[Samba] enforce password settings by policies

2005-03-17 Thread Michael Gasch 
hi,
i hope you can help me:
is there a way to enforce password security (strength, history, ... ) by 
policies on windows 2k/xp ?

gpedit.msc shows me some password settings which i would like to change 
remotely from our samba PDC after logon

thx in advance
cheerz
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig
Germany
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] $B!zM%NI%S%8%M%9>R2p!z(B

2005-03-17 Thread 
$B!z$49XFI$"$j$,$H$&$4$6$$$^$9!#(B
$B!!(B
$BEv%^%,%8%s$O(BAccessMail$B$NG[?.%7%9%F%`$GAw?.$5$;$FD:$$$F$$$^$9!#(B
$B3'MM$N(BHP$B$d?7$7$$%S%8%M%9$r$I$s$I$s>R2p$7$F3'MM$N$*Lr$KN)(B
$B$F$l$P$H!"F|!94hD%$C$F$*$j$^$9!#(B
$B$I$&$>$40&8\$N$[$I$h$m$7$/$*4j$$CW$7$^$9!#(B(^_^)b
(B
$B$3$N%^%,%8%s$O!VM%NI%S%8%M%9>[EMAIL PROTECTED]"(B
(B[EMAIL PROTECTED]"[EMAIL PROTECTED](B
$BJ}!"$41o$NM-$C$?J}$X$*FO$1$7$F$$$^$9!#(B
$BITMW$JJ}$O!"$*http://www.geocities.jp/kozuti1234/hosi.html
(B
$B!y!ypJs$r$*65$($7$^$7$g$&!y!y(B
$B<+J,$G%a%k%^%,$rH/9T$7$F$7$^$$$^$7$g$&!#(B
$B$=$l$b!"7PHq(B0$B1_$GKhF|H/?.$9$kJ}K!$r65$($^$9!#(B
$B!!"-!!"-!!"-(B
$B!!#U#R#L!!(Bhttp://moai788.gooside.com/hp/
(B
(B
$B(B4261$B(B
$B"("("("("("("("("("("("("("("("("("("("("("("("("("("("("("("("((B
(B
$B!y!y!y!y!y!y!y(B $B%a%$%s$N<}F~8;(B $B!y!y!y!y!y!y!y(B
(B
$B!z8r:]%S%8%M%9!z(B
(B
$B:#$d$C$F$$$k%S%8%M%9$NCf$G!"0lHV$N<}F~8;$G$9!#(B
(B
$BCK$H=w$,$$$k8B$j!"$3$N%S%8%M%9$O1J1s$KITLG$G$9!*(B
$B7J5$$K:81&$5$l$J$$0BDj%S%8%M%9!*(B
$B0B?4$N%5%]!<%H$H#1#5G/0J>e$N<[EMAIL PROTECTED](B
$B3N$+$J%^%K%e%"%k!*(B 
(B
$B$"[EMAIL PROTECTED](B
$B(Bhttp://www.geocities.jp/kozuti1234/a123.html
(B
$B!z%a%k%^%,%*!<%J!http://moai788.gooside.com/hp/
(B
(B
(B[EMAIL PROTECTED](B
$B;O$^$C$?$P$+$j$N?7%S%8%M%9$G$9!#(B
$B5.J}$,[EMAIL PROTECTED];H$($k%W%m$N1D6H%^%sA0BeL$J9$N%S%8%M%9EP>l$G$9!#(B
$B7hCG$9$l$P5.J}$b:#F|$+$ihttp://krojing.com/aida/krojing19/
(B
$B"("("("("("("("("("("("("("("("("("("("("("("("("("("("("("("("((B
(B
$B!y!y!y!y!y!y!y(B $BDj4|E*$J<}F~8;(B $B!y!y!y!y!y!y!y(B
(B
$B!z(BPC/i-mode $B!z!!!VEPO?Be9T%5!<%S%9!W(B
$B%a%k%^%,9-9p7G:\!!(B1$B2s(B500$B1_!J2q0w$N$_!K(B
(B[EMAIL PROTECTED]">03n$D9b<[EMAIL PROTECTED],$G$-$k(B
$B%7%9%F%`$G$9!#(B
$B!!(Bhttp://www.planslife.com/cgi-bin/coin-ad/index.cgi?ID=hosi
(B
$B!z%$%s%?!<%M%C%H3X=,=N!z!V(Bshowinkids$B!W(B
$B$3$3$bL5NA$G$G$-$^$9!##17o#1#5#0#01_$G$9$,!"7QB3$7$F<}F~$,$"$k$N$G!"(B
$B$"$j$,$?$$$G$9!#(B
$BF~2qB%?J%Q!<%H%J!http://www.showin-kids.com/af/
(B
(B
$B!z#T#M#C>pJs%5!<%S%9!z(B
$B!VFCpJs%5!<[EMAIL PROTECTED]"$*6b$NG:$_$r0lH/2r7h$7$F$$$k(B
$B$H$3$m$G$9!#L5NA$GBeM}E9$K$J$l$^$9!#0l7o$N?=$79~$_$,$"$k$H<+J,$K$O(B
$B#3#0#0#01_F~$j$^$9!#(B
$B!!(Bhttp://www.union.or.tv/index.cgi?ID=sanei&PG=index
(B
(B
$B$J$I$J$I!">.A,2T$.$K$J$j$^$9"[EMAIL PROTECTED](B(^o^)$B!?(B
(B
$B!!(B
$B!y!y!y!y!y!y!yM%NI%S%8%M%9>R2p!!(B $B!y!y!y!y!y!y!y(B
(B
(B[EMAIL PROTECTED](B
(B
$B:[EMAIL PROTECTED](B
$BEj9F$O2<5-#U#R#L$+$i8f4j$$$7$^$9(B
(B
(B[EMAIL PROTECTED](B $B#32s#2#0#0#01_(B $B#52s#3#0#0#01_!!(B
$B#3#5J8;z#XL5@)8B(B
(B
$B#U#R#L(Bhttp://moai788.gooside.com/melmaga
(B
$B!y!y!y'X'6'X'X'X'6'X'X'X'6'X'X'X'6'X'X'X'6'X'X'X'6'X'X'X'6'X'X'X'6'X!y!y!y(B
$B!!0l3gL5NAEj9F$7$F$7$^$C$?J}$X(B
$BFsEY$H<:GT$7$?$/$J$$J}$X(B
$B$=$C$H;d$+$i$NB#$jJ*!*!*!*(B
$B(B
$B!!#U#R#L(B http://www.geocities.jp/kozuti1234/hosi.html
(B
(B
$B"("("("("("("("("("("("("("("("("("("("("("("("("("("("("("("("((B
$B0l3gEj9F%5%$%H$+$i$NEj9F$O!"$9$Y$FBeM}EPO?$5$;$FD:$-$^$9!#(B
$B:#8e$b?7A/$J>pJs$rDs6!$7$F9T$-$^$9!#(B
(B
$B!}0l3gEj9F>pJsDs6!6(NO!!(B 
(B 
$B%a%k%^%,O"9g0l3gEj9F(B
$B(Bhttp://www1.odn.ne.jp/~cdb58550/index.html/default.htm
$B!V%S%8%a%k0lH/$/$s!W(B http://www.asin2000.com/1/1katsu.html
(B
$B"("("("("("("("("("("("("("("("("("("("("("("("("("("("("("("("((B
$B!{!{%a%k%^%,G[?.2r=|$O2<5-#U#R#L$K$F!{!{(B
$B(Bhttp://www.accessmail.jp/public/mbrdel.php3?pk=moai7888&[EMAIL 
(BPROTECTED](B
$B!!(B
$B!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g(B
(B
(B
$B:[EMAIL PROTECTED]"$"$j$,$H$&$4$6$$$^$9!#(B
(B
(B
(B
(B
(B
(B
(B
(B-- 
(BTo unsubscribe from this list go to the following URL and read the
(Binstructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] using w32tm (WinXP) w/samba3 as DC: can't get DC List

2005-03-17 Thread Linda W 
I have a winXP client connecting to Samba 3.09 running as a PDC.
The client machine is joined to the domain and the login box
shows the domain name as the entity I'm logging into.
I don't know if I don't have something set "right" or not, but I
noticed my local clock had drifted about 50 seconds off of the
PDC.  I have the windows time daemon running and I've seen it
successfully set the time by specifying the DC-hostname directly,
but the help text says internet synchronization only occurs _weekly_
(weakly?).
It says if you are part of a domain, your clock is automatically
synchronized with the PDC.  But my computer doesn't appear to
be doing this.  When I ask w32tm to compare it's local clock
to the "Domain's" network time:
> w32tm /monitor /domain:Bliss  # I get:
GetDcList failed with error code:  0x80070774.
Exiting with error 0x80070774
---
In the system log, I see the following message:
Time Provider NtpClient:  This machine is configured to use the domain 
hierarchy to  determine its time source, but the computer is joined to 
a  Windows NT 4.0 domain. Windows NT 4.0 domain controllers do not have  
a time service and do not support domain hierarchy as a time source.   
NtpClient will attempt to use an alternate configured external time  
source if available.  If an external time source is not configured  or 
used for this computer, you may choose to disable the NtpClient.

--
   I'm slightly confused...
What is the "time server = yes" allow or permit as a time service?
I thought Windows NT 5 domains were supported in Samba now?  Was
I just having a fantasy or is there some switch/toggle I need in
my configuration file...?
Thanks!
Linda
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] what to do ??

2005-03-17 Thread Greg Andrews 
Howdy All,

I am the adminstrator in a school which has netware 4.11 ( five servers in
the nds tree )as its main student platform. This has been working very
well over the past 6 years or so.

The school has the ability to obtain a microsoft solution at no cost (
except for the new hardware required, which is the reason for this email
in the first place ).

Advice and opinions are sought on the following points

1. do I go microsoft
2. do I stick with novell ( I am aware of a "misty" who recently migrated
from netware to linux ) and perhaps move to netware 6 ( cost about $3000 )
3. do I move to samba.
4. do I make a hybrid and pick the eyes out of each system

Now I fully expect most people to say go linux  and whilst I am all for it
I need to be able to justify my decision . I am capable of administering a
netware system and have a rudimentry samba server system running at
another place  ( no ldap ) so am familiar with samba to some degree but
have ( up until now ) steered clear  of the inferior microsoft server
packages ( also have little experience with them ).So some traing costs in
 samba and microsoft should be included in the mix. Netware I am
conversant with.

One major consideration will be that I would like to be able to run a
single  user database. ldap I think will accomplish this. I am currently
using netware's nds to do this.
Mail and mailing lists  and N.A.L. are also currently being used to good
effect. Davis Harris's Mercury mail is being used  as this provides great
flexibility in mail but unfortunately no  (automatic) spam filtering in
the netware environment. I am going to build a linux box as a mail front
end and use the "native" spam and "sendmail" environments to accomplish
this.

Pretty obviously, most systems are "customised" by the admin. Ours is no
exception.

Another question that people out there might know is

can samba run as a susserver ?

enough ramblings

Thanks to any and all who read and reply.


-- 
Greg Andrews
System Manager
RGTechnologies Pty Ltd
606 Skipton Street
Ballarat 3350
613 53363603
0417 511 731
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] idmap LDAP backend

2005-03-17 Thread Theodore Jencks 
I'm trying to use the LDAP backend for the idmap database but I just
can't seem to get it to work.  There really is rather pathetic
documentation out there on how to implement this.  I've basically got my
ldap server setup with an OU called smb and another OU under it called
idmap.  Here is my smb.conf file:

 

[global]

 

workgroup = HQ

server string = Theo's Samba Server

security = ADS

encrypt passwords = yes

load printers = no

log file = /var/log/samba/%m.log

max log size = 50

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

local master = no

domain master = no

dns proxy = no

wins server = 192.168.192.60 192.168.192.61

log level = 1

syslog = 0

ldap ssl = no

 

realm = HQ.NAVIS.NET

password server = hqdc01.hq.navis.net

winbind cache time = 10

winbind use default domain = yes

client use spnego = yes

template primary group = "HQ+Domain Users"

template shell = /bin/bash

winbind separator = +

winbind nested groups = yes

 

#idmap options for mapping SID to Unix uid, gid

idmap uid = 1-2

idmap gid = 1-2

idmap backend = "ldap:ldap://localhost";

ldap admin dn = "cn=Manager,dc=navis,dc=net"

ldap idmap suffix = "ou=idmap,ou=smb,dc=navis,dc=net"

ldap suffix = "ou=smb,dc=navis,dc=net"

 

# Share Definitions
==

# This one is useful for people to share files

[test]

   comment = this is a test share

   path = /share/test

   read only = no

   public = yes

   writable = yes

   printable = no

   browseable = yes

   valid users = @"HQ+Domain Users"

 

 

All seems well with wbinfo and things work fine when I'm not using the
LDAP backend.  Please someone help this is driving me nuts!

 

Thanks in advance,

Theo

 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Updating to Latest Release

2005-03-17 Thread David Davies 
Can anyone me why when attempting to install the latest release candidate I
get a message that says a newer version is installed?

Thanks,
Dave


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Active Directory, Winbind on Solaris 10 sparc

2005-03-17 Thread Steven P. Johnson 
I compiled Samba 3.0.11 with LDAP and Kerberos support (used heimdal
because MIT refused to cooperate.)
Got it to join the realm.  Visible from Windoze land.
"getent passwd"  and "getent group" work great.  So do wbinfo -u and -g.
Disabled nscd.  /etc/nsswitch.conf shows "passwd:  files winbind", and I
have put library nss_winbind.so.1 in /lib and /usr/lib (linked).
Users with entries in /etc/passwd can authenticate.  Other users cannot connect.
The command "chown domainuser fileX" fails with "chown: unknown user id 
domainuser"
I know Solaris 9 had a patch to get this to work, but I don't see one for
Solaris 10.  What am I missing?  Thanks.
--
Steven P. Johnson
(253)927-4051
[EMAIL PROTECTED]
Certified Computer Consulting
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Hula-project and Samba

2005-03-17 Thread Geoff Scott 
James Ruthven wrote:
> Hello,
> 
> Has anyone run Hula Server (http://www.hula-project.org) and Samba on
> the same server and got the user authentication to sync? 
> 
> I imagine this would involve configuring Samba to use eDirectory
> (Novell) which Hula is using for store.
> 
> I have searched everywhere for documentation referencing Hula and
> Samba integration/authentication but only found one article
> announcing that Novell has contributed its eDirectory APIs to the
> Samba Project.   
> 
> Have these APIs been implemented yet?
> 
> Please could someone point me in the right direction?
> 
> Many thanks in advance.
> James

It's probably going to be an easier job to use Open-xchange.  I have done
some prliminary work on integrating Samba 3.0.10 and OX 0.7.5.  this is
documented on the OX wiki.  Most of the Doc is copied and pasted from JHT's
work but adapted for Debian.  It hasn't been updated for the OX 0.8beta4
release or for Samba 3.0.11 but the basics are there to create a Win2K SBS
replacement.  (I'm just waiting for a more stable release of Oxlook to sync
outlook with OX)

Regards Geoff Scott
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Where can I find more info on account flags?

2005-03-17 Thread Craig White 
On Thu, 2005-03-17 at 16:11 -0800, Jim C. wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> | I actually had an official  samba doc I was working off of for the ones
> | I had filled out, but ascii art is a nightmare...
> 
> I'll second that.
> 
> OK, one last try without any "art" :
> 
> [NDHTUMWSLKI]
> 
> ...or
> 
> N ?
> D Disabled
> H Home dir required
> T ?
> U User account
> M ?
> W Workstation account
> S ?
> L ?
> K ?
> I Domain trust account)

probably should add

X Password no expire

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Where can I find more info on account flags?

2005-03-17 Thread Jim C. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| I actually had an official  samba doc I was working off of for the ones
| I had filled out, but ascii art is a nightmare...
I'll second that.
OK, one last try without any "art" :
[NDHTUMWSLKI]
...or
N ?
D Disabled
H Home dir required
T ?
U User account
M ?
W Workstation account
S ?
L ?
K ?
I Domain trust account)
Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOhyX57L0B7uXm9oRAtRUAJ42FriZwjcDLJt356KDkWZkDKhR8gCfQXHT
5sbzTNUipCe2Jv268hvS+yQ=
=c5QK
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 2 servers, one with plaintext passwds, other encrypted passwds

2005-03-17 Thread Adam Williams 
Hello, at my workplace we have 2 samba servers.  One is a PDC called 
archives1 with encrypted passwords.  The other server is called 
Archives4 and it uses plaintext passwords (encrypted passwords = no in 
smb.conf).  We have a Windows XP user who uses Archives1 for their file 
sharing, but wants to connect to a share on Archives4 as well.  Being 
that this user uses XP with encrypted passwords, she can't do 
\\archives4\share because she gets the error \\10.8.82 is not 
accessible, yadda yadda yadda.  She is getting this error because she's 
using encrypted passwords to connect to Archives1, but Archives4 uses 
plaintext passwords.  I know I can set Achives4 to use enrypted 
passwords, and then run smbpasswd for each user and create them 
accounts, but that is a lot of work just for 1 user to access a share.

So, besides enabling encrypted passwords on Archives4 and running 
smbpasswd for each user, what are my options to have this user still be 
able to access Archives1 with encrypted passwords and Archives4 with 
plaintext passwords?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Where can I find more info on account flags?

2005-03-17 Thread Paul Gienger 

Still not sure about the accuracy, although everything makes sense 
except Domain trust account.
I actually had an official  samba doc I was working off of for the ones 
I had filled out, but ascii art is a nightmare...

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Where can I find more info on account flags?

2005-03-17 Thread Paul Gienger 

Are you sure this is accurate? I have a regular user which I use for
most things and his account flags look like this:
sambaAcctFlags: [U  ]
According to your diagram here, that is a workstation account. If it is
indeed accurate then we may have an smbldap script bug on our hands, as
this is the tool I use to add users.  Hmm... I'm noticeing this flag on
all of them now.  Wait... let me check a workstation...
OK, my workstations are flagged thus:
sambaAcctFlags: [W  ]
There is nothing defined for W below:
| [NDHT U M W SLKI]
| | | | | |||
| | | | | ||-> Domain trust account)
| | | | | |->
| | | | |->
| | | |-> Server trust account
| | |-> Workstation account
| |->
| -> User account
| |||->
| ||-> Home dir required
| |-> Disabled
| ->
|
| And the following aren't listed in your group of flags:
| X -> password does not expire
Yep, it is accurate, when I sent it anyway.  If you make that fixed 
width font, and add a leading space to take up the leading bracket, your 
U matches to the user flag.  Gotta love the ascii art when it gets 
hacked by client programs and listservs, etc..  Here's a more concrete 
example that I'm pretty sure won't get screwed up.. if it does, I give up.

NDHTUMWSLKI
|||
||-> Domain trust account)
|->
->
|||-> Server trust account
||-> Workstation account
|->
-> User account
|||->
||-> Home dir required
|-> Disabled
->

Hmmm... I wonder if there is a way to check the Windows docs instead?
I was under the impression that the flags were something that samba used 
to keep itself sane...

Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOgpo57L0B7uXm9oRAibeAJ9DJrJizVr7OSHR5OCshiTzo5G4bQCfTT3A
UoXPRS4pKb9K6EmijaU8/DU=
=KtGM
-END PGP SIGNATURE-
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Where can I find more info on account flags?

2005-03-17 Thread Jim C. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| [NDHTUMWSLKI]
|  |||
|  ||-> Domain trust account)
|  |->
|  ->
|  |||-> Server trust account
|  ||-> Workstation account
|  |->
|  -> User account
|  |||->
|  ||-> Home dir required
|  |-> Disabled
|  ->
|
| And the following aren't listed in your group of flags:
| X -> password does not expire
|
Uh... Perhaps it should be more like this? I shifted it over by 2.
[NDHTUMWSLKI]
~ |||- Domain trust account)
~ ||-
~ |-
~ - Server trust account
~ |||- Workstation account
~ ||-
~ |- User account
~ -
~ |||- Home dir required
~ ||- Disabled
~ |-
Still not sure about the accuracy, although everything makes sense
except Domain trust account.
Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOg2h57L0B7uXm9oRAnz1AJ0XeCPuWD6455H7bmYx2t/9rCaiRgCfdtoJ
6K+IdHY1FksbZNkMO8mjYwY=
=x4QG
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Where can I find more info on account flags?

2005-03-17 Thread Jim C. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Gienger wrote:
| I did a little digging around in the source, since the only web sites
| I've seen would list a couple.  I'd love to see a thorough discussion
| myself.  Here's what I've found, feel free to fill in the blanks anyone:
Are you sure this is accurate? I have a regular user which I use for
most things and his account flags look like this:
sambaAcctFlags: [U  ]
According to your diagram here, that is a workstation account. If it is
indeed accurate then we may have an smbldap script bug on our hands, as
this is the tool I use to add users.  Hmm... I'm noticeing this flag on
all of them now.  Wait... let me check a workstation...
OK, my workstations are flagged thus:
sambaAcctFlags: [W  ]
There is nothing defined for W below:
| [NDHT U M W SLKI]
| | | | | |||
| | | | | ||-> Domain trust account)
| | | | | |->
| | | | |->
| | | |-> Server trust account
| | |-> Workstation account
| |->
| -> User account
| |||->
| ||-> Home dir required
| |-> Disabled
| ->
|
| And the following aren't listed in your group of flags:
| X -> password does not expire
Hmmm... I wonder if there is a way to check the Windows docs instead?
Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOgpo57L0B7uXm9oRAibeAJ9DJrJizVr7OSHR5OCshiTzo5G4bQCfTT3A
UoXPRS4pKb9K6EmijaU8/DU=
=KtGM
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SMB protocol security flaw

2005-03-17 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tony Earnshaw wrote:
| Hi,
|
| It's (possible|probable) that the above was included in
| the list postings in February last; at that time I hadn't
| even begun with Samba (use it in production now :). If
| so,please point me at the archives, if not, could someone
| please comment?

|
http://www.theage.com.au/news/Breaking/Windows-NT4-servers-open-to-hackers/2005/03/11/1110417668599.html#
comment on nt4 security issues ?  Got a KB article # for the
actual advisory ?


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOfq/IR7qMdg1EfYRAscTAKDZSuJeUOSezsxlgZ10e9puFsGKwACgi6So
BUrm3oJ/wzKjObROzbvJjKA=
=KDBL
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] double share?

2005-03-17 Thread Erik M Stokhof 
Hi all,
I have a setup where a linux box mounts an SMB share from another computer, 
and then shares that mount in turn.

Is there any way to make the mounted share writable by visitors to the linux 
machine?

Why do I want this? We have an NT4 machine that runs a database, and people 
need to synchronize with the database over the Internet. Since VPN 
implementations currently do not work, I need a workaround, and one of the 
possibilities is a shared server setup, where both sides of the 'firewall' 
(I hesitate to call it that) can write to the same database without needing 
full LAN access to the outside.

Again: Is this possible?
Thanks in advance,
-Erik 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Winbind - how to map ADS group to Unix group

2005-03-17 Thread Miles, Noal 
After much experimentation I think I can better frame this problem.  I
wanted to be able to map an ADS domain group to a local Unix group.  I also
wanted to be able to map ADS domain groups/accounts to ROOT.  For instance I
wanted all members of the ADS group Domain Admins to map to ROOT.  My Linux
box was joined to the ADS domian but is not running smbd.  Only winbindd is
running.
 
After experimenting with suggestions to use:
net groupmap
username map
 
I have come to the conclussion that these approaches only work for
interaction with smbd and don't help when all that is running is winbindd.
It seems to me these approaches work for controlling resources exposed via
(smbd).
 
I am running only winbindd because at this point I am not concerned with
sharing resources but more concerned with Single Sign On with ADS groups
mapped to having rights on Linux boxes.
 
So this is what I have learned.  Running winbindd only:
use "gpasswd -a "DOM\Account" unixgroup" will add a ADS domain account to a
local *nix group
 
setting "winbind trusted domains only = yes" and then creating each domain
account locally I can make a domain admin account = ROOT, but of course this
means I have to create each account locally which is no fun (I think this is
what Choudary Mumtaz was proposing).
 
THE QUESTION:  I think at this point I may be trying to make winbindd work
in a way it wasn't really designed to.  As a next step I was thinking of
trying to edit the winbind DB and manually set the GID of Domain Admins to 0
or group Domain Users to 503.  As far as I can tell there is not a command
line interface to change the mappings within the winbindd DB.  Does this
make sense?
 
Thanks,
Noal
 
 

-Original Message-
From: Choudary Mumtaz [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 03, 2005 6:30 PM
To: Miles, Noal; 'Gerald (Jerry) Carter'
Cc: 'samba@lists.samba.org'
Subject: RE: [Samba] Winbind - how to map ADS group to Unix group


It might be a very silly way to do it, but this is how I accomplished it as
I never got any help from the group during my setup. Most of the tools
provided by Samba didn't work for me, and I haven't been able to figure out
the problem. 
I have added all the respective SAMBA groups to local /etc/group, so here
you may make test2 member of "Domain Users" group, and it will work. If you
would like a take a quick look at my setup, please feel free to visit
http://www.miracletechs.com/sambainstall.html
 .
Thank you.

"Miles, Noal" <[EMAIL PROTECTED]> wrote:

Winbind is configured for ads.
I want "Domain\Domain Users" to be members of local linux group "test2".

I created a local group on the linux box:
Groupadd -u 502 test2

I have tried net groupmap addmem, it tells me the syntax is 
Net groupmap addmem alias-sid member-sid

There is no SID for test2 so how can I use "net groupmap addmem"?
Wbinfo -G 502
Cannot convert gid 502 to sid

Net groupmap add ntgroup="Domain\Domain Users" unixgroup=test2
Successfully added group "Domain\Domain Users" to the mapping db

Getent group test2
Test2:x:502:
So this doesn't work either.

I have also tried username map in smb.conf with no success.

I appreciate the suggestions thus far. Any additional help would be greatly
appreciated.
Thanks,
Noal


-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 01, 2005 8:00 AM
To: Miles, Noal
Cc: 'samba@lists.samba.org'
Subject: Re: [Samba] Winbind - how to map ADS group to Unix group


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Miles, Noal wrote:

| OK I set "winbind nested group = yes"

use `net groupmap {addmem,delmem,listmem}'




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCJHV4IR7qMdg1EfYRAgauAJ9zI4gmGpn/9H0E0zA4Y3Nips3nnACdHAUj
HOXXv8XrN7gaVl2mBrpxLcs=
=/mab
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba


__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] pwsync - wpsync

2005-03-17 Thread djekels 
Hi,

I am not sure if these tools are still available on the net for download. 
But I searched all the search engines bone dry and cannot find it.

Do you happen to know the whereabouts of these wonderful tools?

Thank you,
Donny Jekels
Senior Unix Developer
(203) 560 3376 - (cell)
GPG - 22E4 5193 02FB 9CA8 05D2  DD69 357E E81B 2344 61BA
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] srvtools (Usrmgr.exe) : strange problem

2005-03-17 Thread Olivier Rochefort 
Hello everybody. I have noted a strange problem when using Usrmgr.exe 
(from srvtools). The problem arise when a net groupmap is done on a 
group for which a user exist with the same name that the specified 
unixgroup. For example, lets say that I have the following UNIX user and 
group create on my Samba server :

joe (in /etc/group)
joe (in /etc/passwd)
Now I create the following map :
net groupmap add ntgroup="Joe Smith" unixgroup=joe type=domain
Now if I start Usrmgr.exe and I check the user joe I can see the group 
"Joe Smith" and others groups. If I try to remove the group "Joe Smith" 
then Usrmgr.exe popup a message "Access denied". What is strange is that 
if I check /etc/group I can see that the command has succeed because 
user joe is no longer member of the group joe. Still that if I look back 
to Usrmgr.exe, user joe is still a member of group "Joe Smith" even if 
it's not the case in /etc/group. Anyone can bring some clarifications 
about that?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SMB protocol security flaw

2005-03-17 Thread Tony Earnshaw 
Hi,

It's (possible|probable) that the above was included in the list postings
in February last; at that time I hadn't even begun with Samba (use it in
production now :). If so,please point me at the archives, if not, could
someone please comment?

>From the last SANS NewsBites (apologies for the line break in the URL for
those using 76-character text MMUAs):

WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
 --SMB Protocol Flaw Patch Not Readily Available for NT 4.0
(11 March 2005)
On February 8, 2005, Microsoft released an advisory for a vulnerability
in the server message block (SMB) protocol in Windows that could allow
an attacker to take control of vulnerable servers.  However, Microsoft
released patches for only more recent versions of Windows; there was no
patch for Windows NT 4.0, as the company stopped officially supporting
it on December 31, 2004.  Microsoft does have a patch for NT 4.0
customers who have paid for extended support.  Users could enable SMB
signing as some form of protection; Microsoft is encouraging users to
upgrade to Server 2003 for security reasons.
http://www.theage.com.au/news/Breaking/Windows-NT4-servers-open-to-hackers/2005/03/11/1110417668599.html#

Thanks,

--Tonni

-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Thursby's DAVE and Symlinks

2005-03-17 Thread AndyLiebman 
Does anybody here have any experience with  Thursby's DAVE and symlinks on a 
Samba Server? 

When I connect to my  Linux Samba Server via DAVE (running on Mac OS X 
10.3.8), I can see all the  links that I have made to files that reside in 
other 
directories on the Linux  Server. However, Mac OS X thinks they are aliases. 
And 
when I try to open them,  I get back a Mac error saying "The alias "xyz" could 
not be opened because the  original item cannot be found". 

This behavior is very different than  what I get on Windows XP or Windows 
2000 -- and for that matter, the native OS X  SMB/CIFS client -- which treat 
symlinks just as any other file. 

The  reason I'm trying to use DAVE is because of huge performance issues with 
the  Native Mac OS X SMB/CIFS implementation. The Apple version is absolutely 
useless  for my particular application. DAVE performs much better. 

However, I  have to sort out this links thing. Anybody have any ideas? Is 
there something  that can be set on the Linux/Samba server side that will make 
DAVE behave the  way I want? 

Thanks for your thoughts
Andy Liebman  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd to LDAP

2005-03-17 Thread Paul Gienger 

mess.  My question is Shouldn't I somehow be able to insert samba passwords into
the LDAP database and move on?  Or is it just past that point now?
 

Well, you can do one of two things, as I see it:
1. Try to run pdbedit with import/export flags and point it at your 
password file.  Note that I don't know what this will do with existing 
entries' data.
2. Grab the password hashes out of the file and manually insert them.

Naturally 1 would be easier.
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd to LDAP

2005-03-17 Thread Matt Lung 
Quoting Luca Olivetti <[EMAIL PROTECTED]>:

> Matt Lung wrote:
> > Is there a way to take users samba passwords from an old 2.x Samba server,
> and
> > insert them into a new 3.x Samba server that using an LDAP backend?  The
> new
> > server is already populated with all users and groups in LDAP and is
> currently
> > on a test network.  All that is needed is the users samba passwords from
> the
> > old server that is using the smbpasswd file.
>
> If there aren't samba attributes in ldap you can use
>
> pdbedit -i smbpasswd:
>
> If there are already samba attributes this won't work.
>
> What I did was:

Hmm... I don't think that will work for us here.  Our users have been migrated
out of the passwd and shadow file on the old server for a while now.  Their
account info (except their samba password) has lived in LDAP for a few years
now.  I'm just trying to avoid having to change all the users passwords on the
new server and having a big mess.  I'd like it to be very transparent.  I guess
if what I'm asking is impossible at this point I'm sort of heading towards the
mess.  My question is Shouldn't I somehow be able to insert samba passwords into
the LDAP database and move on?  Or is it just past that point now?

When I change my password on the new server I know it is changing the
sambaLMPassword attribute. So how is the migrate tool setting that from the
sambapasswd file when someone is migrating?

> - clean the ldap database (easy here since I was just testing)
> - smbldap-populate -k 0 -a root
> - obtain /etc/passwd, /etc/shadow, /etc/samba/smbpasswd from the old machine
> - remove all machine accounts, system groups and other users/groups you
> don't in ldap from all these files
>
> at this point, if you have special characters (like, á, é, í, etc.) in
> your files, you'll have to make somewhat a cleaned-up copy, since the
> idealx tools don't work with non us-ascii characters
>
> -temporarily add users in /etc/passwd of the new machine
> -pdbedit -i smbpasswd:
> -remove the users previously added to /etc/passwd
> -smbldap-migrate-passwd -d account -a -P  -S
> 
> -smbldap-migrate-group -a -G 
>
>
> What I done may be totally wrong, YMMV, etc., but it seems it has worked
> fine so far.
> Bye
> --
> Luca Olivetti
> Wetron Automatización S.A. http://www.wetron.es/
> Tel. +34 93 5883004  Fax +34 93 5883007
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>



This message was sent using IMP, the Internet Messaging Program.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.11 and KB828741 password bug

2005-03-17 Thread Dave Marshall 
Hello,
I'm having troubles with what I'm quite positive was the bug related to 
the MS KB828741 hotfix that was fixed in samba 3.0.4, but I'm running 
3.0.11, i think

[EMAIL PROTECTED] root]# smbd --version
Version 3.0.11
[EMAIL PROTECTED] root]#
If I remove the Hotfix on my workstation, I can change my password. 
Re-install it and I get the "domain not found error" when trying to 
change the password. Is it possible my configuration could still be 
causing this?

[global]
 smb passwd file = /usr/local/samba/private/smbpasswd
 passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*successfully*
 domain master = yes
 encrypt passwords = yes
 passwd program = /usr/bin/passwd %u
 unix password sync = yes
 local master = yes
 security = user
 preferred master = yes
 domain logons = yes
 pam password change = yes
...

Any help would be appreciated
Dave
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd to LDAP

2005-03-17 Thread Luca Olivetti 
Matt Lung wrote:
Is there a way to take users samba passwords from an old 2.x Samba server, and
insert them into a new 3.x Samba server that using an LDAP backend?  The new
server is already populated with all users and groups in LDAP and is currently
on a test network.  All that is needed is the users samba passwords from the
old server that is using the smbpasswd file.
If there aren't samba attributes in ldap you can use
pdbedit -i smbpasswd:
If there are already samba attributes this won't work.
What I did was:
- clean the ldap database (easy here since I was just testing)
- smbldap-populate -k 0 -a root
- obtain /etc/passwd, /etc/shadow, /etc/samba/smbpasswd from the old machine
- remove all machine accounts, system groups and other users/groups you 
don't in ldap from all these files

at this point, if you have special characters (like, á, é, í, etc.) in 
your files, you'll have to make somewhat a cleaned-up copy, since the 
idealx tools don't work with non us-ascii characters

-temporarily add users in /etc/passwd of the new machine
-pdbedit -i smbpasswd:
-remove the users previously added to /etc/passwd
-smbldap-migrate-passwd -d account -a -P  -S 

-smbldap-migrate-group -a -G 

What I done may be totally wrong, YMMV, etc., but it seems it has worked 
fine so far.
Bye
--
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004  Fax +34 93 5883007
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2 vs. 3: Domain Member & Winbind quick question

2005-03-17 Thread Tyler Thueson 
I have a Samba 2.2 box set up as a member server in a Windows domain.
Any random Windows domain user can connect and a local Linux system
account is created on the fly, as it should.

I am trying to do the same on another box with Samba 3. However, when I
connect from a Windows domain member, I get prompted for credentials. If I
enter domain\username and my password, I connect and a local Linux
system account is created on the fly, and all is good. But 2.2 doesn't
prompt, and I don't want to be prompted by 3.0!

#/etc/samba/smb.conf
[global]
workgroup = DOMAIN
server string = Samba Server
security = DOMAIN
passdb backend = tdbsam:/etc/samba/private/passdb.tdb
log file = /var/log/samba.%m
max log size = 50
add user script = /usr/sbin/useradd -g users %u
dns proxy = No
wins server = 1.2.3.4, 2.3.4.5
ldap ssl = no
idmap uid = 1-20
idmap gid = 1-20
winbind use default domain = Yes
netbios name = SERVER
password server = *

#/etc/nsswitch.conf
passwd: compat winbind
group:  compat winbind
hosts:  files dns
networks:   files
services:   files
protocols:  files
rpc:files
ethers: files
netmasks:   files
netgroup:   files
bootparams: files
automount:  files
aliases:files

When Windows makes the initial connection before I get prompted in Windows:
#/var/log/samba.clienthostname
[2005/03/16 11:37:22, 0] auth/auth_util.c:make_server_info_info3(1120)
  make_server_info_info3: pdb_init_sam failed!
useradd: invalid user name 'USERNAME'
useradd: invalid user name 'USERNAME'
useradd: invalid user name 'USERNAME'

After I enter domain\username in Windows prompt:
#/var/log/samba.clienthostname
[2005/03/16 15:27:41, 1] smbd/service.c:make_connection_snum(619)
  clienthostname (1.2.3.4) connect to service sharename initially as
user username (uid=1000, gid=100) (pid 1016)

It almost seems as if the initial connection by Windows is sending the
naked username, without the domain\ in front. Is there a way to tell
Winbind to add domain\ in front of naked usernames or something? As
you can see above I turned on 'winbind use default domain' but
obviously that does not fix the problem.

Help?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Configure Samba with non-standard OpenLDAP location

2005-03-17 Thread Dariusz Lis 
> Tony Earnshaw:
>
> > Dariusz Lis:
> > How to configure (and compile) Samba with non-standard OpenLDAP
> > location?
> > Is it possible?
>
> Basically, yes. It all depends on where the LDAP libraries (libldap,
> liblber) were told to look for ${prefix} during the OpenLDAP compilation.
> When Samba source (or srpm installation) is compiled, it should find them
> automatically, depending on your systems library database (e.g.Red Hat
> Linux ldconfig/ld.so.conf - 'cat /etc/ld.so.conf').


My real problem is Samba's configure script, and not finding LDAP libraries
(this is OK). I don't know how to tell it about non-standard location of
OpenLDAP's header files.

Darek





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] OW #10.10 - How do you save documents?

2005-03-17 Thread OFFICE Watch 
 --==>> OFFICE WATCH <<==--
The Microsoft Office newsletter from Woody's Watch.
Your independent source for MS Office advice and news since 1996
 17 March 2005  Vol 10 No 10
New! "The Desktop Search Handbook" - http://shop.woodyswatch.com/dsh/


Advertise in Woody's Watch - great rates, great reach, no hard sell.  Ask Jan  
[EMAIL PROTECTED]

1. How do you save your documents?
2. Quickly marking spam
3. Shortcut of the Week
4. Keep OW Alive and Free


>>> Got Office? Get OfficeRecovery! <<<
There is up to 99% of useful data in a file that won't open anymore. Get it 
back with data recovery utilities for Word, Excel, PowerPoint, Access, SQL 
Server, Outlook, Exchange and other applications. Available standalone and in 
OfficeRecovery suites. Use yourself, tell colleagues.
*** Click http://ref.OfficeRecovery.com/?wow for a free demo. ***


__
1. HOW DO YOU SAVE YOUR DOCUMENTS?
It's something we might take for granted but my eye caught this message from an 
Office Watch reader:

John R writes:

"I label folders by topic and sub-topic and files by using the date of origin 
in the year/month/day sequence, ie this one is reference 050315.   The beauty 
of this is, it keeps things in chronological order which matches my memory. Of 
course as the year changes, I create a new sub-folder with the date (or month 
if it is a busy topic), ie 0503. I then relabel any incoming files by their 
date of origin so they slot neatly into the sequence, that is before or after 
my related file."

John has one way to arrange documents that suits him.  It made me wonder how 
other readers choose to organize their documents.

Do you save them under 'My Documents'  or some other 'root' folder

How do you create folders / sub-folders?

Do you have a document naming system or just whatever come to mind?

Do you make use of Word document properties (under File | Properties | Summary 
or Custom)?

Do you let documents accumulate over the years?

Do you delete or archive old documents occasionally?

We'd love to hear from Office Watch readers to get an idea of the variety of 
options that real people use.  [EMAIL PROTECTED]

___
We've been pleased and exhausted by the response from Woody's Watch readers to 
our Editor-in-Chief's first ebook.   We're exhausted because we've had to put 
in a whole new shopping system to cope with demand. All the purchasing options 
are now available via http://shop.woodyswatch.com/eb/.  Sales of the Desktop 
Search Handbook directly help keep all the Woody's Watch newsletters as free 
and fearless services to all.

The Desktop Search Handbook
   an Office Watch guide
  http://shop.woodyswatch.com/dsh/

Over 65 pages of in-depth and original info and how to's on the major desktop 
search products.  Searchable text and color images throughout - naturally.

* All new and expanded content

* NO advertising - 65 pages plus appendices.

* In depth reviews and how to for the major Desktop Search products
o Copernic Desktop
o Google Desktop Search
o Lookout for Outlook
o MSN Toolbar Suite
o Yahoo Desktop  (a version of X1)

* Simple guide to making desktop searching work even better for you.
o Effective indexing
o Simple searching and beyond.
o Tips on how to effectively index audio, video, OneNote, web caches and 
PDF's.
o Search Command Reference

Not only do you get the ebook but you also get FREE updates / new editions as 
they are released during 2005.  We'll update the book throughout the year.

Woody's Watch subscribers pay just US$9.95 - saving $5 on the standard price. 
It's our gift to those of you who have supported us over the years.  We have 
options to pay in Canadian dollars, Sterling, Euro, Yen and Aussie dollars too.

Check it out at http://shop.woodyswatch.com/dsh/   There's a special diskette 
edition available via Amazon USA - so you can add a copy of the Desktop Search 
Handbook to your regular Amazon shopping cart.  
http://shop.woodyswatch.com/dsh/AmazonUS.asp

___
2. QUICKLY MARKING SPAM
Outlook 2003 has a junk mail filter but it isn't perfect, and occasionally you 
have to delete spam messages yourself.

You can just hit delete and remove the message or you can mark the message as 
spam / junk email.  Doing that with Outlook 2003 in its default setup is a 
nuisance.

You have to choose Actions | Junk E-mail | Add Sender to Blocked Senders list 
from the menu or the right-click menu.

But there is a quicker - single click - option.  Just add a new item to your 
menu.

* Right-click on the Outlook toolbar and choose Customise.  Leave the Customise 
dialog open so you can edit the toolbar menu.

* Under the Commands tab choose the Actions category

* From the Commands list scroll down to 'Add Sender to Blocked Senders List' 
click on that item and drag it to a position on the Outlook toolbar.

* The item will appear on the toolbar but with the long text name.  You'll

Re: [Samba] Compile error: libsmbclient on 12rc1 on Solaris 9

2005-03-17 Thread David Pullman 
Thanks very much.  Will update and rebuild on the test box later today!
--David
Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Pullman wrote:
| snip from make.log:
| Compiling libsmb/libsmbclient.c with -KPIC
| "libsmb/libsmbclient.c", line 3249: warning: argument #3 is incompatible
| with prototype:
| prototype: pointer to char : "libsmb/libsmbclient.c", line 1167
| argument : pointer to const char
| "libsmb/libsmbclient.c", line 3843: warning: argument #5 is incompatible
| with prototype:
| prototype: pointer to char : "libsmb/libsmbclient.c", line 3120
| argument : pointer to const char
| "libsmb/libsmbclient.c", line 4097: invalid directive
| "libsmb/libsmbclient.c", line 4236: invalid directive
| "libsmb/libsmbclient.c", line 4373: warning: argument #7 is incompatible
| with prototype:
| prototype: pointer to char : "libsmb/libsmbclient.c", line 3315
| argument : pointer to const char
| "libsmb/libsmbclient.c", line 4373: warning: argument #8 is incompatible
| with prototype:
| prototype: pointer to char : "libsmb/libsmbclient.c", line 3315
| argument : pointer to const char
| cc: acomp failed for libsmb/libsmbclient.c
| *** Error code 2
| make: Fatal error: Command failed for target `libsmb/libsmbclient.po.o'
|
Should be fixed in the SAMBA_3_0 svn tree now.


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOZJmIR7qMdg1EfYRAn++AJ9VgyjW0F3hOXE1RBqvHY8ezHaOoACgouSK
wVY2LNesMmQrEcikWv0CbH0=
=+eVO
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd to LDAP

2005-03-17 Thread Matt Lung 
Is there a way to take users samba passwords from an old 2.x Samba server, and
insert them into a new 3.x Samba server that using an LDAP backend?  The new
server is already populated with all users and groups in LDAP and is currently
on a test network.  All that is needed is the users samba passwords from the
old server that is using the smbpasswd file.

Thanks

--
Matt Lung
Midwest Tool & Die, Corp.







This message was sent using IMP, the Internet Messaging Program.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba pdc + winbind possible ?

2005-03-17 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Collen wrote:
| Hmm, sorry tryed it, read the info. but pam_smbpass is only if you
| use the samba (textfile) passwd backend.
| so it's no good, if you have a mysql or other passdb backend.!
| but i found a solution, without using winbind!
|
| pam_smb_auth.so !! that did the trick..
| only i downloaded the ftp://ftp.samba.org/pub/samba/pam_smb/ version.
| but i saw there's an other version included with the samba source.
| (../source/pam_smbpass) ?? but there's no readme on how to compile it..?
That code is extremely old and unsupported.  Run winbindd on the
Samba PDC.  That works fine.


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOZn9IR7qMdg1EfYRAuMiAKDMa4tsHnOfHB3kBeR8xgCeUTIbqgCgiUWO
jZ9W+/ws8HvWtQGzZztjNWQ=
=eCPa
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind: How to map windows admin-user to Linux root ?

2005-03-17 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yanping Du wrote:
| Hi,
|
|   Is there any way that I can map window AD admin-user
| to Linux root user (uid=gid=0) ?
|  I noticed that windows Active-Directory users can use
| "idmap [uid-range]" to map to Linux users, but the
| idmap uid-range doesn't include '0'. e.g.
|
| idmap uid = 1-2
| idmap gid = 1-2
|
| Thanks!
create a username map with
root = DOMAIN\Administrator

cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOZkeIR7qMdg1EfYRAj43AJ48mYsk9zeS+6UvVpqDKX4p6xbC7QCdFX1o
OYav8fLGpc5yAwubX+xLRSA=
=5G2E
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Server

2005-03-17 Thread Jijo Abraham 
Hi All,

I have installed Samba 3.0.10 on Solaris 9.
As of right now my windows client machine can access the solaris and 
all its file. 
I want it make it so that solaris can access all of windows.

Specifically I want it access my windows fileserver.

Thanks in Advance
Jijo 

http://www.Care2.com  Free e-mail. 100MB storage.  Helps charities.

Make a Difference: Stop Canada's cruel and senseless baby seal hunt! 
http://www.care2.com/go/z/saveseals
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-tools question

2005-03-17 Thread fatima riadi 
To test, I suggest that you stop your iptables
services (by running "service iptable stop"). Then try
to join your domain.
On XP clients, you should edit a regtry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
   "requiresignorseal"=dword:

Regards

--- Misty Stanley-Jones <[EMAIL PROTECTED]> wrote:
> When I used smbldap-populate way back when I set up
> my LDAP server, I got two 
> sambaDomainName objects in my LDAP tree -- one for
> the domain name (CORP) and 
> one for the PDC Netbios name (CORPSRV).  My Windows
> XP systems complain that 
> they can't find the PDC for the domain CORPSRV.  I
> am wondering if I even 
> need the second sambaDomainName in LDAP at all.  Any
> ideas?
> 
> Misty
> -- 
> To unsubscribe from this list go to the following
> URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 






Découvrez nos promotions exclusives "destination de la Tunisie, du Maroc, des 
Baléares et la Rép. Dominicaine sur Yahoo! Voyages :
http://fr.travel.yahoo.com/promotions/mar14.html
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Where can I find more info on account flags?

2005-03-17 Thread Paul Gienger 
I did a little digging around in the source, since the only web sites 
I've seen would list a couple.  I'd love to see a thorough discussion 
myself.  Here's what I've found, feel free to fill in the blanks anyone:

[NDHTUMWSLKI]
|||
||-> Domain trust account)
|->
->
|||-> Server trust account
||-> Workstation account
|->
-> User account
|||->
||-> Home dir required
|-> Disabled
->
And the following aren't listed in your group of flags:
X -> password does not expire
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbldap-tools question

2005-03-17 Thread Misty Stanley-Jones 
When I used smbldap-populate way back when I set up my LDAP server, I got two 
sambaDomainName objects in my LDAP tree -- one for the domain name (CORP) and 
one for the PDC Netbios name (CORPSRV).  My Windows XP systems complain that 
they can't find the PDC for the domain CORPSRV.  I am wondering if I even 
need the second sambaDomainName in LDAP at all.  Any ideas?

Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Compile error: libsmbclient on 12rc1 on Solaris 9

2005-03-17 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Pullman wrote:
| snip from make.log:
| Compiling libsmb/libsmbclient.c with -KPIC
| "libsmb/libsmbclient.c", line 3249: warning: argument #3 is incompatible
| with prototype:
| prototype: pointer to char : "libsmb/libsmbclient.c", line 1167
| argument : pointer to const char
| "libsmb/libsmbclient.c", line 3843: warning: argument #5 is incompatible
| with prototype:
| prototype: pointer to char : "libsmb/libsmbclient.c", line 3120
| argument : pointer to const char
| "libsmb/libsmbclient.c", line 4097: invalid directive
| "libsmb/libsmbclient.c", line 4236: invalid directive
| "libsmb/libsmbclient.c", line 4373: warning: argument #7 is incompatible
| with prototype:
| prototype: pointer to char : "libsmb/libsmbclient.c", line 3315
| argument : pointer to const char
| "libsmb/libsmbclient.c", line 4373: warning: argument #8 is incompatible
| with prototype:
| prototype: pointer to char : "libsmb/libsmbclient.c", line 3315
| argument : pointer to const char
| cc: acomp failed for libsmb/libsmbclient.c
| *** Error code 2
| make: Fatal error: Command failed for target `libsmb/libsmbclient.po.o'
|
Should be fixed in the SAMBA_3_0 svn tree now.


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOZJmIR7qMdg1EfYRAn++AJ9VgyjW0F3hOXE1RBqvHY8ezHaOoACgouSK
wVY2LNesMmQrEcikWv0CbH0=
=+eVO
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Browsing list problem

2005-03-17 Thread Nathan Vidican 
Hey all, bit of an odd problem here; perhaps you can help:

First off, we've got two samb a servers; one acting as a PDC, and the other
a BDC, both share the same dat, (they sync data back and forth to each other
using rsync for backups). Both access LDAP for users and passwords from
LDAP. WINS runs only on the first server, and the static entries are in the
wins database file for both servers.

When the user logs into the domain, (to which all users do), their login
script maps drives to shares on both machines - all works well.

When going to explorer, explorer \\server and \\server2 both show up and
work fine. The problem being, when one browses the network neighborhood,
only the first (PDC) server shows up, on any computer. WINS resolution still
points to it when one asks for the second server (ie: ping server2 works),
but the second server doesn't show up in the list of computers in the
domain? Also - domain logons don't seem to process at all on the BDC
(second) server; from my understanding of NT networking, should all the
logons not attempt to use the BDC first?

I just assumed since the BDC not showing up in the browsing lists as such,
that perhaps it's not being seen as a BDC on the network, and as such is not
processing the domain logons. (All profiles/user homedirs are stored and
mapped to server2 currently, even though logon script is executing from
server1.

--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmplt.com/


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind, pam_mkhomedir.so problem with long usernames

2005-03-17 Thread Horacio Vico 
Hi, I've been succesfully connecting my SuSE Linux (since version 9.0) to my 
organization's NT domain using Samba's Winbind. The thing is multiple users 
use my PC, not only myself. Though it was also necessary to setup my pam.d 
to automatically create their home folders at first logon (using 
pam_mkhomedir.so).

My NT user is something like "jdoe" but there are some users that have this 
kind of usernames: "John Doe" (notice the space between John an Doe).

When I log into a terminal with this kind of users the home folder is 
created successfully and I can log in and work normally. The problem is with 
KDM, when I try to log in with this users it just does not work, it tries to 
look for preferences into "/home/john" instead of "/home/john\ doe" . That 
is really annoying because I cannot manuallyassign a home folder for every 
user that could work on this PC.

I am the only user inside this organization that uses Linux on its computer, 
and if I cannot make this work I'll have to switch to Windows :=( . Please 
help

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc

2005-03-17 Thread Phil Dawson 
Hi,

I did remove the windows PDC from the network by way of switching it off. 
Something occurred to me, if the windows xp box has LOGONSERVER=//TESTPDC 
then is it possible to fix this problem by changing the netbios name of 
LINUXPDC to TESTPDC.  That way win xp boxes would point to the new server 
and not know any difference.  Obviously I'd have to change the DNS etc to 
make sure.


Process is:

Join Samba machine to PDC as Domain Controller
Migrate from old PDC to Samba PDC
Check everything was ok
Take old PDC off network
Make Samba box to PDC ( Domain Master = Yes )
Change netbios name of Samba PDC from LINUXPDC to TESTPDC
Change DNS, lmhosts, hosts  ( we make sure by changing all :-)   )
Bring up Samba PDC
Check can log on from win xp box


Question is, would this break any trusts?
Anyone done this before?


TIA

Phil





Denis Vlasenko <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED]
17/03/2005 10:27

To
Phil Dawson <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
cc
samba@lists.samba.org
Subject
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc






On Thursday 17 March 2005 10:32, Phil Dawson wrote:
> John,
> 
> In my original port I said
> 
> quote: "changed linuxpdc to be domain master"
> 
> I wrote to mean "changed linuxpdc to be ROLE_DOMAIN_PDC".  Sorry if I 
> didn't make myself clear.  I did test with testparm before trying to log 

> on.  Everything looked ok.  Again, it didn't work.  What I have tried 
> since is to take the winxp box out of the domain and re-join it to the 
> domain when linuxpdc is the PDC.  Now when I log on and run the set 
> command is see LOGONSERVER=//LINUXPDC which is what I was expecting 
> originally.  Still having problems getting logon.bat to run when logging 

> on.  Will have a look at this today.  I'm also going through the logs 
and 
> settings/password files etc to see if I can spot any differences.

Did you remove former Windows PDC box from the network?
(By powering it off or unplugging network cable)
--
vda

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.11 compile issue on AIX5.1 - pdb_ldap.c

2005-03-17 Thread Brian Pawlik 
I've run into a compile problem with Samba 3.0.11 and have searched the
web, lists, and bugzilla for assistance, but was unable to find anything
that helped with these errors. I have been able to successfully build
this release without ldap/ads support, however with the ldap/ads support
it fails to build pdb_ldap.c. I am using AIX 5.1 using the gcc compiler.
I have also ensured that OpenLdap 2.2.24 is installed and working, I
also have Kerberos installed. I have listed my configure settings and
the error from the make below. Thanks in advance!.

 

export LDFLAGS=-L/usr/local/lib -L/opt/freeware/lib -L/usr/lib

export CPPFLAGS=-I/usr/include -I/usr/local/include
-I/opt/freeware/include

 

# ./configure --with-pam --with-pam_smbpass --with-ldap --with-ads
--with-krb5=/usr/krb5

 

 

# make

Using FLAGS =  -O  -Iinclude -I/ext/samba/samba-3.0.11-a/source/include
-I/ext/samba/samba-3.0.11-a/source/ubiqx
-I/ext/samba/samba-3.0.11-a/source/smbwrapper  -I. -I/usr/local/include
-I/opt/freeware/include -I/ext/samba/samba-3.0.11-a/source

  LIBS = 

  LDSHFLAGS = -Wl,-bexpall,-bM:SRE,-bnoentry,-berok
-L/usr/local/lib -L/opt/freeware/lib

  LDFLAGS = -L/usr/local/lib -L/opt/freeware/lib

Compiling dynconfig.c

Compiling smbd/vfs.c

Compiling passdb/pdb_interface.c

Compiling passdb/pdb_ldap.c

passdb/pdb_ldap.c: In function `ldapsam_delete_entry':

passdb/pdb_ldap.c:295: warning: assignment makes pointer from integer
without a cast

passdb/pdb_ldap.c: In function `ldapsam_update_sam_account':

passdb/pdb_ldap.c:1662: warning: assignment makes pointer from integer
without a cast

passdb/pdb_ldap.c: In function `ldapsam_add_sam_account':

passdb/pdb_ldap.c:1809: warning: assignment makes pointer from integer
without a cast

passdb/pdb_ldap.c:1857: warning: assignment makes pointer from integer
without a cast

passdb/pdb_ldap.c: In function `ldapsam_add_group_mapping_entry':

passdb/pdb_ldap.c:2369: warning: assignment makes pointer from integer
without a cast

passdb/pdb_ldap.c: In function `ldapsam_update_group_mapping_entry':

passdb/pdb_ldap.c:2454: warning: assignment makes pointer from integer
without a cast

passdb/pdb_ldap.c: In function `ldapsam_modify_aliasmem':

passdb/pdb_ldap.c:2681: warning: assignment makes pointer from integer
without a cast

passdb/pdb_ldap.c: In function `pdb_init_ldapsam_common':

passdb/pdb_ldap.c:2945: incompatible types in assignment

passdb/pdb_ldap.c: In function `pdb_init_ldapsam':

passdb/pdb_ldap.c:3029: parse error before `char'

passdb/pdb_ldap.c:3031: incompatible types in assignment

make: 1254-004 The error code from the last command is 1.

 

 

Stop.

 

#

 

Brian Pawlik

NOC Support Engineer III

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba configure script not finding ldap libs

2005-03-17 Thread Ayotunde Itayemi 
Try:
LDFLAGS='-L/usr/lib'
export LDFLAGS

then run ./configure

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Theodore Jencks
Sent: Wednesday, March 16, 2005 9:54 PM
To: samba@lists.samba.org
Subject: [Samba] Samba configure script not finding ldap libs

Hey All,

 

I'm trying to compile Samba 3.0.12rc1 on a Redhat Linux Fedora Core 3
machine.  I have the following LDAP RPMS installed:

 

rpm -qa | grep ldap gives:

openldap-2.2.13-2

python-ldap-2.0.1-2

openldap-clients-2.2.13-2

openldap-devel-2.2.13-2

openldap-servers-2.2.13-2

nss_ldap-220-3

 

I run configure in the following fashion:

CFLAGS="-O2 -march=prescott -I/usr/lib"; export CFLAGS

/configure \

--prefix=/usr \

--sysconfdir=/etc \

--localstatedir=/var \

--with-libdir=/usr/lib \

--with-configdir=/etc/samba \

--mandir=/usr/share/man \

--with-privatedir=/etc/samba \

--with-lockdir=/var/lock/samba \

--with-piddir=/var/run/samba \

--with-swatdir=/usr/local/swat \

--with-pam \

--with-pam_smbpass \

--with-syslog \

--with-quotas \

--with-utmp \

--with-ldap=/usr \

--with-ads \

--with-smbmount \

--with-automount \

--with-winbind

 

I get the following message from configure:

checking for LDAP support... auto

checking ldap.h usability... yes

checking ldap.h presence... yes

checking for ldap.h... yes

checking lber.h usability... yes

checking lber.h presence... yes

checking for lber.h... yes

checking for ber_scanf in -llber... yes

checking for ldap_init in -lldap... no

checking for ldap_domain2hostlist... no

checking for ldap_set_rebind_proc... no

checking whether ldap_set_rebind_proc takes 3 arguments... 3

checking for ldap_initialize... no

configure: WARNING: libldap is needed for LDAP support

checking for Active Directory and krb5 support... yes

configure: error: Active Directory Support requires LDAP support

 

So I check for ldaplib with find /* -name "ldaplib*" and get:

/usr/lib/libldap_r-2.2.so.7.0.6

/usr/lib/evolution-openldap/lib/libldap.a

/usr/lib/evolution-openldap/lib/libldap_r.a

/usr/lib/libldap_r.so

/usr/lib/libldap.a

/usr/lib/libldap.so

/usr/lib/libldap-2.2.so.7.0.6

/usr/lib/libldap-2.2.so.7

/usr/lib/libldap_r-2.2.so.7

/usr/lib/libldap_r.a

 

So this looks fine to me, I have no idea why configure isn't finding
these libs?

 

Thanks in advance for any help!

Regards,

Theo

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: ***SPAM*** Re: [Samba] Configure Samba with non-standard OpenLDAPlocation

2005-03-17 Thread Ayotunde Itayemi 
Try the configure format below:

LDFLAGS='-L/usr/local/openldap/lib'
CPPFLAGS='-I/usr/local/openldap/include' ./configure
--prefix=/usr/local/samba-3.0.12pre1 --with-ldap --with-ads
--with-winbind --with-krb5=/usr/local/krb5-1.3.5
--with-libiconv=/usr/local/libiconv-1.9.1

That's from my own compile. Change the LDFLAGS as applicable.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Theodore Jencks
Sent: Wednesday, March 16, 2005 11:12 PM
To: samba@lists.samba.org
Subject: RE: ***SPAM*** Re: [Samba] Configure Samba with non-standard
OpenLDAPlocation

I'm having a similar problem where the configure just doesn't find the
ldap libraries even though I've got the ldap-devel rpm installed and the
libraries are in their normal location in /usr/lib.

-TJ

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Tony Earnshaw
Sent: Wednesday, March 16, 2005 12:15 PM
To: Dariusz Lis
Cc: samba@lists.samba.org
Subject: ***SPAM*** Re: [Samba] Configure Samba with non-standard
OpenLDAP location


Dariusz Lis:

> How to configure (and compile) Samba with non-standard OpenLDAP
location?
> Is it possible?

Basically, yes. It all depends on where the LDAP libraries (libldap,
liblber) were told to look for ${prefix} during the OpenLDAP
compilation.
When Samba source (or srpm installation) is compiled, it should find
them automatically, depending on your systems library database (e.g.Red
Hat Linux ldconfig/ld.so.conf - 'cat /etc/ld.so.conf').

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Share Group Access

2005-03-17 Thread Adi Nugraha 

How do you make a group a member of a group ??? (newb)


- Original Message -
From: "Michael Wray" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, March 16, 2005 10:05 PM
Subject: Re: [Samba] Share Group Access


> Easy fix: Make group D and add GROUP A and B as members, but not C, then
make
> the subfolders group ownership GROUP D, with GROUP Access.
> On Tuesday 15 March 2005 5:43 pm, Bruno Quintas wrote:
> > Hi, i have 3 groups in Samba PDC.
> > One Folder called Geral (with rwx access to all of them), and i want to
> > create anothe folder inside it with rwx access by groups A and B, and no
> > access by group C, is this possible? What should i do?I got a bit
> > confused after looking at the Howto.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc

2005-03-17 Thread Denis Vlasenko 
On Thursday 17 March 2005 10:32, Phil Dawson wrote:
> John,
> 
> In my original port I said
> 
> quote: "changed linuxpdc to be domain master"
> 
> I wrote to mean "changed linuxpdc to be ROLE_DOMAIN_PDC".  Sorry if I 
> didn't make myself clear.  I did test with testparm before trying to log 
> on.  Everything looked ok.  Again, it didn't work.  What I have tried 
> since is to take the winxp box out of the domain and re-join it to the 
> domain when linuxpdc is the PDC.  Now when I log on and run the set 
> command is see LOGONSERVER=//LINUXPDC which is what I was expecting 
> originally.  Still having problems getting logon.bat to run when logging 
> on.  Will have a look at this today.  I'm also going through the logs and 
> settings/password files etc to see if I can spot any differences.

Did you remove former Windows PDC box from the network?
(By powering it off or unplugging network cable)
--
vda

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba server shows up as Domain Controller

2005-03-17 Thread Ayotunde Itayemi 
Hi All,

I finally compiled Samba 3.0.12pre1 (and 3.0.11) successfully on AIX
4.3.3!
The steps I took will be placed at
http://itayemi.tripod.com/samba.aix433.html

Issues:

I have joined an AD domain with the following commands. When I check on
AD,
I find that the computer is listed as a "DOMAIN CONTROLLER"?

net ads join
net join -U Administrator%password

Is this OK? My intention is just to make the machine a regular computer
on
the domain (or just a member server)

Also,
I can't change the security permissions on a share that belongs to me 
which is the main reason I am testing Samba. I have a Samba 2.2.5
installed
at the moment, but permissions on folders/files are not as fine-grained
as 
I would like. I would like users to be able to grant access/deny access
as 
they please to other users/groups in Active Directory to their
files/folders 
on the samba server.

With samba v 3.0.12, if I acess the security property on a folder and
attempt
to grant another user access to the folder, I get an error stating that
I
don't have the right permission to do so or an access-denied message.

Any ideas?

(I added the winbind lines later but it didn't change anything)


[global]
workgroup = MYREALDOMAIN
server string = ARCHIVESYSTEM
security = ADS
encrypt passwords = Yes
update encrypted = Yes
password server = my-ads-server
username map = /var/samba3012/users.map
log file = /var/samba3012/log/log.%m
max log size = 50
dns proxy = No
wins server = 10.10.1.16
browseable = yes
show add printer wizard = no
realm = MYREALDOMAIN.COM
idmap uid = 15000-2 
idmap gid = 15000-2 
winbind use default domain = Yes 
winbind enum users = yes
winbind enum groups = yes

[homes]
path = /home/%S
read only = No
create mask = 0755
browseable = No


[Printers]
comment = All printers
path = /var/samba/spool
printable = Yes
browseable = No

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Hula-project and Samba

2005-03-17 Thread James Ruthven 
Hello,

Has anyone run Hula Server (http://www.hula-project.org) and Samba on
the same server and got the user authentication to sync?

I imagine this would involve configuring Samba to use eDirectory
(Novell) which Hula is using for store.

I have searched everywhere for documentation referencing Hula and Samba
integration/authentication but only found one article announcing that
Novell has contributed its eDirectory APIs to the Samba Project.

Have these APIs been implemented yet?

Please could someone point me in the right direction?

Many thanks in advance.
James
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba pdc + winbind possible ?

2005-03-17 Thread Collen 
Hmm, sorry tryed it, read the info. but pam_smbpass is only if you
use the samba (textfile) passwd backend.
so it's no good, if you have a mysql or other passdb backend.!
but i found a solution, without using winbind!
pam_smb_auth.so !! that did the trick..
only i downloaded the ftp://ftp.samba.org/pub/samba/pam_smb/ version.
but i saw there's an other version included with the samba source.
(../source/pam_smbpass) ?? but there's no readme on how to compile it..?
a well, it did the trick for me..
Later
Collen
Michael Gasch wrote:
the list mentions, that winbind should not run on a DC at all...why 
don't you use pam_ldap/pam_smbpass module?

greez
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ADS Samba Syncronisation

2005-03-17 Thread Saskia Whigham 
Hey,

my English is not very good. Sorry

My Problem: I have a Windows 2000 ADS Dommain and my Samba Server is Member
of this Domain. The Users has a lot of directorys on the Smab Server. The
User rights for the Smba Directorys are: owner root, group Windows 2000
group, other ---. The Access to the Directory is 770. Everything functions
supper but if i a Windows User change to a ohter Windows Group the Access
Rights become not syncronisiert to the Samba Server. They become first after
a new start of the samba of server syncronisiert. How do i handle that the
Windows Server synchronise the windows 2000 groups rights with the samba
server? Thanks for all answer

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] log.smbd: connection to ldap server failed

2005-03-17 Thread fatima riadi 
Dear all,

I have a samba 3 PDC with authentication through an
OpenLDAP directory.

When I enter the Administrator sername and password to
join my domain, I receive a "Failer to open a
session...".
I check my log.smbd file, it indicates "Connection to
LDAP server failed for the Xth try".

If I try to connect to my LDAP server using ssh (ssh
[EMAIL PROTECTED]), I am promted to enter a
password for the user user_name but I get a
"Permission denied, please try again".

What would you please have any idea?






Découvrez nos promotions exclusives "destination de la Tunisie, du Maroc, des 
Baléares et la Rép. Dominicaine sur Yahoo! Voyages :
http://fr.travel.yahoo.com/promotions/mar14.html
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc

2005-03-17 Thread Phil Dawson 
John,

In my original port I said

quote: "changed linuxpdc to be domain master"

I wrote to mean "changed linuxpdc to be ROLE_DOMAIN_PDC".  Sorry if I 
didn't make myself clear.  I did test with testparm before trying to log 
on.  Everything looked ok.  Again, it didn't work.  What I have tried 
since is to take the winxp box out of the domain and re-join it to the 
domain when linuxpdc is the PDC.  Now when I log on and run the set 
command is see LOGONSERVER=//LINUXPDC which is what I was expecting 
originally.  Still having problems getting logon.bat to run when logging 
on.  Will have a look at this today.  I'm also going through the logs and 
settings/password files etc to see if I can spot any differences.

Upto now:

xp box can log onto the domain when LINUXPDC is the PDC for the domain. ( 
after re-joining )
all shares are available
linuxpdc is visible in the network

i think its safe to say DNS entries are ok.  winxp hack worked because we 
have proved we can log onto the linuxpdc.

Another question is, if I take machines out of the domain then re-add them 
as I have done above and as long as the domain has the same SID when I 
re-join machines to the domain will they use the same local profile ( my 
documents / desktop ) etc ...

Any other ideas ???



Phil.







John H Terpstra <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED]
16/03/2005 14:54
Please respond to
[EMAIL PROTECTED]


To
samba@lists.samba.org
cc

Subject
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc






Phil,

After migrating the domain data did you change the role of the Samba 
server to 
PDC?

In your smb.conf you need to set in [global]:

 domain master = Yes

The run 'testparm' to validate your settings.

- John T.

On Wednesday 16 March 2005 05:39, Phil Dawson wrote:
> Hello,
>
> Second post: first had logs attached but was too big.
>
> I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode
> install ), 1 linux server ( to become pdc ) and a win xp box to test 
logon
> when the migration was completed.  The problem is no matter what I try
> after the migration the win xp's logonserver = windows server not linux
> server.  I have no idea what is going on here.  I've listed the process
> for migration just incase I'm doing something wrong.
>
> NB: Initially I had a problem with the migration because machines were 
not
> being created.  The problem was due to useradd conforming to the posix
> standard and wouldn't allow accounts prefixed with $.  Got an interim 
fix
> from RedHat which fixed this problem.
>
> i can log in using
>
> smbclient -L localhost -U% -- anonymous shares available
> smbclient -L //linuxpdc/public -U pdawson -- shares available plus home
> directory
>
>
>
> Is there anything obvious I've missed?  I've been at this for weeks now
> and have no idea what to check next. ( logs are a blur now ).
>
>
> for the purpose of log entries ( supplied if requested )
>
> Domain: TESTPDC0
> Windows 2000:   TESTPDC ( 192.168.44.80 )
> Linux ServerLINUXPDC   ( RHES4 )( 192.168.44.81 )
> WinXP   ( 192.168.44.20 ) (
> machine name HP96281120913 )
>
>
> Added linuxpdc and testpdc to /etc/samba/lmhosts
> Added linuxpdc and testpdc to our DNS
>
>
> cleaned groups up with
>
> -- delGrps.sh 
>
> net groupmap cleanup
> net groupmap delete ntgroup="Print Operators"
> net groupmap delete ntgroup="Domain Guests"
> net groupmap delete ntgroup="System Operators"
> net groupmap delete ntgroup="DnsAdmins"
> net groupmap delete ntgroup="Replicator"
> net groupmap delete ntgroup="Guests"
> net groupmap delete ntgroup="Power Users"
> net groupmap delete ntgroup="DnsUpdateProxy"
> net groupmap delete ntgroup="Administrators"
> net groupmap delete ntgroup="Account Operators"
> net groupmap delete ntgroup="Backup Operators"
> net groupmap delete ntgroup="Users"
> net groupmap delete ntgroup="Domain Users"
> net groupmap delete ntgroup="Domain Admins"
> net groupmap delete ntgroup="Domain Computers"
> net groupmap delete ntgroup="Cert Publishers"
> net groupmap delete ntgroup="RAS and IAS Servers"
> net groupmap delete ntgroup="Pre-Windows 2000 Compatible Access"
> net groupmap delete ntgroup="Group Policy Creator Owners"
> net groupmap delete ntgroup="Enterprise Admins"
> net groupmap delete ntgroup="Domain Controllers"
> net groupmap delete ntgroup="Schema Admins"
> net groupmap delete ntgroup="Server Operators"
>
> -- delGrps.sh end 
>
>
> removed secrets.tdb and passwd.tdb
>
> set up smb.conf to be ROLE_DOMAIN_BDC
>
> < testparm showed no errors >
>
> net rpc join -S testpdc -W testpdc0 -UAdministrator%password
>
> < joined the domain ok.  checked on the win2000 server and linuxpdc was
> listed as a domain controller >
>
> net rpc getsid -S testpdc -W testpdc0
>
> < sid was put into secrets >
>
> net getlocalsid testpdc0
>
> S-1-5-21-705938202-4238141491-2786779978
>
> < showed correct sid

[Samba] Re: is it possible to cut and paste linux shadow file passwd hashes to smbpasswd file?

2005-03-17 Thread Jim C. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| is it possible to cut and paste linux shadow file passwd hashes to
| smbpasswd file?
...and have it work? I'm afraid not. What you need is:
passwd program = /usr/bin/passwd '%u'
unix password sync = Yes
This way, when a user changes their password, both sets will be changed.
Then what you can do have the system prompt users you already have to
change them.
Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCOUBt57L0B7uXm9oRAh2RAKCDMi3nkAlvi+OAjRpx+6VFdjNaxwCcCqIz
ymjchiaJT/sgYegB+3JUr0M=
=R2dB
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba(PDC)+LDAP+XPpro cannot join domain /w XP pro machine

2005-03-17 Thread fatima riadi 
I am runing into a similar problem.

The difference is that when I enter the admin passwd
to join my domain, a session failes to be opened...

For you, I'd suggest that you check your password
encryption type if it is set correctly...

 --- Steven Jacobs <[EMAIL PROTECTED]> a écrit :

> I receive an "Access is Denied" error after provide
> the Administrator
> username and password when trying to join my Samba
> domain.  Has anyone
> run into this??
> 
>
---log.smbd-
> [2005/03/14 19:37:19, 2]
> lib/interface.c:add_interface(79)
>   added interface ip=192.168.2.4 bcast=192.168.2.255
> nmask=255.255.255.0
> [2005/03/14 19:37:19, 2]
> lib/tallocmsg.c:register_msg_pool_usage(57)
>   Registered MSG_REQ_POOL_USAGE
> [2005/03/14 19:37:19, 2]
> lib/dmallocmsg.c:register_dmalloc_msgs(71)
>   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> [2005/03/14 19:37:19, 2]
> smbd/server.c:open_sockets_smbd(324)
>   waiting for a connection
> [2005/03/14 19:38:05, 2]
> lib/smbldap.c:smbldap_search_domain_info(1373)
>   Searching
>
for:[(&(objectClass=sambaDomain)(sambaDomainName=SRSCORP))]
> [2005/03/14 19:38:05, 2]
> lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/03/14 19:38:05, 1]
> lib/smbldap.c:add_new_domain_info(1343)
>   failed to add domain dn=
> sambaDomainName=SRSCORP,dc=srsmanagement,dc=com
> with: Already exists
> 
> [2005/03/14 19:38:05, 0]
> lib/smbldap.c:smbldap_search_domain_info(1392)
>   Adding domain info for SRSCORP failed with
> NT_STATUS_UNSUCCESSFUL
> [2005/03/14 19:38:05, 2]
> passdb/pdb_ldap.c:pdb_init_ldapsam(2959)
>   pdb_init_ldapsam: WARNING: Could not get domain
> info, nor add one to
> the domain
>   pdb_init_ldapsam: Continuing on regardless, will
> be unable to allocate
> new users/groups, and will risk BDCs having
> inconsistant SIDs
> [2005/03/14 19:38:06, 2]
> lib/smbldap.c:smbldap_search_domain_info(1373)
>   Searching
>
for:[(&(objectClass=sambaDomain)(sambaDomainName=SRSCORP))]
> [2005/03/14 19:38:06, 2]
> lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/03/14 19:38:06, 2]
> lib/smbldap.c:smbldap_search_domain_info(1373)
>   Searching
>
for:[(&(objectClass=sambaDomain)(sambaDomainName=SRSCORP))]
> [2005/03/14 19:38:06, 2]
> lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/03/14 19:38:06, 1]
> lib/smbldap.c:add_new_domain_info(1343)
>   failed to add domain dn=
> sambaDomainName=SRSCORP,dc=srsmanagement,dc=com
> with: Already exists
> 
> [2005/03/14 19:38:06, 0]
> lib/smbldap.c:smbldap_search_domain_info(1392)
>   Adding domain info for SRSCORP failed with
> NT_STATUS_UNSUCCESSFUL
> [2005/03/14 19:38:06, 2]
> passdb/pdb_ldap.c:pdb_init_ldapsam(2959)
>   pdb_init_ldapsam: WARNING: Could not get domain
> info, nor add one to
> the domain
>   pdb_init_ldapsam: Continuing on regardless, will
> be unable to allocate
> new users/groups, and will risk BDCs having
> inconsistant SIDs
> [2005/03/14 19:38:06, 1]
> lib/smbldap.c:add_new_domain_info(1343)
>   failed to add domain dn=
> sambaDomainName=SRSCORP,dc=srsmanagement,dc=com
> with: Already exists
> 
> [2005/03/14 19:38:06, 0]
> lib/smbldap.c:smbldap_search_domain_info(1392)
>   Adding domain info for SRSCORP failed with
> NT_STATUS_UNSUCCESSFUL
> [2005/03/14 19:38:06, 2]
> passdb/pdb_ldap.c:pdb_init_ldapsam(2959)
>   pdb_init_ldapsam: WARNING: Could not get domain
> info, nor add one to
> the domain
>   pdb_init_ldapsam: Continuing on regardless, will
> be unable to allocate
> new users/groups, and will risk BDCs having
> inconsistant SIDs
>
--
> 
>
---smb.conf
> [global]
> workgroup = SRSCORP
> netbios name = mail1
>  enable privileges = yes
> interfaces = 192.168.2.4
> username map = /etc/samba/smbusers
> server string = Samba Server %v
> security = user
> encrypt passwords = Yes
> min passwd length = 3
> obey pam restrictions = No
> #unix password sync = Yes
> #passwd program =
> /usr/local/sbin/smbldap-passwd -u %u
>  #passwd chat = "Changing password for*\nNew
> password*" %n\n "*Retype
> new password*" %n\n"
> ldap passwd sync = Yes
> log level = 2
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 10
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
> mangling method = hash2
> Dos charset = 850
> Unix charset = ISO8859-1
> 
> logon script = logon.bat
> logon drive = H:
> logon home =
> logon path =
> 
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> passdb backend = ldapsam: