Re: [Samba] Creating Custom System Policy Templates

[Robert Schetterer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
get here for up2date adms
http://www.gruppenrichtlinien.de/Info/Downloads.htm
sorry german
Regards
Mike Petersen schrieb:
| Has anyone looked into creating custom templates for Microsoft's System
| Policy editor ?  I like the idea of managing workstations through the
| NTConfig.POL file, but the included templates are quite a bit outdated.
| Does anyone know if it would be worth-while to take the time and create an
| updated Template to add policies to manage newer features of Windows
| 2000/XP through the NTConfig.POL file, or if it is even possible ?
|
| Currently, if I have to adjust the machine's registries, I just push
it out
| with a Kixtart Script, which means that if I want to adjust any "User"
| registry settings, the user has to be logged in when I run the script.  I
| think the System Policy Editor would be a better way to go, as long as you
| keep in mind the "tatoo" effect on the registry.
|
| Does anyone have any info on whether or not this is feasible, or if samba
| will soon support Group Policy Objects (so I won't need to do this)?
Or if
| someone already has accomplished this or has any other comments.
|
| Mike Petersen
| [EMAIL PROTECTED]
|
| References:
| Creating Custom Templates for SPE -
| http://www.oreilly.com/catalog/winsyspe/chapter/ch08.html
|
| Microsofts Group Policy Reference Spreadsheet -
|
http://download.microsoft.com/download/a/a/3/aa32239c-3a23-46ef-ba8b-da786e167e5
| e/PolicySettings.xls
|
| Samba Rocks !!
|
- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org
\**
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCMU0c+Jw+56iSjEkRAnsRAKDF5HXR8ibGED0/fah43n7oJh5hzACgtPrD
32IDEzvshOtfP1sFHRsr0OY=
=XH4X
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] convert_string_allocate: Conversion error: Incomplete multibyte sequence

[Chandana.Varsha]

Hi all,

 

I have installed samba on aix. I am trying to integrate with the ADS using 
winbind.

I am able to join domain and retrieve the users and groups from the ADS. 

I am not able to login to the server with ADS user id and password.

The winbindd.log has the following error. 

Please let me know what is the solution for this.

 

 

âlib/charcnv.c:convert_string_allocate(567) + convert_string_allocate: 
Conversion error: Incomplete multibyte sequenceâ 

 

 

 

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(576)

P 1^â ^A^â^Pâ^G^âà ^ClX ^CUH)nversion error: Illegal multibyte 
sequence(ÂÎÂ/ÂÎx^

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(576)

 1^â ^A^â^Pâ^G^âà ^ClX ^CUH)onversion error: Illegal multibyte 
sequence(ÎÂ/ÂÎx^P

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(567)

^P 1^â ^A^â^Pâ^G^âà ^ClX ^CUH)version error: Incomplete multibyte 
sequence(Â/ÂÎx

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(576)

â ^A^â^Pâ^G^âà ^ClX ^CUH): Conversion error: Illegal multibyte 
sequence(ÂÎx^P 1^

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(576)

  convert_string_allocate: Conversion error: Illegal multibyte sequence(Îx^P 
1^â

^A^â^Pâ^G^âà ^ClX ^CUH)

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(567)

^â^Pâ^G^âà ^ClX ^CUH)cate: Conversion error: Incomplete multibyte 
sequence(^â ^A

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(567)

  convert_string_allocate: Conversion error: Incomplete multibyte 
sequence(^â^Pâ

G^âà ^ClX ^CUH)

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(576)

ClX ^CUH)_string_allocate: Conversion error: Illegal multibyte 
sequence(â^G^âà ^

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(567)

ClX ^CUH)_string_allocate: Conversion error: Incomplete multibyte 
sequence(^âà ^

[2005/03/11 10:24:04, 3] lib/charcnv.c:convert_string_allocate(567)

X ^CUH)rt_string_allocate: Conversion error: Incomplete multibyte sequence(Ã 
^Cl

[2005/03/11 10:24:04, 10] nsswitch/winbindd.c:client_write(525)

  client_write: wrote 1300 bytes.

 

 

 

 

Thanks and regards

Chandana

 

 



DISCLAIMER:
This message contains privileged and confidential information and is intended 
only for the individual named.If you are not the intended recipient you should 
not disseminate,distribute,store,print, copy or deliver this message.Please 
notify the sender immediately by e-mail if you have received this e-mail by 
mistake and delete this e-mail from your system.E-mail transmission cannot be 
guaranteed to be secure or error-free as information could be 
intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain 
viruses.The sender therefore does not accept liability for any errors or 
omissions in the contents of this message which arise as a result of e-mail 
transmission. If verification is required please request a hard-copy version.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] krb5_cc_get_principal failed (No credentials cache found)

[ram dass]

Hi i am using Samba 3.0.0-14.3E.i am not getting tickets from the ADS server 
which is running on Win2K.i am seeing the logs in /var/log/samba/winbind.log
i got these messages
[2005/03/11 10:36:36, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2005/03/11 11:01:00, 1] libads/ads_ldap.c:ads_name_to_sid(64)
  name_to_sid: root not found
[2005/03/11 11:01:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(959)
  user 'root' does not exist
## klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
03/10/05 18:43:42  03/11/05 04:43:42  krbtgt/[EMAIL PROTECTED]

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

my smb.conf is 
[global]
realm = CEDEL.CO.IN
netbios name = qa1
allow trusted domains = No
workgroup = cedel
security  = ADS
idmap backend = idmap_rid:cedel=15000-20
idmap uid = 15000-2
idmap gid = 15000-2
 winbind use default domain = Yes
#winbind separator = .
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
template shell = /bin/bash
template homedir = /home/%D/%U
use sendfile = yes
 log file = /var/log/samba/%m.log
 password server = 192.168.11.4
   encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
username map = /etc/samba/smbusers
[shares]
[homes]
comment = Home Directories
path = /home/%U
valid users = %D+%U
read only = no
browseable = no

in /etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 ticket_lifetime = 24000
 clockskew = 300
 Dns_lookup_realm = false
 Dns_lookup_kdc = false
 default_realm = CEDEL.CO.IN
[realms]
 CEDEL.CO.IN = {
  kdc = sam.cedel.co.in:88
 default_domian = CEDEL.CO.IN
 kpasswd_server = sam.cedel.co.in
  admin_server = sam.cedel.co.in:749
 }
[domain_realm]
 .CEDEL.CO.IN = CODEL.CO.IN
pls help me out to solve this problem.
thanks and regards,
Ramadass.v



-
Do you Yahoo!?
 Read only the mail you want - Yahoo! Mail SpamGuard.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] PGina & Samba

[Chuck Stuettgen]

On Wed, 2005-03-09 at 21:37 -0500, Paul Barnick wrote:
> Chuck:
> 
> You're the second person to suggest vmware workstation to me.  It is a
> little expensive for me but I'll look into it (it might be worth it if it
> saves me time in the long run - that's how I'll get my boss to look at it!).

Not only will it save you time, it will save him a lot on money. $199
for VMware and $200-300 (or less if you already have 1GB) for 2GB of
memory for your computer is significantly less than buying 3 or 4
machines for you to use for testing.  With 2GB of memory and a
reasonably fast processor you can run 4 Virtual Machines simultaneously
and still use the Host. 

If you have a laptop and can get him to spring for the memory for it you
can take it home to work on projects.

If you are like me, there never is any time to do testing while I'm at
the office anyway, so, I get most of my testing and evaluation done at
home. 



> Does it allow you to use the Linux portion of your computer to act as a DHCP
> server and assign different IP addresses to the different windows
> workstations, all on the same computer?  That sounds a little hard to
> believe for me, but I would think that it would be necessary in order to do
> some testing.

VMWare includes it own DHCP server. Also there are three different ways
of setting up Networking with VMWare so you have a lot of options. 




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Creating Custom System Policy Templates

[Mike Petersen]

Has anyone looked into creating custom templates for Microsoft's System
Policy editor ?  I like the idea of managing workstations through the
NTConfig.POL file, but the included templates are quite a bit outdated. 
Does anyone know if it would be worth-while to take the time and create an
updated Template to add policies to manage newer features of Windows
2000/XP through the NTConfig.POL file, or if it is even possible ?

Currently, if I have to adjust the machine's registries, I just push it out
with a Kixtart Script, which means that if I want to adjust any "User"
registry settings, the user has to be logged in when I run the script.  I
think the System Policy Editor would be a better way to go, as long as you
keep in mind the "tatoo" effect on the registry.

Does anyone have any info on whether or not this is feasible, or if samba
will soon support Group Policy Objects (so I won't need to do this)?  Or if
someone already has accomplished this or has any other comments.

Mike Petersen
[EMAIL PROTECTED]

References:
Creating Custom Templates for SPE -
http://www.oreilly.com/catalog/winsyspe/chapter/ch08.html

Microsofts Group Policy Reference Spreadsheet -
http://download.microsoft.com/download/a/a/3/aa32239c-3a23-46ef-ba8b-da786e167e5
e/PolicySettings.xls

Samba Rocks !!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Excel File Open Issue - Possibly Samba Related

[Jeremy Allison]

On Wed, Mar 09, 2005 at 09:54:29AM -0500, klubarpop wrote:
> We were having the same problem with Excel ... Different version of Samba.
> Applying a fix detailed in MS KB # 324491 solved the problem for us.  (We
> use Office 11 although the fix talks about Office 10  -- Office 11 = Office
> 2003  Office 10 = Office XP for those who don't keep up with such things.)
> 
> Do a search for QFE_Saskatchewan for the registry key.  Anyone have any idea
> why the key is named Saskatchewan?
> 
> Hope this helps
> Ken Lubar
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Chad Vincent
> Sent: Wednesday, March 09, 2005 9:39 AM
> To: samba@lists.samba.org
> Subject: Re: [Samba] Excel File Open Issue - Possibly Samba Related
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Okay  Problem did not go away.  I un-shared (multi-user) the file to
> clear out the changelog, and the problem did go away.  At this point I'm
> going to assume a malformed entry in the changelog or a changelog that was
> just too darn big.  (Before, size was 25MB, after removing sharing it was
> 2.5MB and opened in 1/8th the time.)
> 
> HOWEVER, upon upgrading to 3.0.11 as suggested, now ALL shared
> (multi-user) Excel files are, at apparent random, displaying a message "This
> file has been locked.  To save changes you must save under a different file
> name and merge(blah, blah)"  We never had this problem under 3.0.7.  I
> have "log level=1" and nothing is showing up in the logs.

Ok - I think I may have fixed this in the current SVN code in SAMBA_3_0
without needing the strange registry keys.

I'm looking for people willing to test this before the 3.0.12 release.

Please give ths code a test and give me some feedback. I can't reproduce
the problem here with Office 2003 and the latest SAMBA_3_0 SVN code.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

[John H Terpstra]

On Thursday 10 March 2005 17:55, Steve Zeng wrote:
> > On Thursday 10 March 2005 17:13, Steve Zeng wrote:
> >>John,
> >>
> >>You are the man. problem sovled. I change /etc/ldap.conf as you
> >> suggested:
> >>
> >>nss_base_passwd dc=mfelc?sub
> >>nss_base_group  dc=mfelc?sub
> >>nss_base_hosts  dc=mfelc?sub
> >
> > Why do you have the nss_base_hosts entry set in /etc/ldap.conf? Samba
> > does not need/use that. Unless you know precisely how to use that I'd
> > suggest commenting it out.
>
> Good point.
>
> >>and I have "add machine script=/usr/sbin/smbldap-useradd -w %u" included
> >>in smb.conf. Now it works perfectly. machine account is created on the
> >> fly!
> >>
> >>One more question for you. if I use LDAP only for hosts lookup in
> >>nsswitch, all the machine names come with a "$". In this case, how can I
> >>resolve hostname?
> >
> > Please explain. Host entries are of the form:
> >
> > 192.168.0.1 hostname.domain.tld hostname
>
> I don't have a local /etc/hosts file in the Samba PDC. So I need to
> resolve hostname with LDAP. My nsswitch.conf looks like this:
>
> passwd: files ldap
> shadow: files ldap
> group:  files ldap
> hosts:  files ldap
>
> > Where is the '$' in that?
>
> It is from LDAP when machine account was created on the fly. I checked
> the LDAP DIT, the dn for machine account is as follows:
>
> uid=ajatar$,ou=Computers,dc=mfelc
>

OK, but that is not a hosts entry! That is just a Windows NT domain security 
account for the machine. That is not resolved through the hosts facility in 
NSS.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

[Steve Zeng]

On Thursday 10 March 2005 17:13, Steve Zeng wrote:
John,
You are the man. problem sovled. I change /etc/ldap.conf as you suggested:
nss_base_passwd dc=mfelc?sub
nss_base_group  dc=mfelc?sub
nss_base_hosts  dc=mfelc?sub

Why do you have the nss_base_hosts entry set in /etc/ldap.conf? Samba does not 
need/use that. Unless you know precisely how to use that I'd suggest 
commenting it out.

Good point.

and I have "add machine script=/usr/sbin/smbldap-useradd -w %u" included
in smb.conf. Now it works perfectly. machine account is created on the fly!
One more question for you. if I use LDAP only for hosts lookup in
nsswitch, all the machine names come with a "$". In this case, how can I
resolve hostname?

Please explain. Host entries are of the form:
192.168.0.1 hostname.domain.tld hostname
I don't have a local /etc/hosts file in the Samba PDC. So I need to 
resolve hostname with LDAP. My nsswitch.conf looks like this:

passwd: files ldap
shadow: files ldap
group:  files ldap
hosts:  files ldap

Where is the '$' in that?
It is from LDAP when machine account was created on the fly. I checked 
the LDAP DIT, the dn for machine account is as follows:

uid=ajatar$,ou=Computers,dc=mfelc
- John T.

Thanks.
Steve

On Thursday 10 March 2005 13:56, Steve Zeng wrote:
Hi,
I am using Samba 3.0.10 PDC with LDAP as password DB. Before we use
smbpasswd as passwd DB and every time I need to add a machine account
into /etc/passwd so that the mahcine can join the domain. My
understanding for LDAP is, this step is not needed any more since we
will put all machine account into "ou=Computers". But I am proved to be
wrong.
Is this the way Samba works? I mean, samba has to make sure a machine
account exist in the /etc/passwd file of Samba PDC, doesn't it?
Nope. If you use LDAP, then both the POSIX account and the
SambaSAMAccount infromation should be in LDAP. On the other hand, if you
put your machine accounts into the ou=Computers container and user
accounts in ou=Users your /etc/ldap.conf file needs to point to the
directory tree above the ou=Users and above ou=Computers. Additionally
the loookup for user accounts will have to be a 'sub' type so look-ups
will descend both trees.
In other words, I am guessing that in your /etc/ldap.conf you have:
nss_base_passwd ou=People,dc=abmas,dc=biz?one
Instead of:
nss_base_passwd dc=abmas,dc=biz?sub
If my assumptions are correct, then if you set /etc/nsswitch.conf to
have:
passwd: ldap
shadow: ldap
group: ldap
and then you execute:
getent passwd
You will not see a listing of accounts that includes the machine
accounts. If this what you see, then making the change in /etc/ldap.conf
so that:
nss_base_passwd dc=abmas,dc=biz
(of course substituting your directory domain component info) will list
the machine accounts and you will no longer need them in your
/etc/passwd.
In summary, by putting the machine accounts into your /etc/passwd you are
using a work-around for a broken LDAP/NSS environment.
Does that answer your question and solve the problem?
- John T.

--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293

--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

[John H Terpstra]

On Thursday 10 March 2005 17:13, Steve Zeng wrote:
> John,
>
> You are the man. problem sovled. I change /etc/ldap.conf as you suggested:
>
> nss_base_passwd dc=mfelc?sub
> nss_base_group  dc=mfelc?sub
> nss_base_hosts  dc=mfelc?sub

Why do you have the nss_base_hosts entry set in /etc/ldap.conf? Samba does not 
need/use that. Unless you know precisely how to use that I'd suggest 
commenting it out.

>
> and I have "add machine script=/usr/sbin/smbldap-useradd -w %u" included
> in smb.conf. Now it works perfectly. machine account is created on the fly!
>
> One more question for you. if I use LDAP only for hosts lookup in
> nsswitch, all the machine names come with a "$". In this case, how can I
> resolve hostname?

Please explain. Host entries are of the form:

192.168.0.1 hostname.domain.tld hostname

Where is the '$' in that?

- John T.

>
> Thanks.
>
> Steve
>
> > On Thursday 10 March 2005 13:56, Steve Zeng wrote:
> >>Hi,
> >>
> >>I am using Samba 3.0.10 PDC with LDAP as password DB. Before we use
> >>smbpasswd as passwd DB and every time I need to add a machine account
> >>into /etc/passwd so that the mahcine can join the domain. My
> >>understanding for LDAP is, this step is not needed any more since we
> >>will put all machine account into "ou=Computers". But I am proved to be
> >>wrong.
> >>
> >>Is this the way Samba works? I mean, samba has to make sure a machine
> >>account exist in the /etc/passwd file of Samba PDC, doesn't it?
> >
> > Nope. If you use LDAP, then both the POSIX account and the
> > SambaSAMAccount infromation should be in LDAP. On the other hand, if you
> > put your machine accounts into the ou=Computers container and user
> > accounts in ou=Users your /etc/ldap.conf file needs to point to the
> > directory tree above the ou=Users and above ou=Computers. Additionally
> > the loookup for user accounts will have to be a 'sub' type so look-ups
> > will descend both trees.
> >
> > In other words, I am guessing that in your /etc/ldap.conf you have:
> >
> > nss_base_passwd ou=People,dc=abmas,dc=biz?one
> >
> > Instead of:
> >
> > nss_base_passwd dc=abmas,dc=biz?sub
> >
> > If my assumptions are correct, then if you set /etc/nsswitch.conf to
> > have:
> >
> > passwd: ldap
> > shadow: ldap
> > group: ldap
> >
> > and then you execute:
> >
> > getent passwd
> >
> > You will not see a listing of accounts that includes the machine
> > accounts. If this what you see, then making the change in /etc/ldap.conf
> > so that:
> >
> > nss_base_passwd dc=abmas,dc=biz
> >
> > (of course substituting your directory domain component info) will list
> > the machine accounts and you will no longer need them in your
> > /etc/passwd.
> >
> > In summary, by putting the machine accounts into your /etc/passwd you are
> > using a work-around for a broken LDAP/NSS environment.
> >
> > Does that answer your question and solve the problem?
> >
> > - John T.
> >
> >>--
> >>Regards,
> >>
> >>Steve Zeng
> >>Systems Administrator
> >>Mainframe Entertainment Inc
> >>T: (604) 628-1000 ext 5293

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

[Steve Zeng]

John,
You are the man. problem sovled. I change /etc/ldap.conf as you suggested:
nss_base_passwd dc=mfelc?sub
nss_base_group  dc=mfelc?sub
nss_base_hosts  dc=mfelc?sub
and I have "add machine script=/usr/sbin/smbldap-useradd -w %u" included 
in smb.conf. Now it works perfectly. machine account is created on the fly!

One more question for you. if I use LDAP only for hosts lookup in 
nsswitch, all the machine names come with a "$". In this case, how can I 
resolve hostname?

Thanks.
Steve
On Thursday 10 March 2005 13:56, Steve Zeng wrote:
Hi,
I am using Samba 3.0.10 PDC with LDAP as password DB. Before we use
smbpasswd as passwd DB and every time I need to add a machine account
into /etc/passwd so that the mahcine can join the domain. My
understanding for LDAP is, this step is not needed any more since we
will put all machine account into "ou=Computers". But I am proved to be
wrong.
Is this the way Samba works? I mean, samba has to make sure a machine
account exist in the /etc/passwd file of Samba PDC, doesn't it?

Nope. If you use LDAP, then both the POSIX account and the SambaSAMAccount 
infromation should be in LDAP. On the other hand, if you put your machine 
accounts into the ou=Computers container and user accounts in ou=Users 
your /etc/ldap.conf file needs to point to the directory tree above the 
ou=Users and above ou=Computers. Additionally the loookup for user accounts 
will have to be a 'sub' type so look-ups will descend both trees.

In other words, I am guessing that in your /etc/ldap.conf you have:
nss_base_passwd ou=People,dc=abmas,dc=biz?one
Instead of:
nss_base_passwd dc=abmas,dc=biz?sub
If my assumptions are correct, then if you set /etc/nsswitch.conf to have:
passwd: ldap
shadow: ldap
group: ldap
and then you execute:
getent passwd
You will not see a listing of accounts that includes the machine accounts. If 
this what you see, then making the change in /etc/ldap.conf so that:

nss_base_passwd dc=abmas,dc=biz
(of course substituting your directory domain component info) will list the 
machine accounts and you will no longer need them in your /etc/passwd.

In summary, by putting the machine accounts into your /etc/passwd you are 
using a work-around for a broken LDAP/NSS environment.

Does that answer your question and solve the problem?
- John T.

--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293

--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: rpc trust gives NT_STATUS_INVALID_HANDLE with 3.0.11

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wolfgang Ratzka wrote:
| I decided to go for the bleeding edge and built debian packages from
| 3.0.12-pre1, which as far as I can see contains the patch. I now get:
|
| Could not connect to server NTRZ04
| [2005/03/08 23:14:51, 0] rpc_parse/parse_prs.c:prs_mem_get(537)
|   prs_mem_get: reading data of size 4 would overrun buffer.
| [2005/03/08 23:14:51, 0] utils/net_rpc.c:rpc_trustdom_establish(4566)
|   WksQueryInfo call failed.
|
| (I can produce more output, if necessary.)
That error doesn't sound right.  Can you send me a level 10 debug log
off list ?  Thanks.

cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCMNzuIR7qMdg1EfYRAt3MAJ0baI2UYLj0ZpfkNzGPeWd08T2ogwCgrRtk
Oky8wm3gTPn6MNy9O/SfR+U=
=qEeB
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Tiny HOWTO edit

[John H Terpstra]

On Thursday 10 March 2005 11:57, William Enestvedt wrote:
> On page 206 of the Samba-HOWTO-Collection PDF, in the seventh paragraph,
> the word "use" appears to be missing from the sentence, "When Samba is
> being used as the PDC and BDC the of an LDAP..." -- but that could just
> be me.
> -wde

Thanks for pointing out that glitch. I have fixed it in the code tree. The 
update should appear on all mirror servers within 24 hours.


- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] HELP Gethostbyaddr failed

[John H Terpstra]

On Thursday 10 March 2005 14:19, Tom Peters wrote:
> I too have posted a message with this error in the logs but no one has
> addressed the issue. The subject of my message was:
> Copy to 3.0.9-2.3-SUSE dies after 1.2 gb copied

For what it is worth, I just backed up a notebook that has an 80 GB drive to a 
Samba drive using Norton Ghost. The resulting data created a bunch of 2 GB 
files, all of which read back onto a new drive without any problem.

This might suggest that the problem you are seeing is not a Samba problem, but 
rather one of either configuration or network hardware glitches.

FYI: Slow logons are suggestive of a netbios name resolution problem or else a 
bad NIC or HUB/switch.

- John T.

>
> Only in my case it occurs with 3.0.9 (I have not considered an upgrade to
> 3.0.11 yet). Does no one have a suggestion for mitigating this issue?
>
> Here is a section of my logfile:
> [2005/03/09 13:52:04, 1] lib/util_sock.c:get_peer_name(1095)
>Gethostbyaddr failed for 172.20.0.186
> [2005/03/09 13:52:04, 2] lib/access.c:check_access(324)
>Allowed connection from 172.20.0.186 (172.20.0.186)
> [2005/03/09 13:52:04, 2] smbd/reply.c:reply_special(235)
>netbios connect: name1=TOLKIEN name2=ELROND
> [2005/03/09 13:52:04, 2] smbd/reply.c:reply_special(242)
>netbios connect: local=tolkien remote=elrond, name type = 0
> [2005/03/09 14:23:12, 1] lib/util_sock.c:get_peer_name(1095)
>Gethostbyaddr failed for 172.20.0.186
>
> I can only copy 1.2 to 1.4 gb of data to a share before a WinXP or Win2k
> client says that the network name is no longer available. But it is a
> transient condition-- if I try again, it will copy another gig to
> gig-and-a-half before failing again.
>
> At 01:30 PM 3/10/2005 -0700, RYAN vAN GINNEKEN wrote:
> >Thank you everyone on this list i have gained access to the shared drive
> >again.  Still have errors in the logs that worry me.  Also the server
> >seems very slow to connect the first time a machine logs on and
> >unresponsive to open files.  I will start a new thread for this later when
> >i have done some home work of my own as the documentation for samba is
> >very good.
> >Thank you crisis solved now i just need to some research on how beef up
> >preformace a little.
> >
> >RYAN vAN GINNEKEN wrote:
> >>I did a make deinstall and a reinstall to upgrade samba from 3.0.9 to
> >>3.0.11 last night at the office i work at and now i get this in the
> >>logs.  I am sure this has been asswered 100 time on this list but no one
> >>can connect to the shared drives.  This leave everyone point very angry
> >>fingers at me so please help here is the output of the logs.
> >>[2005/03/10 12:18:20, 1] lib/util_sock.c:get_peer_name(1109)
> >>  Gethostbyaddr failed for 192.168.0.5
> >>[2005/03/10 12:18:20, 0] lib/access.c:check_access(328)
> >>  Denied connection from 192.168.0.5 (192.168.0.5)
> >>[2005/03/10 12:18:20, 1] smbd/process.c:process_smb(1084)
> >>  Connection denied from 192.168.0.5
> >>[2005/03/10 12:18:25, 1] lib/util_sock.c:get_peer_name(1109)
> >>  Gethostbyaddr failed for 192.168.0.5
> >>[2005/03/10 12:18:25, 0] lib/access.c:check_access(328)
> >>  Denied connection from 192.168.0.5 (192.168.0.5)
> >>[2005/03/10 12:18:25, 1] smbd/process.c:process_smb(1084)
> >>  Connection denied from 192.168.0.5
> >
> >[Humor] Did Washington just flash a quarter for his ID?  --Steven
> >Wright
> >--... ...--  -.. .  -. . --.- --.- -...
> >[EMAIL PROTECTED]   (remove "nospam") N9QQB (amateur radio)
> >"HEY YOU" (loud shouting)  WEB ADDRESS http//www.mixweb.com/tpeters
> >43° 7' 17.2" N by 88° 6' 28.9" W,  Elevation 815',  Grid Square EN53wc
> >WAN/LAN/Telcom Analyst, Tech Writer, MCP, Cisco Certified CCNA

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

[John H Terpstra]

On Thursday 10 March 2005 13:56, Steve Zeng wrote:
> Hi,
>
> I am using Samba 3.0.10 PDC with LDAP as password DB. Before we use
> smbpasswd as passwd DB and every time I need to add a machine account
> into /etc/passwd so that the mahcine can join the domain. My
> understanding for LDAP is, this step is not needed any more since we
> will put all machine account into "ou=Computers". But I am proved to be
> wrong.
>
> Is this the way Samba works? I mean, samba has to make sure a machine
> account exist in the /etc/passwd file of Samba PDC, doesn't it?

Nope. If you use LDAP, then both the POSIX account and the SambaSAMAccount 
infromation should be in LDAP. On the other hand, if you put your machine 
accounts into the ou=Computers container and user accounts in ou=Users 
your /etc/ldap.conf file needs to point to the directory tree above the 
ou=Users and above ou=Computers. Additionally the loookup for user accounts 
will have to be a 'sub' type so look-ups will descend both trees.

In other words, I am guessing that in your /etc/ldap.conf you have:

nss_base_passwd ou=People,dc=abmas,dc=biz?one

Instead of:

nss_base_passwd dc=abmas,dc=biz?sub

If my assumptions are correct, then if you set /etc/nsswitch.conf to have:

passwd: ldap
shadow: ldap
group: ldap

and then you execute:

getent passwd

You will not see a listing of accounts that includes the machine accounts. If 
this what you see, then making the change in /etc/ldap.conf so that:

nss_base_passwd dc=abmas,dc=biz

(of course substituting your directory domain component info) will list the 
machine accounts and you will no longer need them in your /etc/passwd.

In summary, by putting the machine accounts into your /etc/passwd you are 
using a work-around for a broken LDAP/NSS environment.

Does that answer your question and solve the problem?

- John T.


>
> --
> Regards,
>
> Steve Zeng
> Systems Administrator
> Mainframe Entertainment Inc
> T: (604) 628-1000 ext 5293

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] pdbedit arguments

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Gienger wrote:
| I'm curious, why is it that most samba programs take -U as
| the username flag, but pdbedit uses -u?  This one gets me
| every time that I run pdbedit.
Because someone wasn't paying attention when pdbedit was
first written.  FIle a bug for me and I'll see if we can
rectify it without making too many waves.


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCMNL2IR7qMdg1EfYRAsUIAKCGH6yPgzHMDYu3AXXPdIJ2FCTePgCeJyys
WRFREctKd5lawDxsypTUmrc=
=ifbe
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC- Administrator translated to root

[Steve Zeng]

That Howto miss something on this topic. try:
smbldap-polulate -k 0
It works for me. good luck
Steve
Greetings,
I have a mostly working Samba Primary Domain
Contoller. I have one last problem to work out.
When I try to connect as Administrator I get the
follwoing message:
# smbclient -L localhost -UAdministrator%SOMEPW
session setup failed: NT_STATUS_LOGON_FAILURE
I watch the ldap logs and see that samba is requesting
the following filter:
filter: (&(uid=root)(objectClass=sambaSamAccount))
I assume this is because the PDC Administrator user is
assigned uidnumber=0 which is also the UNIX root
user's UID.
I am betting this is something simple that I am
overlooking. Any help is appreciated.
SYSTEM INFO:
LDAP SERVER: Redhat Enterpris 3.4
 openldap-2.0.27-17
SAMBA PDC: Fedora Core 1
   samba-3.0.11-1
I followed instructions found at :
http://samba.idealx.org/smbldap-howto.fr.html
--Ez
		
__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 
--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

[Steve Zeng]

Paul,
It is stored under ou=Computers in LDAP.

Is this the way Samba works? I mean, samba has to make sure a machine 
account exist in the /etc/passwd file of Samba PDC, doesn't it?

Samba needs to have a valid posix user on your system for the computer 
account.  Where you store that, LDAP, files, NIS is almost completely 
irrelevant.

--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC- Administrator translated to root

[Ezsra McDonald]

> Look  defined in global section of the smb.conf
> 
> username map = 
> 
> 
> Something in 
> 
> root = Administrator

AH!!! That is it!! I just had to remove those entries and there you go.

Thank you so much Sergey,

--Ez

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC- Administrator translated to root

[Gavin Henry]

> I assume this is because the PDC Administrator user is
> assigned uidnumber=0 which is also the UNIX root
> user's UID.

Yes, therefore, did you run these commands:

http://us2.samba.org/samba/docs/man/Samba-Guide/happy.html#id2557728

No. 12


In the above listing, you can see that the user root has been given UID=998. 
This means that operations conducted from a Windows client using tools such 
as the Domain User Manager fails under UNIX because the management of user 
and group accounts requires that the UID=0. You decide to rectify this 
immediately as demonstrated here:

root#  cd /opt/IDEALX/sbin
root#  ./smbldap-usermod -u 0 -d /root -s /bin/bash root


Verify that the changes just made to the root account were accepted by 
executing:

root#  getent passwd | grep root
root:x:0:0:root:/root:/bin/bash
root:x:0:512:Netbios Domain Administrator:/root:/bin/bash

Thanks.

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 742001
E [EMAIL PROTECTED]

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] HELP Gethostbyaddr failed

[Tom Peters]

I too have posted a message with this error in the logs but no one has 
addressed the issue. The subject of my message was:
Copy to 3.0.9-2.3-SUSE dies after 1.2 gb copied

Only in my case it occurs with 3.0.9 (I have not considered an upgrade to 
3.0.11 yet). Does no one have a suggestion for mitigating this issue?

Here is a section of my logfile:
[2005/03/09 13:52:04, 1] lib/util_sock.c:get_peer_name(1095)
  Gethostbyaddr failed for 172.20.0.186
[2005/03/09 13:52:04, 2] lib/access.c:check_access(324)
  Allowed connection from 172.20.0.186 (172.20.0.186)
[2005/03/09 13:52:04, 2] smbd/reply.c:reply_special(235)
  netbios connect: name1=TOLKIEN name2=ELROND
[2005/03/09 13:52:04, 2] smbd/reply.c:reply_special(242)
  netbios connect: local=tolkien remote=elrond, name type = 0
[2005/03/09 14:23:12, 1] lib/util_sock.c:get_peer_name(1095)
  Gethostbyaddr failed for 172.20.0.186
I can only copy 1.2 to 1.4 gb of data to a share before a WinXP or Win2k 
client says that the network name is no longer available. But it is a 
transient condition-- if I try again, it will copy another gig to 
gig-and-a-half before failing again.

At 01:30 PM 3/10/2005 -0700, RYAN vAN GINNEKEN wrote:
Thank you everyone on this list i have gained access to the shared drive 
again.  Still have errors in the logs that worry me.  Also the server 
seems very slow to connect the first time a machine logs on and 
unresponsive to open files.  I will start a new thread for this later when 
i have done some home work of my own as the documentation for samba is 
very good.
Thank you crisis solved now i just need to some research on how beef up 
preformace a little.

RYAN vAN GINNEKEN wrote:
I did a make deinstall and a reinstall to upgrade samba from 3.0.9 to 
3.0.11 last night at the office i work at and now i get this in the 
logs.  I am sure this has been asswered 100 time on this list but no one 
can connect to the shared drives.  This leave everyone point very angry 
fingers at me so please help here is the output of the logs.
[2005/03/10 12:18:20, 1] lib/util_sock.c:get_peer_name(1109)
 Gethostbyaddr failed for 192.168.0.5
[2005/03/10 12:18:20, 0] lib/access.c:check_access(328)
 Denied connection from 192.168.0.5 (192.168.0.5)
[2005/03/10 12:18:20, 1] smbd/process.c:process_smb(1084)
 Connection denied from 192.168.0.5
[2005/03/10 12:18:25, 1] lib/util_sock.c:get_peer_name(1109)
 Gethostbyaddr failed for 192.168.0.5
[2005/03/10 12:18:25, 0] lib/access.c:check_access(328)
 Denied connection from 192.168.0.5 (192.168.0.5)
[2005/03/10 12:18:25, 1] smbd/process.c:process_smb(1084)
 Connection denied from 192.168.0.5

[Humor] Did Washington just flash a quarter for his ID?  --Steven
Wright
--... ...--  -.. .  -. . --.- --.- -...
[EMAIL PROTECTED]   (remove "nospam") N9QQB (amateur radio)
"HEY YOU" (loud shouting)  WEB ADDRESS http//www.mixweb.com/tpeters
43° 7' 17.2" N by 88° 6' 28.9" W,  Elevation 815',  Grid Square EN53wc
WAN/LAN/Telcom Analyst, Tech Writer, MCP, Cisco Certified CCNA


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba PDC- Administrator translated to root

[Ezsra McDonald]

Greetings,

I have a mostly working Samba Primary Domain
Contoller. I have one last problem to work out.

When I try to connect as Administrator I get the
follwoing message:

# smbclient -L localhost -UAdministrator%SOMEPW
session setup failed: NT_STATUS_LOGON_FAILURE

I watch the ldap logs and see that samba is requesting
the following filter:

filter: (&(uid=root)(objectClass=sambaSamAccount))

I assume this is because the PDC Administrator user is
assigned uidnumber=0 which is also the UNIX root
user's UID.

I am betting this is something simple that I am
overlooking. Any help is appreciated.

SYSTEM INFO:

LDAP SERVER: Redhat Enterpris 3.4
 openldap-2.0.27-17

SAMBA PDC: Fedora Core 1
   samba-3.0.11-1


I followed instructions found at :
http://samba.idealx.org/smbldap-howto.fr.html

--Ez



__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

[Andreas Hasenack]

On Thu, Mar 10, 2005 at 12:56:26PM -0800, Steve Zeng wrote:
> Hi,
> 
> I am using Samba 3.0.10 PDC with LDAP as password DB. Before we use 
> smbpasswd as passwd DB and every time I need to add a machine account 
> into /etc/passwd so that the mahcine can join the domain. My 
> understanding for LDAP is, this step is not needed any more since we 
> will put all machine account into "ou=Computers". But I am proved to be 
> wrong.

Putting machine accounts into ou=Computers works just fine provided:
- smb.conf is configured to look into that branch
- nss_ldap is also configured to go into that branch

Regarding nss_ldap, you can point it either at the top of your tree, so
that it can reach both ou=Computers and ou=People using a subtree
search, or specify nss_base_passwd twice: once for ou=Computers and once
for ou=People.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Permissions (ACLs not inherited?)

[Bolke de Bruin]

Hello,
This might be a classic problem, bit I seem unable to find a solution to it.
Before I elaborate on the problem I first give you the relevant bits of 
my smb.conf:

[global]
   map acl inherit = Yes
[CityMarketing]
   comment = City Marketing
   path = /var/samba/Aub/City Marketing
   read only = No
As you can see I am using acls. Now when a user saves a new file or 
overwrites an old file, the acls of the parent do not seem to get 
inherited: the user gets all the permission and resets all rights for 
the group so disabling editing by the group.

What should I change to resolve this?
Regards,
Bolke
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

[Paul Gienger]

Is this the way Samba works? I mean, samba has to make sure a machine 
account exist in the /etc/passwd file of Samba PDC, doesn't it?
Samba needs to have a valid posix user on your system for the computer 
account.  Where you store that, LDAP, files, NIS is almost completely 
irrelevant.

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

[Steve Zeng]

Hi,
I am using Samba 3.0.10 PDC with LDAP as password DB. Before we use 
smbpasswd as passwd DB and every time I need to add a machine account 
into /etc/passwd so that the mahcine can join the domain. My 
understanding for LDAP is, this step is not needed any more since we 
will put all machine account into "ou=Computers". But I am proved to be 
wrong.

Is this the way Samba works? I mean, samba has to make sure a machine 
account exist in the /etc/passwd file of Samba PDC, doesn't it?

--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: 3.0.11/MirOS password change problem

[Thorsten Glaser]

Dixi:

>Does this sound familiar, before I try to look deeper into it?
>
>[2005/02/13 20:10:16, 0] 
>/usr/ports/net/samba/w-samba-3.0.11/samba-3.0.11/source/libsmb/smbencrypt.c:decode_pw_buffer(539)
>   
> 
>  decode_pw_buffer: incorrect password length (1251354155).
>   
>[2005/02/13 20:10:16, 0] 
>/usr/ports/net/samba/w-samba-3.0.11/samba-3.0.11/source/libsmb/smbencrypt.c:decode_pw_buffer(540)
>   
> 
>  decode_pw_buffer: check that 'encrypt passwords = yes'   
>   
>
>MirOS is an OpenBSD derivate with a 64 bit "time_t" data type,
>so there are all kinds of weird problems lurking around...

So.

Samba 2.2.12 _does_ work.

Thus, I think this is a bug in Samba. I'd like to help
hunting down that bug, as some of my "customers" depend
on Samba, and currently I recommend samba2 to them, well
knowing it's discontinued. Any help?

//mirabile
-- 
> [...] Echtzeit hat weniger mit "Speed"[...] zu tun, sondern damit, daß der
> richtige Prozeß voraussagbar rechtzeitig sein Zeitscheibchen bekommt.
Wir haben uns[...] geeinigt, dass das verwendete Echtzeit-Betriebssystem[...]
weil selbst einfachste Operationen *echt* *Zeit* brauchen.  (aus d.a.s.r)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Domain Control

[Kaplan, Marc]

Nope, they just show up with that roll in a search, the don't perform
any DC functionality.

-Marc

> -Original Message-
> From: IslandBwoy [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 10, 2005 11:56 AM
> To: Kaplan, Marc; Thomas Boutell; [EMAIL PROTECTED]; Gerald
(Jerry)
> Carter
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Domain Control
> 
> PS.  Kaplan, when you join your samba servers to the domain and they
show
> up
> as domain controllers, do they actually perform the roles of such?  My
> question here is simply what is the ramifications of leaving my
machine on
> the domain considering what is happening?
> 
> 
> - Original Message -
> From: "Kaplan, Marc" <[EMAIL PROTECTED]>
> To: "IslandBwoy" <[EMAIL PROTECTED]>; "Thomas Boutell"
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Gerald (Jerry)
Carter"
> <[EMAIL PROTECTED]>
> Cc: 
> Sent: Wednesday, March 09, 2005 6:55 PM
> Subject: RE: [Samba] Domain Control
> 
> 
> I have this same problem. I wrote it up here:
> https://bugzilla.samba.org/show_bug.cgi?id=1423, but Jerry couldn't
> reproduce it so he (rightly) marked it invalid.
> 
> This is 100% reproducible for me (and apparently you also), every
samba
> server I join to the domain, shows up with the role "Domain
Controller".
> Just to be clear, this is not in OU display in the Active Directory
> Users and Computers screen, but in the results of a find.
> 
> If anybody else is experiencing this problem, could you please place
> your notes, and smb.conf file in bugzilla at
> https://bugzilla.samba.org/show_bug.cgi?id=1423
> 
> -Marc
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:samba-
> > [EMAIL PROTECTED] On Behalf Of
> IslandBwoy
> > Sent: Wednesday, March 09, 2005 3:06 PM
> > To: Thomas Boutell; [EMAIL PROTECTED]
> > Cc: samba@lists.samba.org
> > Subject: Re: [Samba] Domain Control
> >
> > Yeah.  Thats what i've been doing.  The problem is that if i leave
it
> like
> > this i'm affraid that as time goes more and more machines will try
to
> > authenticate through this server and eventually cause problems on
our
> > network.  Either way, just to be sure, I'm going to my realm in my
> active
> > directory tree and searching for the machine name. Then deleting it
> from
> > there.  Is there something i can do to assure there is no stail
> > information
> > being used?
> >
> >
> > - Original Message -
> > From: "Thomas Boutell" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: ; "IslandBwoy" <[EMAIL PROTECTED]>
> > Sent: Wednesday, March 09, 2005 5:53 PM
> > Subject: Re: [Samba] Domain Control
> >
> >
> > > You definitely don't have to stop using security = ads to make
this
> > work.
> > >
> > > I suggest that you delete the machine account for this server on
the
> > > Active Directory domain controller via Active Directory Users and
> > Groups.
> > > I think there's some stale information there about the role of the
> > sever.
> > >
> > > Then join the domain again.
> > >
> > > Good luck!
> > >
> > > --
> > > Thomas Boutell
> > > Boutell.Com, Inc.
> > > http://www.boutell.com/
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Domain Control

[IslandBwoy]

Hi again,

I just wanted to share with you what i did to make my samba server show up
as a workstation/server.  Im not sure why this even makes a difference but
before when joining the domain i used:

"kinit [EMAIL PROTECTED]"
"net ads join"

That added my server as a domain controller.  However when i use the
following notation:

net rpc -S dc join -U username

When i did that my samba machine was added as a workstation/server.  However
now i notice there is nothing in the DNS name when searched under active
directory.  I'm not sure this makes much of a difference but i'll play with
that a little bit to see if i can find a way around that as well.

Hope that helps.

R.

- Original Message - 
From: "IslandBwoy" <[EMAIL PROTECTED]>
To: "Kaplan, Marc" <[EMAIL PROTECTED]>; "Thomas Boutell"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Gerald (Jerry) Carter"
<[EMAIL PROTECTED]>
Cc: 
Sent: Thursday, March 10, 2005 2:56 PM
Subject: Re: [Samba] Domain Control


> PS.  Kaplan, when you join your samba servers to the domain and they show
up
> as domain controllers, do they actually perform the roles of such?  My
> question here is simply what is the ramifications of leaving my machine on
> the domain considering what is happening?
>
>
> - Original Message - 
> From: "Kaplan, Marc" <[EMAIL PROTECTED]>
> To: "IslandBwoy" <[EMAIL PROTECTED]>; "Thomas Boutell"
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Gerald (Jerry) Carter"
> <[EMAIL PROTECTED]>
> Cc: 
> Sent: Wednesday, March 09, 2005 6:55 PM
> Subject: RE: [Samba] Domain Control
>
>
> I have this same problem. I wrote it up here:
> https://bugzilla.samba.org/show_bug.cgi?id=1423, but Jerry couldn't
> reproduce it so he (rightly) marked it invalid.
>
> This is 100% reproducible for me (and apparently you also), every samba
> server I join to the domain, shows up with the role "Domain Controller".
> Just to be clear, this is not in OU display in the Active Directory
> Users and Computers screen, but in the results of a find.
>
> If anybody else is experiencing this problem, could you please place
> your notes, and smb.conf file in bugzilla at
> https://bugzilla.samba.org/show_bug.cgi?id=1423
>
> -Marc
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:samba-
> > [EMAIL PROTECTED] On Behalf Of
> IslandBwoy
> > Sent: Wednesday, March 09, 2005 3:06 PM
> > To: Thomas Boutell; [EMAIL PROTECTED]
> > Cc: samba@lists.samba.org
> > Subject: Re: [Samba] Domain Control
> >
> > Yeah.  Thats what i've been doing.  The problem is that if i leave it
> like
> > this i'm affraid that as time goes more and more machines will try to
> > authenticate through this server and eventually cause problems on our
> > network.  Either way, just to be sure, I'm going to my realm in my
> active
> > directory tree and searching for the machine name. Then deleting it
> from
> > there.  Is there something i can do to assure there is no stail
> > information
> > being used?
> >
> >
> > - Original Message -
> > From: "Thomas Boutell" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: ; "IslandBwoy" <[EMAIL PROTECTED]>
> > Sent: Wednesday, March 09, 2005 5:53 PM
> > Subject: Re: [Samba] Domain Control
> >
> >
> > > You definitely don't have to stop using security = ads to make this
> > work.
> > >
> > > I suggest that you delete the machine account for this server on the
> > > Active Directory domain controller via Active Directory Users and
> > Groups.
> > > I think there's some stale information there about the role of the
> > sever.
> > >
> > > Then join the domain again.
> > >
> > > Good luck!
> > >
> > > --
> > > Thomas Boutell
> > > Boutell.Com, Inc.
> > > http://www.boutell.com/
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] HELP Gethostbyaddr failed

[RYAN vAN GINNEKEN]

Thank you everyone on this list i have gained access to the shared drive 
again.  Still have errors in the logs that worry me.  Also the server 
seems very slow to connect the first time a machine logs on and 
unresponsive to open files.  I will start a new thread for this later 
when i have done some home work of my own as the documentation for samba 
is very good. 

Thank you crisis solved now i just need to some research on how beef up 
preformace a little.

RYAN vAN GINNEKEN wrote:
I did a make deinstall and a reinstall to upgrade samba from 3.0.9 to 
3.0.11 last night at the office i work at and now i get this in the 
logs.  I am sure this has been asswered 100 time on this list but no 
one can connect to the shared drives.  This leave everyone point very 
angry fingers at me so please help here is the output of the logs.
[2005/03/10 12:18:20, 1] lib/util_sock.c:get_peer_name(1109)
 Gethostbyaddr failed for 192.168.0.5
[2005/03/10 12:18:20, 0] lib/access.c:check_access(328)
 Denied connection from 192.168.0.5 (192.168.0.5)
[2005/03/10 12:18:20, 1] smbd/process.c:process_smb(1084)
 Connection denied from 192.168.0.5
[2005/03/10 12:18:25, 1] lib/util_sock.c:get_peer_name(1109)
 Gethostbyaddr failed for 192.168.0.5
[2005/03/10 12:18:25, 0] lib/access.c:check_access(328)
 Denied connection from 192.168.0.5 (192.168.0.5)
[2005/03/10 12:18:25, 1] smbd/process.c:process_smb(1084)
 Connection denied from 192.168.0.5

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP items that might help for How-to

[Tony Earnshaw]

John H Terpstra:

[...]

> Gavin is correct here. Thanks for the input but on this occassion it
> seems I need to add more reference to scanning the logs. I'll think about
> the best way to tackle that.

Yes, gavin is correct. However, it's not just a question of scanning the
logs, but also interpreting them correctly.

I run Red Hat RHAS. Mostly /etc/rc.d/init.d/ldap (my own implementation)
will let you see what goes on at daemon startup. But if it doesn't (which
can happen quite a lot), it is often useful to start up the daemon by hand
at the CLI, using the command line in the ldap script. The debug level can
then be configured in the CLI command.

Like in my RH startup script I have:

daemon ${slapd} -u ldap -h "ldap://tru.leerlingen/ ldaps://tru.leerlingen/
ldapi://%2Fusr%2Flocal%2Fvar%2Fslapd%2Fldapi/x-mod=0777" $OPTIONS
$SLAPD_OPTIONS

This presupposes multiple xterm windows open, ALT from the one to the other..

"service ldap stop"

At the CLI I substitute.

'slapd -u ldap -d 256 -h "ldap://whatever.host/ ldaps://whatever.host/
ldapi://%2Fusr%2Flocal%2Fvar%2Fslapd%2Fldapi/x-mod=0777"'

 Change the "-d" bit to whatever suits.

 Leave out the "ldapi" bit, if you don't understand or use it.

 Leave out the "ldaps" bit, if you don't understand or use it.

If there are any slapd.conf faults or whatever, the CLI startup line will
detail them.

--Tonni

Baaie dankie aan/Many thanks to Exim's Philip Hazel who taught me to think
this way, before I left Exim for Postfix.

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to assign Administrator's rights?

[Tony Earnshaw]

Luca Olivetti:

> Most of my users (unfortunately me included) need to use a bloated,
> badly designed piece of sh^Hoftware that only works with administrator's
> rights (I won't say names but it's from a big german company strongly
> pushing for software patents). How can I assign those users
> Administrator's rights without phisically
> going to each machine? I cold put them in the 'Domain Admins' group, but I
> don't think it's the right solution. I tried playing with the
> 'Administrators' builtin but I cannot make it
> work (see my other message "Are builtin groups supposed to work with
> ldap").

Hope this helps a *little* bit. It is not what you were asking for, but
it's my two Eurocents' worth, use it as you will.

I have to run (under shitty Windows, of course, by far and away the
greatest conners in the business, forget any German firm in comparison)
msiexec as a user with elevated privileges. That is to say, run it as an
Administrator-group member.

O.k., now the rub. Of course, one can not normally do this. However, our
"organization" (high school in Amsterdam) chose to use Nitrobit's group
policy Windows plugin. We bought 80 Nitrobit licenses for the Nitrobit
Group Policy Kit (cheap if you're an educational institution).

Their support people told us how to run msiexec with elevated privileges.
It's not free info, so I may not shove it through. However, it's mostly
Google stuff.

Best,

--Tonni


mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

[Meng, Andrew]

Hello,

We use CIFS(2.2.12) on HPUX 11.00 and we see some error messages in log
file like:

fgy538:chip:/var/opt/samba# tail -f log.smbd
  cli_nt_setup_creds: request challenge failed
[2005/02/24 13:14:32, 0] rpc_client/cli_trust.c:(141)
  modify_trust_password: unable to setup the PDC credentials to machine
x.x.x.x Error was : NT_STATUS_UNSUCCESSFUL.
[2005/02/24 13:14:32, 0] rpc_client/cli_trust.c:(247)
  2005/02/24 13:14:32 : change_trust_account_password: Failed to change
password for domain DOM.
[2005/03/10 15:02:54, 0] smbd/server.c:(793)
  smbd version 2.2.12 based HP CIFS Server A.01.11.03 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
[2005/03/10 15:02:54, 0] param/loadparm.c:(2286)
  No path in service $IPC - using /tmp

The smb.conf is:
[global]
workgroup = DOM
netbios name = vobs1tst

security = DOMAIN
encrypt passwords = Yes
password server = x.x.x.x
username map = /etc/opt/samba/users.map
wins server = x.x.x.x
create mask = 0775
directory mask = 0775
oplocks = No
kernel oplocks = No
case sensitive = No
preserve case = Yes
local master = No
  [S1]
comment =  Storage Directory
path = /S1
read only = No

[$IPC]
hosts deny = 0.0.0.0/0

Can anyone give me any clue?

Thanks a lot,
Andrew 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to assign Administrator's rights?

[John Schmerold]

All our enduser computers use the same password for their administrator 
password in localgroup

We copy cpua from http://joeware.net/win to a public directory on the 
server.

In our login scripts I put the following line:
\\fs1\sys\public\cpau /profile /u administrator /p pw /ex "net 
localgroup administrators %userdomain%\%username% /add"

This should get the job done for you.
Obviously the main drawback is that you are giving everyone 
administrative rights & local machines are insecure as a result.

--
John Schmerold
Katy Computer & Wireless
20 Meramec Station Rd
Valley Park MO 63088
636-861-6900 v
775-227-6947 f 


Luca Olivetti wrote:
Most of my users (unfortunately me included) need to use a bloated, 
badly designed piece of sh^Hoftware that only works with 
administrator's rights (I won't say names but it's from a big german 
company strongly pushing for software patents).
How can I assign those users Administrator's rights without phisically 
going to each machine?
I cold put them in the 'Domain Admins' group, but I don't think it's 
the right solution.
I tried playing with the 'Administrators' builtin but I cannot make it 
work (see my other message "Are builtin groups supposed to work with 
ldap").

TIA
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Domain Control

[IslandBwoy]

PS.  Kaplan, when you join your samba servers to the domain and they show up
as domain controllers, do they actually perform the roles of such?  My
question here is simply what is the ramifications of leaving my machine on
the domain considering what is happening?


- Original Message - 
From: "Kaplan, Marc" <[EMAIL PROTECTED]>
To: "IslandBwoy" <[EMAIL PROTECTED]>; "Thomas Boutell"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Gerald (Jerry) Carter"
<[EMAIL PROTECTED]>
Cc: 
Sent: Wednesday, March 09, 2005 6:55 PM
Subject: RE: [Samba] Domain Control


I have this same problem. I wrote it up here:
https://bugzilla.samba.org/show_bug.cgi?id=1423, but Jerry couldn't
reproduce it so he (rightly) marked it invalid.

This is 100% reproducible for me (and apparently you also), every samba
server I join to the domain, shows up with the role "Domain Controller".
Just to be clear, this is not in OU display in the Active Directory
Users and Computers screen, but in the results of a find.

If anybody else is experiencing this problem, could you please place
your notes, and smb.conf file in bugzilla at
https://bugzilla.samba.org/show_bug.cgi?id=1423

-Marc
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of
IslandBwoy
> Sent: Wednesday, March 09, 2005 3:06 PM
> To: Thomas Boutell; [EMAIL PROTECTED]
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Domain Control
>
> Yeah.  Thats what i've been doing.  The problem is that if i leave it
like
> this i'm affraid that as time goes more and more machines will try to
> authenticate through this server and eventually cause problems on our
> network.  Either way, just to be sure, I'm going to my realm in my
active
> directory tree and searching for the machine name. Then deleting it
from
> there.  Is there something i can do to assure there is no stail
> information
> being used?
>
>
> - Original Message -
> From: "Thomas Boutell" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: ; "IslandBwoy" <[EMAIL PROTECTED]>
> Sent: Wednesday, March 09, 2005 5:53 PM
> Subject: Re: [Samba] Domain Control
>
>
> > You definitely don't have to stop using security = ads to make this
> work.
> >
> > I suggest that you delete the machine account for this server on the
> > Active Directory domain controller via Active Directory Users and
> Groups.
> > I think there's some stale information there about the role of the
> sever.
> >
> > Then join the domain again.
> >
> > Good luck!
> >
> > --
> > Thomas Boutell
> > Boutell.Com, Inc.
> > http://www.boutell.com/
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Domain Control

[IslandBwoy]

Hey Kaplan,

I'm not familiar with this system.  Sould i be creating a new bug report or
adding to yours somehow.   My smb.conf file was posted previously.  Feel
free to add that information and i'll check back periodically to any
questions that may come up.

R.
- Original Message - 
From: "Kaplan, Marc" <[EMAIL PROTECTED]>
To: "IslandBwoy" <[EMAIL PROTECTED]>; "Thomas Boutell"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Gerald (Jerry) Carter"
<[EMAIL PROTECTED]>
Cc: 
Sent: Wednesday, March 09, 2005 6:55 PM
Subject: RE: [Samba] Domain Control


I have this same problem. I wrote it up here:
https://bugzilla.samba.org/show_bug.cgi?id=1423, but Jerry couldn't
reproduce it so he (rightly) marked it invalid.

This is 100% reproducible for me (and apparently you also), every samba
server I join to the domain, shows up with the role "Domain Controller".
Just to be clear, this is not in OU display in the Active Directory
Users and Computers screen, but in the results of a find.

If anybody else is experiencing this problem, could you please place
your notes, and smb.conf file in bugzilla at
https://bugzilla.samba.org/show_bug.cgi?id=1423

-Marc
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of
IslandBwoy
> Sent: Wednesday, March 09, 2005 3:06 PM
> To: Thomas Boutell; [EMAIL PROTECTED]
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Domain Control
>
> Yeah.  Thats what i've been doing.  The problem is that if i leave it
like
> this i'm affraid that as time goes more and more machines will try to
> authenticate through this server and eventually cause problems on our
> network.  Either way, just to be sure, I'm going to my realm in my
active
> directory tree and searching for the machine name. Then deleting it
from
> there.  Is there something i can do to assure there is no stail
> information
> being used?
>
>
> - Original Message -
> From: "Thomas Boutell" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: ; "IslandBwoy" <[EMAIL PROTECTED]>
> Sent: Wednesday, March 09, 2005 5:53 PM
> Subject: Re: [Samba] Domain Control
>
>
> > You definitely don't have to stop using security = ads to make this
> work.
> >
> > I suggest that you delete the machine account for this server on the
> > Active Directory domain controller via Active Directory Users and
> Groups.
> > I think there's some stale information there about the role of the
> sever.
> >
> > Then join the domain again.
> >
> > Good luck!
> >
> > --
> > Thomas Boutell
> > Boutell.Com, Inc.
> > http://www.boutell.com/
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Browsing / NetBIOS QQ

[Rupert Heesom]

Hi all:

I'm not sure where to begin.

My setup here is Samba Version 2.2.7a-security-rollup-fix acting as wins
for a bridged OpenVPN network (if you know what that means).

The net consists of 1 subnet (10.0.0.0/24).  The OpenVPN Linux box also
runs Samba, ip 10.0.0.110.  There are 2 other windows/linux boxes
"behind" the VPN server.  

There are "guests" (Road Warriors) connecting into the network using
OpenVPN (bridged (tap) mode), therefore they are on the same subnet, and
configured for the same workgroup SAMBAGRP.  

Using one test "road warrior" I've been trying to get network browsing
working.  To a point it is.  I've been having most problems getting Win
PCs behind the VPN server and RoadWarr to access each others shares. 
All machines are visible in Net Neighbourhood.

All the Win PCs (XP Home sp2) I've enabled Peer-to-Peer networking in
Control panel (add/remove win components), I've enabled Windows services
(Workstation, Server, Messenger), enabled NetBIOS over TCP on the
relevant IP stack.  I don't know much about these services; just read
about them when looking for NetBIOS info, so enabled them.

My one problem currently seems to be the wins records
(/var/cache/samba/wins.dat).  The IPs given for the current test
RoadWarr are different for different services:

Here the test RoadWarr is "DEBBIE" with all 3 services abled on the PC
(as you can see). However because her IP changes with connections and
disconnections to the VPN, wins is not updated here.

I'm testing browsing between "DEBBIE" and "RUPERT-LAPTOP".  My internal
IPs are static.

I'm wondering whether wins could update the IPs quicker if I use the MAX
WINS TTL param in smb.conf?  The smb.conf manpage says NOT to change
this param, but it may help this particular situation.

If I set the MAX WINS TTL to 5 mins or so, would that do something
terrible to the SAmba traffic?

BTW, I've been confused by the wins.dat vs the browse.dat.  I've always
thought that the wins server provided the input for the browsing lists. 
The wins.dat and browse.dat files are not at all alike.

/var/cache/samba/wins.dat:

VERSION 1 10212
"DEBBIE#00" 1110580748 10.0.0.203 24R
"DEBBIE#03" 1110783156 10.0.0.222 24R
"DEBBIE#20" 1110580748 10.0.0.203 24R
"MDK-SAMBA#00" 1110742524 10.0.0.110 46R
"MDK-SAMBA#03" 1110742524 10.0.0.110 46R
"MDK-SAMBA#20" 1110742524 10.0.0.110 46R
"MTAMBARA#00" 1110568868 10.0.0.202 24R
"OWNER#03" 1110783156 10.0.0.222 24R
"RAHEESOM#03" 1110703485 10.0.0.120 24R
"RUPERT-LAPTOP#00" 1110702143 10.0.0.120 24R
"RUPERT-LAPTOP#03" 1110703485 10.0.0.120 24R
"RUPERT-LAPTOP#20" 1110702143 10.0.0.120 24R
"SAMBAGRP#00" 1110783500 255.255.255.255 c4R
"SAMBAGRP#1b" 1110742524 10.0.0.110 44R
"SAMBAGRP#1c" 1110742524 10.0.0.110 c4R
"SAMBAGRP#1e" 1110783500 255.255.255.255 c4R

-- 
Rupert Heesom <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] pdbedit arguments

[Paul Gienger]

I'm curious, why is it that most samba programs take -U as the username 
flag, but pdbedit uses -u?  This one gets me every time that I run pdbedit.

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] HELP Gethostbyaddr failed

[RYAN vAN GINNEKEN]

I did a make deinstall and a reinstall to upgrade samba from 3.0.9 to 
3.0.11 last night at the office i work at and now i get this in the 
logs.  I am sure this has been asswered 100 time on this list but no one 
can connect to the shared drives.  This leave everyone point very angry 
fingers at me so please help here is the output of the logs. 

[2005/03/10 12:18:20, 1] lib/util_sock.c:get_peer_name(1109)
 Gethostbyaddr failed for 192.168.0.5
[2005/03/10 12:18:20, 0] lib/access.c:check_access(328)
 Denied connection from 192.168.0.5 (192.168.0.5)
[2005/03/10 12:18:20, 1] smbd/process.c:process_smb(1084)
 Connection denied from 192.168.0.5
[2005/03/10 12:18:25, 1] lib/util_sock.c:get_peer_name(1109)
 Gethostbyaddr failed for 192.168.0.5
[2005/03/10 12:18:25, 0] lib/access.c:check_access(328)
 Denied connection from 192.168.0.5 (192.168.0.5)
[2005/03/10 12:18:25, 1] smbd/process.c:process_smb(1084)
 Connection denied from 192.168.0.5
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ntlm_auth

[Javier Jiménez Díaz]

Hi all,
I don´t have much experience with Samba so I would like to apologize in
advance if I talk about very simple things. I've got a freeradius 1.0.1
server running fine with OpenLDAP on a RedHat 9.0 and now I would like to
authenticate against an Active Directory. I can do it with TLS, but when I
try to do it with PEAP, it doesn works. I read about it and found out that
should be put on radiusd.conf something with ntlm_auth. When I execute
ntlm_auth get:

[root]# ntlm_auth --username=javi2 --domain=aamm.sgi.es
password:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
(0xc0da)


At this point I think that the most important thing is configuring Samba.
After this I´ve readed that the server should be joined to the domain but
when I try the command:

[root]#net join
[2005/03/10 18:40:16, 0] param/loadparm.c:map_parameter(2446)
  Unknown parameter encountered: "host allow"
[2005/03/10 18:40:16, 0] param/loadparm.c:lp_do_parameter(3142)
  Ignoring unknown parameter "host allow"
root's password:
[2005/03/10 18:40:19, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for
requested realm
[2005/03/10 18:40:19, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Cannot find KDC for requested realm

Unable to find a suitable server

Unable to find a suitable server



Does anybody knows what should I do to configure samba? How can I join the
server?

Thanks in advance for any help!!



__
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
 puede contener informacion clasificada por su emisor como confidencial
 en el marco de su Sistema de Gestion de Seguridad de la 
Informacion siendo para uso exclusivo del destinatario, quedando 
prohibida su divulgacion copia o distribucion a terceros sin la 
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje 
 erroneamente, se ruega lo notifique al remitente y proceda a su borrado. 
Gracias por su colaboracion.
__
This message including any attachments may contain confidential 
information, according to our Information Security Management System,
 and intended solely for a specific individual to whom they are addressed.
 Any unauthorised copy, disclosure or distribution of this message
 is strictly forbidden. If you have received this transmission in error,
 please notify the sender immediately and delete it.
__
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple Drive Mappings

[James W. Beauchamp]

Hi:
I'm running Samba 3.0.4 on RH 9 using domain logins.  I've just set this up and 
I've noticed that when the user logs in and the specified login.bat file is 
executed, all the drives that are specified to be mapped end up mapped twice!  

I know I've seen reference to this problem in the past but I can't locate it 
now.  Can anyone tell me what to do to keep this from happening?

Thanks

James



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Tiny HOWTO edit

[William Enestvedt]

On page 206 of the Samba-HOWTO-Collection PDF, in the seventh paragraph,
the word "use" appears to be missing from the sentence, "When Samba is
being used as the PDC and BDC the of an LDAP..." -- but that could just
be me.
-wde
--
Will Enestvedt
UNIX System Administrator
Johnson & Wales University -- Providence, RI
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange issues with Excel & Samba

[Bill Arlofski]

Kaplan, Marc wrote:
Bill,
I'm curious about this issue, which version of Excel were you using? Or
did it even matter what version of Excel?
Thanks,
-Marc

They are using Microsoft Excel 2002 - Service Pack 1
-
Bill Arlofski
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Dynamic home mapping

[Derek Harkness]

Does anybody have a way of dynamically selecting which server a user's 
home drive get mapped to?

I have two servers sharing the same AFS file space, and I want to load 
balance home drive mappings between them.  I'm hoping for something I 
can put in the smb.conf as opposed to mapping in the logon script.

Thanks,
Derek
It is easier to fix Unix than to live with Windows.


PGP.sig
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ntlm_auth

[Javier Jiménez Díaz]

-Mensaje original-
De: Javier Jiménez Díaz [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 10 de marzo de 2005 18:44
Para: samba@lists.samba.org
Asunto: ntlm_auth


Hi all,
I don´t have much experience with Samba so I would like to apologize in
advance if I talk about very simple things. I've got a freeradius 1.0.1
server running fine with OpenLDAP on a RedHat 9.0 and now I would like to
authenticate against an Active Directory. I can do it with TLS, but when I
try to do it with PEAP, it doesn works. I read about it and found out that
should be put on radiusd.conf something with ntlm_auth. When I execute
ntlm_auth get:

[root]# ntlm_auth --username=javi2 --domain=aamm.sgi.es
password:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
(0xc0da)


At this point I think that the most important thing is configuring Samba.
After this I´ve readed that the server should be joined to the domain but
when I try the command:

[root]#net join
[2005/03/10 18:40:16, 0] param/loadparm.c:map_parameter(2446)
  Unknown parameter encountered: "host allow"
[2005/03/10 18:40:16, 0] param/loadparm.c:lp_do_parameter(3142)
  Ignoring unknown parameter "host allow"
root's password:
[2005/03/10 18:40:19, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for
requested realm
[2005/03/10 18:40:19, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Cannot find KDC for requested realm

Unable to find a suitable server

Unable to find a suitable server



Does anybody knows what should I do to configure samba? How can I join the
server?

Thanks in advance for any help!!



__
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
 puede contener informacion clasificada por su emisor como confidencial
 en el marco de su Sistema de Gestion de Seguridad de la 
Informacion siendo para uso exclusivo del destinatario, quedando 
prohibida su divulgacion copia o distribucion a terceros sin la 
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje 
 erroneamente, se ruega lo notifique al remitente y proceda a su borrado. 
Gracias por su colaboracion.
__
This message including any attachments may contain confidential 
information, according to our Information Security Management System,
 and intended solely for a specific individual to whom they are addressed.
 Any unauthorised copy, disclosure or distribution of this message
 is strictly forbidden. If you have received this transmission in error,
 please notify the sender immediately and delete it.
__
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ntlm_auth

[Javier Jiménez Díaz]

-Mensaje original-
De: Javier Jiménez Díaz [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 10 de marzo de 2005 18:44
Para: samba@lists.samba.org
Asunto: ntlm_auth


Hi all,
I don´t have much experience with Samba so I would like to apologize in
advance if I talk about very simple things. I've got a freeradius 1.0.1
server running fine with OpenLDAP on a RedHat 9.0 and now I would like to
authenticate against an Active Directory. I can do it with TLS, but when I
try to do it with PEAP, it doesn works. I read about it and found out that
should be put on radiusd.conf something with ntlm_auth. When I execute
ntlm_auth get:

[root]# ntlm_auth --username=javi2 --domain=aamm.sgi.es
password:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
(0xc0da)


At this point I think that the most important thing is configuring Samba.
After this I´ve readed that the server should be joined to the domain but
when I try the command:

[root]#net join
[2005/03/10 18:40:16, 0] param/loadparm.c:map_parameter(2446)
  Unknown parameter encountered: "host allow"
[2005/03/10 18:40:16, 0] param/loadparm.c:lp_do_parameter(3142)
  Ignoring unknown parameter "host allow"
root's password:
[2005/03/10 18:40:19, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for
requested realm
[2005/03/10 18:40:19, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Cannot find KDC for requested realm

Unable to find a suitable server

Unable to find a suitable server



Does anybody knows what should I do to configure samba? How can I join the
server?

Thanks in advance for any help!!



__
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
 puede contener informacion clasificada por su emisor como confidencial
 en el marco de su Sistema de Gestion de Seguridad de la 
Informacion siendo para uso exclusivo del destinatario, quedando 
prohibida su divulgacion copia o distribucion a terceros sin la 
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje 
 erroneamente, se ruega lo notifique al remitente y proceda a su borrado. 
Gracias por su colaboracion.
__
This message including any attachments may contain confidential 
information, according to our Information Security Management System,
 and intended solely for a specific individual to whom they are addressed.
 Any unauthorised copy, disclosure or distribution of this message
 is strictly forbidden. If you have received this transmission in error,
 please notify the sender immediately and delete it.
__
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] To anyone successfully using NT ACLs with Samba

[Thomas Boutell]

On Thu, 10 Mar 2005 [EMAIL PROTECTED] wrote:
Hi Thomas,
Do you have winbind in the nsswitch?
Alan
Yes.
To be clear, my Windows-client-made ACL settings work. And they look great in
getfacl. The place they don't look great is on an actual Windows client
when reopened. the settings are right but the names of the groups
are replaced by ugly-lookin' SIDs.
--
Thomas Boutell
Boutell.Com, Inc. 
http://www.boutell.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange issues with Excel & Samba

[Bill Arlofski]

Bill Arlofski wrote:
I have a client who used to have an NT server, we replaced it with 
Gentoo Linux and Samba v3.0.9 and they are now having what appears to be 
some sort of file-sharing issue with Excel.

When a user opens an Excel file on the file server it opens properly, no 
errors or warnings of any  kind. But when they try to save the file, 
Excel warns them that "the file may have changed by someone else, do you 
want to overwrite, or make new copy" (or some such similar dialog).

The file has not changed, and they were the only one with it opened. 
This happens to everyone, on any Excel file that they open.

Here is some smbstatus output when a user opens an Excel spreadsheet:
# smbstatus | grep xls
25002  DENY_NONE  0x2019f RDWR   NONE 
/home/shared/projects/Spreadsheet2.xls MonMar  7 11:12:16 2005

Ok, so Samba shows that the user has the file "Spreadsheet2.xls" opened 
in read-write mode. So far so good.

BUT... What is interesting is this:
# lsof -p 25002 |grep xls
smbd25002 louis   28uw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   32rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   33rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   34rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   35rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   36rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   37rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   39rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   40rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   41rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   42rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   43rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   44rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   45rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   46rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls

It looks like Excel opens the file ONCE with "read and write access", 
with a write lock on part of the file (28uw), then it proceeds to open 
the file 14 more times for READ access.  What the heck for?

On the good side, when someone else attempts to open this file while 
louis has it opened, they are properly told by Excel that the file is 
currently in use and that they can open it it read only mode. (or some 
such similar message)

Any thoughts on how to stop Excel from telling the user that their file 
has changed when it definitely has not?

Bill Arlofski
[EMAIL PROTECTED]

Upgrading to 3.0.11 FIXED this problem.
-
Bill Arlofski
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Print spool icon in systray reports jobs pending when none are pending

[Bill Arlofski]

John H Terpstra wrote:
On Thursday 10 March 2005 09:45, Bill Arlofski wrote:
I have an issue I'd like to resolve with a client and the print spool
icon in the systray...
If the user (on w2k) mouses over the print spool icon, it tells them
"xxx jobs in queue" or some such, and the xxx increments once for each
new print job they send.
Also, the print spool icon never disappears from the systray until a
reboot, or re-login. Once a job is sent to one of the samba-served
printers, the spool icon reappears with symptoms noted above.
Any ideas?  Using Samba 3.0.9 and cups. This is happening for all users.
I checked the changelog from 3.0.9 to 3.0.11 and didn't find anything
relating to this specific issue, but plan upgrading soon hust the same.

Suggest you update to 3.0.11 as  it will likely cure your problem. There are a 
number of printing related fixes in 3.0.11 and the problem of print jobs not 
being deleted cropped up prior to release of 3.0.11 and unless I am mistaken 
is fixed in this release.

- John T.

Upgrading to 3.0.11 FIXED this print spool issue. Excellent! Thank you. :)
-
Bill Arlofski
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[Dani Camps]

Hi John, 

I read your example in chapter and my case is exactly
the same but instead of having a domain I want a
workgroup. I think my configuration is the same you
show in the example except of the domain specific
commands. My smb.conf in the server is:

-
hosts allow=127. 192.168.0. 192.168.1.
...
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
...
interfaces=192.168.0.1/24 192.168.1.1/24 127.0.0.1/8
bind interfaces only=yes
...
#To be the DMB and LMB of each subnet
domain master = yes
local master = yes
os level = 255
preferred master = yes
...
#To be the WINS server
name resolve order = wins lmhosts bcast
wins support = yes
dns proxy = no
--

So I think the domain master option that is not in
your example is the basic diferent thing I have.

I configure all the clients using DHCP this way in
both subnets:

option netbios-name-servers 192.168.0.1, 192.168.1.1;
option netbios-node-type 8;


And what is happening is:

1-The subnet 192.168.0.0/24 works perfect, but the
machines there only see machines in that subnet. But
browsing between them works.

2-The machines in the 192.168.1.0/24 subnet are the
ones doing more weird things:
 -I can not do browsing from those machines. If I try 
to use the network neighborhood icon or do "net view"
I get "error 53-Impossible to access the network".

 -But from those machines I can do "nbtstat -a
NAME_MACHINE" and this works perfect, with any machine
in any subnet. If I try "nbtstat -a GATEWAY" it says
is the LMB (appears ..__MSBROWSE__.). But doing
\\NAME_MACHINE or \\IP_ADDRESS from the windows
explorer doesn't work.

 -I have tried the clients in this subnet to be p-node
or h-node and the behavior is exactly the same.

 -The IP routing between the two subnets works.

 -In the server I check the wins.dat and the
browse.dat and all the machines of both subnets are
there ! so I don't know what could be failing. (I have
only one brwose.dat, I don't know if I should have
more than one since the server if the LMB of each
subnet.)

Is very weird, because thinking in the subnet
192.168.0.1/24 only the machines in that subnet appear
in the network neighborhood, but why if in the
browse.dat file in the samba server are all the
machines of both subnets ? And why the machines in the
other subnet are not even able to see anything ?

Well I am quite disperated with this, do u know
something else I could try ?


Thanks !


--- John H Terpstra <[EMAIL PROTECTED]> wrote:

> Dani,
> 
> Have you followed chapter 4 of the Samba-Guide
> (Samba-3 by Example book)?
> What does not work? I am in the process of updating
> this documentation and 
> would much value your feedback.
> 
> You can download the current version from:
> 
> http://www.samba.org/samba/docs/Samba-Guide.pdf
> 
> I look forward to your feedback.
> 
> Cheers,
> John T.
> 
> On Thursday 10 March 2005 05:22, Dani Camps wrote:
> > I already have all the clients in both subnets
> > configured to use WINS and configured to be a
> p-node.
> > These are my lines in the DHCP server:
> >
>
-
> > option netbios-name-servers 192.168.0.1;
> > option netbios-node-type 2;
> 
> Oh? Why P-Node?
> 
> >
>
-
> >
> > I rewrite my configuration to check whether I have
> > some error:
> >  INTERNET
> >
> >  __eth1__
> >
> >   |-eth0|___|eth2-|
> >
> > 192.168.0.0/24 Gateway
> 192.168.1.0/24
> >
> ><>
> >  WORKGROUP
> >
> > eth0:192.168.0.1 and gateway of the 192.168.0.0/24
> > eth2:192.168.1.1 and gateway of the 192.168.1.0/24
> > eth1:public IP, doing NAT of the internal subnets
> >
> > The Gateway is a Fedora Core 3 box where I have
> Samba
> > installed. I have Samba configured to be a WINS
> server
> > in that machine.
> >
> > What I have now and it doesn't work is the
> following:
> > In the gateway machine I have one instance of
> Samba
> > running with this configuration:
> >
>
-
> > hosts allow=127. 192.168.0. 192.168.1.
> > ...
> > socket options = TCP_NODELAY SO_RCVBUF=8192
> > SO_SNDBUF=8192
> > ...
> > interfaces=192.168.0.1/24 192.168.1.1/24
> 127.0.0.1/8
> > bind interfaces only=yes
> 
> How many interfaces do you have? If there are only
> two, why limit the 
> bindings?
> 
> > ...
> > #To be the DMB
> > domain master = yes
> > local master = yes
> > os level = 255
> > preferred master = yes
> > ...
> > #To be the WINS server
> > name resolve order = wins lmhosts bcast
> > wins support = yes
> > dns proxy = no
> > --
> >
> > I know I need to make what I want work:
> > 1-One LMB in each subnet
> > 2-One DMB
> > 

[Samba] ntlm_auth

[Javier Jiménez Díaz]

Hi all,
I don´t have much experience with Samba so I would like to apologize in
advance if I talk about very simple things. I've got a freeradius 1.0.1
server running fine with OpenLDAP on a RedHat 9.0 and now I would like to
authenticate against an Active Directory. I can do it with TLS, but when I
try to do it with PEAP, it doesn works. I read about it and found out that
should be put on radiusd.conf something with ntlm_auth. When I execute
ntlm_auth get:

[root]# ntlm_auth --username=javi2 --domain=aamm.sgi.es
password:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
(0xc0da)


At this point I think that the most important thing is configuring Samba.
After this I´ve readed that the server should be joined to the domain but
when I try the command:

[root]#net join
[2005/03/10 18:40:16, 0] param/loadparm.c:map_parameter(2446)
  Unknown parameter encountered: "host allow"
[2005/03/10 18:40:16, 0] param/loadparm.c:lp_do_parameter(3142)
  Ignoring unknown parameter "host allow"
root's password:
[2005/03/10 18:40:19, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for
requested realm
[2005/03/10 18:40:19, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Cannot find KDC for requested realm

Unable to find a suitable server

Unable to find a suitable server



Does anybody knows what should I do to configure samba? How can I join the
server?

Thanks in advance for any help!!



__
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
 puede contener informacion clasificada por su emisor como confidencial
 en el marco de su Sistema de Gestion de Seguridad de la 
Informacion siendo para uso exclusivo del destinatario, quedando 
prohibida su divulgacion copia o distribucion a terceros sin la 
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje 
 erroneamente, se ruega lo notifique al remitente y proceda a su borrado. 
Gracias por su colaboracion.
__
This message including any attachments may contain confidential 
information, according to our Information Security Management System,
 and intended solely for a specific individual to whom they are addressed.
 Any unauthorised copy, disclosure or distribution of this message
 is strictly forbidden. If you have received this transmission in error,
 please notify the sender immediately and delete it.
__
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] To anyone successfully using NT ACLs with Samba

[Alan.Wood]

Hi Thomas,

 Do you have winbind in the nsswitch? 

Alan

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
ext Thomas Boutell
Sent: Thursday, March 10, 2005 2:04 PM
To: samba@lists.samba.org
Subject: [Samba] To anyone successfully using NT ACLs with Samba


When you re-open the properties of an existing file or
directory with ACLs set on it from a Windows workstation, do 
you see the usernames and group names properly? Or do you see 
SIDs in the dialog box as I do? Just gathering data. If you are 
seeing usernames and group names properly I'd love to see
your smb.conf file. In my case, the Samba server is an
AD domain member.

--
Thomas Boutell
Boutell.Com, Inc. 
http://www.boutell.com/

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Unable to set ACLs with Samba 3.0.11, near publication deadline

[Thomas Boutell]

On Thu, 10 Mar 2005, David Sonenberg wrote:
I tried adding writable = yes.  I can now view and modify ACL's for files but 
not directories.
I'm definitely setting ACLs on directories... bear in mind that Unix
rules still apply, only the owner of the file or dirctory and 
administrator (or whoever maps to root) have the privilege of 
setting and changing ACLs.

Would still love to know why I see raw SIDs when I reopen the ACLs
in Windows, though.
--
Thomas Boutell
Boutell.Com, Inc. 
http://www.boutell.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] How to assign Administrator's rights?

[Luca Olivetti]

Most of my users (unfortunately me included) need to use a bloated, 
badly designed piece of sh^Hoftware that only works with administrator's 
rights (I won't say names but it's from a big german company strongly 
pushing for software patents).
How can I assign those users Administrator's rights without phisically 
going to each machine?
I cold put them in the 'Domain Admins' group, but I don't think it's the 
right solution.
I tried playing with the 'Administrators' builtin but I cannot make it 
work (see my other message "Are builtin groups supposed to work with ldap").

TIA
--
Luca
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with smbldap-usermod for SOME users

[Jerome Tournier]

Le Thu, Mar 10, 2005 at 04:21:13PM +0100, Heupink, Mourik Jan C. a ecrit:
> hostname:~ # smbldap-usermod -B1 user1
> Use of uninitialized value in pattern match (m//) at
> /usr/local/sbin/smbldap-usermod line 355,  line 283.
Can you test the attached patch please.
-- 
Jerome
--- smbldap-usermod.orig2005-03-10 18:13:16.493374521 +0100
+++ smbldap-usermod 2005-03-10 18:13:00.920550833 +0100
@@ -352,7 +352,7 @@ if (defined($tmp = $Options{'B'})) {
   # . the attribut sambaAcctFlags must not match the 'X' flag
   my $_sambaAcctFlags;
   my $flags = $user_entry->get_value('sambaAcctFlags');
-  if ( $flags =~ /X/ ) {
+  if ( defined $flags and $flags =~ /X/ ) {
my $letters;
if ($flags =~ /(\w+)/) {
  $letters = $1;
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Print spool icon in systray reports jobs pending when none are pending

[Bill Arlofski]

John H Terpstra wrote:
On Thursday 10 March 2005 09:45, Bill Arlofski wrote:
I have an issue I'd like to resolve with a client and the print spool
icon in the systray...
If the user (on w2k) mouses over the print spool icon, it tells them
"xxx jobs in queue" or some such, and the xxx increments once for each
new print job they send.
Also, the print spool icon never disappears from the systray until a
reboot, or re-login. Once a job is sent to one of the samba-served
printers, the spool icon reappears with symptoms noted above.
Any ideas?  Using Samba 3.0.9 and cups. This is happening for all users.
I checked the changelog from 3.0.9 to 3.0.11 and didn't find anything
relating to this specific issue, but plan upgrading soon hust the same.

Suggest you update to 3.0.11 as  it will likely cure your problem. There are a 
number of printing related fixes in 3.0.11 and the problem of print jobs not 
being deleted cropped up prior to release of 3.0.11 and unless I am mistaken 
is fixed in this release.

- John T.

Ok, will upgrade (probably today)   but one thing I think I failed to 
mention inmy origonal post was that if the user OPENS the print spool, 
there are no jobs listed in it. The number of jobs supposedly pending 
only display when they mouse over the spool icon.

Thanks for the speedy reply. :)
Bill Arlofski
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Unable to set ACLs with Samba 3.0.11, near publication deadline

[David Sonenberg]

I tried adding writable = yes.  I can now view and modify ACL's for 
files but not directories.

Thomas Boutell wrote:
Anybody have a roadkill cookbook?
Because I have some crow to eat, and I'm not sure how best
to prepare it. Sigh.
I didn't have writable = yes set on the share. The fact that smbcacls 
didn't work (and still doesn't work!) blinded me to this more obvious
issue. Once I set writable = yes, of course, I was able to change
acls from a true Windows client... which was of course my
actual goal. I'd created my test files in advance on the Linux
side, so the no-write-permissions-at-all issue wasn't obvious at
any other time.

Thanks for the attention you gave to the matter. Next time, if I'm
not able to spot the issue myself, I'll be sure to include my
*entire* smb.conf in the report.
--
Thomas Boutell
Boutell.Com, Inc. http://www.boutell.com/

--
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
Tel 212.981.6527
Fax 917.495.4918
This message is for the named person's use only.  It may contain 
confidential, proprietary or legally privileged information. No right to 
confidential or privileged treatment of this message is waived or lost 
by any error in transmission.  If you have received this message in 
error, please immediately notify the sender by e-mail or by telephone at 
212.981.6540, delete the message and all copies from your system and 
destroy any hard copies.  You must not, directly or indirectly, use, 
disclose, distribute, print or copy any part of this message if you are 
not the intended recipient.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Print spool icon in systray reports jobs pending when none are pending

[John H Terpstra]

On Thursday 10 March 2005 09:45, Bill Arlofski wrote:
> I have an issue I'd like to resolve with a client and the print spool
> icon in the systray...
>
> If the user (on w2k) mouses over the print spool icon, it tells them
> "xxx jobs in queue" or some such, and the xxx increments once for each
> new print job they send.
>
> Also, the print spool icon never disappears from the systray until a
> reboot, or re-login. Once a job is sent to one of the samba-served
> printers, the spool icon reappears with symptoms noted above.
>
> Any ideas?  Using Samba 3.0.9 and cups. This is happening for all users.
>
> I checked the changelog from 3.0.9 to 3.0.11 and didn't find anything
> relating to this specific issue, but plan upgrading soon hust the same.

Suggest you update to 3.0.11 as  it will likely cure your problem. There are a 
number of printing related fixes in 3.0.11 and the problem of print jobs not 
being deleted cropped up prior to release of 3.0.11 and unless I am mistaken 
is fixed in this release.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Print spool icon in systray reports jobs pending when none are pending

[Bill Arlofski]

I have an issue I'd like to resolve with a client and the print spool 
icon in the systray...

If the user (on w2k) mouses over the print spool icon, it tells them 
"xxx jobs in queue" or some such, and the xxx increments once for each 
new print job they send.

Also, the print spool icon never disappears from the systray until a 
reboot, or re-login. Once a job is sent to one of the samba-served 
printers, the spool icon reappears with symptoms noted above.

Any ideas?  Using Samba 3.0.9 and cups. This is happening for all users.
I checked the changelog from 3.0.9 to 3.0.11 and didn't find anything 
relating to this specific issue, but plan upgrading soon hust the same.

Thanks
Bill Arlofski
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP items that might help for How-to

[John H Terpstra]

On Thursday 10 March 2005 08:28, Gavin Henry wrote:
> 
>
> > Might want to include the following command in LDAP config incase LDAP
> > doesn't start.
> >
> > slapd -u ldap -g ldap -d -1
> >
> > This command pointed out that I hadn't copied my samba.schema to the
> > /etc/openldap/schema directory. Might want to put that in the doc before
> > you
> > start LDAP. A newbie like me might pass over that little detail while
> > following the instructions...
>
> Hi,
>
> I think this is taken care of with syslog, we added loglevel 256 to
> slapd.conf, so a simple tail -f logfile.log will show the problems.

Gavin is correct here. Thanks for the input but on this occassion it seems I 
need to add more reference to scanning the logs. I'll think about the best 
way to tackle that.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[John H Terpstra]

Dani,

Have you followed chapter 4 of the Samba-Guide (Samba-3 by Example book)?
What does not work? I am in the process of updating this documentation and 
would much value your feedback.

You can download the current version from:

http://www.samba.org/samba/docs/Samba-Guide.pdf

I look forward to your feedback.

Cheers,
John T.

On Thursday 10 March 2005 05:22, Dani Camps wrote:
> I already have all the clients in both subnets
> configured to use WINS and configured to be a p-node.
> These are my lines in the DHCP server:
> -
> option netbios-name-servers 192.168.0.1;
> option netbios-node-type 2;

Oh? Why P-Node?

> -
>
> I rewrite my configuration to check whether I have
> some error:
>  INTERNET
>
>  __eth1__
>
>   |-eth0|___|eth2-|
>
> 192.168.0.0/24 Gateway 192.168.1.0/24
>
><>
>  WORKGROUP
>
> eth0:192.168.0.1 and gateway of the 192.168.0.0/24
> eth2:192.168.1.1 and gateway of the 192.168.1.0/24
> eth1:public IP, doing NAT of the internal subnets
>
> The Gateway is a Fedora Core 3 box where I have Samba
> installed. I have Samba configured to be a WINS server
> in that machine.
>
> What I have now and it doesn't work is the following:
> In the gateway machine I have one instance of Samba
> running with this configuration:
> -
> hosts allow=127. 192.168.0. 192.168.1.
> ...
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
> ...
> interfaces=192.168.0.1/24 192.168.1.1/24 127.0.0.1/8
> bind interfaces only=yes

How many interfaces do you have? If there are only two, why limit the 
bindings?

> ...
> #To be the DMB
> domain master = yes
> local master = yes
> os level = 255
> preferred master = yes
> ...
> #To be the WINS server
> name resolve order = wins lmhosts bcast
> wins support = yes
> dns proxy = no
> --
>
> I know I need to make what I want work:
> 1-One LMB in each subnet
> 2-One DMB
> 3-One WINS server and all the clients using WINS
>
> This is why I thought in having two Samba servers in
> the gateway machine one binded to each interface
> (eth0,eth2), and one of them being the DMB and WINS.
> Because it seems that with only one Samba instance in
> that machine it doesn't work.
>
> What happens now is the following, the SMB networking
> within the 192.168.0.0 network works perfect, but they
> only see themselves. And the machines in the
> 192.168.1.0 can not even open the network neigbourhood
> because there is an error (error 53 doing net view).
> But IP routing works between the two subnets, I have
> checked the ping between machines in the two subnets,
> and I have no Firewall rule filetring traffic between
> the two subnets. So i don't have any idea about what
> could be failing.
>
> Thanks !
>
>
>
>
> --- Adam Tauno Williams <[EMAIL PROTECTED]>
>
> wrote:
> > > > Run one Samba instance as the WINS server and
> > > > disable browsing on the
> > > > clients (easy if the Samba server is also the
> >
> > DHCP
> >
> > > > server).
> > >
> > > The machine that is in the two subnets is a Samba
> > > server (one instance) a WINS server and a DHCP
> >
> > server,
> >
> > > but is not working actually only the clients in
> >
> > one
> >
> > > subnet see each other, the clients in the other
> >
> > subnet
> >
> > > don't see anything. And I have checked that the
> > > instance of Samba is listening on both subnets.
> > > What do u mean with disable the browsing in the
> > > clients ? I want the clients to be able to browse
> >
> > the
> >
> > > workgroup
> >
> > Browsing and the ability-to-browse (network
> > neighborhood) are two
> > different things.  Change the NetBIOS node type of
> > the workstations so
> > they only use WINS and make sure they have the WINS
> > server value in
> > their network configuration (either statically or
> > acquired by DHCP).  If
> > you don't know what the NetBIOS Node Type is then
> > you need to read up on
> > it, or you'll never get this to work.
> >
> > If this box is supposed to be the router between the
> > two subnets make
> > sure basic IP functionality is up and running first;
> > a box on one subnet
> > can ping a box on the other subnet.
>
> __
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP items that might help for How-to

[Gavin Henry]

> Might want to include the following command in LDAP config incase LDAP
> doesn't start.
>
> slapd -u ldap -g ldap -d -1
>
> This command pointed out that I hadn't copied my samba.schema to the
> /etc/openldap/schema directory. Might want to put that in the doc before
> you
> start LDAP. A newbie like me might pass over that little detail while
> following the instructions...
>

Hi,

I think this is taken care of with syslog, we added loglevel 256 to
slapd.conf, so a simple tail -f logfile.log will show the problems.


-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 742001
E [EMAIL PROTECTED]

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem with smbldap-usermod for SOME users

[Heupink, Mourik Jan C.]

dear readers,

As the subject says: I'm having a problem for only some of my users. See
below. My system: samba 3.0.11 on sles9 with latest smbldap-tools

hostname:~ # smbldap-usermod -A1 user1
hostname:~ # smbldap-usermod -B1 user1
Use of uninitialized value in pattern match (m//) at
/usr/local/sbin/smbldap-usermod line 355,  line 283.
hostname:~ # smbldap-usermod -B1 user2
hostname:~ #

Any ideas what could be the problem here? Searched the archive and a similar
question was asked on 24-2-2005, but unfortunately no answers were posted...

Thanks in advance,

Mourik Jan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Strange issues with Excel & Samba

[Bill Arlofski]

I have a client who used to have an NT server, we replaced it with 
Gentoo Linux and Samba v3.0.9 and they are now having what appears to be 
some sort of file-sharing issue with Excel.

When a user opens an Excel file on the file server it opens properly, no 
errors or warnings of any  kind. But when they try to save the file, 
Excel warns them that "the file may have changed by someone else, do you 
want to overwrite, or make new copy" (or some such similar dialog).

The file has not changed, and they were the only one with it opened. 
This happens to everyone, on any Excel file that they open.

Here is some smbstatus output when a user opens an Excel spreadsheet:
# smbstatus | grep xls
25002  DENY_NONE  0x2019f RDWR   NONE 
/home/shared/projects/Spreadsheet2.xls MonMar  7 11:12:16 2005

Ok, so Samba shows that the user has the file "Spreadsheet2.xls" opened 
in read-write mode. So far so good.

BUT... What is interesting is this:
# lsof -p 25002 |grep xls
smbd25002 louis   28uw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   32rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   33rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   34rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   35rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   36rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   37rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   39rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   40rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   41rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   42rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   43rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   44rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   45rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls
smbd25002 louis   46rw  REG   8,3 34304705301 
/home/shared/projects/Spreadsheet2.xls

It looks like Excel opens the file ONCE with "read and write access", 
with a write lock on part of the file (28uw), then it proceeds to open 
the file 14 more times for READ access.  What the heck for?

On the good side, when someone else attempts to open this file while 
louis has it opened, they are properly told by Excel that the file is 
currently in use and that they can open it it read only mode. (or some 
such similar message)

Any thoughts on how to stop Excel from telling the user that their file 
has changed when it definitely has not?

Bill Arlofski
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] To anyone successfully using NT ACLs with Samba

[Collen]

Hmm, nope you should see the names and groups from the domain and or 
local computer..
i think you groupmapping is not set..
i'm not sure if this is the same with samba being a AD member.
but as PDC and BDC there shouln't be anny problem..

Collen
Thomas Boutell wrote:
When you re-open the properties of an existing file or
directory with ACLs set on it from a Windows workstation, do you see the 
usernames and group names properly? Or do you see SIDs in the dialog box 
as I do? Just gathering data. If you are seeing usernames and group 
names properly I'd love to see
your smb.conf file. In my case, the Samba server is an
AD domain member.

--
Thomas Boutell
Boutell.Com, Inc. http://www.boutell.com/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Privileges problem

[Robert Schetterer]

Cesar Sanabria Pineda schrieb:
Hi!!! 

I'm trying to implement a SUS server (local windows update)
I-ve already solved my problem to modify registry in order to establish
windows update configuration.
Now i've a quiestion all my client logon my samba PDC enusing a
netconfig.pol isend all configuration everithing works ok. But i've a
trouble, my users don't have privileges to install anything  and i don't
want to give them privileges. So is there another way to update my
system , i mean something like sudo o something like that in order to
get privileges and install updates?
Or is there another way to do that?
 

Hi, if you use a NTconfig.POL  and set your internal susserver ip and 
updatetime etc. with adm to the default computers  you will not
have any problem with user permission, cause the update service ist 
started by a privileged
system service on the win client machine which will do the update anyway.
There should no manual update needed by Domain Users Group in this case 
or giving privileg to do so.

If you want to force a susupdate you have to use tools like forcesus.exe 
and start them at logon
of the user with a runas command ( cpau is a good choice ) as a member 
of Adminstrator Group ( Domain Admins etc...)
you can also start  forcesus.exe with psexec.
Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] need help with remote browse sync

[Marco Felettigh]

Hi to everyone, this  is my situation:

Network A 192.168.1.0  WG: SEDE 
Network B 192.168.2.0WG: REMOTO

On each network 192.168.x.1 is a master browser ,domain master browser and 
domain controller .
Wins is enabled of corse.

smb.conf in 192.168.1.1 :
workgroup = SEDE
remote browse sync = 192.168.2.1
remote announce = 192.168.2.1

smb.conf in 192.168.2.1 :
workgroup = REMOTO
remote browse sync = 192.168.1.1
remote announce = 192.168.1.1

samba-2.2.8a-226

The syncronisation seems ok 
sync with 192.168.2.1 for workgroup ... completed (9 records)
and in the other way i have the same response but i can only view the 
workgroup SEDE and REMOTO but not the client inside.

In browse.dat i can view the 2 master browser.
In wins.dat i can view  only the clients in my workgroup.

Eg: from a client in SEDE i can view computers in my workgroup and the REMOTO 
workgroup but not the client in REMOTO.
Any suggestion?

thanks
Marco
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP items that might help for How-to

[Mccrory, Kevin B]

Might want to include the following command in LDAP config incase LDAP
doesn't start.

slapd -u ldap -g ldap -d -1

This command pointed out that I hadn't copied my samba.schema to the
/etc/openldap/schema directory. Might want to put that in the doc before you
start LDAP. A newbie like me might pass over that little detail while
following the instructions...

Kevin B. McCrory
Network Engineer - COPS
US Government Solutions
13600 EDS Drive
Mail stop:  A4S-B21
Herndon, VA 20171
* phone: +01-703-733-3255
* mailto:[EMAIL PROTECTED]  
* AKO mailto:[EMAIL PROTECTED]  


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with XP but not 2K. Guru help please

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
|
| My setup is very simple.  I have samba 3.0.10 on Solaris 8.  I have
| security = server and password server = 209.197.128.34 ( not the real
| IP   )
| When Win2K users map or browse to the shares, they get in fine.
| When XP users try to get in, they cannot access the samba shares at all.
| All users are on the same domain.  When users are added localhost to
| smbpasswd, both work fine.  Only XP fails with
| security = server
security = server has been deprecated.  You'll have much
better luck with 'security = {ads|domain}


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCMFVdIR7qMdg1EfYRAgeNAJ9M60Q5pmog8VkSlZXLI5KkFh/65ACghCpW
MwQJVjtTx+ds07+G0LNIVbI=
=6NAB
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] To anyone successfully using NT ACLs with Samba

[Thomas Boutell]

When you re-open the properties of an existing file or
directory with ACLs set on it from a Windows workstation, do 
you see the usernames and group names properly? Or do you see 
SIDs in the dialog box as I do? Just gathering data. If you are 
seeing usernames and group names properly I'd love to see
your smb.conf file. In my case, the Samba server is an
AD domain member.

--
Thomas Boutell
Boutell.Com, Inc. 
http://www.boutell.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] privileges on samba 3.0.11

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
|
|
|
| Hi,
|
| I have a test server and I try to test the new
| privileges functionnality. But I try to test the
| SePrintOperatorPrivileges
|
| I set a specifiv user with net -S PDC rpc right grant xxx
| SePrintOperatorPrivilege
| After I submit a job and I try with this user to cancel
| the job.  But when I want to cancel the job with the user, windows
| says that the user cannot right to modify the job.
I recently came across some odd behavior in our
pause/resume/purge print queue code.  I think the
best thing to do will be to retest against 3.0.12rc1
which should be out tomorrow or Monday.
Bottom line is that this could be our bug and not an
issue with your configuration.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCMFSlIR7qMdg1EfYRAqKcAJ4w0f+G01THOOcHX7sJeIdjv6OFMACg2/NP
hN7d2hYtAO+n6l8KhfZXUxA=
=LUks
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[Denis Vlasenko]

On Thursday 10 March 2005 15:06, Dani Camps wrote:
> More info regarding to the problem:
> 
> From the machines in the 192.168.1.0/24 subnet I can
> do:
> 
> nbtstat -a MACHINE_NAME 
> 
> and it works perfectly! with nay machine in the same
> subnet or in the other subnet.
> 
> But when I try "net view" or browsing the with the
> network nighbourhood icon I get the "error 53". I have
> tried configuring the clients as p-nodes (only WINS)
> and as h-nodes (WINS and then broadcast) and the
> results are the same :-(
> 
> Any idea ?

No idea yet, but a hint: use tcpdump extensively! :)
--
vda

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[Dani Camps]

More info regarding to the problem:

>From the machines in the 192.168.1.0/24 subnet I can
do:

nbtstat -a MACHINE_NAME 

and it works perfectly! with nay machine in the same
subnet or in the other subnet.

But when I try "net view" or browsing the with the
network nighbourhood icon I get the "error 53". I have
tried configuring the clients as p-nodes (only WINS)
and as h-nodes (WINS and then broadcast) and the
results are the same :-(

Any idea ?

Thanks




--- Dani Camps <[EMAIL PROTECTED]> wrote:

> I already have all the clients in both subnets
> configured to use WINS and configured to be a
> p-node.
> These are my lines in the DHCP server:
>
-
> option netbios-name-servers 192.168.0.1;
> option netbios-node-type 2;
>
-
> 
> I rewrite my configuration to check whether I have
> some error:
>  INTERNET
> |
>  __eth1__
>   |-eth0|___|eth2-|
> 192.168.0.0/24 Gateway
> 192.168.1.0/24
> 
><>
>  WORKGROUP
> 
> eth0:192.168.0.1 and gateway of the 192.168.0.0/24
> eth2:192.168.1.1 and gateway of the 192.168.1.0/24
> eth1:public IP, doing NAT of the internal subnets
> 
> The Gateway is a Fedora Core 3 box where I have
> Samba
> installed. I have Samba configured to be a WINS
> server
> in that machine.
> 
> What I have now and it doesn't work is the
> following:
> In the gateway machine I have one instance of Samba
> running with this configuration:
>
-
> hosts allow=127. 192.168.0. 192.168.1.
> ...
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
> ...
> interfaces=192.168.0.1/24 192.168.1.1/24 127.0.0.1/8
> bind interfaces only=yes
> ...
> #To be the DMB
> domain master = yes
> local master = yes
> os level = 255
> preferred master = yes
> ...
> #To be the WINS server
> name resolve order = wins lmhosts bcast
> wins support = yes
> dns proxy = no
> --
> 
> I know I need to make what I want work:
> 1-One LMB in each subnet
> 2-One DMB
> 3-One WINS server and all the clients using WINS
> 
> This is why I thought in having two Samba servers in
> the gateway machine one binded to each interface
> (eth0,eth2), and one of them being the DMB and WINS.
> Because it seems that with only one Samba instance
> in
> that machine it doesn't work.
> 
> What happens now is the following, the SMB
> networking
> within the 192.168.0.0 network works perfect, but
> they
> only see themselves. And the machines in the
> 192.168.1.0 can not even open the network
> neigbourhood
> because there is an error (error 53 doing net view).
> But IP routing works between the two subnets, I have
> checked the ping between machines in the two
> subnets,
> and I have no Firewall rule filetring traffic
> between
> the two subnets. So i don't have any idea about what
> could be failing.
> 
> Thanks !
> 
> 
> 
> 
> --- Adam Tauno Williams <[EMAIL PROTECTED]>
> wrote:
> > > > Run one Samba instance as the WINS server and
> > > > disable browsing on the
> > > > clients (easy if the Samba server is also the
> > DHCP
> > > > server).
> > > The machine that is in the two subnets is a
> Samba
> > > server (one instance) a WINS server and a DHCP
> > server,
> > > but is not working actually only the clients in
> > one
> > > subnet see each other, the clients in the other
> > subnet
> > > don't see anything. And I have checked that the
> > > instance of Samba is listening on both subnets.
> > > What do u mean with disable the browsing in the
> > > clients ? I want the clients to be able to
> browse
> > the
> > > workgroup
> > 
> > Browsing and the ability-to-browse (network
> > neighborhood) are two
> > different things.  Change the NetBIOS node type of
> > the workstations so
> > they only use WINS and make sure they have the
> WINS
> > server value in
> > their network configuration (either statically or
> > acquired by DHCP).  If
> > you don't know what the NetBIOS Node Type is then
> > you need to read up on
> > it, or you'll never get this to work.
> > 
> > If this box is supposed to be the router between
> the
> > two subnets make
> > sure basic IP functionality is up and running
> first;
> > a box on one subnet
> > can ping a box on the other subnet.
> > 
> 
> 
>   
> __ 
> Do you Yahoo!? 
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/ 
> -- 
> To unsubscribe from this list go to the following
> URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 




__ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs
-- 
To unsubscribe from this list go to the following URL and read the
instructio

Re: [Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[Dani Camps]

I already have all the clients in both subnets
configured to use WINS and configured to be a p-node.
These are my lines in the DHCP server:
-
option netbios-name-servers 192.168.0.1;
option netbios-node-type 2;
-

I rewrite my configuration to check whether I have
some error:
 INTERNET
|
 __eth1__
  |-eth0|___|eth2-|
192.168.0.0/24 Gateway 192.168.1.0/24

   <>
 WORKGROUP

eth0:192.168.0.1 and gateway of the 192.168.0.0/24
eth2:192.168.1.1 and gateway of the 192.168.1.0/24
eth1:public IP, doing NAT of the internal subnets

The Gateway is a Fedora Core 3 box where I have Samba
installed. I have Samba configured to be a WINS server
in that machine.

What I have now and it doesn't work is the following:
In the gateway machine I have one instance of Samba
running with this configuration:
-
hosts allow=127. 192.168.0. 192.168.1.
...
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
...
interfaces=192.168.0.1/24 192.168.1.1/24 127.0.0.1/8
bind interfaces only=yes
...
#To be the DMB
domain master = yes
local master = yes
os level = 255
preferred master = yes
...
#To be the WINS server
name resolve order = wins lmhosts bcast
wins support = yes
dns proxy = no
--

I know I need to make what I want work:
1-One LMB in each subnet
2-One DMB
3-One WINS server and all the clients using WINS

This is why I thought in having two Samba servers in
the gateway machine one binded to each interface
(eth0,eth2), and one of them being the DMB and WINS.
Because it seems that with only one Samba instance in
that machine it doesn't work.

What happens now is the following, the SMB networking
within the 192.168.0.0 network works perfect, but they
only see themselves. And the machines in the
192.168.1.0 can not even open the network neigbourhood
because there is an error (error 53 doing net view).
But IP routing works between the two subnets, I have
checked the ping between machines in the two subnets,
and I have no Firewall rule filetring traffic between
the two subnets. So i don't have any idea about what
could be failing.

Thanks !




--- Adam Tauno Williams <[EMAIL PROTECTED]>
wrote:
> > > Run one Samba instance as the WINS server and
> > > disable browsing on the
> > > clients (easy if the Samba server is also the
> DHCP
> > > server).
> > The machine that is in the two subnets is a Samba
> > server (one instance) a WINS server and a DHCP
> server,
> > but is not working actually only the clients in
> one
> > subnet see each other, the clients in the other
> subnet
> > don't see anything. And I have checked that the
> > instance of Samba is listening on both subnets.
> > What do u mean with disable the browsing in the
> > clients ? I want the clients to be able to browse
> the
> > workgroup
> 
> Browsing and the ability-to-browse (network
> neighborhood) are two
> different things.  Change the NetBIOS node type of
> the workstations so
> they only use WINS and make sure they have the WINS
> server value in
> their network configuration (either statically or
> acquired by DHCP).  If
> you don't know what the NetBIOS Node Type is then
> you need to read up on
> it, or you'll never get this to work.
> 
> If this box is supposed to be the router between the
> two subnets make
> sure basic IP functionality is up and running first;
> a box on one subnet
> can ping a box on the other subnet.
> 



__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] IP address cannot be retrieved only names of PCs are there. How to get it right?

[watssabb wathavy]

Hi.
(B
(BI have GUI samba, smbk4 working nearly perfect.
(BI can only find names of PCs.
(BThese PC stay away from my PC side across the router.
(BThey are addressed like 192.168.1.xxx unlike mine
(Bwhich are numbered 192.168.3.xxx.
(B
(BMy windows PC can access them with lmhosts file
(Bwhich got IP address listed with PC names on the
(Bother side of the router.
(B
(BSo I put the lmhosts to /etc/samba/ directry.
(B
(BI have not succeeded having IP's yet.
(B
(BAny idea on what I am missing?
(B
(BThank you in advance.
(B
(BWathavy.
(B
(B
(B__
(BLet's Celebrate Together!
(BYahoo! JAPAN
(Bhttp://pr.mail.yahoo.co.jp/so2005/
(B
(B-- 
(BTo unsubscribe from this list go to the following URL and read the
(Binstructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3 and ldapsam_compat

[Tony Earnshaw]

Joan Ramos Ramos:

> Hi, i'm trying to configure a samba-3.0.9-2.3 with suse 9.2 and
> openldap2-2.1.12-74 in another server  but i have a strange problem. My
> samba schema is old and i have use the ldapsam_compat parameter on samba
> 3.

I'm relatively new here (but have a successful 80 Win 2000/XP Professional
work station, 1150+ user/Openldap 2.0.17) running in production on Samba
3.0.11, but am an old LDAP hand. When I first started with Samba (couple
of weeks ago), I followed the Nevarra so-called HOWTO. It lead me toward
the abyss, which, because I'm an old hand LDAP person I knew instinctively
to avoid - compat and all such shit. It leads you, with Samba 3, to
destruction.

DO NOT USE COMPAT, go all out for samba3, with the complete wherewithall.
Right from the beginning.

And for goodness sake, if you've got as far as OpenLDAP 2.2, do at least
try to stay up to date. The latest stable is 2.2.23.

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[Adam Tauno Williams]

> > Run one Samba instance as the WINS server and
> > disable browsing on the
> > clients (easy if the Samba server is also the DHCP
> > server).
> The machine that is in the two subnets is a Samba
> server (one instance) a WINS server and a DHCP server,
> but is not working actually only the clients in one
> subnet see each other, the clients in the other subnet
> don't see anything. And I have checked that the
> instance of Samba is listening on both subnets.
> What do u mean with disable the browsing in the
> clients ? I want the clients to be able to browse the
> workgroup

Browsing and the ability-to-browse (network neighborhood) are two
different things.  Change the NetBIOS node type of the workstations so
they only use WINS and make sure they have the WINS server value in
their network configuration (either statically or acquired by DHCP).  If
you don't know what the NetBIOS Node Type is then you need to read up on
it, or you'll never get this to work.

If this box is supposed to be the router between the two subnets make
sure basic IP functionality is up and running first; a box on one subnet
can ping a box on the other subnet.


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[Dani Camps]

> Run one Samba instance as the WINS server and
> disable browsing on the
> clients (easy if the Samba server is also the DHCP
> server).

The machine that is in the two subnets is a Samba
server (one instance) a WINS server and a DHCP server,
but is not working actually only the clients in one
subnet see each other, the clients in the other subnet
don't see anything. And I have checked that the
instance of Samba is listening on both subnets.

What do u mean with disable the browsing in the
clients ? I want the clients to be able to browse the
workgroup




--- Adam Tauno Williams <[EMAIL PROTECTED]>
wrote:
> > Since I only have one machine connected to both
> > subnets running samba, I think I need to run two
> > instances of samba (smbd and nmbd) in that machine
> > each one binded to one interface and using
> different
> > smb.conf files. Is that the only solution ?
> 
> Why?  You said these will all be in the same
> workgroup,  thus you want
> them to see the same resources.
> 
> Run one Samba instance as the WINS server and
> disable browsing on the
> clients (easy if the Samba server is also the DHCP
> server).
> 



__ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[Adam Tauno Williams]

> Since I only have one machine connected to both
> subnets running samba, I think I need to run two
> instances of samba (smbd and nmbd) in that machine
> each one binded to one interface and using different
> smb.conf files. Is that the only solution ?

Why?  You said these will all be in the same workgroup,  thus you want
them to see the same resources.

Run one Samba instance as the WINS server and disable browsing on the
clients (easy if the Samba server is also the DHCP server).


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE [Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[spu]

Maybe a normal and a chrooted samba can resolve your problem
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467


   
 Dani Camps
 <[EMAIL PROTECTED] 
 o.com>  A
 Envoyé par :  Samba Mailing List
 samba-bounces+ste  
 phane.purnelle=co  cc
 [EMAIL PROTECTED] 
 ba.org  Objet
   [Samba] Do I need two instances of
   Samba on the same machine (3rd  
 10/03/2005 12:33  request) ?  
   
   
   
   
   
   




I have two subnets S1 and S2 and only one machine
running samba, but this machine is connected to both
subnets, ahs one interface in each subnet and is
acting as a router.
I want to have a workgroup that spans the two subnets,
so any machine in subnet S1 should see all the
machines regardless of their subnet when doing
browsing.

I know that to do this I need:
-One LMB in each subnet using Samba.
-One of the LMB of the two subnets should be a DMB and
at the same time a WINS server.
-I configure all the clients (Windows and Linux) to
use WINS.

Since I only have one machine connected to both
subnets running samba, I think I need to run two
instances of samba (smbd and nmbd) in that machine
each one binded to one interface and using different
smb.conf files. Is that the only solution ?


Thanks






__
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Do I need two instances of Samba on the same machine (3rd request) ?

[Dani Camps]

I have two subnets S1 and S2 and only one machine
running samba, but this machine is connected to both
subnets, ahs one interface in each subnet and is
acting as a router. 
I want to have a workgroup that spans the two subnets,
so any machine in subnet S1 should see all the
machines regardless of their subnet when doing
browsing.

I know that to do this I need:
-One LMB in each subnet using Samba.
-One of the LMB of the two subnets should be a DMB and
at the same time a WINS server.
-I configure all the clients (Windows and Linux) to
use WINS.

Since I only have one machine connected to both
subnets running samba, I think I need to run two
instances of samba (smbd and nmbd) in that machine
each one binded to one interface and using different
smb.conf files. Is that the only solution ?


Thanks






__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Privileges problem

[Jean-Jacques Moulis]

On Wed, 09 Mar 2005 11:52:06 -0600 Cesar Sanabria Pineda <[EMAIL PROTECTED]> 
wrote:

CSP> Hi!!! 
CSP> 
CSP> I'm trying to implement a SUS server (local windows update)
CSP> 
CSP> I-ve already solved my problem to modify registry in order to establish
CSP> windows update configuration.
CSP> 
CSP> Now i've a quiestion all my client logon my samba PDC enusing a
CSP> netconfig.pol isend all configuration everithing works ok. But i've a
CSP> trouble, my users don't have privileges to install anything  and i don't
CSP> want to give them privileges. So is there another way to update my
CSP> system , i mean something like sudo o something like that in order to
CSP> get privileges and install updates?
CSP> 
CSP> Or is there another way to do that?

Why not rely on the automatic update? 

When making the NTConfig.pol:

In  Configure automatic updating
choose:4 - Auto download and schedule the install


You can be kind to users and have a question asked before the probable reboot.


Choose: No auto-restart for scheduled Automatic Updates installations


This is what we are using and it works without users having any kind of 
privileges.





-- 
Jean-Jacques   Moulis  Tel:  (013) 281684
ISYFax:  (013) 139282
Linköping UniversityE-mail: [EMAIL PROTECTED]
581 83 Linköping
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Report to Sender

[iAccess/Mail/SPower]

Incident Information:-

Database:   d:/lotus/domino/data/mail1.box
Originator: [EMAIL PROTECTED]
Recipients: [EMAIL PROTECTED]
Subject:Mail Delivery (failure [EMAIL PROTECTED])
Date/Time:  10/03/2005 07:10:01 PM

This is a system-generated notification from Singapore Power Ltd.
Your message sent to [EMAIL PROTECTED] has been filtered because it
contains either virus attachment or attachment that is potentially unsafe.
However, if you did not send this particular mail, please note that your
email address may have been spoofed, or forged by the recent
email-propagating virus. Therefore please ignore this notification and we
apologise for any inconvenience caused.
Important: If your attachment is work related, kindly contact
[EMAIL PROTECTED] for assistance.
Thank You



 Our email addresses have been changed from [EMAIL PROTECTED] to

 [EMAIL PROTECTED] Kindly update your address book.


 This is a confidential message intended for the named recipient only. The 
contents 
 herein are privileged to the sender and the use thereof is restricted to the 
intended  
 purpose. If you have received this e-mail in error, please secure its contents 
and 
 reply to the sender.   







-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] privileges on samba 3.0.11

[spu]

Hi,

I have a test server and I try to test the new privileges functionnality.
But I try to test the SePrintOperatorPrivileges

I set a specifiv user with net -S PDC rpc right grant xxx
SePrintOperatorPrivilege
After I submit a job and I try with this user to cancel the job.  But when
I want to cancel the job with the user, windows says that the user cannot
right to modify the job.

In log, I can see :

[2005/03/10 10:56:59, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/03/10 10:56:59, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/03/10 10:56:59, 4] lib/smbldap.c:smbldap_open(919)
  The LDAP server is succesfully connected
[2005/03/10 10:56:59, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2080)
  ldapsam_getgroup: Did not find group
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/10 10:56:59, 5] lib/privileges.c:get_privileges_for_sids(420)
  get_privileges_for_sids: sid =
S-1-5-21-2525780297-265556163-1256307271-3058
  Privilege set:
  SE_PRIV  0x20 0x0 0x0 0x0
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-513]
[2005/03/10 10:56:59, 5] lib/privileges.c:get_privileges_for_sids(420)
  get_privileges_for_sids: sid = S-1-1-0
  Privilege set:
  SE_PRIV  0x0 0x0 0x0 0x0
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-547]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-1453]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3005]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3015]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3017]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3043]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3201]
[2005/03/10 10:56:59, 5] auth/auth_util.c:make_server_info_sam(830)
  make_server_info_sam: made server info for user nlam -> nlam
[2005/03/10 10:56:59, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [NLAM] succeeded
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/03/10 10:56:59, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/03/10 10:56:59, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2005/03/10 10:56:59, 5] auth/auth_util.c:debug_unix_user_token(507)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/10 10:56:59, 5] auth/auth.c:check_ntlm_password(292)
  check_ntlm_password:  PAM Account for user [nlam] succeeded
[2005/03/10 10:56:59, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [NLAM] -> [NLAM] -> [nlam]
succeeded
...

A other information is that the user is on a other domain that the test
domain.

Anyone can help me

thanks

  Stéphane


---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Test

[Boniforti Flavio]

Test
--
---
Boniforti Flavio
Provincia del Verbano-Cusio-Ossola
Ufficio Informatica
Tecnoparco del Lago Maggiore
Via dell'Industria, 25
28924 Verbania
---
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Documentation Feedback

[John H Terpstra]

Folks,

Thanks to all who have provided feedback on the Samba-Guide over the past 24 
hours. It is clear that this documenation needs more eyes. Please keep the 
feedback coming. So far, every suggestion and every bug has been acted on. We 
need more review.

Another update should appear on the Samba web sites within 24 hours.

http://www.samba.org/samba/docs/Samba-Guide.pdf

Cheers,
John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] struggling with smbldap_tools

[John H Terpstra]

On Thursday 10 March 2005 02:17, Michael Gasch wrote:
> i have a question related to smbldap_tools and the docs in "Chapter 6.
> Making Happy Users" item 4:
>
> -
> "Edit the /etc/smbldap-tools/smbldap.conf file so that the following
> information is changed from:
>
> # Where to store next uidNumber and gidNumber available
> sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
>
>
>   to read, after modification:
>
> # Where to store next uidNumber and gidNumber available
> #sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
> sambaUnixIdPooldn="sambaDomainName=MEGANET2,dc=abmas,dc=biz"
> -
>
> why do i have to change from "cn=NextFree..." to "sambaDomainName=" ???
> the default setting ("cn=NextFree...") is working for me (except of some
> trouble with umlauts in groupnames)
>
> why does the documentation mention this change?
> could you please point me to the solution?

What version of the smbldap-tools are you using? The updated documenation uses 
0.8.7. With 0.8.5 I had no problem with the default setting. I did not mess 
with this, when the smbldap-populate.pl script gave instructions I followed 
them - it seemed like a smart move. :)

>
> [OT]
> [EMAIL PROTECTED]: i have document (thesis) about migrating from NT4 PDC to
> Sambav3 PDC (in german). it was part of my training as an IT-admin
>
> could this be useful for you?

Yes, please send them to me. Anything I can glean from it I will use - with 
your permission of course.

Cheers,
John T.

>
> --
>
>
>   Michael Gasch
>
> - Central IT Department -
>
> Max Planck Institute for Evolutionary Anthropology
> Deutscher Platz 6
> 04103 Leipzig
>
> Germany

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] struggling with smbldap_tools

[Michael Gasch]

i have a question related to smbldap_tools and the docs in "Chapter 6. 
Making Happy Users" item 4:

-
"Edit the /etc/smbldap-tools/smbldap.conf file so that the following 
information is changed from:

# Where to store next uidNumber and gidNumber available
sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
 to read, after modification:
# Where to store next uidNumber and gidNumber available
#sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
sambaUnixIdPooldn="sambaDomainName=MEGANET2,dc=abmas,dc=biz"
-
why do i have to change from "cn=NextFree..." to "sambaDomainName=" ???
the default setting ("cn=NextFree...") is working for me (except of some 
trouble with umlauts in groupnames)

why does the documentation mention this change?
could you please point me to the solution?
[OT]
[EMAIL PROTECTED]: i have document (thesis) about migrating from NT4 PDC to 
Sambav3 PDC (in german). it was part of my training as an IT-admin

could this be useful for you?
--
 Michael Gasch
   - Central IT Department -
Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig
Germany
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] struggling with smbldap_tools

[mourik jan c heupink]

Recently I was involved in migration of an NT4 domain with 4300 accounts.
The update to chapter 8 will cover smbldap-tools-0.8.7 and samba-3.0.12 on 
SUSE Linux Enterprise Server 9.

I expect to have the whole thing completed by late tomorrow night.
 

I'm doing a migration exactly like that coming weekend, I would love to 
read that updated chapter. (except I have a different number of accounts...)

I guess it will be posted at 
http://us2.samba.org/samba/docs/man/Samba-Guide/ once it's ready?

mourik jan

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] struggling with smbldap_tools

[Craig White]

On Thu, 2005-03-10 at 01:10 -0700, John H Terpstra wrote:
> Craig,
> 
> I have just completed addition of a NetWare migration chapter to the 
> Samba-Guide. A complete make-over of chapter 8 is my next challenge.
> 
> Recently I was involved in migration of an NT4 domain with 4300 accounts.
> The update to chapter 8 will cover smbldap-tools-0.8.7 and samba-3.0.12 on 
> SUSE Linux Enterprise Server 9.
> 
> I expect to have the whole thing completed by late tomorrow night.
---
I expect that I will have moved on to something else by tomorrow night.

Setup this system this afternoon - I am getting really good at this.

CentOS 4 (nice) - already got
postfix/cyrus/horde/openldap/bind/dhcp/samba stuff set up and all I need
to do is to be able to vampire the old NT4 PDC so I can do it again on
Saturday morning early so I can spend the day migrating profile/data.

I can't leave it until Friday - it will worry me to no end that I won't
get it done on Saturday.

Seemed to me a simple thing. Smbldap-tools docs said if you need to,
just populate ldap with the cn=NextFreeUnixId,...

so I did - and so it failed

The ldap core is there...(sambaDomainName), SID is set, system is joined
to PDC, smb.conf is set to domain master = no, it no workee.

Thanks

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] struggling with smbldap_tools

[John H Terpstra]

Craig,

I have just completed addition of a NetWare migration chapter to the 
Samba-Guide. A complete make-over of chapter 8 is my next challenge.

Recently I was involved in migration of an NT4 domain with 4300 accounts.
The update to chapter 8 will cover smbldap-tools-0.8.7 and samba-3.0.12 on 
SUSE Linux Enterprise Server 9.

I expect to have the whole thing completed by late tomorrow night.

- John T.

On Thursday 10 March 2005 00:50, Craig White wrote:
> Trying to net rpc vampire an NT4 server
>
> Think I am good to go but I keep getting errors - obviously problem with
> NextFreeUnixId attribute - which is created...
>
> dn: cn=NextFreeUnixId,dc=myhomelenders,dc=net
> objectClass: inetOrgPerson
> objectClass: sambaUnixIdPool
> uidNumber: 1000
> gidNumber: 1000
> cn: NextFreeUnixId
> sn: NextFreeUnixId
> structuralObjectClass: inetOrgPerson
>
> Every item gets this error...
>
> Error looking for next uid at /usr/sbin///smbldap_tools.pm line 880,
>  line 283.
> Could not create posix account info for 'DELL-3000-5$'
>
> Same for Computers/Groups...
>
> I have set up in smbldap_conf.pm
>
> sambaUnixIdPooldn="NextFreeUnixId,${suffix}"
>
> It should be rockin' - but this is really painful. What's the trick?
>
> I am not a fan of the smbldap-tools but it is a necessary evil for
> vampire and tools have changed a bunch since I last used them.
>
> Craig

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] struggling with smbldap_tools

[Craig White]

On Thu, 2005-03-10 at 00:50 -0700, Craig White wrote:
> Trying to net rpc vampire an NT4 server
> 
> Think I am good to go but I keep getting errors - obviously problem with
> NextFreeUnixId attribute - which is created...
> 
> dn: cn=NextFreeUnixId,dc=myhomelenders,dc=net
> objectClass: inetOrgPerson
> objectClass: sambaUnixIdPool
> uidNumber: 1000
> gidNumber: 1000
> cn: NextFreeUnixId
> sn: NextFreeUnixId
> structuralObjectClass: inetOrgPerson
> 
> Every item gets this error...
> 
> Error looking for next uid at /usr/sbin///smbldap_tools.pm line 880,
>  line 283.
> Could not create posix account info for 'DELL-3000-5$'
> 
> Same for Computers/Groups...
> 
> I have set up in smbldap_conf.pm
> 
> sambaUnixIdPooldn="NextFreeUnixId,${suffix}"
> 
> It should be rockin' - but this is really painful. What's the trick?
> 
> I am not a fan of the smbldap-tools but it is a necessary evil for
> vampire and tools have changed a bunch since I last used them. 

dumb me...

# rpm -q smbldap-tools samba-common
smbldap-tools-0.8.7-2.2.el4.rf
samba-common-3.0.10-1.4E

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba