremely slow during browsing some directories
Hello, The issues I had before seems all disappeared after I rebooted my machine( Fedora3, kernel 2.6.10-1.770_FC3 ). I don't really understand what benefited the samba on rebooting... The information is, before this reboot, I updated the kernel from 2.6.10-1.760_FC3, and updated samba from 3.0.10 to 3.0.12pre1-1. I really doubt it's the client requirement of GET FULL FS SIZE caused the slowness. Before rebooting, I tried using smbclient on another linux machine to connect the shared folder on samba server, and found that when I use ls to list the directories, the directories can be returned immediately but it get stuck on display the filesystem size information at the bottom until timeout. I think it's the same issue for mapping a disk on windows machines, since the windows will try to grab filesystem size information on every operation as well. After rebooting, the ... block of size . blocks available returned immediately and everything goes smoothly. linwei - Original Message - From: Linwei Cheng [EMAIL PROTECTED] To: david rankin [EMAIL PROTECTED]; samba@lists.samba.org Sent: Friday, March 04, 2005 12:44 PM Subject: Re: [Samba] Extremely slow during browsing some directories Hello, I've read the relative thread on STATUS_OBJECT_NAME_NOT_FOUND, and I think that's part of my issue: 1. When I map the shared folder as a disk to my windowsXP and Windows2K machine, then every step exploring the mapped disk or directories under this disk, takes more than 30sec to response from the samba server. I use ethereal to trace the network, and found that there are a lot of SMB Trans2 request, QUERY_PATH_INFO and SMB Trans2 response QUERY_PATH_INFO roundtrip while my windows machine waiting. 2. When I don't map the shared folder to my windows machines, things are better -- the slowness doesn't happen frequently, but it does happend randomly. When it happens, I got STATUS_OBJECT_PATH_NOT_FOUND error reported. I just updated my Samba to 3.0.12pre-1 from 3.0.10.fc3, but it seems all my issues remain as before. Does this issue introduced in certain Samba version? Does anybody suffer the same problem as mine now or before? Regards, linwei - Original Message - From: david rankin [EMAIL PROTECTED] To: Linwei Cheng [EMAIL PROTECTED] Sent: Thursday, March 03, 2005 7:32 PM Subject: Re: [Samba] Extremely slow during browsing some directories See all of the posts from the last few days with the subject: Re: [Samba] Re: Samba errors with smb QUERY_PATH_INFO,Error: STATUS_OBJECT_NAME_NOT_FOUND -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- - Original Message - From: Linwei Cheng [EMAIL PROTECTED] To: Jason Balicki [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, March 03, 2005 7:35 PM Subject: Re: [Samba] Extremely slow during browsing some directories I disabled the web client service on my computer, but it does no good. ( There are also other sharing folders from windows machinces on my network, but I didn't suffer the same problem from those windows sharings...). And I also tried to work on the samba server machine locally using smbclient, and it seems no this kind of issue - Original Message - From: Jason Balicki [EMAIL PROTECTED] To: Linwei Cheng [EMAIL PROTECTED] Sent: Thursday, March 03, 2005 5:16 PM Subject: Re: [Samba] Extremely slow during browsing some directories Linwei Cheng wrote: hi, I am quite new on using Samba and sorry maybe ask a silly question here. I set up simple Samba server on Fedora3 using the samba rpm package comes with fedora3( version 3.0.10-1.fc3). I use the SHARE security level to make things easier. Everything goes fine so far, except that for some windows user, some times, on browsing some directories, it takes extremely long time to display the folders/files list. This seems weird because it happened radomly: sometimes for the same user, same machine and browse same directory, it works quickly, but sometimes it take about a minute to get the response from server. What's the possibilities for this issue? Deperately need help. Try turning off the webclient service on the windows client machines. --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Audit Trail/Logging For Network Logons and Logoffs
On Thu, 2005-03-03 at 12:18 -0700, Lars Rasmussen wrote: On Thu, 03 Mar 2005 09:56:21 +1100, Andrew Bartlett [EMAIL PROTECTED] wrote: I just hope you don't try and use the logs for anything important, given you have to make them world writable This is a problem. Besides making the share hidden, I've tried to hack some permissions and used force user= . This seems sloppy, but prevents users from viewing the share while allowing them to write to it. What should I do differently in this scenario? Use the system login records (such as utmp), write a pam module (hooking into 'obey pam restrictions = yes' and the session modules), or something similar. You just can't do this with a system that requires the *user* to write the records. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 Available for Download
On Fri, Mar 04, 2005 at 11:54:15PM +0100, Farkas Levente wrote: is this means samba with ldap can work without nss_ldap? if it's true it can be a very important new features and can made 'samba with ldap' configuration much easier! imho in this case it should have to documented and highlighted in the release notes! No, we're not yet that far. Maybe eventually we will come there, although I doubt it will happen with Samba 3. But many really huge inefficiencies that come from the strict binding to nss_ldap are removed by that. Hmmm. Maybe in half a year from now when we have 3.0.15 or so, I might talk differently. Lets see what the future brings :-) Volker pgpjbT7NatZcW.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling samba on Solaris 8 --with-ads
For historical reasons, the administrator is member in lots of groups. As
a result the ticket size is too big for UDB, so the W2k3-server sends an
KRB5KRB_ERR_RESPONSE_TOO_BIG (Response too big for UDP, retry with TCP)
error back to kinit.
Unfortunatly this case is not handled in lib/krb5/get_in_tck.c -
krb5_get_in_cred(). Only the KRB5KDC_ERR_PREAUTH_REQUIRED error is
handled.
Sorry for not responding eailer,
If you grap the latest heimdal-0.6-date.tar.gz snapshot it will contains
code that support falling back to TCP when UDP failes or the error
KRB5KRB_ERR_RESPONSE_TOO_BIG is returned.
If you don't want to upgrade you can force tcp in krb5.conf
[realms]
MY.REALM = {
kdc = tcp/my.first.kdc.my.realm
kdc = tcp/my.second.kdc.my.realm
}
I'm trying to get ADS support in Samba 3.0.11 on Solaris 8 to work. I
am pretty close, but Samba doesn't recognize the 'realm' keyword in the
smb.conf file. It seems to be okay with security = ads, but that
doesn't do much good if it can't determine the realm. ;) Also, I'm
running into the same udp-too-big error, and the above fix using
/etc/krb5.conf does not work. I end up with:
kinit: krb5_get_init_creds: unable to reach any KDC in realm {MY.REALM}
I'm pulling down the latest heimdal now, but I had to do a trick to get
even 0.6.3 to compile -- I had to close permissions to
/usr/include/gssapi (otherwise it complained about duplicate definitions
of stuff). I tried using MIT's kerberos (1.4), but it has a problem
finding freeifaddrs and getifaddrs:
gcc -L../../../lib -R/usr/local/lib -g -O2 -Wall
-Wmissing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow
-pedantic -o client client.o rpc_test_clnt.o \
-lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
-lkrb5support -lresolv -lsocket -lnsl
Undefined first referenced
symbol in file
freeifaddrs ../../../lib/libkrb5.so
getifaddrs ../../../lib/libkrb5.so
ld: fatal: Symbol referencing errors. No output written to client
collect2: ld returned 1 exit status
The only place I found those referenced were in the Heimdal files (in
the libroken.a library). But I can't compile a shared version of that
library, because --enable-shared for Heimdal results in huge lists of
undefined symbols when compiling libsl.so.
I can't seem to win here. I saw Joseph Gaude's message that said:
I used:
MIT Kerberos 1.3.4
OpenSSL 0.9.7d
OpenLdap 2.2.14
Samba 3.0.7
all compiled from source. Do not use the Sunfreeware supplied packages as
the libraries will not work.
Also,
installed ncurses, popt, libiconv from Sunfreeware.
How did you get MID Kerberos to install? (i.e., where are its
freeifaddrs and getifaddrs functions coming from?)
I've got OpenLdap 2.2.23 installed, OpenSSL 0.9.7d, Heimdal 0.6.3, and
Samba 3.0.11.
Any ideas?
--Dave Dragon Michaels
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 Available for Download
Dare I ask about the performance enhancements? Does it include listing *all* of the files in a directory with a large number of files? See bug 2271. If the new release might fix the problem, I'll give it a try. https://bugzilla.samba.org/show_bug.cgi?id=2271 Gerald (Jerry) Carter [EMAIL PROTECTED] writes: Additional features introduced in Samba 3.0.12pre1: ~ o Performance enhancements when serving directories ~containing large number of files. -- Kevin Dalley [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 Available for Download
On Fri, Mar 04, 2005 at 05:02:05PM -0800, Kevin Dalley wrote: Dare I ask about the performance enhancements? Does it include listing *all* of the files in a directory with a large number of files? See bug 2271. If the new release might fix the problem, I'll give it a try. https://bugzilla.samba.org/show_bug.cgi?id=2271 It doesn't include this fix. The fix is for the smbd server side code only. I'm looking at this fix - it's in my queue to examine. Not sure when I'll be able to get to it (there are several others in the queue first). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't fetch domain SID
Hi, I happened to delete /etc/samba/secrets.tdb. Now I can not get DOMAIN SID by run: net getlocalsid Any idea how to recover it? Do I need to reinstall the whole Samba suite? -- Regards, Steve Zeng Systems Administrator Mainframe Entertainment Inc T: (604) 628-1000 ext 5293 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't fetch domain SID
What if you run net groupmap list? Can you see the domain SIDs as part of the group SIDs there? If so, I would think you could use net setlocalsid to restore it. -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Steve Zeng Sent: Friday, March 04, 2005 5:38 PM To: samba@lists.samba.org Subject: [Samba] Can't fetch domain SID Hi, I happened to delete /etc/samba/secrets.tdb. Now I can not get DOMAIN SID by run: net getlocalsid Any idea how to recover it? Do I need to reinstall the whole Samba suite? -- Regards, Steve Zeng Systems Administrator Mainframe Entertainment Inc T: (604) 628-1000 ext 5293 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-Guide Update - Feedback request
Folks, We are updating the Samba-Guide and the HOWTO documents in preparation for release of Samba 3.0.12 some in the time frame of late March to early April (above all please note that 3.0.12 will ship when it is ready, and I am not pre-announcing its release!). We need feedback (and preferably contributions) from anyone who is willing to assist us in the process of updating the documentation. In particular we want feedback on: a) Suggestions for content that needs updating b) Suggestions for new content c) Error corrections Please email all feedback directly to: [EMAIL PROTECTED] Documentation patches should be submitted via bugzilla at: https://bugzilla.samba.org Many thanks in anticipation of voluminous valuable responses! :-) - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Thank you for applying for employment at Xoriant Corporation.
Dear Visitor, Thank you for applying for employment at Xoriant Corporation. We have received your resume and will be processing it promptly. If we see a good fit with a current opening, you can expect to hear from a member of our Recruiting Team soon. If we do not see an immediate fit, we will keep your resume on file for six months, and we will attempt to match it with new positions as they become available. Sincerely, Xoriant's Recruiting Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
cadastros de emails por provedores de acesso
programas gratuitos para mala direta com emails E-MAILS PARA DIVULGAÇÃO E MALA DIRETA listas de e-mails divididas por atividade: http://www.gueb.de/dvgamail cadastros de emails por provedores de acesso programas gratuitos para mala direta com emails E-MAILS PARA DIVULGAÇÃO E MALA DIRETA E-mails segmentados para divulgação - Cadastros de e-mail E-MAILS PARA DIVULGAÇÃO E MALA DIRETA programas gratuitos para mala direta com emails E-MAILS PARA DIVULGAÇÃO E MALA DIRETA cadastros de emails por provedores de acesso: http://www.gueb.de/dvgamail programas gratuitos para mala direta com emails E-MAILS PARA DIVULGAÇÃO E MALA DIRETA listas de e-mails divididas por atividade E-mails segmentados para divulgação - Cadastros de e-mail listas de e-mails divididas por atividade mala direta virtual, divulgação por e-mail, marketing cadastros de emails por provedores de acesso programas gratuitos para mala direta com emails listas de e-mails divididas por atividade cadastros de emails por provedores de acesso mala direta virtual, divulgação por e-mail, marketing listas de e-mails divididas por atividade programas gratuitos para mala direta com emails: http://www.gueb.de/dvgamail PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: svn commit: samba-docs r368 - in trunk/smbdotconf/ldap: .
Hi Volker, On Fri, Mar 04, 2005 at 05:04:56PM +, [EMAIL PROTECTED] wrote about 'svn commit: samba-docs r368 - in trunk/smbdotconf/ldap: .': Add smb.conf entry for ldapsam:trusted. Could a docbook-xml expert (jelmer?) please look over this to make sure I did not mess anything up? Looks ok to me. The XSL engine doesn't choke on it either :-) Cheers, Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] - http://jelmer.vernstok.nl/ - [EMAIL PROTECTED]
svn commit: samba r5653 - in branches/SAMBA_3_0/source/utils: .
Author: jht Date: 2005-03-04 17:38:25 + (Fri, 04 Mar 2005) New Revision: 5653 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5653 Log: Fixiing typos. Modified: branches/SAMBA_3_0/source/utils/net_rpc_rights.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_rights.c === --- branches/SAMBA_3_0/source/utils/net_rpc_rights.c2005-03-04 00:25:16 UTC (rev 5652) +++ branches/SAMBA_3_0/source/utils/net_rpc_rights.c2005-03-04 17:38:25 UTC (rev 5653) @@ -385,7 +385,7 @@ d_printf(\nBoth 'grant' and 'revoke' require a SID and a list of privilege names.\n); d_printf(For example\n); - d_printf(\n net rpc grant 'VALE\\biddle' SePrintOperatorPrivilege SeDiskOperatorPrivlege\n); + d_printf(\n net rpc rights grant 'VALE\\biddle' SePrintOperatorPrivilege SeDiskOperatorPrivilege\n); d_printf(\nwould grant the printer admin and disk manager rights to the user 'VALE\\biddle'\n\n);
svn commit: samba r5654 - in branches/SAMBA_3_0/source/nsswitch: .
Author: vlendec
Date: 2005-03-04 19:29:18 + (Fri, 04 Mar 2005)
New Revision: 5654
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5654
Log:
Fix bug 1604 -- make winbind work with more than 10 trusted domains.
TODO: This needs to be merged to trunk separately, it has changed a little,
but it's friday evening here.
Volker
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c 2005-03-04 17:38:25 UTC
(rev 5653)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c 2005-03-04 19:29:18 UTC
(rev 5654)
@@ -970,16 +970,47 @@
DEBUG(3,(rpc: trusted_domains\n));
*num_domains = 0;
+ *names = NULL;
*alt_names = NULL;
+ *dom_sids = NULL;
retry = 0;
do {
if (!NT_STATUS_IS_OK(result =
cm_get_lsa_handle(find_our_domain(), hnd)))
goto done;
- result = cli_lsa_enum_trust_dom(hnd-cli, mem_ctx,
- hnd-pol, enum_ctx,
- num_domains, names, dom_sids);
+ result = STATUS_MORE_ENTRIES;
+
+ while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
+ uint32 start_idx, num;
+ char **tmp_names;
+ DOM_SID *tmp_sids;
+ int i;
+
+ result = cli_lsa_enum_trust_dom(hnd-cli, mem_ctx,
+ hnd-pol, enum_ctx,
+ num, tmp_names,
+ tmp_sids);
+
+ if (!NT_STATUS_IS_OK(result)
+ !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
+ break;
+
+ start_idx = *num_domains;
+ *num_domains += num;
+ *names = TALLOC_REALLOC_ARRAY(mem_ctx, *names,
+ char *, *num_domains);
+ *dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids,
+DOM_SID,
+*num_domains);
+ if ((*names == NULL) || (*dom_sids == NULL))
+ return NT_STATUS_NO_MEMORY;
+
+ for (i=0; inum; i++) {
+ (*names)[start_idx+i] = tmp_names[i];
+ (*dom_sids)[start_idx+i] = tmp_sids[i];
+ }
+ }
} while (!NT_STATUS_IS_OK(result) (retry++ 1) hnd hnd-cli
hnd-cli-fd == -1);
done:
Build status as of Sat Mar 5 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-03-04 00:00:26.0 + +++ /home/build/master/cache/broken_results.txt 2005-03-05 00:00:21.0 + @@ -1,15 +1,15 @@ -Build status as of Fri Mar 4 00:00:01 2005 +Build status as of Sat Mar 5 00:00:01 2005 Build counts: Tree Total Broken Panic -ccache 42 5 0 -distcc 42 2 0 -ppp 25 4 0 -rsync41 4 0 +ccache 41 5 0 +distcc 41 2 0 +ppp 24 4 0 +rsync40 4 0 samba1 1 1 samba-docs 0 0 0 -samba4 46 14 0 -samba_3_042 18 1 +samba4 45 13 0 +samba_3_042 16 1 Currently broken builds: Host Tree Compiler Status @@ -17,7 +17,6 @@ cyberone samba_3_0gcc 1/?/?/? fusberta samba4 gccok/ 2/?/? fusberta samba_3_0gccok/ok/ok/ 6/PANIC -yurok samba_3_0gcc 127/?/?/? rhonwynsamba4 gcc-4.0ok/ 2/?/? rhonwynsamba_3_0gcc-4.0ok/ 2/?/? rhonwynsamba4 tccok/ 2/?/? @@ -52,13 +51,11 @@ Isis samba4 cc 77/?/?/? Isis samba_3_0cc 77/?/?/? Isis ppp gccok/ 2/?/? -fire1 samba_3_0gccok/ok/ok/ 3 m30ccache gccok/ok/ok/ 2 m30rsyncgccok/ok/ok/ 2 m30samba4 gccok/ 2/?/? m30samba_3_0gccok/ok/ok/ 1 metze02sambagccok/ok/ok/ 1/PANIC -l390vme1 samba4 gccok/ 2/?/? l390vme1 samba_3_0gccok/ 2/?/? opippp gccok/ 2/?/?
svn commit: samba r5655 - in branches/SAMBA_3_0/source: . auth include passdb
Author: jra Date: 2005-03-05 01:22:53 + (Sat, 05 Mar 2005) New Revision: 5655 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5655 Log: Added support for Novell NDS universal password. Code donated by Vince Brimhall [EMAIL PROTECTED] - slight tidyup by me to use Samba conventions. Vince - thanks a *lot* for this code - please test to make sure I haven't messed anything up. Jeremy. Added: branches/SAMBA_3_0/source/passdb/pdb_nds.c Modified: branches/SAMBA_3_0/source/auth/auth_sam.c branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/include/passdb.h branches/SAMBA_3_0/source/include/smbldap.h branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c Changeset: Sorry, the patch is too large (1361 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5655
svn commit: samba r5656 - in trunk/source: . auth include passdb
Author: jra Date: 2005-03-05 01:56:40 + (Sat, 05 Mar 2005) New Revision: 5656 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5656 Log: Added support for Novell NDS universal password. Code donated by Vince Brimhall [EMAIL PROTECTED] - slight tidyup by me to use Samba conventions. Vince - thanks a *lot* for this code - please test to make sure I haven't messed anything up. Bug #2402 Jeremy. Added: trunk/source/passdb/pdb_nds.c Modified: trunk/source/auth/auth_sam.c trunk/source/configure.in trunk/source/include/passdb.h trunk/source/include/smbldap.h trunk/source/passdb/pdb_interface.c trunk/source/passdb/pdb_ldap.c Changeset: Sorry, the patch is too large (1357 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5656
svn commit: samba-docs r369 - in trunk/Samba-Guide: .
Author: jht Date: 2005-03-05 03:51:38 + (Sat, 05 Mar 2005) New Revision: 369 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=369 Log: Further update. More to come. Modified: trunk/Samba-Guide/Chap06-MakingHappyUsers.xml Changeset: Sorry, the patch is too large (294 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=369
svn commit: samba-docs r370 - in trunk/Samba-Guide: .
Author: jht Date: 2005-03-05 04:11:56 + (Sat, 05 Mar 2005) New Revision: 370 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=370 Log: Further update. More to come. Modified: trunk/Samba-Guide/Chap06-MakingHappyUsers.xml Changeset: Modified: trunk/Samba-Guide/Chap06-MakingHappyUsers.xml === --- trunk/Samba-Guide/Chap06-MakingHappyUsers.xml 2005-03-05 03:51:38 UTC (rev 369) +++ trunk/Samba-Guide/Chap06-MakingHappyUsers.xml 2005-03-05 04:11:56 UTC (rev 370) @@ -258,6 +258,8 @@ /para/blockquote /para +?latex \newpage ? + sect2 titleAssignment Tasks/title @@ -1573,14 +1575,10 @@ smbconfoptionnamedelete user script/namevalue/opt/IDEALX/sbin/smbldap-userdel %u/value/smbconfoption smbconfoptionnameadd group script/namevalue/opt/IDEALX/sbin/smbldap-groupadd -p %g/value/smbconfoption smbconfoptionnamedelete group script/namevalue/opt/IDEALX/sbin/smbldap-groupdel %g/value/smbconfoption - smbconfoptionnameadd user to group script/namevalue/opt/IDEALX/sbin//value/smbconfoption - memberparametersmbldap-groupmod -m %u %g/parameter/member - smbconfoptionnamedelete user from group script/namevalue/opt/IDEALX/sbin//value/smbconfoption - memberparametersmbldap-groupmod -x %u %g/parameter/member - smbconfoptionnameset primary group script/namevalue/opt/IDEALX/sbin//value/smbconfoption - memberparametersmbldap-usermod -g %g %u/parameter/member - smbconfoptionnameadd machine script/namevalue/opt/IDEALX/sbin//value/smbconfoption - memberparametersmbldap-useradd -w %u/parameter/member + smbconfoptionnameadd user to group script/namevalue/opt/IDEALX/sbin/smbldap-groupmod -m %u %g/value/smbconfoption + smbconfoptionnamedelete user from group script/namevalue/opt/IDEALX/sbin/smbldap-groupmod -x %u %g/value/smbconfoption + smbconfoptionnameset primary group script/namevalue/opt/IDEALX/sbin/smbldap-usermod -g %g %u/value/smbconfoption + smbconfoptionnameadd machine script/namevalue/opt/IDEALX/sbin/smbldap-useradd -w %u/value/smbconfoption /smbconfexample smbconfexample id=ch6-massive-smbconfb @@ -2937,7 +2935,7 @@ smbconfoptionnameldap group suffix/namevalueou=Groups/value/smbconfoption smbconfoptionnameldap idmap suffix/namevalueou=Idmap/value/smbconfoption smbconfoptionnameldap admin dn/namevaluecn=Manager,dc=abmas,dc=biz/value/smbconfoption - smbconfoptionnameidmap backend/namevalueldap://massive.abmas.biz/value/smbconfoption + smbconfoptionnameidmap backend/namevalueldap:ldap://massive.abmas.biz/value/smbconfoption smbconfoptionnameidmap uid/namevalue1-2/value/smbconfoption smbconfoptionnameidmap gid/namevalue1-2/value/smbconfoption smbconfoptionnameprinting/namevaluecups/value/smbconfoption
svn commit: samba-docs r372 - in trunk/Samba-Guide: .
Author: jht Date: 2005-03-05 06:05:54 + (Sat, 05 Mar 2005) New Revision: 372 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=372 Log: Formatting fix. More needed. Modified: trunk/Samba-Guide/Chap06-MakingHappyUsers.xml Changeset: Modified: trunk/Samba-Guide/Chap06-MakingHappyUsers.xml === --- trunk/Samba-Guide/Chap06-MakingHappyUsers.xml 2005-03-05 05:43:19 UTC (rev 371) +++ trunk/Samba-Guide/Chap06-MakingHappyUsers.xml 2005-03-05 06:05:54 UTC (rev 372) @@ -3271,8 +3271,9 @@ rights and privileges: screen rootprompt; net -S MASSIVE -U root%not24get rpc rights grant \ -MEGANET2\Domain Admins SeMachineAccountPrivilege SePrintOperatorPrivilege \ - SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege +MEGANET2\Domain Admins SeMachineAccountPrivilege \ + SePrintOperatorPrivilege SeAddUsersPrivilege \ + SeDiskOperatorPrivilege SeRemoteShutdownPrivilege Successfully granted rights. /screen Repeat this step on each domain controller in each case substituting the name of the server @@ -3285,7 +3286,7 @@ BDCs or on DMS machines because machine accounts are only ever added by the PDC: screen rootprompt; net -S MASSIVE -U root%not24get rpc rights grant \ -MEGANET2\bobj SeMachineAccountPrivilege + MEGANET2\bobj SeMachineAccountPrivilege Successfully granted rights. /screen /para/step
svn commit: samba-docs r373 - in trunk/Samba-Guide: .
Author: jht Date: 2005-03-05 06:34:25 + (Sat, 05 Mar 2005) New Revision: 373 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=373 Log: Update publication date. Modified: trunk/Samba-Guide/index.xml Changeset: Modified: trunk/Samba-Guide/index.xml === --- trunk/Samba-Guide/index.xml 2005-03-05 06:05:54 UTC (rev 372) +++ trunk/Samba-Guide/index.xml 2005-03-05 06:34:25 UTC (rev 373) @@ -14,7 +14,7 @@ authorgroup authorperson.jht;/author /authorgroup - pubdateOctober 23, 2004/pubdate + pubdateMarch 4, 2005/pubdate version20041023/version /bookinfo ?latex \clearpage ?
