[Samba] $BL$5Bz9-9p(#DcMx0lK\2=!*#3#0(B$BF|$GZ6b$rC/$K$bCN$i$l$:2r7h$9$kJ}K!(B

2005-03-29 Thread $B%]%$%s%H%a!<%k(B 
$BAw?.;v6HeLnD.El(B1-26-1011
$B"(J@$K(B
$B!VG[?.ITMW!W$H5-F~$7$F2<5-%"%I%l%9$XAw?.$7$F$/[EMAIL PROTECTED](B
$BG[?.Dd;_(B $B"*!!([EMAIL PROTECTED]
(BURL$B$h$j2r=|"*!!(Bhttp://www.busiassist.com/kaijo/del.cgi
(B
$B!y!y(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,!y(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,!y!y(B
(B
$B"#DcMx0lK\2=!*#3#0F|$G/$7$G$b%W%i%9$K$J$l$P9,$$$G$9!#(B
(B
(B
(Bhttp://www.tsaxis.com/gokuhi/
(B
(B
$B(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,!y(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(B
(B[EMAIL PROTECTED]T(B:  $B%]%$%s%H%a!<%k(B
$B=;=j(B: $B")(B596-0047$B!!Bg:eI\4_OBED;T>eLnD.El(B1-26-1011 
$B1D6H;~4V(B: $B7n!AEZ!!(B($B8aA0#9;~$+$i8a8e#6;~!KF|MKF|!&=K:WF|$O5Y6H(B 
$B%"%I%l%9(B:  [EMAIL PROTECTED] 
(BURL:   http://www.busiassist.com 
$B(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,!y(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(B
$BK\%a!<%kITMW$N>l9g2<5-$h$j2r=|$G$-$^$9!#(B
(Bhttp://www.busiassist.com/kaijo/del.cgi
(B
(B-- 
(BTo unsubscribe from this list go to the following URL and read the
(Binstructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] the problem of join samba3.0 to windows2000 doamin

2005-03-29 Thread gzis 
when i want to join the samba3.0 server to the win2k domain, it appear the
errors as below:

[EMAIL PROTECTED] samba]# net join -S gz -U is2000
is2000's password: ie2003bd
[2005/03/29 16:14:58, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for
requested realm
[2005/03/29 16:14:58, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Cannot find KDC for requested realm

Unable to find a suitable server

Unable to find a suitable server

my smb.conf is as below:










-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SaveAs Problems

2005-03-29 Thread Robert Bartl 
Hy,
We've got some weird Problems with SaveAs from all Programs to a Samba 
Server.

The File get's saved but the user get's three Error Messages (Messagebox 
OK) telling him that the file could not be saved.
The Problem is not easily recreateable and appears randomly.

Any Pointers??
Bye, robert.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Client Profile mistake

2005-03-29 Thread Norman . Trapp 
Hello,

after our harwarechrash we had to change the serversystem to another 
hardware.
I copied all necessary samba files (I hope I did)  to the new hardware and 
restarted Samba.
Now when I try to log on the domain the client ist no longer trusted by 
the domain.
When I add the client to the domain to solve these problem, I get an new 
profile after login.
And this is my problem. All our client-users are mobile user, they all 
have local profiles.
And the need ther profiles back. They don't accept new profiles.
So what do I have to do to use our old profiles.

Mit freundlichen Grüssen / Kind regards

Norman Trapp

System Management

objective partner GmbH 
Bergstrasse 45
D-69469 Weinheim

Tel. +49 (0)6201 3986 24
Fax. +49 (0)6201 3986 12
___
objective partner - keep IT in e.motion


Diese eMail enthaelt vertrauliche und/oder rechtlich geschuetzte 
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese eMail 
irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und 
vernichten Sie diese eMail. Das unerlaubte Kopieren sowie die unbefugte 
Weitergabe dieser eMail ist nicht gestattet.

This email may contain confidential and/or privileged information. If you 
are not the intended recipient (or have received this email in error) 
please notify the sender immediately and destroy this email. Any 
unauthorized copying, disclosure or distribution of the material in this 
email is strictly forbidden.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Client Profile mistake

2005-03-29 Thread Luca Olivetti 
[EMAIL PROTECTED] wrote:
Hello,
after our harwarechrash we had to change the serversystem to another 
hardware.
I copied all necessary samba files (I hope I did)  to the new hardware and 
restarted Samba.
Now when I try to log on the domain the client ist no longer trusted by 
the domain.
When I add the client to the domain to solve these problem, I get an new 
profile after login.
And this is my problem. All our client-users are mobile user, they all 
have local profiles.
And the need ther profiles back. They don't accept new profiles.
So what do I have to do to use our old profiles.
http://msmvps.com/clustering/archive/2004/10/06/15096.aspx ?
This email may contain confidential and/or privileged information. If you 
are not the intended recipient (or have received this email in error) 
please notify the sender immediately and destroy this email.
Mmm, my bit destroyer is broken, and I'm not sure if I'm the intended 
recipient, what should I do now?

Bye
--
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004  Fax +34 93 5883007
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba as domain controller

2005-03-29 Thread ankush grover 
Hey friends,

I want to setup Linux(Samba) as Domain Controller means no more
Windows NT,2k or 2k3 as domain controller.I have mix of windows and
Linux clients and I want these clients to get authentication from the
Linux .Can anybody tell me any tutorial or How to do it.


Thanks  Regards

Ankush
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Very HUGE binaries!?

2005-03-29 Thread Urs Rau 
Gerald (Jerry) Carter wrote:
 Gerald (Jerry) Carter wrote:
 | Toni Verdu Carbo wrote:
 | | Hi!
 | |
 | | I've been compiling Samba 3.0.x on a Solaris 2.6
 | | server using GCC 3.4.1 without any problem until recently...
 | | The problem started with 3.0.12 version, and reproduced in 3.0.13.
 | | Doing configure and then make produces with these two
 | | versions VERY HUGE binaries!
 |
 | I've tracked down the change to configure.in that caused this.
 | YOu can work around it by either (a) stripping the resulting
 | binaries, (b) manually removing '-g' from the Makefile, or
 | (c) manually setting CFLAGS to any value before running
 | configure.
 |
 | I'll go ahead and fix this in the SAMBA_3_0 svn tree.

 Fixed in svn now.  The patch is at
 http://samba.org/~jerry/patches/post-3.0.13/configure_debug.patch


Thanks for this fix. However on my FC2 I still get huge binaries and as
a consequence huge rpms even after running your patch and then running
autogen.sh in the rpm building.
I have tried inserting sh autogen.sh into the samba.spec file instead
of script/mkversion.h in the %prep stage.
Also adding --enable-developer=no to the configure lines in %build was
to no avail.
It would appear that $RPM_OPT_FLAGS is the one that introduces
CFLAGS=-O2 -g -march=i386 -mcpu=i686, so your patch helps set sane 
defaults for normal compiles but does not fix the problem for a rpm build.

Any advice on the cleanest way to reduce the size of the binaries and
not have them compiled with -g?
Thanks in advance.
Regards,
Urs Rau
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Very HUGE binaries!?

2005-03-29 Thread Urs Rau 
Urs Rau wrote:
 It would appear that $RPM_OPT_FLAGS is the one that introduces 
CFLAGS=-O2 -g -march=i386 -mcpu=i686

 Any advice on the cleanest way to reduce the size of the binaries and 
not have them compiled with -g?

For now I have added an ugly 2-liner to the beginning of the %prep and
%build sections. (in case rpm builders jump straight to the %build section)
# avoid building huge rpms
RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed s/-g//`
I know I could have either reset my system wide rpmrc or set my own
~/.rpmrc, but I wanted to make sure that anybody that uses my spec file
to rebuild the rpm would also get small binaries and not have to
remember to set their own system or personal rpmrc
Is this all one can do, it feels like an ugly hack?
Regards,
Urs Rau
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Problems with Excel MS Word files (still)

2005-03-29 Thread Urs Rau 
Jeremy or Nathan,
Jeremy Allison wrote:
Ok, I have a working theory for this. It concerns ACLs and what 
happens when excel wants to update the filetime on a file the user 
doesn't own.

Normally you just set the dos filetime parameter to allow this 
(this causes a timestamp to be updated on a file if you can write to 
it - normally POSIX only allows this if you're the owner). I've
realised the codepath here doesn't check ACL semantics. This is a bug
we've had since we introduced ACLs a long time ago but only now seems
to have been triggered.

Here is a patch to the just released 3.0.13 that causes ACL entries 
to be properly checked when dos filetime= True has been set.

Please try this on top of 3.0.13 and let me know if it fixes the 
issues.
Has this been confirmed, as fixing it? I am rolling a 3.0.13 maintenance 
release and it would be nice to clear this excel ACL bug. What is the 
bugzilla entry for this bug, so I can follow it?

Thanks a lot.
Regards,
--
Urs Rau
Head of Operations
Operation Mobilisation
UK National Office
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Joining XP machine error

2005-03-29 Thread jan ardosa 
Hi to all. I would like to ask what are the possible or common causes of 
NT_STATUS_NO_SUCH_USER error? I've been reading other post about the subject 
but none has definitive answer to this problem. I cant join an XP machine to 
the domain either manually or thru XP but I can add user account and used the 
account to logon using SSH. BTW, Im using RH9, Samba ver 3.0.11rc1 and openldap 
2.2.23.
 
Many thanks
 
Jan


-
  Yahoo! Messenger - Communicate instantly...Ping your friends today! 
Download Messenger Now
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Memory Mapped Files

2005-03-29 Thread Graeme Burnett 
Hi

We have a process on Linux (SLES 8.1 AMD64) which is writing data to a
memory mapped file created on a samba partition smbmounted from a windows
server.

The changes show up on the Linux side but are invisible to a process
reading the same file on windows.

I would be grateful if someone could offer and explanation of this behaviour?

Regards

Graeme





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Re: No vscan HOWTOs?

2005-03-29 Thread mourik jan c heupink 
I have been trying to find out how to EXCLUDE certain files from scanning.

Appearentlty it works by MIME-type. You have to configure your own mime type in 
/etc/magic, and then add that mime type to vscan-clamav.conf

Has anyone got this working?

 -Original Message-
 From: Karl Banasky [mailto:[EMAIL PROTECTED] 
 Sent: 28 March 2005 05:54
 To: Jim C.
 Cc: samba@lists.samba.org
 Subject: Re: [Samba] Re: No vscan HOWTOs?
 
 
 I have been installing it on my Centos 4 box.  Got it working on a 
 quarentine bases. That way I can see if it is working 
 correctly. There 
 are some test Virus sites available to download a test virus to your 
 share and see what happens.  Might be dangerous but useful.  I worked 
 from src.rpms for all of it except samba-vscan.
 My issues were:
 1) Not having the Samba source (configured and make); Solved it by 
 rpmbuild -bc samba-src.rpm(Source showed in the BUILD directory.
 2) Not having the socket configured correctly in the clamd.conf and 
 the vscan-clamav.conf; Solved it by enabling it in the clamd.conf 
 file and verified same location in the vscan-clamav.conf file
 3) Build issues with clamav-.src.rpm; solved by yum'ing in 
 sendmail-devel and sendmail-cf
 
 Other then that it was straight forward.
 
 Jim C. wrote:
 
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
 
  [chuckle]
 
  I think I've got it working.  Apparently one just has to add the 
  clamav user to the 'Domain Admins' group so that it can do 
 it's job.  
  I've been googleing around and it looks like a whole lot of 
 people are 
  missing this, i.e. that clamav.
 
  I could use some pointers on how to be sure it is working 
 though. I'm 
  not seeing it in my logs, but I'm also not sure where to look.
 
  Jim C.
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1.2.5 (MingW32)
  Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
  iD8DBQFCR1vV57L0B7uXm9oRAs+cAJ0RrLMa6Ou/RehR0dprQkK6Tjg7lgCfXz5j
  /Mtirt+9h7H6w3joPTw22Dc=
  =r98u
  -END PGP SIGNATURE-
 
 
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] A small question on Winbind

2005-03-29 Thread Hamish 
On Tuesday 29 March 2005 08:29, Phibee NOC wrote:
 Hi
 it's possible with wbinfo that get a information:

 1- Get all users of one Active Directory Group
this can be done with getent passwd {groupname} - not sure how to do it with 
wbinfo
 2- Get all groups of one username ?
Not 100% sure about this, but a start might be getent group | grep {username} 
- im sure a bit of sed would neaten the results

Hope that helps,
H


pgpqtexElI0DE.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Using Lotus Domino LDAP as Samba Backend

2005-03-29 Thread Norman . Trapp 
Hello,

can I use the Lotus Domino LDAP Server as backend for Samba?
Has anyone tried this, or some experiences in that?


Mit freundlichen Grüssen / Kind regards

Norman Trapp

System Management

objective partner GmbH 
Bergstrasse 45
D-69469 Weinheim

Tel. +49 (0)6201 3986 24
Fax. +49 (0)6201 3986 12
___
objective partner - keep IT in e.motion


Diese eMail enthaelt vertrauliche und/oder rechtlich geschuetzte 
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese eMail 
irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und 
vernichten Sie diese eMail. Das unerlaubte Kopieren sowie die unbefugte 
Weitergabe dieser eMail ist nicht gestattet.

This email may contain confidential and/or privileged information. If you 
are not the intended recipient (or have received this email in error) 
please notify the sender immediately and destroy this email. Any 
unauthorized copying, disclosure or distribution of the material in this 
email is strictly forbidden.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbd 100% systemload

2005-03-29 Thread Matthias Henze 
hi,
i've a debian sarge setup with samba 3.0.10 with ldap as SAM backend. every 
thing used to work as expected, but last week the machine went down. an 
analysis of the problem has showen, that with increasing uptime there is a 
growing number of smbd processes that caus 100% CPU utilation. tests have 
showen, that i can kill these processes without harming smb conecctivtiy. 
this is a workaround but no soulution.

i've absolutely no idea what causes this and what i can/should do to track 
this down.

any suggestions ?
TIA
Matthias Henze[EMAIL PROTECTED]
Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc
- - - - - - - - - - - - - - - - - - - - - - - - - - -
MHC SoftWare GmbH  voice: +49-(0)9533-92006-0
Fichtera 17  fax: +49-(0)9533-92006-6
96274 Itzgrund/Germanye-Mail: [EMAIL PROTECTED]
- - - - - - - - - - - - - - - - - - - - - - - - - - -
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows XP greyed-out Guest user password prompt

2005-03-29 Thread Hamish 
On Monday 28 March 2005 20:07, Jules Agee wrote:
 updates]

          comment = Software Updates
          path = /var/local/fileshare/admin/updates
          browsable = no
          create mask = 774
          group = SystemAdmin
          directory mask = 0775
          nt acl support = no
          read only = yes
          guest ok = yes

Hi Jules
This may be way off, but i know how frustrating it can be not getting any 
suggestions! I have a samba server with a guest share, the only difference i 
can see is that i have guest only = yes.
Here is one of the read only shares (sanitised):

[guests]
path = /guest/share
guest only = Yes
guest ok = Yes

This works fine from XPSP2 and SP1 clients, the server is security = domain 
though, so this may make a difference, although non-domain machines/users 
connect with no problems to the guest shares.

Hope this helps!
H


pgpSIHb3jtAHD.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] printers detect

2005-03-29 Thread Fabio Marcone 
Hi!
I'm designing a web interface to manage samba server (users, shares, printers) 
and I would known how i can detect printers available in samba. In that way, 
admin can set rights and others params of a selected printer.

Thanks,
Fabio
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] A small question on Winbind

2005-03-29 Thread Daniel Amthor 
Am Dienstag 29 Mrz 2005 13:12 schrieb Hamish:
2- Get all groups of one username ?
Maybe I'm oversimplifying, but (given nsswitch and all is in place):
# id username
?
HTH 
Dan

-- 
Daniel Amthor   Linux LPI Level 2 Administrator
Im Brhl 10t: +49-06173-935960
61476 Kronberg  e: [EMAIL PROTECTED]  ICQ: 196700332
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with wbinfo

2005-03-29 Thread Ricardo Maciel 
Hello,

I'm using a Samba client to access a Samba Server. The smbclient
tool is ok, both at the client as at the server. I'm having trouble
with the wbinfo command (winbind service) at the client, as you can
see below.

Can anybody help me?

Thanks!!!

=Problem==

Samba Server: samba-3.0.10-1.fc2
Samba Client: Version 3.0.0-14.3E
--
# service winbind start
Iniciando serviços Winbind:[  OK  ]
#
#
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_INTERNAL_ERROR (0xc0e5)
Could not check secret
#
#
# wbinfo -u
Error looking up domain users
#
#
# wbinfo -g
Error looking up domain groups
#
#
# service winbind stop

Desligando os serviços Winbind:[  OK  ]
#
#
# winbindd -i -d 4
winbindd version 3.0.0-14.3E started.
Copyright The Samba Team 2000-2003
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file /etc/samba/smb.conf
Processing section [global]
doing parameter workgroup = REG
doing parameter netbios name = Estacao1386000
handle_netbios_name: set global_myname to: ESTACAO1386000
doing parameter security = domain
doing parameter password server = *
doing parameter winbind uid = 1000-2
doing parameter winbind gid = 1000-2
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind separator = +
doing parameter winbind cache time = 10
doing parameter template homedir = /home/winnt/%D/%U
doing parameter winbind use default domain = yes
doing parameter template shell = /bin/bash
pm_process() returned Yes
adding IPC service
adding IPC service
added interface ip=10.80.100.98 bcast=10.80.100.255 nmask=255.255.255.0
added interface ip=10.80.100.98 bcast=10.80.100.255 nmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
get_dc_list: returning 1 ip addresses in an unordered list
get_dc_list: 10.80.100.62:0
nmb packet from 10.80.100.62(137) header: id=2081 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=REG1c rr_type=33 rr_class=1 ttl=0
answers   0 char .PDC   hex 09504443202020202020202020202020
answers  10 char .d.PDC hex 00640050444320202020202020202020
answers  20 char   .d.PDC   hex 20200364005044432020202020202020
answers  30 char  d...__MSBRO   hex 2020202020640001025F5F4D5342524F
answers  40 char WSE__REG   hex 5753455F5F0201E40052454720202020
answers  50 char ...REG hex 202020202020202000E4005245472020
answers  60 char   .d.REG   hex 202020202020202020201B6400524547
answers  70 char ...R   hex 2020202020202020202020201CE40052
answers  80 char EG.d   hex 45472020202020202020202020201D64
answers  90 char .REG   hex 00524547202020202020202020202020
answers  a0 char    hex 1EE4
answers  b0 char    hex 
answers  c0 char    hex 
answers  d0 char .   hex 00
rpc_dc_name: Returning DC PDC (10.80.100.62) for domain REG
IPC$ connections done anonymously
Connecting to host=PDC
Connecting to 10.80.100.62 at port 445
Serverzone is 10800
add_trusted_domain: REG is a mixed (or NT4) mode domain
Added domain REG
Could not fetch sid for our domain REG
scanning trusted domain list
rpc: trusted_domains
get_dc_list: returning 1 ip addresses in an unordered list
get_dc_list: 10.80.100.62:0
nmb packet from 10.80.100.62(137) header: id=30956 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=REG1c rr_type=33 rr_class=1 ttl=0
answers   0 char .PDC   hex 09504443202020202020202020202020
answers  10 char .d.PDC hex 00640050444320202020202020202020
answers  20 char   .d.PDC   hex 20200364005044432020202020202020
answers  30 char  d...__MSBRO   hex 2020202020640001025F5F4D5342524F
answers  40 char WSE__REG   hex 5753455F5F0201E40052454720202020
answers  50 char ...REG hex 202020202020202000E4005245472020
answers  60 char   .d.REG   hex 202020202020202020201B6400524547
answers  70 char ...R   hex 2020202020202020202020201CE40052
answers  80 char EG.d   hex 45472020202020202020202020201D64
answers  90 char .REG   hex 00524547202020202020202020202020
answers  a0 char    hex 1EE4
answers  b0 char    hex

Re: [Samba] Problem with wbinfo

2005-03-29 Thread Hamish 
On Tuesday 29 March 2005 13:13, Ricardo Maciel wrote:
 Hello,

 I'm using a Samba client to access a Samba Server. The smbclient
 tool is ok, both at the client as at the server. I'm having trouble
 with the wbinfo command (winbind service) at the client, as you can
 see below.

 Can anybody help me?

 Thanks!!!

 =Problem==

 Samba Server: samba-3.0.10-1.fc2
 Samba Client: Version 3.0.0-14.3E
 --
 # service winbind start
 Iniciando serviços Winbind:                                [  OK  ]
 #
 #
 # wbinfo -t
 checking the trust secret via RPC calls failed
 error code was NT_STATUS_INTERNAL_ERROR (0xc0e5)
 Could not check secret
 #
 #
 # wbinfo -u
 Error looking up domain users
 #
 #
 # wbinfo -g
 Error looking up domain groups
 #
 #
 # service winbind stop

 Desligando os serviços Winbind:                            [  OK  ]

Make sure you do not have nscd running - i had similar problems with it. You 
should be able to do this with `service nscd stop; chkconfig nscd off`
Hope that helps
H


pgpY3hSJ35I9j.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Re: Problems with Excel MS Word files (still)

2005-03-29 Thread Nathan Vidican 

No confirmation over here, havn't had a chance to compile a new copy -
rolled back to 3.0.8 for the time being it's been less buggy but still have
occasional file(s) locking up.

A little unclear here, do I need to add a patch to 3.0.13 before compiling,
or simply add 'dos filetime = yes' to the configuration?

Lastly, does it matter if I'm not using ACL's? Just using plain old UNIX
permissions (750/660 dir/file) and the force-group parameter for most
shares - which works quite well thus far.

--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate  Tool Ltd.
http://www.wmptl.com/


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Urs
Rau
Sent: Tuesday, March 29, 2005 5:01 AM
To: samba@lists.samba.org
Subject: [Samba] Re: Problems with Excel  MS Word files (still)


Jeremy or Nathan,

Jeremy Allison wrote:

 Ok, I have a working theory for this. It concerns ACLs and what
 happens when excel wants to update the filetime on a file the user
 doesn't own.

 Normally you just set the dos filetime parameter to allow this
 (this causes a timestamp to be updated on a file if you can write to
 it - normally POSIX only allows this if you're the owner). I've
 realised the codepath here doesn't check ACL semantics. This is a bug
 we've had since we introduced ACLs a long time ago but only now seems
 to have been triggered.

 Here is a patch to the just released 3.0.13 that causes ACL entries
 to be properly checked when dos filetime= True has been set.

 Please try this on top of 3.0.13 and let me know if it fixes the
 issues.

Has this been confirmed, as fixing it? I am rolling a 3.0.13 maintenance
release and it would be nice to clear this excel ACL bug. What is the
bugzilla entry for this bug, so I can follow it?

Thanks a lot.

Regards,

--
Urs Rau
Head of Operations
Operation Mobilisation
UK National Office

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] NFS and ACL

2005-03-29 Thread Patrick DUBAU 
Hi,
i still have no response for my problem, so i try again in another way.
i have a share on with i set ACLs. This work fine.
I mount this share with NFS on another server, but the ACL, can't be 
seen on the NFS side (i use getfacl)

Is there a way to keep the ACL threw a NFS export ?
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Re: No vscan HOWTOs?

2005-03-29 Thread mourik jan c heupink 
Does anyone have ANY idea what to put in /etc/magic to identify microsoft 
outlook pst files?

scanning larger pst files (100 mb or so) currently raises my clamd cpu 
processor usage to 90% or higher, and 'locks' ms outlook on the workstation 
during the scan, so I'd rather not scan them and have mcafee on the workstation 
take care of that.

Insight would really be appreciated.

 -Original Message-
 From: heupink, mourik jan c 
 Sent: 29 March 2005 12:56
 To: samba@lists.samba.org
 Subject: RE: [Samba] Re: No vscan HOWTOs?
 
 
 I have been trying to find out how to EXCLUDE certain files 
 from scanning.
 
 Appearentlty it works by MIME-type. You have to configure 
 your own mime type in /etc/magic, and then add that mime type 
 to vscan-clamav.conf
 
 Has anyone got this working?
 
  -Original Message-
  From: Karl Banasky [mailto:[EMAIL PROTECTED]
  Sent: 28 March 2005 05:54
  To: Jim C.
  Cc: samba@lists.samba.org
  Subject: Re: [Samba] Re: No vscan HOWTOs?
  
  
  I have been installing it on my Centos 4 box.  Got it working on a
  quarentine bases. That way I can see if it is working 
  correctly. There 
  are some test Virus sites available to download a test 
 virus to your 
  share and see what happens.  Might be dangerous but useful. 
  I worked 
  from src.rpms for all of it except samba-vscan.
  My issues were:
  1) Not having the Samba source (configured and make); Solved it by 
  rpmbuild -bc samba-src.rpm(Source showed in the BUILD directory.
  2) Not having the socket configured correctly in the 
 clamd.conf and 
  the vscan-clamav.conf; Solved it by enabling it in the 
 clamd.conf 
  file and verified same location in the vscan-clamav.conf file
  3) Build issues with clamav-.src.rpm; solved by yum'ing in 
  sendmail-devel and sendmail-cf
  
  Other then that it was straight forward.
  
  Jim C. wrote:
  
   -BEGIN PGP SIGNED MESSAGE-
   Hash: SHA1
  
   [chuckle]
  
   I think I've got it working.  Apparently one just has to add the
   clamav user to the 'Domain Admins' group so that it can do 
  it's job.
   I've been googleing around and it looks like a whole lot of
  people are
   missing this, i.e. that clamav.
  
   I could use some pointers on how to be sure it is working
  though. I'm
   not seeing it in my logs, but I'm also not sure where to look.
  
   Jim C.
   -BEGIN PGP SIGNATURE-
   Version: GnuPG v1.2.5 (MingW32)
   Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
  
   iD8DBQFCR1vV57L0B7uXm9oRAs+cAJ0RrLMa6Ou/RehR0dprQkK6Tjg7lgCfXz5j
   /Mtirt+9h7H6w3joPTw22Dc=
   =r98u
   -END PGP SIGNATURE-
  
  
  
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba
  
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple Domain Controller

2005-03-29 Thread Alfred Payne 
Can anyone point me to a howto/tutorial that will help me setup a 
multiple domain controller ie. one samba server - multiple domains

Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba does not 'see' all the cups printers

2005-03-29 Thread Bert_De_Ridder 
Hi, all,

I have a weird problem; I have 3 working cups printers on Suse linux 9.
All 3 are networked printers. 

I use the following statements in smb.conf : 
printing = cups
load printers = yes
printcap name = /etc/printcap

[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = yes
writeable = no
public = yes
printable = yes
browsable = No
printer admin = root, bdridder
use client driver = Yes

this is the content of /etc/printcap

# This file was automatically generated by cupsd(8) from the
# /etc/cups/printers.conf file.  All changes to this file
# will be lost.
HP-Laserjet-4000|Developers gelijkvloers - soms platvloers 
;-):rm=GOSCINNY:rp=HP-Laserjet-4000:
HP-LaserJet-4100|Sales  Marketing:rm=GOSCINNY:rp=HP-LaserJet-4100:
HPCL2500|Colour Laserjet - use only when needed:rm=GOSCINNY:rp=HPCL2500:

If I use printcap name = cups in smb.conf, NO printers show up at all.
If I use /etc/printcap, only HPCL2500 shows up in the Printers folder of 
the server. 

Does anybody have an idea how this can happen ?




Regards,

Bert De Ridder

PeopleWare NV - Head Office
Cdt.Weynsstraat 85 
B-2660 Hoboken 
Tel: +32 3 448.33.38 
Fax: +32 3 448.32.66 

PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25

http://www.peopleware.be 
http://www.mobileware.be 



John H Terpstra [EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
16/03/2005 17:34
Please respond to
[EMAIL PROTECTED]


To
samba@lists.samba.org
cc

Subject
Re: [Samba] Samba and LDAP Base DN






Misty,

If your binddn has changed you need to re-run:

 smbpasswd -w 'secret'

to update your secrets.tdb file.

- John T.

On Wednesday 16 March 2005 09:06, Misty Stanley-Jones wrote:
 More info: I tried deleting ou=corp (after making a backup of course) 
and
 still no dice.  As soon as I put back ou=corp and make the baseDN in
 smb.conf ou=corp, everything works.  If I take all the entries under
 ou=corp and copy them one level up, I can't authenticate to Samba 
anymore. 
 It doesn't make any sense.

 On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote:
  Right now, I have all of my Samba stuff under
  ou=corp,dc=mycompany,dc=com. I have it this way because there used to
  also be
  ou=furn,dc=mycompany,dc=com with a different domain.  Now that I only
  have one domain, I would like to move everything to 
dc=mycompany,dc=com. 
  So I copy all of the subentries of ou=corp (ou=computers, ou=people,
  ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I
  change the /etc/ldap.conf files to all point to the new OU.  Perfect. 
  However when I change the baseDN in my smb.conf, all of a sudden I 
cannot
  authenticate. Even when doing smbcontrol smbd reload-config.  The only
  thing I can figure is that it might be doing a 'sub' search and 
finding
  two entries for my user, because I left the 'ou=corp' DN as it was. Is
  it that, or is there something else I have to do in order to 
restructure
  my LDAP tree?
 
  TIA,
  Misty

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO  Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Vijay - net_r_sam_logon errors.

2005-03-29 Thread Vijay Kumar 
Hi,

We get the following errors in the current samba domain controller  : 

[2005/03/29 06:16:49, 0] rpc_server/srv_netlog.c:api_net_sam_logon(206)
  api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON.
[2005/03/29 06:16:49, 0] rpc_server/srv_pipe.c:api_rpcTNP(1200)
  api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed.
[2005/03/29 06:29:35, 0] lib/util_sock.c:matchname(900)
  sys_gethostbyname(netapp-ghost): lookup failure.
[2005/03/29 06:29:35, 0] lib/util_sock.c:get_socket_name(967)
  Matchname failed on netapp-ghost 10.10.10.1
[2005/03/29 06:29:35, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(670)
  api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
[2005/03/29 06:35:26, 0] lib/util_sock.c:matchname(900)
  sys_gethostbyname(bhim): lookup failure.
[2005/03/29 06:35:26, 0] lib/util_sock.c:get_socket_name(967)
  Matchname failed on bhim 10.10.10.2
[2005/03/29 06:35:43, 0] smbd/service.c:make_connection(248)
  bhim (172.16.0.196) couldn't find service netlogon
[2005/03/29 06:37:51, 0] lib/util_sock.c:read_data(436)
  read_data: read failure for 4. Error = Connection reset by peer

I have tested the service through other commands like smbclient  share
name -U  user name  and everything runs perfectly fine. 
Users are able to login with their ID's without any issues. 

Please help me to resolve this error. Whats the cause ? 

Regards,
Vijay Kumar
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE [Samba] NFS and ACL

2005-03-29 Thread spu 





Only NFS v4 have acl support !!!

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467


   
 Patrick DUBAU 
 [EMAIL PROTECTED] 
 sace.iufm.fr   A
 Envoyé par :  samba@lists.samba.org 
 samba-bounces+ste  cc
 phane.purnelle=co   
 [EMAIL PROTECTED]   Objet
 ba.org[Samba] NFS and ACL 
   
   
 29/03/2005 15:01  
   
   
   




Hi,

i still have no response for my problem, so i try again in another way.

i have a share on with i set ACLs. This work fine.
I mount this share with NFS on another server, but the ACL, can't be
seen on the NFS side (i use getfacl)

Is there a way to keep the ACL threw a NFS export ?
Thanks

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Client Profile mistake

2005-03-29 Thread Paul Gienger 

Now when I try to log on the domain the client ist no longer trusted by 
the domain.
When I add the client to the domain to solve these problem, I get an new 
profile after login.
And this is my problem. All our client-users are mobile user, they all 
have local profiles.
And the need ther profiles back. They don't accept new profiles.
So what do I have to do to use our old profiles.
 

This sounds a lot like your domain SID changed, if you can find your SID 
on a machine you can change it back and probably save yourself some 
headache, assuming you arent already too far converting profiles to go back.

For starters, get the SID your server is currently using for comparison:
net getlocalsid
Search around on some system for the old SID.  There's two places I can 
think of for ease:
1. In the registry, you should see someplace under HKEY-USERS a key tree 
that starts with a SID looking number, 
(S-x-x-xx--x-x- or thereabouts).  Take this 
number, and chop off the last - and you have the domain SID of the 
domain.
2. Look for your c:\Docs and Settings directory and you should see some 
directories for your old user(s).  Look at the properties, security tab 
and the owner should be a SID like in step 1.  Chop off the end - 
data as above.

Once you have the domain SID, issue
net setlocalsid S-x-x-xx-x-xxx-
restart the samba process and see how logins go on a machine you haven't 
touched yet.

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba as domain controller

2005-03-29 Thread Paul Gienger 

I want to setup Linux(Samba) as Domain Controller means no more
Windows NT,2k or 2k3 as domain controller.I have mix of windows and
Linux clients and I want these clients to get authentication from the
Linux .Can anybody tell me any tutorial or How to do it.
 

There are two good ones linked to on the main samba.org webpage.  
There's a HowTo and a By Example guide for your perusal.

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba does not 'see' all the cups printers

2005-03-29 Thread Bert_De_Ridder 
Well it seems I can answer my own question here

Very weird, but if I recreate the printers with shorter names (HPLJ4000 in 
stead of HP-LaserJet-4000), Samba 'sees' them

Can anyone explain ? 




Kind regards,

Bert De Ridder

PeopleWare NV - Head Office
Cdt.Weynsstraat 85 
B-2660 Hoboken 
Tel: +32 3 448.33.38 
Fax: +32 3 448.32.66 

PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25

http://www.peopleware.be 
http://www.mobileware.be 



[EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
29/03/2005 15:09

To
samba@lists.samba.org
cc

Subject
[Samba] Samba does not 'see' all the cups printers






Hi, all,

I have a weird problem; I have 3 working cups printers on Suse linux 9.
All 3 are networked printers. 

I use the following statements in smb.conf : 
printing = cups
load printers = yes
printcap name = /etc/printcap

[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = yes
writeable = no
public = yes
printable = yes
browsable = No
printer admin = root, bdridder
use client driver = Yes

this is the content of /etc/printcap

# This file was automatically generated by cupsd(8) from the
# /etc/cups/printers.conf file.  All changes to this file
# will be lost.
HP-Laserjet-4000|Developers gelijkvloers - soms platvloers 
;-):rm=GOSCINNY:rp=HP-Laserjet-4000:
HP-LaserJet-4100|Sales  Marketing:rm=GOSCINNY:rp=HP-LaserJet-4100:
HPCL2500|Colour Laserjet - use only when needed:rm=GOSCINNY:rp=HPCL2500:

If I use printcap name = cups in smb.conf, NO printers show up at all.
If I use /etc/printcap, only HPCL2500 shows up in the Printers folder of 
the server. 

Does anybody have an idea how this can happen ?




Regards,

Bert De Ridder

PeopleWare NV - Head Office
Cdt.Weynsstraat 85 
B-2660 Hoboken 
Tel: +32 3 448.33.38 
Fax: +32 3 448.32.66 

PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25

http://www.peopleware.be 
http://www.mobileware.be 



John H Terpstra [EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
16/03/2005 17:34
Please respond to
[EMAIL PROTECTED]


To
samba@lists.samba.org
cc

Subject
Re: [Samba] Samba and LDAP Base DN






Misty,

If your binddn has changed you need to re-run:

 smbpasswd -w 'secret'

to update your secrets.tdb file.

- John T.

On Wednesday 16 March 2005 09:06, Misty Stanley-Jones wrote:
 More info: I tried deleting ou=corp (after making a backup of course) 
and
 still no dice.  As soon as I put back ou=corp and make the baseDN in
 smb.conf ou=corp, everything works.  If I take all the entries under
 ou=corp and copy them one level up, I can't authenticate to Samba 
anymore. 
 It doesn't make any sense.

 On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote:
  Right now, I have all of my Samba stuff under
  ou=corp,dc=mycompany,dc=com. I have it this way because there used to
  also be
  ou=furn,dc=mycompany,dc=com with a different domain.  Now that I only
  have one domain, I would like to move everything to 
dc=mycompany,dc=com. 
  So I copy all of the subentries of ou=corp (ou=computers, ou=people,
  ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I
  change the /etc/ldap.conf files to all point to the new OU.  Perfect. 
  However when I change the baseDN in my smb.conf, all of a sudden I 
cannot
  authenticate. Even when doing smbcontrol smbd reload-config.  The only
  thing I can figure is that it might be doing a 'sub' search and 
finding
  two entries for my user, because I left the 'ou=corp' DN as it was. Is
  it that, or is there something else I have to do in order to 
restructure
  my LDAP tree?
 
  TIA,
  Misty

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO  Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with wbinfo

2005-03-29 Thread Ricardo Maciel 
Hamish,

Thanks, but the nscd service was already stopped. Must be another
solution. Any other idea?

Ricardo.


On Tue, 29 Mar 2005 13:27:16 +0100, Hamish [EMAIL PROTECTED] wrote:
 On Tuesday 29 March 2005 13:13, Ricardo Maciel wrote:
  Hello,
 
  I'm using a Samba client to access a Samba Server. The smbclient
  tool is ok, both at the client as at the server. I'm having trouble
  with the wbinfo command (winbind service) at the client, as you can
  see below.
 
  Can anybody help me?
 
  Thanks!!!
 
  =Problem==
 
  Samba Server: samba-3.0.10-1.fc2
  Samba Client: Version 3.0.0-14.3E
  --
  # service winbind start
  Iniciando serviços Winbind:[  OK  ]
  #
  #
  # wbinfo -t
  checking the trust secret via RPC calls failed
  error code was NT_STATUS_INTERNAL_ERROR (0xc0e5)
  Could not check secret
  #
  #
  # wbinfo -u
  Error looking up domain users
  #
  #
  # wbinfo -g
  Error looking up domain groups
  #
  #
  # service winbind stop
 
  Desligando os serviços Winbind:[  OK  ]
 
 Make sure you do not have nscd running - i had similar problems with it. You
 should be able to do this with `service nscd stop; chkconfig nscd off`
 Hope that helps
 H
 
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba
 
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Smbmnt problem with real path

2005-03-29 Thread Suren Sargsyan 
Dear friends,

The following command

smbmnt //winhost/share /home/myname/share

Produces the error

Failed to find real path for mount point.

What does it mean, and how to fix it.

Regards
Suren

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] wins problem - 2nd and last time post

2005-03-29 Thread Flavio Fonseca 
Hello list

 I am having the following problem with samba wins server:

1. my servers record are desapearing from wins database. this 
servers(computers) are never turned off, and once or twice a week the wins  
records just vanish and I have to restart the server to register itself again 
with wins.

2. when I install a new workstation I do so in a subnet A where is my support 
team. Then I send the workstation to it's final place which is a subnet B. 
while installing it, the workstation register itself on wins server with an 
IP from subnet A. When I send it to its final location it gets an IP from 
subnet B but wins server keeps the record from subnet A. It does not update 
the record. If I stop the server, edit wins.dat and remove the record, 
restart wins e renew the workstation dhcp net configuration it register 
itself again with the correct IP.

I am using Suse 9.2 professional with samba 
smbd version 3.0.9-2.3-SUSE.

I am not starting smbd.

Thanks for any help.
-- 
Att.,

Flávio Fonseca
Equipe Divisão de Redes (DR)
Diretoria de Processamento de Dados (DirPD)
Universidade Federal de Uberlandia (UFU)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Setup Samba

2005-03-29 Thread Jon Jarvis 
I have a FC3 box set up with Samba 3.0.13-1 which has PAM and nsswitch
setup to use an LDAP server for local authentication. I use the getent
passwd command and can see that all of my LDAP users show up with uid
and gid's. Each user has a home directory on the computer that they
own. My question: is there an easy way to make Samba use the normal
UNIX passdb backend with a standalone (no PDC) server for my users? I
set my Windows computer to have plain text passwords, but I don't know
what settings samba should have to achieve this.  I really don't like
the idea of LDAP with the idealx documentation because A.) I'm not
using a PDC, B.) I don't want to maintain the extra password hashes.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ACL support

2005-03-29 Thread Meli Marco 
Hi,
I have download the latest version samba-3.0.13-1.src.rpm, and I have make
followings changes:
Rpm -i samba-3.0.13-1.src.rpm, so I have created the SPEC file.
I have added --with-acl-support in the CFLAGS section in the SPEC file.
Rpmbuild -bb specfile.spec.
It compile the finally rpm without errors but when I install the package and
make ldd /usr/sbin/smbd, I can't see libattr and libacl compiled in ...
Where I wrong?
Thanks.
Marco. 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using Lotus Domino LDAP as Samba Backend

2005-03-29 Thread John H Terpstra 
On Tuesday 29 March 2005 04:18, [EMAIL PROTECTED] wrote:
 Hello,

 can I use the Lotus Domino LDAP Server as backend for Samba?

Any LDAP server can be used so long as it has the right schema extensions and 
uses standard protocols.

 Has anyone tried this, or some experiences in that?

Not with Lotus.

- John T.



 Mit freundlichen Grüssen / Kind regards

 Norman Trapp

 System Management

 objective partner GmbH
 Bergstrasse 45
 D-69469 Weinheim

 Tel. +49 (0)6201 3986 24
 Fax. +49 (0)6201 3986 12
 ___
 objective partner - keep IT in e.motion


 Diese eMail enthaelt vertrauliche und/oder rechtlich geschuetzte
 Informationen. Wenn Sie nicht der richtige Adressat sind oder diese eMail
 irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und
 vernichten Sie diese eMail. Das unerlaubte Kopieren sowie die unbefugte
 Weitergabe dieser eMail ist nicht gestattet.

 This email may contain confidential and/or privileged information. If you
 are not the intended recipient (or have received this email in error)
 please notify the sender immediately and destroy this email. Any
 unauthorized copying, disclosure or distribution of the material in this
 email is strictly forbidden.

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO  Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbd 100% systemload

2005-03-29 Thread Ulrik Guenther 
Heya,
the growing number of smbd process and therewith the resulting 100% cpu 
usage have their reason in samba not killing processes which are not 
used anymore (since every client causes Samba to spawn a new process).
You can resolve this issue by putting
	deadtime = 60
into your smb.conf. This causes Samba to kill processes which are not 
used anymore after 60 minutes which should be sufficient.
Hope I helped!

Have a nice day,
Ulrik
Matthias Henze wrote:
hi,
i've a debian sarge setup with samba 3.0.10 with ldap as SAM backend. 
every thing used to work as expected, but last week the machine went 
down. an analysis of the problem has showen, that with increasing uptime 
there is a growing number of smbd processes that caus 100% CPU 
utilation. tests have showen, that i can kill these processes without 
harming smb conecctivtiy. this is a workaround but no soulution.

i've absolutely no idea what causes this and what i can/should do to 
track this down.

any suggestions ?
TIA
Matthias Henze[EMAIL PROTECTED]
Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc
- - - - - - - - - - - - - - - - - - - - - - - - - - -
MHC SoftWare GmbH  voice: +49-(0)9533-92006-0
Fichtera 17  fax: +49-(0)9533-92006-6
96274 Itzgrund/Germanye-Mail: [EMAIL PROTECTED]
- - - - - - - - - - - - - - - - - - - - - - - - - - -
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] wins problem - 2nd and last time post

2005-03-29 Thread John H Terpstra 
On Tuesday 29 March 2005 06:56, Flavio Fonseca wrote:
 Hello list

  I am having the following problem with samba wins server:

 1. my servers record are desapearing from wins database. this
 servers(computers) are never turned off, and once or twice a week the wins
 records just vanish and I have to restart the server to register itself
 again with wins.

 2. when I install a new workstation I do so in a subnet A where is my
 support team. Then I send the workstation to it's final place which is a
 subnet B. while installing it, the workstation register itself on wins
 server with an IP from subnet A. When I send it to its final location it
 gets an IP from subnet B but wins server keeps the record from subnet A. It
 does not update the record. If I stop the server, edit wins.dat and remove
 the record, restart wins e renew the workstation dhcp net configuration it
 register itself again with the correct IP.

 I am using Suse 9.2 professional with samba
 smbd version 3.0.9-2.3-SUSE.

Suggest you update to samba-3.0.13 - if the problem persists please file a bug  
report at https://bugzilla.samba.org with details of how the bug can be 
reproduced so that we can schedule to fix this.

Thank you.

- John T.


 I am not starting smbd.

 Thanks for any help.
 --
 Att.,

 Flávio Fonseca
 Equipe Divisão de Redes (DR)
 Diretoria de Processamento de Dados (DirPD)
 Universidade Federal de Uberlandia (UFU)

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO  Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL support

2005-03-29 Thread John H Terpstra 
On Tuesday 29 March 2005 08:00, Meli Marco wrote:
 Hi,
 I have download the latest version samba-3.0.13-1.src.rpm, and I have make
 followings changes:
 Rpm -i samba-3.0.13-1.src.rpm, so I have created the SPEC file.
 I have added --with-acl-support in the CFLAGS section in the SPEC file.
 Rpmbuild -bb specfile.spec.
 It compile the finally rpm without errors but when I install the package
 and make ldd /usr/sbin/smbd, I can't see libattr and libacl compiled in ...
 Where I wrong?
 Thanks.
 Marco.

Have the following packages been installed?

libacl-devel
libxattr-devel

The compiler can only use the libraries that exist on the build machine.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO  Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] add machine script + ldap doesn't work? Please help!

2005-03-29 Thread Bostjan Müller 
Hi,

I have a pdc on samba 3.0.9 with LDAP as backend.
However when I add a machine to domain (via the Windows interface - my
computer-properties-network-identification-properties-domain

The computer is added to the domain (into ldap), but only via
samSambaAccount, and no posix parts.

I have tried to use:
add machine script = /usr/local/bin/smbldap-useradd.pl -w %u

And nothing happened - it works just fine if I run it manually. Than I tried:
add machine script = /bin/echo %u  /tmp/addmachine.txt

and again nothing happened, but the machine account exists in ldap at
that point (allthough I deleted it before joining the domain).

Is there anything more that one would have to do to make samba execute
those scripts (I was joining the domain via root account (uid=0,
gid=0)).

Please help me if you can, because I do not know what to look for any
more (logs also show no errors or clues at this point).

Regards,
Bostjan

-- 
buhdej evridej
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] iconv not working on Sparc Solaris 8

2005-03-29 Thread Graeme Hindmarsh 

Hi,

Thanks for the feedback. I changed the order of my PATH and added an entry
for LD_LIBRARY_PATH and this seems to have solved the problem.

Thanks
Again

Graeme 

-Original Message-
From: Håkan Stefansson [mailto:[EMAIL PROTECTED] 
Sent: 25 March 2005 18:29
To: Graeme Hindmarsh
Cc: 'samba@lists.samba.org'
Subject: Re: [Samba] iconv not working on Sparc Solaris 8

Graeme Hindmarsh wrote:
 Hi,
 
 I have installed gettext using the configure --with-libiconv-prefix={dir}
 I then reinstalled libiconv, following make distclean, but there was no
 configure option to point to the gettext lib.
 
 I then recompiled samba but have had the same result and iconv is still
not
 working.
 
 Is there something that I am doing wrong or missing out, do I need to set
 LDFLAGS or any other environment variables?
 
 Any help would be greatly appreciated.
 
 Thanks
 Graeme

I see from your configure output below that iconv was found in /usr/lib.
This is Sun's iconv, that doesn't work with samba. Was that configure 
run before or after you installed libiconv in /usr/local? What did your 
latest samba configure say about this?

My samba 3.0.12 with working libiconv support runs under Solaris 7. I am 
using gcc 3.x.y, GNU make and Sun's linker. I also use 
LD_LIBRARY_PATH=/usr/local/lib and in my PATH I have /usr/local/bin 
before /usr/bin and /usr/ccs/bin. I don't remember what configure 
options I used for libiconv and gettext.

I'm afraid I can't give you much better info about my setup until I'm 
back at work on Tuesday.

Håkan


 -Original Message-
 From: Håkan Stefansson [mailto:[EMAIL PROTECTED] 
 Sent: 25 March 2005 12:50
 To: Graeme Hindmarsh
 Cc: 'samba@lists.samba.org'
 Subject: Re: [Samba] iconv not working on Sparc Solaris 8
 
 Graeme Hindmarsh wrote:
 
Hi,

 

I am trying to compile Samba 3.0.13 but when I run configure I get the
following in the output.

 

checking for iconv in /usr/lib... yes

checking can we convert from CP850 to UCS2-LE?... no

checking can we convert from IBM850 to UCS2-LE?... no

checking can we convert from ASCII to UCS2-LE?... no

checking can we convert from 646 to UCS2-LE?... 646

checking can we convert from UTF-8 to UCS2-LE?... UTF-8

checking for iconv in /usr/local/lib... yes

checking can we convert from CP850 to UCS2-LE?... no

checking can we convert from IBM850 to UCS2-LE?... no

checking can we convert from ASCII to UCS2-LE?... no

checking can we convert from 646 to UCS2-LE?... no

checking can we convert from UTF-8 to UCS2-LE?... no

checking can we convert from UTF8 to UCS2-LE?... no

configure: WARNING: Sufficient support for iconv function was not found.

Install libiconv from http://freshmeat.net/projects/libiconv/ for
 
 better
 
cha

rset compatibility!

 

I have compiled from source and installed libiconv-1.9.2 in /usr/local but
it just does not seem to work.

Without iconv Samba will just fill up its log files with character
conversion errors and generally not work.

 

I have tried libiconv-1.9.1, libiconv-1.8 and Samba 3.0.11.

GNU gcc 2.95.3 and gcc 3.4.2

 

Can anybody help?

 

Thanks

Graeme

 

 

 
 
 There is a mutual dependency between libiconv and GNU gettext. That is, 
 gettext is needed to get libiconv to work while gettext neeeds libiconv. 
 (IIRC this is mentioned in a README or INSTALL file.)
 
 I have tested the following procedure on Solaris 7 and 9 with various 
 versions of samba 3.0.x, most recently with samba 3.0.12 under Solaris 
 7. (Sorry, I don't remember what libiconv and gettext versions I used 
 and can't check now as I'm at home.)
 
 1. Install libiconv from source
 2. Install gettext fron source
 3. Remove (make distclean) libiconv and reinstall it
 
 Then you will need to reinstall samba with the configure parameter 
 --with-libiconv=/usr/local (assuming the libraries are in /usr/local/lib)
 
 Håkan Stefansson
 








I

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with pdf printing

2005-03-29 Thread Vincent Mikalinis 
Hello, 
I'm hoping someone can help me.  I have several pdf printers set up and
when I print to them samba becomes unstable and several errors are
dumped to the log.  These pdf printers were working when I was using
version 3.0.6.  When I went to a newer version of samba the queue would
not clear on the windows side and no errors were logged.  Yesterday I
upgraded to version 3.0.13-1 and the errors started and the queue still
will not clear.  I have deleted several tdb files to no avail.  I am
using printing = bsd option as I have in the past.  Below is a clip
from the log. Please let me know if anyone needs more information.

[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 1409 ltype=0 (Bad file descriptor)
[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 0 ltype=1 (Bad file descriptor)
[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 295 ltype=1 (Bad file descriptor)
[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 4128 ltype=1 (Bad file descriptor)
[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 3445 ltype=0 (Bad file descriptor)
[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 4128 ltype=0 (Bad file descriptor)
[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 3445 ltype=1 (Bad file descriptor)
[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 1717 ltype=1 (Bad file descriptor)
[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 480 ltype=1 (Bad file descriptor)
[2005/03/29 10:49:03, 0]
printing/printing.c:print_queue_update_internal(1195)
  print_queue_update: failed to store MSG_PENDING flag for [IT pdf
printer]!
[2005/03/29 10:49:03, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/printing/IT pdf printer.tdb): tdb_lock failed on
list 1321 ltype=1 (Bad file descriptor)
[2005/03/29 10:49:05, 0]
printing/printing_db.c:get_print_db_byname(66)
  get_print_db: Failed to close tdb for printer IT pdf printer
[2005/03/29 10:49:11, 1] smbd/service.c:make_connection_snum(642)
  bmg2001 (192.168.42.106) connect to service public initially as user
NEWYORK+deborahp (uid=10008, gid=10011) (pid 23475)
[2005/03/29 10:50:04, 0] lib/fault.c:fault_report(36)
  ===
[2005/03/29 10:50:04, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 23459 (3.0.13)
  Please read the appendix Bugs of the Samba HOWTO collection
[2005/03/29 10:50:04, 0] lib/fault.c:fault_report(39)
  ===
[2005/03/29 10:50:04, 0] lib/util.c:smb_panic2(1495)
  PANIC: internal error
[2005/03/29 10:50:04, 0] lib/util.c:smb_panic2(1503)
  BACKTRACE: 14 stack frames:
   #0 smbd(smb_panic2+0x128) [0x81df9d8]
   #1 smbd(smb_panic+0x19) [0x81df8a9]
   #2 smbd [0x81cd252]
   #3 /lib/tls/libc.so.6 [0x420277b8]
   #4 smbd(tdb_fetch_int32_byblob+0x45) [0x81f4f75]
   #5 smbd(tdb_fetch_int32+0x28) [0x81f4fe8]
   #6 smbd [0x81fb637]
   #7 smbd [0x81fbe51]
   #8 smbd [0x81fc06e]
   #9 smbd(message_dispatch+0x13c) [0x81e823c]
   #10 smbd(start_background_queue+0x1cd) [0x81fc28d]
   #11 smbd(main+0x68b) [0x8257abb]
   #12 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x42015704]
   #13 smbd(ldap_msgfree+0x89) [0x80792a1]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Securing machine auth account

2005-03-29 Thread info 

On Monday 28 March 2005 23:12, info wrote:
Please give me a sanity check here...
OK. So please check the chapter on Rights and Privileges in the 
Samba-HOWTO-Collection. You can obtain the latest build from:

http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
If this does not solve your problem in a more sane manner please drop me a 
line.

Ahhh:
Samba 3.0.11 introduces support for the Windows privilege model. This 
model allows certain rights to be assigned to a user or group SID.

So I missed it by a .01 release...
Thanks
(snip)
https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba-Guide chapter 10

2005-03-29 Thread Dr. Matthias Schlett (987) 
Hi John T. et al.,
here is my comment about the Samba-Guide chapter 10.
In my opinion this chapter is a good place to explain the nature of Samba:
joining the unix and the windows world by mapping.
In most of the cases discussed on this list a unix server is used only as a 
container
for the windows world. The Samba team tries to smooth the differences between 
unix and
windows and to put windows functionality into unix. For me everything is merged 
into one big cloud.
As an administrator I want to look behind the scene and to understand the 
different cases
which Samba as an all-purpose software can serve for.
We don't use Samba as a general tool for everything. For the user and group 
management we have
an external Oracle database. From this database we feed a mixed mode AD for the 
windows world
and a LDAP for the unix world using there nss_ldap.
A windowsusername = DOMAIN\unixusername and some windowsgroupname = 
DOMAIN\unixgroupname,
some windowsgroupnames differ from unixgroupnames. Both group membership trees 
are identical
( LDAP supports nested unix groups). The password entries for unix and windows 
are managed by
the external database. 
On our NFS and CIFS fileserver both worlds get in touch with the help of 
winbind:
the idmap backend on a LDAP server is also feeded by our database, winbind has 
only to 
read the mappings. We don't use winbind for name resolution or automatic 
creation of uid/gid.

In chapter 10 there are some common phrases about the winbind role, but in my 
opinion
we need a more detailed explanation how it manages the mapping in different 
cases.
More general, I would like to have a chapter from the mapping viewpoint.
For my particular case I had to read many different places in the documentation
(and I'm reading it the third month) to find a working configuration (which 
I'll send to the
list if you would like ), but there are still some open questions:

- Must the idmap be a one-to-one mapping or can several sid point to one 
uid/gid ?
  or is the username map the only tool in this case (and what about a groupname 
map ) ?
- Why does the user mapping mechanism differ from the group mapping mechanism ?
- How is a windows group membership mapped automatically to a unix membership 
  (We do it by the external database) ?
- How are the 14 different windows security attributes mapped into the Posix 
ACLs and
  how are the Posix ACLs displayed in windows ?

I hope this email is not too confusingly, but I tried be short.
Regards
M.Schlett
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with wbinfo

2005-03-29 Thread Herb Lewis 
The wbinfo -t returning an error normally means the machine was
not properly joined to the domain. Did you do a net rpc join?
Is your smb.conf set up properly to be a member of the domain?
Ricardo Maciel wrote:
Hamish,
Thanks, but the nscd service was already stopped. Must be another
solution. Any other idea?
Ricardo.
On Tue, 29 Mar 2005 13:27:16 +0100, Hamish [EMAIL PROTECTED] wrote:
On Tuesday 29 March 2005 13:13, Ricardo Maciel wrote:
Hello,
I'm using a Samba client to access a Samba Server. The smbclient
tool is ok, both at the client as at the server. I'm having trouble
with the wbinfo command (winbind service) at the client, as you can
see below.
Can anybody help me?
Thanks!!!
=Problem==
Samba Server: samba-3.0.10-1.fc2
Samba Client: Version 3.0.0-14.3E
--
# service winbind start
Iniciando serviços Winbind:[  OK  ]
#
#
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_INTERNAL_ERROR (0xc0e5)
Could not check secret
#
#
# wbinfo -u
Error looking up domain users
#
#
# wbinfo -g
Error looking up domain groups
#
#
# service winbind stop
Desligando os serviços Winbind:[  OK  ]
Make sure you do not have nscd running - i had similar problems with it. You
should be able to do this with `service nscd stop; chkconfig nscd off`
Hope that helps
H
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba-Guide chapter 10

2005-03-29 Thread John H Terpstra 
On Tuesday 29 March 2005 09:56, Dr. Matthias Schlett (987) wrote:
 Hi John T. et al.,
 here is my comment about the Samba-Guide chapter 10.

The Samba-Guide (Samba-3 by Example) is not intended as a comprehensive 
technical overview of how Samba works. It is meant as a quick guide that will 
help our users to create a working network environment. The premise behind 
the Samba-Guide is learn be seeing Samba work - not see how every nut and 
bolt of Samba works. The nuts and bolts should be covered in the 
Samba-HOWTO-Collection.

 In my opinion this chapter is a good place to explain the nature of Samba:
 joining the unix and the windows world by mapping.

This is handled in the Samba-HOWTO-Collection. Is that the wrong place?

 In most of the cases discussed on this list a unix server is used only as a
 container for the windows world. The Samba team tries to smooth the
 differences between unix and windows and to put windows functionality into
 unix. For me everything is merged into one big cloud. As an administrator I
 want to look behind the scene and to understand the different cases which
 Samba as an all-purpose software can serve for.

Right. Refer to the Samba-HOWTO-Collection and if that is deficient it must be 
updated.

 We don't use Samba as a general tool for everything. For the user and group
 management we have an external Oracle database. From this database we feed
 a mixed mode AD for the windows world and a LDAP for the unix world using
 there nss_ldap.
 A windowsusername = DOMAIN\unixusername and some windowsgroupname =
 DOMAIN\unixgroupname, some windowsgroupnames differ from unixgroupnames.

AS shown in the Samba-Guide and as explained in detail in the 
Samba-HOWTO-Collection a Windows username should be the same as a UNIX 
username. The 'username map' facility is a kludge for handling out-lying 
cases where the names must for a particular reason differ, not as a panacea 
for general use. The 'username map' facility violates one of the principle 
rules of using Samba - that there must be only unique resolution of 
login_ID=UID=SID as any ambiguity may end up biting the hand off.

The same rules apply to group mappings. The tool for setting up group mappings 
is: 'net groupmap [add | modify | delete] ntgroup=[...] unixgroup=[...]'


 Both group membership trees are identical ( LDAP supports nested unix
 groups). The password entries for unix and windows are managed by the
 external database.
 On our NFS and CIFS fileserver both worlds get in touch with the help of
 winbind: the idmap backend on a LDAP server is also feeded by our database,
 winbind has only to read the mappings. We don't use winbind for name
 resolution or automatic creation of uid/gid.

What do you see as the role of winbind?

 In chapter 10 there are some common phrases about the winbind role, but in
 my opinion we need a more detailed explanation how it manages the mapping
 in different cases. More general, I would like to have a chapter from the
 mapping viewpoint. For my particular case I had to read many different
 places in the documentation (and I'm reading it the third month) to find a
 working configuration (which I'll send to the list if you would like ), but
 there are still some open questions:

Have you referred to the Samba-HOWTO-Collection? Both the HOWTO and the Guide 
have recently been significantly updated. They are available on-line at:

http://www.samba.org/samba/docs/

 - Must the idmap be a one-to-one mapping or can several sid point to one
 uid/gid ? or is the username map the only tool in this case (and what about

IDMAP can handle only single and unambiguous mapping of SID to UID and vica 
versa.

 a groupname map ) ? - Why does the user mapping mechanism differ from the
 group mapping mechanism ? - How is a windows group membership mapped
 automatically to a unix membership (We do it by the external database) ?

Groups are only explicitly mapped since 3.0.0. That is why you need to create 
the mapping using the 'net groupmap' facility.

 - How are the 14 different windows security attributes mapped into the
 Posix ACLs and how are the Posix ACLs displayed in windows ?

Perhaps Jeremy can best answer this.


 I hope this email is not too confusingly, but I tried be short.


- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO  Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Problems with Excel MS Word files (still)

2005-03-29 Thread Jeremy Allison 
On Tue, Mar 29, 2005 at 11:01:10AM +0100, Urs Rau wrote:
 Jeremy or Nathan,
 
 Jeremy Allison wrote:
 
 Ok, I have a working theory for this. It concerns ACLs and what 
 happens when excel wants to update the filetime on a file the user 
 doesn't own.
 
 Normally you just set the dos filetime parameter to allow this 
 (this causes a timestamp to be updated on a file if you can write to 
 it - normally POSIX only allows this if you're the owner). I've
 realised the codepath here doesn't check ACL semantics. This is a bug
 we've had since we introduced ACLs a long time ago but only now seems
 to have been triggered.
 
 Here is a patch to the just released 3.0.13 that causes ACL entries 
 to be properly checked when dos filetime= True has been set.
 
 Please try this on top of 3.0.13 and let me know if it fixes the 
 issues.
 
 Has this been confirmed, as fixing it? I am rolling a 3.0.13 maintenance 
 release and it would be nice to clear this excel ACL bug. What is the 
 bugzilla entry for this bug, so I can follow it?

Most people have reported this being fixed with dos filetimes=yes
and 3.0.13. There are still a few outstanding issues when people are
using ACLs I'm looking into right now.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with wbinfo

2005-03-29 Thread Ricardo Maciel 
Michael,

Here are my nsswitch.conf and smb.conf (I input the syslog=3):

#
# /etc/nsswitch.conf
#
# Example:
#passwd:db files nisplus nis
#shadow:db files nisplus nis
#group: db files nisplus nis

passwd: files winbind
shadow: files winbind
group:  files winbind

#
#--smb.conf
#
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/09/17 16:03:56
# Global parameters
[global]
workgroup = REG
netbios name = Estacao1386000
security = domain
password server = *
winbind uid = 1000-2
winbind gid = 1000-2
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind cache time = 10
template homedir = /home/winnt/%D/%U
winbind use default domain = yes
template shell = /bin/bash
syslog = 3
#


 what does wbinfo -p return? 
#
# wbinfo -p
Ping to winbindd succeeded on fd 4
#

 What OS is your domain controller? 
Red Hat Enterprise Linux AS - 2.4.21-4.EL

 Have you joined the box the domain? 
Sorry. I didn't understand!

 Have you turned up logging (syslog = 3) in your smb.conf? 
Yes (see above).


Still Thanking.

Ricardo.


On Tue, 29 Mar 2005 10:48:05 -0500, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
  
 Have you already made the changes to nsswitch.conf? 
  
 passwd: files winbind 
 shadow: files winbind 
 group:  files winbind 
  
 what does wbinfo -p return? 
  
 What OS is your domain controller? 
  
 Have you joined the box the domain? 
  
 Have you turned up logging (syslog = 3) in your smb.conf? 
  
 Just some thoughts ... good luck. 
  
 Michael J Barber
  Computer Services Administrator
  WPTZ/WNNE
  Heart-Argyle Television
  p  518-561- x563
  m 518-572-6639
  f   518-561-5940
  
  
  
  
  Ricardo Maciel [EMAIL PROTECTED] 
 Sent by: [EMAIL PROTECTED] 
 
 03/29/2005 10:50 AM 
 Please respond to Ricardo Maciel 
 To:samba@lists.samba.org 
 cc: 
 Subject:Re: [Samba] Problem with wbinfo 
  
  
 Hamish,
  
  Thanks, but the nscd service was already stopped. Must be another
  solution. Any other idea?
  
  Ricardo.
  
  
  On Tue, 29 Mar 2005 13:27:16 +0100, Hamish [EMAIL PROTECTED] wrote:
   On Tuesday 29 March 2005 13:13, Ricardo Maciel wrote:
Hello,
   
I'm using a Samba client to access a Samba Server. The smbclient
tool is ok, both at the client as at the server. I'm having trouble
with the wbinfo command (winbind service) at the client, as you can
see below.
   
Can anybody help me?
   
Thanks!!!
   
=Problem==
   
Samba Server: samba-3.0.10-1.fc2
Samba Client: Version 3.0.0-14.3E
   
 --
# service winbind start
Iniciando serviços Winbind:[  OK  ]
#
#
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_INTERNAL_ERROR (0xc0e5)
Could not check secret
#
#
# wbinfo -u
Error looking up domain users
#
#
# wbinfo -g
Error looking up domain groups
#
#
# service winbind stop
   
Desligando os serviços Winbind:[  OK  ]
   
   Make sure you do not have nscd running - i had similar problems with it.
 You
   should be able to do this with `service nscd stop; chkconfig nscd off`
   Hope that helps
   H
   
   
   --
   To unsubscribe from this list go to the following URL and read the
   instructions:  https://lists.samba.org/mailman/listinfo/samba
   
   
  
  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using Lotus Domino LDAP as Samba Backend

2005-03-29 Thread jonlists 
[EMAIL PROTECTED] wrote on 03/29/2005 
09:20:31 AM:

 On Tuesday 29 March 2005 04:18, [EMAIL PROTECTED] wrote:
  Hello,
 
  can I use the Lotus Domino LDAP Server as backend for Samba?
 
 Any LDAP server can be used so long as it has the right schema 
extensions and 
 uses standard protocols.
 
  Has anyone tried this, or some experiences in that?

Do a google search for Alan Bell linux lotus domino and see what you get. 
I know that he had this working at one point, but didn't get the chance to 
put it into production. There was information also available at 
www.openntf.org - but I'm not sure if it's there anymore. 

As John says, it's a matter of adding the right schema extensions. These 
will be added to the person document on the Domino server. 

 
 Not with Lotus.
 
 - John T.
 
 
 
  Mit freundlichen Grüssen / Kind regards
 
  Norman Trapp
 
  System Management
 
  objective partner GmbH
  Bergstrasse 45
  D-69469 Weinheim
 
  Tel. +49 (0)6201 3986 24
  Fax. +49 (0)6201 3986 12
  ___
  objective partner - keep IT in e.motion
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Problems with Excel MS Word files (still)

2005-03-29 Thread Jeremy Allison 
On Tue, Mar 29, 2005 at 07:45:53AM -0500, Nathan Vidican wrote:
 
 No confirmation over here, havn't had a chance to compile a new copy -
 rolled back to 3.0.8 for the time being it's been less buggy but still have
 occasional file(s) locking up.
 
 A little unclear here, do I need to add a patch to 3.0.13 before compiling,
 or simply add 'dos filetime = yes' to the configuration?
 
 Lastly, does it matter if I'm not using ACL's? Just using plain old UNIX
 permissions (750/660 dir/file) and the force-group parameter for most
 shares - which works quite well thus far.

No, you don't need to add a patch. Simply setting dos filetimes should
do it.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Problems with Excel MS Word files (still)

2005-03-29 Thread Urs Rau 
Jeremy Allison wrote:
On Tue, Mar 29, 2005 at 07:45:53AM -0500, Nathan Vidican wrote:
No confirmation over here, havn't had a chance to compile a new copy -
rolled back to 3.0.8 for the time being it's been less buggy but still have
occasional file(s) locking up.
A little unclear here, do I need to add a patch to 3.0.13 before compiling,
or simply add 'dos filetime = yes' to the configuration?
Lastly, does it matter if I'm not using ACL's? Just using plain old UNIX
permissions (750/660 dir/file) and the force-group parameter for most
shares - which works quite well thus far.

No, you don't need to add a patch. Simply setting dos filetimes should
do it.
Ohh, I have added the patch you emailed to the newsgroup on 24/3/05, in 
this thread, I guess I should back that out again in my custom rpm? Or 
is it a fix that  will make it into 3.0.14 anyway? (maybe I am confusing 
people with my question about my self-rolled samba rpm, where I included 
your newspost as a patch on top of 3.0.13, sorry)

--
Urs Rau
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] printers offline in 3.0.13 - is it because they are local printers printing to local ports ?

2005-03-29 Thread Urs Rau 
Maybe my printers being offline with samba 3.0.13 on some xp pro 
workstations is not a bug after all, maybe it was a (mis)feature in 
samba-2.2?

My problem is that I can't easily test on  3.0.13, because until a few 
days ago I had been running 2.2.12 and all was fine, then.
No printers showed as offlne.
But then I upgraded to 3.0.7 for a day or two immediately followed by an 
upgrade to 3.0.11 and I only held my breadth to check things when I was 
on 3.0.11 and found that my printers were showing as offline under 
3.0.11, but of course maybe that would have been like that even on 3.0.7?

We have had 3 good reasons to install samba printers on win xp 
workstations as local printers printing to local ports (e.g. 
\\linux\printerqueuename)

reason 1 our main email application (pegasus mail) was playing very 
annoying timeout delays with reading emails and going up or down the 
email inbox if the default printer was a smb network printer that was 
unreachable at the time. (for some strange reason pegasus was trying to 
interact with the printer for every msg)

reason 2 just when we thought we should point the finger at pegasus mail 
for this we found that ms word had a similar problem when it came to a 
workstation having the default printer as a smb network printer and it 
wasn't accessible.

reason 3 if we installed the samba network printers as local printers 
printing to a local port (e.g \\linux\printerqueuename then we could 
install the printer for all users on that workstation and also set the 
default config for all of those queues once for all, from a script. (so 
no need to set the network printer settings and defaults once every login.)

BUT maybe we have to throw out those gains and stop using printers 
defined as local printers printing to local ports which are pointed 
at the samba print queue?

Is there a reason why samba changed it's behaviour showing it's printers 
as being offline if they are accessed in this way? I guess the question 
to ask is, what status does a win2k3 shared printer show as on a win xp 
pro workstation if one sets the workstation printer up as a local 
printer with a local port of the name 
\\sambaservername\printerqueuename. I hope somebody can tell me that 
such a setup would result in a printer showing the proper status? 
Because then I am sure samba could be told the same trick, surely?

I am hoping one or two of you can shed some light on this.
Regards,
Urs Rau
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with wbinfo

2005-03-29 Thread Ricardo Maciel 
In adition, above are the messages that appears at the winbindd.log
(at the client), when this service is started:

#
[2005/03/29 16:30:21, 1] nsswitch/winbindd.c:main(832)
  winbindd version 3.0.0-14.3E started.
  Copyright The Samba Team 2000-2003
[2005/03/29 16:30:22, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
  Added domain REG
[2005/03/29 16:30:22, 1] nsswitch/winbindd_util.c:init_domain_list(284)
  Could not fetch sid for our domain REG
[2005/03/29 16:30:22, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
  scanning trusted domain list
#

Thanks for any help!!

Ricardo.


On Tue, 29 Mar 2005 14:34:01 -0300, Ricardo Maciel [EMAIL PROTECTED] wrote:
 Michael,
 
 Here are my nsswitch.conf and smb.conf (I input the syslog=3):
 
 #
 # /etc/nsswitch.conf
 #
 # Example:
 #passwd:db files nisplus nis
 #shadow:db files nisplus nis
 #group: db files nisplus nis
 
 passwd: files winbind
 shadow: files winbind
 group:  files winbind
 
 #
 #--smb.conf
 #
 # Samba config file created using SWAT
 # from 0.0.0.0 (0.0.0.0)
 # Date: 2004/09/17 16:03:56
 # Global parameters
 [global]
 workgroup = REG
 netbios name = Estacao1386000
 security = domain
 password server = *
 winbind uid = 1000-2
 winbind gid = 1000-2
 winbind enum users = yes
 winbind enum groups = yes
 winbind separator = +
 winbind cache time = 10
 template homedir = /home/winnt/%D/%U
 winbind use default domain = yes
 template shell = /bin/bash
 syslog = 3
 #
 
 
  what does wbinfo -p return?
 #
 # wbinfo -p
 Ping to winbindd succeeded on fd 4
 #
 
  What OS is your domain controller?
 Red Hat Enterprise Linux AS - 2.4.21-4.EL
 
  Have you joined the box the domain?
 Sorry. I didn't understand!
 
  Have you turned up logging (syslog = 3) in your smb.conf?
 Yes (see above).
 
 Still Thanking.
 
 Ricardo.
 
 On Tue, 29 Mar 2005 10:48:05 -0500, [EMAIL PROTECTED]
 [EMAIL PROTECTED] wrote:
 
  Have you already made the changes to nsswitch.conf?
 
  passwd: files winbind
  shadow: files winbind
  group:  files winbind
 
  what does wbinfo -p return?
 
  What OS is your domain controller?
 
  Have you joined the box the domain?
 
  Have you turned up logging (syslog = 3) in your smb.conf?
 
  Just some thoughts ... good luck.
 
  Michael J Barber
   Computer Services Administrator
   WPTZ/WNNE
   Heart-Argyle Television
   p  518-561- x563
   m 518-572-6639
   f   518-561-5940
 
 
 
 
   Ricardo Maciel [EMAIL PROTECTED]
  Sent by: [EMAIL PROTECTED]
 
  03/29/2005 10:50 AM
  Please respond to Ricardo Maciel
  To:samba@lists.samba.org
  cc:
  Subject:Re: [Samba] Problem with wbinfo
 
 
  Hamish,
 
   Thanks, but the nscd service was already stopped. Must be another
   solution. Any other idea?
 
   Ricardo.
 
 
   On Tue, 29 Mar 2005 13:27:16 +0100, Hamish [EMAIL PROTECTED] wrote:
On Tuesday 29 March 2005 13:13, Ricardo Maciel wrote:
 Hello,

 I'm using a Samba client to access a Samba Server. The smbclient
 tool is ok, both at the client as at the server. I'm having trouble
 with the wbinfo command (winbind service) at the client, as you can
 see below.

 Can anybody help me?

 Thanks!!!

 =Problem==

 Samba Server: samba-3.0.10-1.fc2
 Samba Client: Version 3.0.0-14.3E

  --
 # service winbind start
 Iniciando serviços Winbind:[  OK  ]
 #
 #
 # wbinfo -t
 checking the trust secret via RPC calls failed
 error code was NT_STATUS_INTERNAL_ERROR (0xc0e5)
 Could not check secret
 #
 #
 # wbinfo -u
 Error looking up domain users
 #
 #
 # wbinfo -g
 Error looking up domain groups
 #
 #
 # service winbind stop

 Desligando os serviços Winbind:[  OK  ]
   
Make sure you do not have nscd running - i had similar problems with it.
  You
should be able to do this with `service nscd stop; chkconfig nscd off`
Hope that helps
H
   
   
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
   
   
   
   --
   To unsubscribe from this list go to the following URL and read the
   instructions:  https://lists.samba.org/mailman/listinfo/samba
 
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] apologies for duplicate posts - btw what's the real diff between gmane.network.samba.general and mailing.unix.samba?

2005-03-29 Thread Urs Rau 
Sorry to those of you that have received duplicates of my messages over 
the easter weekend.

I had subscribed to the nntp server of my isp (pipex uk) and searched 
for samba it showed a few hits but gmane.network.samba.general 
showed as containing no posts but mailing.unix.samba showed a bit more 
than 20'000 so I subscribed to that and sent a slurr of messages with 
questions and followups to that newslist over the weekend, and my 
questions did show up in mailing.unix.samba. But not having received a 
single answer by the end of the weekend I thought something was a little 
strange.

So I went to check the samba.org archives and found that my messages had 
not made it to the official mailing list nor to the email archives. 
That's when I started resending the relevant messages from the past few 
days but this time to gmane.network.samba.general. So if some have 
seen my posts more than once, I am sorry, but at least I corrected my 
spelling in the second postings and did not resend the level 10 log of 
2.4MB. ;-)

What is the purpose or function of newsgroup mailing.unix.samba? And 
is it my ISPs fault that they only offer mailing.unix.samba for 
subscription and not gmane.network.samba.general and how do the two 
lists relate to each other? It would appear that at least some of the 
posts to gmane.network.samba.general do make it to 
mailing.unix.samba but no messages appear to travel the other way.

--
Urs Rau
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Problem with pdf printing

2005-03-29 Thread Urs Rau 
Vincent,
Vincent Mikalinis wrote:
Hello, 
I'm hoping someone can help me.  I have several pdf printers set up and
when I print to them samba becomes unstable and several errors are
dumped to the log.  These pdf printers were working when I was using
version 3.0.6.  When I went to a newer version of samba the queue would
not clear on the windows side and no errors were logged.  Yesterday I
upgraded to version 3.0.13-1 and the errors started and the queue still
will not clear.
I have a very similar problem with my pdf printers. I have the following 
in my [global] section.
printcap name = cups
printing = cups
cups options = raw

and my pdf printer share now has
[pdf]
comment=PostScript to PDF Converter
printing=bsd
public=no
guest ok=no
create mode=0600
path=/var/tmp
printable=yes
print command=. /etc/sysconfig/rc.sysadm; \
 ulimit -c 0; \
 ulimit -S -d $PDF_MEM_LIMIT; \
 ps2pdf %s %H/%J.pdf; \
 chmod 640 %H/%J.pdf; \
 rm -f %s
lppause command=
lpresume command=
lpq command=lpq -P'%p'
lprm command=lprm -P'%p' %j
queuepause command=
queueresume command=
and it now shows the printer as online and the printjobs show up and get 
removed just as they should.

All it took to change the printer status displayed on the windows xp pro 
workstation from offline to online, was to add a real lpq command 
line, (lpq -P'%p'). Now all looks fine from the workstations viewpoint. 
BUT on the server I now have repeated entries of cups telling samba that 
it does not know the printer 'pdf'. Win one, loose one. ;-)

level 3 error msg
lpq: Unknown destination pdf!
[2005/03/27 22:20:00, 3] printing/print_generic.c:print_run_command(62)
  Running the command `lpq -P'pdf'' gave 1
I start to wonder what dammage it would do to set lpq to
lpq command =/bin/true
for my pdf printer? ;-)
HTH
--
Urs Rau
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Set Samba share permissions...

2005-03-29 Thread Hernani Donato 
Hi!

I'm relatively new in the Linux world.

I use Mandrake 9,1 and I have the following doubt in relation to the
Samba: I have the following sharings:

[home]
read only = yes
available = no
browseable = no

[diretoria]
path = /home/diretoria
browseable = yes
read only = no

[pessoal]
path = /home/pessoal
browseable = yes
read only = no

[vendas]
path = /home/vendas
browseable = yes
read only = no

The question is: how to make so that only the using direction has
access to all the sharings and excessively only to its proper ones?

In the global section of my smb.conf file, I have guest account = nobody

ThanX
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Advice on a samba setup im considering

2005-03-29 Thread Jason 
Hello!

Was hoping to get some suggestion and ideas for a samba server I will be 
implementing here in the next couple of weeks. I have gone through the 
websites documentation, but I was hoping some of the veterans of samba could 
maybe lend some ideas, advice and recommendations. I will try to be as 
detailed as possible.

The samba server would server roughly 50-60 people. We have 3, maybe 4 
departments that I would need to setup shares for (obviously, not all 
departments would need access to all the shares.) The other thing im 
considering is maybe trying to design this with the idea in mind of future 
expansion of the company (6-12 months down the road possibly)

I've already installed the OS and Samba and I am in the process of configuring 
samba.

What would be the recommended method for putting user accounts on the system? 
I know I have a few options, but is there one I should consider more than the 
other?

All the machines on the network are windows desktop. I would simply just map a 
drive to the shares needed for each user.

I'm not going to setup this up as a PDC at this time. That would be something 
I may revisit in about 6-12 months as well.

I have a lot to consider. Just hoping to get some ideas here.

Cheers,

Jason
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.13 why is lpq command=%p showing with testparm -v ?

2005-03-29 Thread Urs Rau 
the docs say that all lp commands are ignored if one has
printing =cups
printcap name=cups
in the global section and cups support is compiled in.
ldd `which smbd` says I do have cups compiled in and my global section 
does have the two cups lines.

But on 3.0.13 I get
testparm -s | grep lp
returns no output
BUT
testparm -s -v  | grep lp
returns
lpq cache time = 30
lpq command = %p
lprm command =
lppause command =
lpresume command =
I understand that if I do testparm -v this also shows me the built-in 
defaults. Why does it only show %p for the lpq command and nothing else 
for the other lp commands?

Regards,
Urs Rau
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Errors

2005-03-29 Thread Christopher 
I've tried to find a solution on my own to this problem, but have yet to 
find anything useful.  I have a very simple setup where there is only 
one samba server which is acting as a PDC.  I'm getting quite a few 
errors in smbd.log.  Any ideas would be greatly appreciated.

[2005/03/29 15:28:22, 0] lib/util_sock.c:get_peer_addr(1000)
 getpeername failed. Error was Transport endpoint is not connected
[2005/03/29 15:28:22, 0] lib/access.c:check_access(328)
[2005/03/29 15:28:22, 0] lib/util_sock.c:get_peer_addr(1000)
 getpeername failed. Error was Transport endpoint is not connected
 Denied connection from  (0.0.0.0)
[2005/03/29 15:28:22, 1] smbd/service.c:make_connection_snum(648)
 everest (192.168.0.90) connect to service everest initially as user 
icodeeverest (uid=567, gid=100) (pid 8338)
 write_socket: Error writing 5 bytes to socket 22: ERRNO = Connection 
reset by peer
[2005/03/29 15:28:22, 0] lib/util_sock.c:send_smb(647)
 Error writing 5 bytes to client. -1. (Connection reset by peer)

Here's my smb.conf global section
[global]
   workgroup = B2
   netbios name = B2PDC
   time server = Yes
   add user script = /usr/sbin/useradd -m %u
   delete user script = /usr/sbin/userdel -r %u
   add group script = /usr/sbin/groupadd %g
   delete group script = /usr/sbin/groupdel %g
   add user to group script = /usr/sbin/usermod -G %g %u
   add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
   logon script = logon.bat
   logon path = \\%L\profiles\%u\%m
   logon drive = H:
   logon home = \\%L\%u\.win_profile\%m
   domain logons = Yes
   os level = 70
   local master = yes
   preferred master = Yes
   domain master = Yes
   wins support = Yes
   interfaces = 192.168.0.70
   hosts allow = 192.168. 127.0.0.1
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Primard Domain Controller feature not working

2005-03-29 Thread Mark Ratering 
Hey guys,

I configured Samba do be the domain controller for my network and to
share folders.  the folder sharing works great.  The problem is that
the domain function does not work at all.  I cannot join the domain
from any workstation.  It just says that the controller cannot be
contacted.  I ran an Ethereal sniff on the packets and the computer
that i want to be PDC is sending ICMP Destination unreachable packets
in response to the NBNS Name Query.  Here is the packet that the
workstation is sending to the server.

  00 11 11 ba 82 1a 00 0a  e6 d5 fa b4 08 00 45 00    ..E.
0010  00 4e 01 fb 00 00 80 11  b4 53 c0 a8 01 9e c0 a8   .N.. .S..
0020  01 62 00 89 00 89 00 3a  81 4e 80 63 01 00 00 01   .b.: .N.c
0030  00 00 00 00 00 00 20 46  46 46 44 45 43 45 4a 45   .. F FFDECEJE
0040  4f 45 48 45 50 43 41 43  41 43 41 43 41 43 41 43   OEHEPCAC ACACACAC
0050  41 43 41 43 41 42 4d 00  00 20 00 01   ACACABM. . ..

The config file that i am using (not including shares that have
nothing to do with the domain controller).  I do not want roaming
profiles.

#NetBIOS settings
netbios name=   FILESERVER
workgroup   =   USBINGO
server string   =   File Server

log file=   /var/log/samba/log.%m
max log size=   50
time server =   yes
hide dot files  =   yes
log level   =   1

#Security settings
security=   user
domain logons   =   yes
encrypt passwords   =   yes

#Turn on the WINS server
wins support=   yes

#Make sure that Samba is the master browser and domain master browser
domain master   =   yes
local master=   yes
preferred master =   yes
os level=   65

add user script =   /usr/sbin/useradd -d /dev/null
-g 100 -s /bin/false -M %u

[netlogon]
path=   /files/netlogon
writable=   no
browsable   =   no

Thanks,
-Mark
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: No vscan HOWTOs?

2005-03-29 Thread Jim C. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| Does anyone have ANY idea what to put in /etc/magic to identify
microsoft outlook pst files?
| scanning larger pst files (100 mb or so) currently raises my clamd cpu
processor usage to 90% or higher, and 'locks' ms outlook on the
workstation during the scan, so I'd rather not scan them and have mcafee
on the workstation take care of that.
| Insight would really be appreciated.
Not sure why this is required. Can't you just use file [filename] to
find out what mime type /etc/magic currently thinks it is? Or is it the
case that the mime type actually isn't in there?
Actually, I use ClamWin on the 'doze side and I was hoping that someday
the developers would put in a tool for discovering if the client host
was running it.  I mean if it has local protection, why burn up the
servers CPU cycles, right?  Distributed approach for a distributed net.
Jim C.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCSb1H57L0B7uXm9oRArtlAJ4znZ47pFfoC6KpKas4GL+uBxTb+ACdFhFw
l5jrrRQKv0d6qTPVYvmK92M=
=9fIr
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: domain admins group in samba 3.0.7 question

2005-03-29 Thread Tony Earnshaw 
Jim C.:

 ~  What makes you think that?  The command should be
 | net groupmap add unixgroup=whatever group name ntgroup=something
 | else
 | where the unixgroup parameter is the name of the existing unix group to
 | use and ntgroup is the new name that you want the group to display as in
  | windows.


 I've thought of doing this also but the problem that I have is that if I
 put this:

 net groupmap add unixgroup=whatever group name ntgroup=something |
 else

 into a logon script won't it add to the group each time the user logs in?
 How would duplicate entries be handled?  Wouldn't I see an entry
 for each login or would duplicate entries be dropped?

'net groupmap add' works for Samba 3 (at least from 3.0.7 on, my
experience up to 3.0.11). It works once and for all for all workstations,
even new ones that you add to the domain - you don't have to keep on doing
it.

This is where the ldapsam backend and using GQ as an LDAP GUI is such a
help; you can see at a glance exactly what you've done and even use GQ and
the Samba tools to start all over again if you've made a mistake.

Your problem is, that you can't see the results of what you're doing and
why it isn't working.

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: domain admins group in samba 3.0.7 question

2005-03-29 Thread Tony Earnshaw 

Jim C.:

 | Why in gods name would you do that?  The net groupmap add command is
 | used to configure the windows group = unixgroup mapping, much like the
  | username map works.  You add users to the ntgroup by adding them to
 the | aforementioned unixgroup.


 Well, that's what I get for indiscriminate cut and paste. Right?;-)


 I'll clarify.  I meant the net command on the windows side. It should
 accomplish more or less the same thing when applied to the local machine
 via a logon script right?  The parameters would have to be different, of
 course. My bad. Sorry.

The net command on Windows workstations often doesn't have the same
possibilities as it does on a Samba PDC. The command should be run on a
Samba PDC, not the Windows workstation. It is then once and for all.

 If there is a better tool, (net use perhaps?) I am interested in
 knowing. I've no idea how to resolve the password issue (I assume there is
 one) for example.

Following the Samba HOWTOs from A to Z is the best alternative. Once
you've learned every possibility by heart (take you a month or six ;)
you're good to go.

--Tonni

-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] printers detect

2005-03-29 Thread Greg Folkert 
On Tue, 2005-03-29 at 13:43 +0200, Fabio Marcone wrote:
 Hi!
 I'm designing a web interface to manage samba server (users, shares, 
 printers) 
 and I would known how i can detect printers available in samba. In that way, 
 admin can set rights and others params of a selected printer.

Uh, Fabio have you looked at SWAT? SWAT == Samba Web Administration Tool

Or Webmin with SWAT integration?

I'd hate to see you make all this fuss for something that is already
done and updated every release of Samba as well.
-- 
greg, [EMAIL PROTECTED]

The technology that is
Stronger, better, faster: Linux


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: No vscan HOWTOs? should called how exclude pst files vscan clamav

2005-03-29 Thread Robert Schetterer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi @ll,hi Andrew,Rainer
sorry that i renamed the subject, but my intention is to make this part
give more notice on the list.
I can confirm the scan problem with clamav vfs and bigger pst file.
As i just have this problem too, i tried google about faqs about this.
I studied the last readme of the vfs and there is just an example
that i should use file -i to find out what mime type my system ( suse
9.2 ) means to a pst file
- --
pdc:/home/danielop/outlook.pst # file -i ./Outlook.pst
./Outlook.pst: application/octet-stream
- -
so i included this to  vscan-clamav.conf
- ---
; exclude files from being scanned based on the MIME-type! Semi-colon
; seperated list (default: empty list). Use this with care!
exclude file types = pst
- 
i havent my win test client up, and no big pst around to do some tests
but i am nearly sure this entry is not right ( or could it be that
easy???), but future tests will show
so i will cc the mantainer of vscan
to give a more detailed example to us how syntax to  exclude is done
or perhaps somebody on the list knows more
Anyway my thx goes to Rainer for doing such a nice job on vscan
cause pst file a comlicated filetypes by their nature.
Best Regards
Robert
Jim C. schrieb:
| | Does anyone have ANY idea what to put in /etc/magic to identify
| microsoft outlook pst files?
| | scanning larger pst files (100 mb or so) currently raises my clamd cpu
| processor usage to 90% or higher, and 'locks' ms outlook on the
| workstation during the scan, so I'd rather not scan them and have mcafee
| on the workstation take care of that.
| | Insight would really be appreciated.
|
| Not sure why this is required. Can't you just use file [filename] to
| find out what mime type /etc/magic currently thinks it is? Or is it the
| case that the mime type actually isn't in there?
|
| Actually, I use ClamWin on the 'doze side and I was hoping that someday
| the developers would put in a tool for discovering if the client host
| was running it.  I mean if it has local protection, why burn up the
| servers CPU cycles, right?  Distributed approach for a distributed net.
|
| Jim C.
- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org
\**
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCScht+Jw+56iSjEkRAlyyAJ9tNhMzZmVXMaQ5uMYNJd9suUEs5QCfYXwp
wGOD4YWpnWYO8Yon79Bmuvk=
=cB+L
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.13 why is lpq command=%p showing with testparm -v ?

2005-03-29 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Urs Rau wrote:
| testparm -s -v  | grep lp
| returns
|
| lpq cache time = 30
| lpq command = %p
| lprm command =
| lppause command =
| lpresume command =
|
| I understand that if I do testparm -v this also
| shows me the built-in  defaults. Why does it only
| show %p for the lpq command and nothing else
| for the other lp commands?
See:
printer name is not honored in printing.c
https://bugzilla.samba.org/bug/2333

cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCScqNIR7qMdg1EfYRArGIAKCW3zVRUHFZ3pLfuIdTeQjKFL2pvwCg7bzn
7EXTpM/CsXmG3FYbjzhodnY=
=bQao
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: No vscan HOWTOs? should called how exclude pst files vscan clamav

2005-03-29 Thread Rainer Link 
On Tue, Mar 29, 2005 at 11:28:13PM +0200, Robert Schetterer wrote:

 Hi @ll,hi Andrew,Rainer

You'd probably shoulnd't bug any Samba people with samba-vscan
related configuration issues. They are busy enough :) 

 - --
 pdc:/home/danielop/outlook.pst # file -i ./Outlook.pst
 ./Outlook.pst: application/octet-stream
 - -


So, the MIME-type is actually application/octet-stream, which is
a generic type for anything binary and not recognized by file otherwise.
Probably someone should try to add a real pattern to detect Outlook
PST correctly (the idea has mentioned below already by someone else).

 so i included this to  vscan-clamav.conf
 
 - ---
 ; exclude files from being scanned based on the MIME-type! Semi-colon
 ; seperated list (default: empty list). Use this with care!
 exclude file types = pst
 - 


pst ist the file extension, not the MIME-type! Keep in mind you should
never trust any file extension if you want to achieve virus protection
(esp. to block files on SMTP layer). I won't repeat the reasoning
behind, just do a google group search for nick fitzgerald file
extension (a good hit is http://tinyurl.com/4nkv9).

Anyway, samba-vscan 0.3.7 will most likely ship with a feature to
exclude files from scanning based on a regexp. The code is basically
already in CVS, based on a contribution from a samba-vscan user.

 Munich / Bavaria / Germany
Hum, that's not sooo far away :)

HTH

best regards
Rainer Link


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] upgrading existing tdbsam to ldap

2005-03-29 Thread jonlists 
moving a system to SLES9 w/OpenLDAP. Existing system used tdbsam. Set up 
new server, configured w/openldap and LAM. Things appear to be working 
fine with the new config, but there are problems in migrating user and 
machine accounts. The new domain, nor users are recognized in LAM. The 
machine accounts are listed as existing, but hostnames are not showing. 

I suppose that this is due to the fact that the migration using the 

pdbedit -v -i tdbsam -e ldapsam 

did not properly assign machines to the proper OU, and users to the proper 
default groups, etc. The pdbedit command was done after the ldap db was 
populated with the IDEALX smbldap-populate tool. 

I had built the new server, then simply moved the /etc/samba and 
/var/lib/samba/*.tdb files into place before doing the pdbedit. Is there a 
method of moving the existing accounts and machine information into the 
proper groups, or do I need to start over and do this in a different 
order? 

Jon Johnston
Creative Business Solutions
IBM, Microsoft, Novell/Suse, Sophos Consultants
http://www.cbsol.com
blog:http://bingo.cbsol.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Advice on a samba setup im considering

2005-03-29 Thread jonlists 
You need to take a look at the Samba 3 By Example guide provided on the 
www.samba.org web site. It'll step you through much of this. 

Putting user accounts on the system? If it's only going to be you, you can 
use the command line tools provided with the operating system and base 
Samba. If someone else - maybe consider something like easier to use like 
webmin. 

Jon Johnston
Creative Business Solutions
IBM, Microsoft, Novell/Suse, Sophos Consultants
http://www.cbsol.com
blog:http://bingo.cbsol.com

[EMAIL PROTECTED] wrote on 03/29/2005 
02:11:52 PM:

 Hello!
 
 Was hoping to get some suggestion and ideas for a samba server I will be 

 implementing here in the next couple of weeks. I have gone through the 
 websites documentation, but I was hoping some of the veterans of samba 
could 
 maybe lend some ideas, advice and recommendations. I will try to be as 
 detailed as possible.
 
 The samba server would server roughly 50-60 people. We have 3, maybe 4 
 departments that I would need to setup shares for (obviously, not all 
 departments would need access to all the shares.) The other thing im 
 considering is maybe trying to design this with the idea in mind of 
future 
 expansion of the company (6-12 months down the road possibly)
 
 I've already installed the OS and Samba and I am in the process of 
 configuring 
 samba.
 
 What would be the recommended method for putting user accounts on the 
system? 
 I know I have a few options, but is there one I should consider morethan 
the 
 other?
 
 All the machines on the network are windows desktop. I would simply 
 just map a 
 drive to the shares needed for each user.
 
 I'm not going to setup this up as a PDC at this time. That would be 
something 
 I may revisit in about 6-12 months as well.
 
 I have a lot to consider. Just hoping to get some ideas here.
 
 Cheers,
 
 Jason
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Advice on a samba setup im considering

2005-03-29 Thread Tony Earnshaw 

Jason:


[...]

 I'm not going to setup this up as a PDC at this time. That would be
 something I may revisit in about 6-12 months as well.

Do this first, after thoroughly learning OpenLDAP from first principles.
I.e., start thinking if any utility/service doesn't work without the
latest, stable LDAP, including Samba, it's useless. Samba does, but so
does anything else that dare to call itself a Unix/Linux service: smtp,
IMAP, shell and gdbm logins, NF, desktop utilities, etc. All give you a
single login ID and password.

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: No vscan HOWTOs? should called how exclude pst files vscan clamav

2005-03-29 Thread mourik jan c heupink 

pdc:/home/danielop/outlook.pst # file -i ./Outlook.pst
./Outlook.pst: application/octet-stream
- -
   


So, the MIME-type is actually application/octet-stream, which is
a generic type for anything binary and not recognized by file otherwise.
Probably someone should try to add a real pattern to detect Outlook
PST correctly (the idea has mentioned below already by someone else).
 

probably someone who knows how /etc/magic works could do something with 
the information on this page:
http://filext.com/detaillist.php?extdetail=PST

There it says:
Identifying characters are:
Hex: 21 42 44 4E
ASCII: !BDN
Anyone knows..?
Mourik Jan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Primard Domain Controller feature not working

2005-03-29 Thread Mark Ratering 
Well, i fixed it.  nmbd wasn't working.  now i am having another
problem!  I am using the 'using samba' book from o'reilly and it says
that the parameter domain admin group is obsoleted in samba 3.0  I
am using 3.0 and i cant add computers to the domain.  What is the
replacement/workaround for it?


On Tue, 29 Mar 2005 12:35:56 -0800, Mark Ratering
[EMAIL PROTECTED] wrote:
 Hey guys,
 
 I configured Samba do be the domain controller for my network and to
 share folders.  the folder sharing works great.  The problem is that
 the domain function does not work at all.  I cannot join the domain
 from any workstation.  It just says that the controller cannot be
 contacted.  I ran an Ethereal sniff on the packets and the computer
 that i want to be PDC is sending ICMP Destination unreachable packets
 in response to the NBNS Name Query.  Here is the packet that the
 workstation is sending to the server.
 
   00 11 11 ba 82 1a 00 0a  e6 d5 fa b4 08 00 45 00    ..E.
 0010  00 4e 01 fb 00 00 80 11  b4 53 c0 a8 01 9e c0 a8   .N.. .S..
 0020  01 62 00 89 00 89 00 3a  81 4e 80 63 01 00 00 01   .b.: .N.c
 0030  00 00 00 00 00 00 20 46  46 46 44 45 43 45 4a 45   .. F FFDECEJE
 0040  4f 45 48 45 50 43 41 43  41 43 41 43 41 43 41 43   OEHEPCAC ACACACAC
 0050  41 43 41 43 41 42 4d 00  00 20 00 01   ACACABM. . ..
 
 The config file that i am using (not including shares that have
 nothing to do with the domain controller).  I do not want roaming
 profiles.
 
 #NetBIOS settings
 netbios name=   FILESERVER
 workgroup   =   USBINGO
 server string   =   File Server
 
 log file=   /var/log/samba/log.%m
 max log size=   50
 time server =   yes
 hide dot files  =   yes
 log level   =   1
 
 #Security settings
 security=   user
 domain logons   =   yes
 encrypt passwords   =   yes
 
 #Turn on the WINS server
 wins support=   yes
 
 #Make sure that Samba is the master browser and domain master browser
 domain master   =   yes
 local master=   yes
 preferred master =   yes
 os level=   65
 
 add user script =   /usr/sbin/useradd -d /dev/null
 -g 100 -s /bin/false -M %u
 
 [netlogon]
 path=   /files/netlogon
 writable=   no
 browsable   =   no
 
 Thanks,
 -Mark
 


-- 
Mark Ratering
A+, CCNP
248-437-1938
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Primard Domain Controller feature not working

2005-03-29 Thread Paul Gienger 

problem!  I am using the 'using samba' book from o'reilly and it says
that the parameter domain admin group is obsoleted in samba 3.0  I
 

A good way to do that would be creating a unix group that you want to be 
mapped to Domain Admins, map it and assign it the appropriate SID (you 
can look into the source for the smbldap-tools to get it in plain 
text).  Then you simply add users to it.

am using 3.0 and i cant add computers to the domain.  

Either use root (properly added as a samba user) or another user with 
uid=0, or use the privilege delegation tools in recent versions.  I 
believe the version that started with them was 3.0.9.   The 
documentation at samba.org (the howto and by example) should be your 
guide as they are updated for the current version.


On Tue, 29 Mar 2005 12:35:56 -0800, Mark Ratering
[EMAIL PROTECTED] wrote:
 

Hey guys,
I configured Samba do be the domain controller for my network and to
share folders.  the folder sharing works great.  The problem is that
the domain function does not work at all.  I cannot join the domain
from any workstation.  It just says that the controller cannot be
contacted.  I ran an Ethereal sniff on the packets and the computer
that i want to be PDC is sending ICMP Destination unreachable packets
in response to the NBNS Name Query.  Here is the packet that the
workstation is sending to the server.
  00 11 11 ba 82 1a 00 0a  e6 d5 fa b4 08 00 45 00    ..E.
0010  00 4e 01 fb 00 00 80 11  b4 53 c0 a8 01 9e c0 a8   .N.. .S..
0020  01 62 00 89 00 89 00 3a  81 4e 80 63 01 00 00 01   .b.: .N.c
0030  00 00 00 00 00 00 20 46  46 46 44 45 43 45 4a 45   .. F FFDECEJE
0040  4f 45 48 45 50 43 41 43  41 43 41 43 41 43 41 43   OEHEPCAC ACACACAC
0050  41 43 41 43 41 42 4d 00  00 20 00 01   ACACABM. . ..
The config file that i am using (not including shares that have
nothing to do with the domain controller).  I do not want roaming
profiles.
   #NetBIOS settings
   netbios name=   FILESERVER
   workgroup   =   USBINGO
   server string   =   File Server
   log file=   /var/log/samba/log.%m
   max log size=   50
   time server =   yes
   hide dot files  =   yes
   log level   =   1
   #Security settings
   security=   user
   domain logons   =   yes
   encrypt passwords   =   yes
   #Turn on the WINS server
   wins support=   yes
   #Make sure that Samba is the master browser and domain master browser
   domain master   =   yes
   local master=   yes
   preferred master =   yes
   os level=   65
   add user script =   /usr/sbin/useradd -d /dev/null
-g 100 -s /bin/false -M %u
[netlogon]
   path=   /files/netlogon
   writable=   no
   browsable   =   no
Thanks,
-Mark
   


 

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Primard Domain Controller feature not working

2005-03-29 Thread Mark Ratering 
I tried using root and i get the error The username could not be found


On Tue, 29 Mar 2005 16:31:19 -0600, Paul Gienger
[EMAIL PROTECTED] wrote:
 
 problem!  I am using the 'using samba' book from o'reilly and it says
 that the parameter domain admin group is obsoleted in samba 3.0  I
 
 
 A good way to do that would be creating a unix group that you want to be
 mapped to Domain Admins, map it and assign it the appropriate SID (you
 can look into the source for the smbldap-tools to get it in plain
 text).  Then you simply add users to it.
 
 am using 3.0 and i cant add computers to the domain.
 
 Either use root (properly added as a samba user) or another user with
 uid=0, or use the privilege delegation tools in recent versions.  I
 believe the version that started with them was 3.0.9.   The
 documentation at samba.org (the howto and by example) should be your
 guide as they are updated for the current version.
 
 
 
 On Tue, 29 Mar 2005 12:35:56 -0800, Mark Ratering
 [EMAIL PROTECTED] wrote:
 
 
 Hey guys,
 
 I configured Samba do be the domain controller for my network and to
 share folders.  the folder sharing works great.  The problem is that
 the domain function does not work at all.  I cannot join the domain
 from any workstation.  It just says that the controller cannot be
 contacted.  I ran an Ethereal sniff on the packets and the computer
 that i want to be PDC is sending ICMP Destination unreachable packets
 in response to the NBNS Name Query.  Here is the packet that the
 workstation is sending to the server.
 
   00 11 11 ba 82 1a 00 0a  e6 d5 fa b4 08 00 45 00    ..E.
 0010  00 4e 01 fb 00 00 80 11  b4 53 c0 a8 01 9e c0 a8   .N.. .S..
 0020  01 62 00 89 00 89 00 3a  81 4e 80 63 01 00 00 01   .b.: .N.c
 0030  00 00 00 00 00 00 20 46  46 46 44 45 43 45 4a 45   .. F FFDECEJE
 0040  4f 45 48 45 50 43 41 43  41 43 41 43 41 43 41 43   OEHEPCAC ACACACAC
 0050  41 43 41 43 41 42 4d 00  00 20 00 01   ACACABM. . ..
 
 The config file that i am using (not including shares that have
 nothing to do with the domain controller).  I do not want roaming
 profiles.
 
 #NetBIOS settings
 netbios name=   FILESERVER
 workgroup   =   USBINGO
 server string   =   File Server
 
 log file=   /var/log/samba/log.%m
 max log size=   50
 time server =   yes
 hide dot files  =   yes
 log level   =   1
 
 #Security settings
 security=   user
 domain logons   =   yes
 encrypt passwords   =   yes
 
 #Turn on the WINS server
 wins support=   yes
 
 #Make sure that Samba is the master browser and domain master 
  browser
 domain master   =   yes
 local master=   yes
 preferred master =   yes
 os level=   65
 
 add user script =   /usr/sbin/useradd -d /dev/null
 -g 100 -s /bin/false -M %u
 
 [netlogon]
 path=   /files/netlogon
 writable=   no
 browsable   =   no
 
 Thanks,
 -Mark
 
 
 
 
 
 
 
 
 --
 Paul GiengerOffice: 701-281-1884
 Applied Engineering Inc.
 Systems Architect   Fax:701-281-1322
 URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]
 
 


-- 
Mark Ratering
A+, CCNP
248-437-1938
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Primard Domain Controller feature not working

2005-03-29 Thread Tom Skeren 
Mark Ratering wrote:
I tried using root and i get the error The username could not be found
 

As root type
smbpasswd -a root
On Tue, 29 Mar 2005 16:31:19 -0600, Paul Gienger
[EMAIL PROTECTED] wrote:
 

problem!  I am using the 'using samba' book from o'reilly and it says
that the parameter domain admin group is obsoleted in samba 3.0  I
 

A good way to do that would be creating a unix group that you want to be
mapped to Domain Admins, map it and assign it the appropriate SID (you
can look into the source for the smbldap-tools to get it in plain
text).  Then you simply add users to it.
   

am using 3.0 and i cant add computers to the domain.
 

Either use root (properly added as a samba user) or another user with
uid=0, or use the privilege delegation tools in recent versions.  I
believe the version that started with them was 3.0.9.   The
documentation at samba.org (the howto and by example) should be your
guide as they are updated for the current version.
   

On Tue, 29 Mar 2005 12:35:56 -0800, Mark Ratering
[EMAIL PROTECTED] wrote:
 

Hey guys,
I configured Samba do be the domain controller for my network and to
share folders.  the folder sharing works great.  The problem is that
the domain function does not work at all.  I cannot join the domain
   

from any workstation.  It just says that the controller cannot be
 

contacted.  I ran an Ethereal sniff on the packets and the computer
that i want to be PDC is sending ICMP Destination unreachable packets
in response to the NBNS Name Query.  Here is the packet that the
workstation is sending to the server.
  00 11 11 ba 82 1a 00 0a  e6 d5 fa b4 08 00 45 00    ..E.
0010  00 4e 01 fb 00 00 80 11  b4 53 c0 a8 01 9e c0 a8   .N.. .S..
0020  01 62 00 89 00 89 00 3a  81 4e 80 63 01 00 00 01   .b.: .N.c
0030  00 00 00 00 00 00 20 46  46 46 44 45 43 45 4a 45   .. F FFDECEJE
0040  4f 45 48 45 50 43 41 43  41 43 41 43 41 43 41 43   OEHEPCAC ACACACAC
0050  41 43 41 43 41 42 4d 00  00 20 00 01   ACACABM. . ..
The config file that i am using (not including shares that have
nothing to do with the domain controller).  I do not want roaming
profiles.
  #NetBIOS settings
  netbios name=   FILESERVER
  workgroup   =   USBINGO
  server string   =   File Server
  log file=   /var/log/samba/log.%m
  max log size=   50
  time server =   yes
  hide dot files  =   yes
  log level   =   1
  #Security settings
  security=   user
  domain logons   =   yes
  encrypt passwords   =   yes
  #Turn on the WINS server
  wins support=   yes
  #Make sure that Samba is the master browser and domain master browser
  domain master   =   yes
  local master=   yes
  preferred master =   yes
  os level=   65
  add user script =   /usr/sbin/useradd -d /dev/null
-g 100 -s /bin/false -M %u
[netlogon]
  path=   /files/netlogon
  writable=   no
  browsable   =   no
Thanks,
-Mark

   


 

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]
   


 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbd[616]: Can't become connected user! Error

2005-03-29 Thread bhazeldine 
Greetings,

I am hoping that someone can shed some light on this error that is
constantly filling up my syslog.

This is the error:

ar 29 17:39:24 spev smbd[616]:   Can't become connected user!
Mar 29 17:39:24 spev smbd[616]: [2005/03/29 17:39:24, 0]
smbd/service.c:make_connection_snum(570)

The error constantly appears in the syslog as people access the server. 
Access to it works completely fine, but it would be nice to know why this
error is always coming up.

OS: Slackware 10.0
Samba version: 3.0.10

Here is my smb.conf file:
[global]
workgroup = SERVERS
server string = Samba Fileserver
valid users = @techstaff, @childstaff
hosts allow = 127.0.0.1, 192.168.0.0/24
hosts deny = 0.0.0.0/0
security = user
log level = 2
log file = /var/log/samba.log
max log size = 50
debug timestamp = yes
[techcenter]
comment = Techcenter files
path = /fileserver/techcenter
read only = No
force user = techshare
force group = techstaff

[gateplex]
comment = Gateplex
path = /fileserver/gateplex
read only = No
force user = techshare
force group = techstaff

[childrens]
comment = Childrens files
path = /fileserver/childrens
read only = No
force user = childshare
force group = childstaff

Any insight will be greatly appreciated.

-Bob-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Recycle error - empty file

2005-03-29 Thread Karl Banasky 
I set up a recycle VFS for my install of SAMBA and it work great except for one 
thing.  I seem to get empty files created. It creates file.doc with 0 bytes.  
Anyone know why this is? I have serched for this but I find the search alittle 
hard to narrow down.  
Any help would be greatly appreciated. 
Thanks
Karl-

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Recycle error - empty file

2005-03-29 Thread Karl Banasky 
I set up a recycle VFS for my install of SAMBA and it work great except for one 
thing.  I seem to get empty files created. It creates file.doc with 0 bytes.  
Anyone know why this is? I have serched for this but I find the search alittle 
hard to narrow down.  
Any help would be greatly appreciated. 
Thanks
Karl-

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Primard Domain Controller feature not working

2005-03-29 Thread Mark Ratering 
I already did that.  When i type in a user that does not have root
permissions it says Access is denied


On Tue, 29 Mar 2005 14:47:50 -0800, Tom Skeren [EMAIL PROTECTED] wrote:
  Mark Ratering wrote: 
  I tried using root and i get the error The username could not be found As
 root type 
  
  smbpasswd -a root
 
  
  On Tue, 29 Mar 2005 16:31:19 -0600, Paul Gienger
 [EMAIL PROTECTED] wrote: 
  
  problem! I am using the 'using samba' book from o'reilly and it says that
 the parameter domain admin group is obsoleted in samba 3.0 I A good way to
 do that would be creating a unix group that you want to be mapped to Domain
 Admins, map it and assign it the appropriate SID (you can look into the
 source for the smbldap-tools to get it in plain text). Then you simply add
 users to it. 
  am using 3.0 and i cant add computers to the domain. Either use root
 (properly added as a samba user) or another user with uid=0, or use the
 privilege delegation tools in recent versions. I believe the version that
 started with them was 3.0.9. The documentation at samba.org (the howto and
 by example) should be your guide as they are updated for the current
 version. 
  On Tue, 29 Mar 2005 12:35:56 -0800, Mark Ratering [EMAIL PROTECTED]
 wrote: 
  Hey guys, I configured Samba do be the domain controller for my network and
 to share folders. the folder sharing works great. The problem is that the
 domain function does not work at all. I cannot join the domain from any
 workstation. It just says that the controller cannot be 
  contacted. I ran an Ethereal sniff on the packets and the computer that i
 want to be PDC is sending ICMP Destination unreachable packets in response
 to the NBNS Name Query. Here is the packet that the workstation is sending
 to the server.  00 11 11 ba 82 1a 00 0a e6 d5 fa b4 08 00 45 00 
 ..E. 0010 00 4e 01 fb 00 00 80 11 b4 53 c0 a8 01 9e c0 a8 .N..
 .S.. 0020 01 62 00 89 00 89 00 3a 81 4e 80 63 01 00 00 01 .b.:
 .N.c 0030 00 00 00 00 00 00 20 46 46 46 44 45 43 45 4a 45 .. F
 FFDECEJE 0040 4f 45 48 45 50 43 41 43 41 43 41 43 41 43 41 43 OEHEPCAC
 ACACACAC 0050 41 43 41 43 41 42 4d 00 00 20 00 01 ACACABM. . .. The config
 file that i am using (not including shares that have nothing to do with the
 domain controller). I do not want roaming profiles. #NetBIOS settings
 netbios name = FILESERVER workgroup = USBINGO server string = File Server
 log file = /var/log/samba/log.%m max log size = 50 time server = yes hide
 dot files = yes log level = 1 #Security settings security = user domain
 logons = yes encrypt passwords = yes #Turn on the WINS server wins support =
 yes #Make sure that Samba is the master browser and domain master browser
 domain master = yes local master = yes preferred master = yes os level = 65
 add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
 [netlogon] path = /files/netlogon writable = no browsable = no Thanks, -Mark
 -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Systems
 Architect Fax: 701-281-1322 URL: www.ae-solutions.com mailto:
 [EMAIL PROTECTED] 
  


-- 
Mark Ratering
A+, CCNP
248-437-1938
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] XP Pro and windows 98 clients on single samba 2.2 domain

2005-03-29 Thread Kevin Bailey 
hi,

been running samba 2.2.3 (debian stable) and using it with windows 98
clients no problem.  domain logins, logon.bat and config.pol stuff all
working.

the customer now wants to add XP Pro PC's to the domain.

now, after following the instructions in 'Using Samba' I have set up an
XP PC to log on to a test server.  once the PC has been added to the
domain the users can log in no problem.

however, how should i run win98 and XP clients at the same time on the
main server?

should i create 2 logins for each user?  one for when they are using a
win98 machine and the other for XP.  how would i stop users logging in
with the wrong login?

could the users use a single login? the logon.bat file seems to work the
same on both systems.  the profile data goes into /home/samba-ntprof for
XP and /home/user1/.win_profile for win98 so is kept separate enough.

also - since we're using poledit and not group policies i can set the
machines up to pickup one config.pol file for win98 and a different one
for XP.

apparently there will only ever be win98 and XP Pro on the domain - and
win98 is being phased out.  there are a pair of servers (one acts as a
hot-swap backup) so maybe that gives some options.

any help/comments gratefully received.

-- 
Kevin Bailey

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Primard Domain Controller feature not working

2005-03-29 Thread Mark Ratering 
When i use a username and password that does not have root privilages
in the windows that pops up after i try to join the domain on the
windows box i get the Access is denied error.


On Tue, 29 Mar 2005 15:29:22 -0800, Tom Skeren [EMAIL PROTECTED] wrote:
  Mark Ratering wrote: 
  I already did that. When i type in a user that does not have root
 permissions it says Access is denied I don't know what that means.  What
 do you mean by:  
  When i type in a user that does not have root Where is this done?  By what
 user?  Please be specific as to what you are doing.
 
  
  On Tue, 29 Mar 2005 14:47:50 -0800, Tom Skeren [EMAIL PROTECTED] wrote: 
  Mark Ratering wrote: I tried using root and i get the error The username
 could not be found As root type smbpasswd -a root On Tue, 29 Mar 2005
 16:31:19 -0600, Paul Gienger [EMAIL PROTECTED] wrote: problem! I
 am using the 'using samba' book from o'reilly and it says that the parameter
 domain admin group is obsoleted in samba 3.0 I A good way to do that would
 be creating a unix group that you want to be mapped to Domain Admins, map it
 and assign it the appropriate SID (you can look into the source for the
 smbldap-tools to get it in plain text). Then you simply add users to it. am
 using 3.0 and i cant add computers to the domain. Either use root (properly
 added as a samba user) or another user with uid=0, or use the privilege
 delegation tools in recent versions. I believe the version that started with
 them was 3.0.9. The documentation at samba.org (the howto and by example)
 should be your guide as they are updated for the current version. On Tue, 29
 Mar 2005 12:35:56 -0800, Mark Ratering [EMAIL PROTECTED] wrote: Hey
 guys, I configured Samba do be the domain controller for my network and to
 share folders. the folder sharing works great. The problem is that the
 domain function does not work at all. I cannot join the domain from any
 workstation. It just says that the controller cannot be contacted. I ran an
 Ethereal sniff on the packets and the computer that i want to be PDC is
 sending ICMP Destination unreachable packets in response to the NBNS Name
 Query. Here is the packet that the workstation is sending to the server.
  00 11 11 ba 82 1a 00 0a e6 d5 fa b4 08 00 45 00  ..E. 0010
 00 4e 01 fb 00 00 80 11 b4 53 c0 a8 01 9e c0 a8 .N.. .S.. 0020 01 62
 00 89 00 89 00 3a 81 4e 80 63 01 00 00 01 .b.: .N.c 0030 00 00 00 00
 00 00 20 46 46 46 44 45 43 45 4a 45 .. F FFDECEJE 0040 4f 45 48 45 50 43
 41 43 41 43 41 43 41 43 41 43 OEHEPCAC ACACACAC 0050 41 43 41 43 41 42 4d 00
 00 20 00 01 ACACABM. . .. The config file that i am using (not including
 shares that have nothing to do with the domain controller). I do not want
 roaming profiles. #NetBIOS settings netbios name = FILESERVER workgroup =
 USBINGO server string = File Server log file = /var/log/samba/log.%m max log
 size = 50 time server = yes hide dot files = yes log level = 1 #Security
 settings security = user domain logons = yes encrypt passwords = yes #Turn
 on the WINS server wins support = yes #Make sure that Samba is the master
 browser and domain master browser domain master = yes local master = yes
 preferred master = yes os level = 65 add user script = /usr/sbin/useradd -d
 /dev/null -g 100 -s /bin/false -M %u [netlogon] path = /files/netlogon
 writable = no browsable = no Thanks, -Mark -- Paul Gienger Office:
 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322
 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] 
  


-- 
Mark Ratering
A+, CCNP
248-437-1938
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Need some help setting up a Samba server

2005-03-29 Thread Madhusudan Singh 
Hi

I am trying to implement a simple Samba server on a Slackware 10.1 machine 
running for a bunch of Windows users that also have unix accounts on the 
machine. Using webmin, I did convert the unix users to samba users. A 
possible problem is that I have very little experience using windows, so 
please be patient with me.

I want them to have read and write permissions only in /home/username. How 
does one accomplish this ?

O/p of smbclient -L localhost -U% :

 Domain=[MOLECTRON] OS=[Unix] Server=[Samba 3.0.10]

Sharename   Type  Comment
-     ---
IPC$IPC   IPC Service (Samba Server on Molectron)
ADMIN$  IPC   IPC Service (Samba Server on Molectron)
 Domain=[MOLECTRON] OS=[Unix] Server=[Samba 3.0.10]

Server   Comment
----
MOLECTRONSamba Server on Molectron

WorkgroupMaster
----
MOLECTRON

Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows XP greyed-out Guest user password prompt

2005-03-29 Thread Jules Agee 
(replying to self again)
Update:
The Windows XP (SP2, BTW) client tries three times to log in to the 
Samba server with the Windows username, which is different from the 
Samba username. As one would expect, Samba replies to each of the three 
requests with a STATUS_WRONG_PASSWORD message, and in the same packets 
the Action segment reads 0x0001 Guest: Logged in as GUEST. If a new XP 
user is created with the same username and password as the Samba 
account, the problem goes away. But if either the XP username or the XP 
password differs from Samba's info, the user is never prompted for the 
real username or password.

Unfortunately, we have situations where the desired behavior is for 
Windows to allow the Samba username to be different from the Windows XP 
client username, and prompt for a different username if the 
currently-logged-in username/pw fails. Instead, XP forces a guest login.

I'd think that this is purely a client issue, except that when I try 
this with a Windows 2000 server or a 2003 server, I'm prompted for a 
username AND password if the Windows XP uid/pw fails.

For what it's worth, Samba returns STATUS_WRONG_PASSWORD errors (even 
if the Samba user doesn't exist), while the Windows 2000 server returns 
STATUS_LOGON_FAILURE errors.

-Jules
Jules Agee wrote:
(replying to self)
I'd appreciate any response at all (including RTFM, but a pointer to 
which FM I should R again would be very appreciated).

Again, we're running Samba 3.0.7 on Debian Sarge, and this problem 
doesn't appear when we connect to Windows file servers, so I thought 
someone here might have some information that might help me track down 
the solution. Thanks for your time!

Jules Agee wrote:
Hi, we've been using Samba for a while, and are just now starting to 
switch our desktop computers to Windows XP. We are having a problem 
where connections to our Samba server fail, and the user is presented 
with a password prompt asking for a password for user Guest. They 
can't select a different user.

I've searched the Microsoft knowledgebase, and the Samba list 
archives, and there are others who have seen this problem, but none of 
the suggestions presented seem to help. We are currently using 
security = share because there are some legacy scripts that depend 
on not getting prompted for a username to access some read-only shares 
we have set up. But just for troubleshooting, I have tried setting 
security = user and map to guest = Bad User but XP still presents 
the guest password prompt and the user still isn't allowed to specify 
their username. We are not using a domain controller.

Everything works great when using a Windows 2000 client. In XP, 
mapping a drive to the Samba share works fine. From XP's command 
prompt, if the user's Windows login and password match what's in our 
LDAP directory (and they usually do), it lets them right in -- the 
user doesn't even get a password dialog when they do this:
net use \\fileserver.example.com\share /user:joebob But if you just 
set up a shortcut to \\fileserver.example.com\share or if you try to 
connect from the run line, it fails  tries to force them to login 
with the guest account.

If anyone has any suggestions, or can even make a guess at an 
explanation for this behavior, I'd really appreciate it.

Thanks!
-Jules
[EMAIL PROTECTED]
smb.conf, slightly sanitized:
[global]
admin users = jane,joe,bob
security = share
encrypt passwords = true
ldap suffix = o=internet
ldap admin dn=cn=Administrator,o=internet
passdb backend = ldapsam:ldaps://ldap1.example.com 
ldaps://ldap2.example.com
guest account = nobody
invalid users = root
workgroup = IS
netbios name = fileserver.example.com
server string = File Server
name resolve order = host bcast
socket options = SO_KEEPALIVE,TCP_NODELAY
oplocks = yes
kernel oplocks = yes
level2 oplocks = no
encrypt passwords = yes
create mask = 770
directory mask = 0770
log level = 2
log file = /var/log/samba/%m.log
max log size = 1
map to guest = Bad Password
load printers = no
delete veto files = yes
hide files = /Icon?/
veto files = /.AppleDouble/.AppleDesktop/Network Trash 
Folder/TheVolumeSettingsFolder/TheFindByContentFolder/
dns proxy = no
log file = /var/log/samba/log.%m.
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
preserve case = yes

[private]
comment = Your Private Home Directory
path = /home/%u
group = default
writable = yes
create mask = 0700
directory mask = 0700
[IS]
comment = Information Systems
path = /var/local/fileshare/IS
nt acl support = no
create mask = 777
directory mask = 0777
read only = No
group = IS
valid users = @IS,@ISAnalyst,@SupportAnalyst,@SystemAdmin
[updates]

Re: [Samba] Need some help setting up a Samba server

2005-03-29 Thread Greg Folkert 
On Tue, 2005-03-29 at 19:48 -0500, Madhusudan Singh wrote:
 Hi
 
 I am trying to implement a simple Samba server on a Slackware 10.1 machine 
 running for a bunch of Windows users that also have unix accounts on the 
 machine. Using webmin, I did convert the unix users to samba users. A 
 possible problem is that I have very little experience using windows, so 
 please be patient with me.
 
 I want them to have read and write permissions only in /home/username. How 
 does one accomplish this ?
 
 O/p of smbclient -L localhost -U% :
 
  Domain=[MOLECTRON] OS=[Unix] Server=[Samba 3.0.10]
 
 Sharename   Type  Comment
 -     ---
 IPC$IPC   IPC Service (Samba Server on Molectron)
 ADMIN$  IPC   IPC Service (Samba Server on Molectron)
  Domain=[MOLECTRON] OS=[Unix] Server=[Samba 3.0.10]
 
 Server   Comment
 ----
 MOLECTRONSamba Server on Molectron
 
 WorkgroupMaster
 ----
 MOLECTRON

First things first, EVERY NAME must be unique. SO a server name of
Molectron and a domain of Molectron just WILL NOT WORK AT ALL.

Please change these to be different like this:

workgroup = MOLEDOM
netbios name = MOLECTRON

It'll get you a lot further.

Get back to us after you do that, if you have other problems.
-- 
greg, [EMAIL PROTECTED]

The technology that is
Stronger, better, faster:  Linux


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Add user to more than one group

2005-03-29 Thread Allen Miller 
Is there a way to modify add user to group script = /usr/sbin/usermod -G %g 
%u so, while using User Manager for Domains, I can add a single user to 
more than one group?

Regards,
Al Miller 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] New Samba Team member: Derrell Lipman

2005-03-29 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

In case you missed the news item at:

http://www.samba.org/samba/news/#welcome_derrell

Derrell's been added to the core set of developers
to help out with libsmbclient.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc 
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFCSg5aIR7qMdg1EfYRAgBpAJ0YYgZCrKXx0vd+09J8uOS+BqBswQCfbMzT
EIuonfrzRYGXGAuU8F0f1dY=
=XpJD
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] how to relay net send messages across subnets

2005-03-29 Thread plug bert 
Hello All,

   Is there any way of doing this, other than sending
the message on a pc connected to all subnets concerns?
Thanks.





__ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Adminstrator Domain SID?

2005-03-29 Thread Doug Campbell 
In the Samba How-To Chapter 13 it says:


The Administrator Domain SID
Please note that when configured as a DC, it is now required that an account
in the server's passdb backend be set to the domain SID of the default
Administrator account. To obtain the domain SID on a Samba DC, run the
following command:

root#  net getlocalsid
SID for domain FOO is: S-1-5-21-4294955119-3368514841-2087710299

You may assign the Domain Administrator rid to an account using the pdbedit
command as shown here:

root#  pdbedit -U S-1-5-21-4294955119-3368514841-2087710299-500 -u root -r



Question:  Is this information still valid after samba 3.0.11?  I didn't do
this but things seem to be working fine.  If the information is still valid,
what would not having it affect?

BTW, I am using the ldapsam backend.

Thanks!

Doug

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Adminstrator Domain SID?

2005-03-29 Thread John H Terpstra 
On Tuesday 29 March 2005 21:57, Doug Campbell wrote:
 In the Samba How-To Chapter 13 it says:

 
 The Administrator Domain SID
 Please note that when configured as a DC, it is now required that an
 account in the server's passdb backend be set to the domain SID of the
 default Administrator account. To obtain the domain SID on a Samba DC, run
 the following command:

 root#  net getlocalsid
 SID for domain FOO is: S-1-5-21-4294955119-3368514841-2087710299

 You may assign the Domain Administrator rid to an account using the pdbedit
 command as shown here:

 root#  pdbedit -U S-1-5-21-4294955119-3368514841-2087710299-500 -u root -r
 


 Question:  Is this information still valid after samba 3.0.11?  I didn't do
 this but things seem to be working fine.  If the information is still
 valid, what would not having it affect?

Yes, it is!

OK. But what is the name of your administrator account? What is the SID for 
this account?

You do realize, I hope, that the RID=500 means the account is the 
Administrator for Windows clients. Any other RID will be seen by the Windows 
workstation (client) as an account other than the real Administrator.

What more must we do to clarify the wording so that everyone clearly gets the 
message? What is not clear in the documentation?

Have fun. :)

Cheers,
John T.


 BTW, I am using the ldapsam backend.

 Thanks!

 Doug

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO  Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Vijay - net_r_sam_logon errors.

2005-03-29 Thread Vijay Kumar 
Hi,

Sorry for the re-post.
Please give me some pointers ?? I am stuck.

Please help. 
 
Regards,
Vijay Kumar

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Vijay Kumar
Sent: Tuesday, March 29, 2005 6:52 PM
To: samba@lists.samba.org
Subject: [Samba] Vijay - net_r_sam_logon errors. 

Hi,

We get the following errors in the current samba domain controller  : 

[2005/03/29 06:16:49, 0] rpc_server/srv_netlog.c:api_net_sam_logon(206)
  api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON.
[2005/03/29 06:16:49, 0] rpc_server/srv_pipe.c:api_rpcTNP(1200)
  api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed.
[2005/03/29 06:29:35, 0] lib/util_sock.c:matchname(900)
  sys_gethostbyname(netapp-ghost): lookup failure.
[2005/03/29 06:29:35, 0] lib/util_sock.c:get_socket_name(967)
  Matchname failed on netapp-ghost 10.10.10.1
[2005/03/29 06:29:35, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(670)
  api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
[2005/03/29 06:35:26, 0] lib/util_sock.c:matchname(900)
  sys_gethostbyname(bhim): lookup failure.
[2005/03/29 06:35:26, 0] lib/util_sock.c:get_socket_name(967)
  Matchname failed on bhim 10.10.10.2
[2005/03/29 06:35:43, 0] smbd/service.c:make_connection(248)
  bhim (172.16.0.196) couldn't find service netlogon
[2005/03/29 06:37:51, 0] lib/util_sock.c:read_data(436)
  read_data: read failure for 4. Error = Connection reset by peer

I have tested the service through other commands like smbclient  share
name -U  user name  and everything runs perfectly fine. 
Users are able to login with their ID's without any issues. 

Please help me to resolve this error. Whats the cause ? 

Regards,
Vijay Kumar
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: No vscan HOWTOs? should called how exclude pst files vscan clamav

2005-03-29 Thread Robert Schetterer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Rainer,
Rainer Link schrieb:
| On Tue, Mar 29, 2005 at 11:28:13PM +0200, Robert Schetterer wrote:
|
|
|Hi @ll,hi Andrew,Rainer
|
|
| You'd probably shoulnd't bug any Samba people with samba-vscan
| related configuration issues. They are busy enough :)
as i am too, but thats a list is for, so its a give and take
|
|- --
|pdc:/home/danielop/outlook.pst # file -i ./Outlook.pst
|./Outlook.pst: application/octet-stream
|- -
|
|
|
| So, the MIME-type is actually application/octet-stream, which is
| a generic type for anything binary and not recognized by file otherwise.
| Probably someone should try to add a real pattern to detect Outlook
| PST correctly (the idea has mentioned below already by someone else).
i thought like this, but where in hell should i define it
i found several mime convs on the system perl has one , cups apache
etc... , no idea which one is the the right to use it with vscan.
|
|so i included this to  vscan-clamav.conf
|
|- ---
|; exclude files from being scanned based on the MIME-type! Semi-colon
|; seperated list (default: empty list). Use this with care!
|exclude file types = pst
|- 
|
|
|
| pst ist the file extension, not the MIME-type! Keep in mind you should
| never trust any file extension if you want to achieve virus protection
| (esp. to block files on SMTP layer). I won't repeat the reasoning
| behind, just do a google group search for nick fitzgerald file
| extension (a good hit is http://tinyurl.com/4nkv9).
yes ,your right but i think this is not the real problem in this case
cause in our case ( the outlook hell case ?*g ) we want to exclude one
file type and
every win client should have ( must ) a antivirus solution
have installed by its own anyway.So a virus should be found
even vscan fails.
So its better to have this filetype excluded and the pst working with
outlook typical redirected by group policy to the users home share
to make it work with roaming profiles and have the rest risk
that a virus stealth itself as pst file.
Cause for now there is no other solution as not to use vscan on the
whole share, which seems to me the badest option.
|
| Anyway, samba-vscan 0.3.7 will most likely ship with a feature to
| exclude files from scanning based on a regexp. The code is basically
| already in CVS, based on a contribution from a samba-vscan user.
|
thx for making this clear, perhaps i will give 0.3.7
a try on my test system, on produktion i will wait till it is
maintained by suse, but its good to here that the solution allready exists.
|Munich / Bavaria / Germany
|
| Hum, that's not sooo far away :)
jep the world is village
Pfiadi Robert *g
| HTH
|
| best regards
| Rainer Link
|
|
- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org
\**
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCSkGv+Jw+56iSjEkRAoY3AJ48161ADNFyMhEXBiAMpXF/bCwpPwCbBEvR
87+3maWFhtMZ9gK34M6WKMc=
=JZpd
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] This is an alert from eSafe

2005-03-29 Thread eSafe 
*** eSafe detected hostile content in this email. ***


Time: 30 Mar 2005 09:44:48
Scan result: Mail modified to remove malicious content
Protocol: SMTP in
File Name\Mail Subject: mail_940701: Hello
Source: [EMAIL PROTECTED]
Destination: [EMAIL PROTECTED]
Details: Notice.zip\Notice.txt  

   .exe   Infected with Win32.Netsky.z (Non-Removable), Blocked 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba or Cups-Problem ?

2005-03-29 Thread Stefan-Michael. Guenther (in-put GbR) 
Hi,

I'm using some kind of pseudo printer on our samba server to automatically 
produce PDF files. The smb.conf looks like this (the samba server is 
successfully conteced to an ADS):

[global]
workgroup = ADS
netbios name = pc103.ads.local
realm = ADS.LOCAL
security = ADS
password server = win2ksrv.ads.local
log level = 2
winbind separator = +
template homedir = /home/%U
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind enable local accounts = yes
template shell = /bin/bash
log file = /var/log/samba/log.smb.%U
max log size = 500
printing = cups
printcap name = cups
cups options = raw

[pdfprinter]
comment = Minolta Color PageWorks/Pro Ps
path = /samba/pdfprinter
print command = /samba/pdfprinter/pdfscript %s 
printable = yes
public = yes
writeable = yes

[printers]
   comment = All Printers
   load printers = yes
   browseable = no
   printable = yes
   public = yes
   read only = yes
   create mode = 0700
   directory = /tmp

My problem is, that the script doesn't produce any PDF file. In the logfile I 
find the following message:

[2005/03/29 19:31:44, 0] printing/print_cups.c:cups_queue_get(900)
  Unable to get jobs for ipp://localhost/printers/pdfprinter - 
client-error-not-found

Okay, this is an error from cups, but what has cups to do with it? I don't 
want to use cups for printing, but a simple script.
I have used this construction already about two years ago with older versions 
of samba and cups and I of course compared the configuration files and all 
file/dir permissions.
Samba is version samba-3.0.9-2.3, cups is version cups-1.1.21-5.6, the system 
is SuSE 9.2.
Do I really have to set up some kind of dummy printer to use a script as a 
printer in samba?

Thanks for any help,

Stefan
-- 

*
in-put GbR - Das Linux-Systemhaus
Stefan-Michael Guenther
Moltkestrasse 49 D-76133 Karlsruhe
Tel./Fax : +49 (0)721 / 83044 - 98/93
http://www.in-put.de
*
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Adminstrator Domain SID?

2005-03-29 Thread Doug Campbell 
 On Tuesday 29 March 2005 21:57, Doug Campbell wrote:
  In the Samba How-To Chapter 13 it says:
 
  
  The Administrator Domain SID
  Please note that when configured as a DC, it is now required that an
  account in the server's passdb backend be set to the domain SID of the
  default Administrator account. To obtain the domain SID on a
 Samba DC, run
  the following command:
 
  root#  net getlocalsid
  SID for domain FOO is: S-1-5-21-4294955119-3368514841-2087710299
 
  You may assign the Domain Administrator rid to an account using
 the pdbedit
  command as shown here:
 
  root#  pdbedit -U S-1-5-21-4294955119-3368514841-2087710299-500
 -u root -r
  
 
 
  Question:  Is this information still valid after samba 3.0.11?
 I didn't do
  this but things seem to be working fine.  If the information is still
  valid, what would not having it affect?

 Yes, it is!

 OK. But what is the name of your administrator account? What is
 the SID for
 this account?

I currently only have three user accounts named: Administrator, dcampbell
and nobody

Both Administrator and dcampbell are in the Domain Admins group.

The SIDs are as follows:

Administrator SID: S-1-5-21-52543480-3766940008-3731351578-2996
dcampbell SID: S-1-5-21-52543480-3766940008-3731351578-3006
nobody SID: S-1-5-21-52543480-3766940008-3731351578-2998

Domain Admins SID:  S-1-5-21-52543480-3766940008-3731351578-512

 You do realize, I hope, that the RID=500 means the account is the
 Administrator for Windows clients. Any other RID will be seen by
 the Windows
 workstation (client) as an account other than the real Administrator.

Doesn't the fact that these accounts are in the Domain Admins group make
them real Administrators too?  I seem to have Administrative access to my
local machine just by being a member of teh Domain Admins group.

Just now, I went ahead and set the Administrators account RID to 500 and
removed it entirely for the Domain Admins group.  I wasn't able to use it
anymore to add a machine.  I expected this to be the case since being in the
Domain Admins group and having assigned it the new SE...Privilege settings
was what was allowing it to administrate the domain.

 What more must we do to clarify the wording so that everyone
 clearly gets the
 message? What is not clear in the documentation?

I guess for me it would help to know what doing this step is supposed to
accomplish.  If I can understand what the purpose of this is, I might be
able to help in clarifying the wording.

Could you explain this in a little more detail, please?

Thanks!

Doug

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Adminstrator Domain SID?

2005-03-29 Thread Doug Campbell 
 On Tuesday 29 March 2005 21:57, Doug Campbell wrote:
  In the Samba How-To Chapter 13 it says:
 
  
  The Administrator Domain SID
  Please note that when configured as a DC, it is now required that an
  account in the server's passdb backend be set to the domain SID of the
  default Administrator account. To obtain the domain SID on a
 Samba DC, run
  the following command:
 
  root#  net getlocalsid
  SID for domain FOO is: S-1-5-21-4294955119-3368514841-2087710299
 
  You may assign the Domain Administrator rid to an account using
 the pdbedit
  command as shown here:
 
  root#  pdbedit -U S-1-5-21-4294955119-3368514841-2087710299-500
 -u root -r
  
 
 
  Question:  Is this information still valid after samba 3.0.11?
 I didn't do
  this but things seem to be working fine.  If the information is still
  valid, what would not having it affect?

 Yes, it is!

 OK. But what is the name of your administrator account? What is
 the SID for
 this account?

I currently only have three user accounts named: Administrator, dcampbell
and nobody

Both Administrator and dcampbell are in the Domain Admins group.

The SIDs are as follows:

Administrator SID: S-1-5-21-52543480-3766940008-3731351578-2996
dcampbell SID: S-1-5-21-52543480-3766940008-3731351578-3006
nobody SID: S-1-5-21-52543480-3766940008-3731351578-2998

Domain Admins SID:  S-1-5-21-52543480-3766940008-3731351578-512

 You do realize, I hope, that the RID=500 means the account is the
 Administrator for Windows clients. Any other RID will be seen by
 the Windows
 workstation (client) as an account other than the real Administrator.

Doesn't the fact that these accounts are in the Domain Admins group make
them real Administrators too?  I seem to have Administrative access to my
local machine just by being a member of teh Domain Admins group.

Just now, I went ahead and set the Administrators account RID to 500 and
removed it entirely for the Domain Admins group.  I wasn't able to use it
anymore to add a machine.  I expected this to be the case since being in the
Domain Admins group and having assigned it the new SE...Privilege settings
was what was allowing it to administrate the domain.

 What more must we do to clarify the wording so that everyone
 clearly gets the
 message? What is not clear in the documentation?

I guess for me it would help to know what doing this step is supposed to
accomplish.  If I can understand what the purpose of this is, I might be
able to help in clarifying the wording.

Could you explain this in a little more detail, please?

Thanks!

Doug

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] B#8238; alcra#8236; ys Ema#8238; li#8236; Veri#8238; noitacif#8236;

2005-03-29 Thread Ba#1971;rclay#1981;s 
    D#8238;ae#8236;r B#8238;ra#8236;clays M#8238;rebme#8236;,

     T#8238;ih#8236;s em#8238;lia#8236; was se#8238;tn#8236; by the 
Barc#8238;al#8236;ys s#8238;re#8236;ver to veri#8238;yf#8236; y#8238;ruo#8236; 
e#8238;liam#8236; add#8238;ser#8236;s. You m#8238;tsu#8236; 
c#8238;etelpmo#8236; t#8238;sih#8236; proc#8238;se#8236;s by 
c#8238;kcil#8236;ing
on the li#8238;kn#8236; b#8238;le#8236;ow and e#8238;niretn#8236;g in the 
sm#8238;la#8236;l wind#8238;wo#8236; y#8238;ruo#8236; Barcla#8238;sy#8236; 
Member#8238;hs#8236;ip nu#8238;rebm#8236;, pa#8238;docss#8236;e and 
m#8238;barome#8236;le w#8238;ro#8236;d.
T#8238;ih#8236;s is d#8238;eno#8236; for yo#8238;ru#8236; 
p#8238;or#8236;tection - b#8238;ce#8236;ause s#8238;emo#8236; of our 
m#8238;rebme#8236;s no lo#8238;egn#8236;r ha#8238;ev#8236; acc#8238;sse#8236; 
to th#8238;ie#8236;r em#8238;ia#8236;l a#8238;sserdd#8236;es and
we m#8238;tsu#8236; ve#8238;fir#8236;y it. To veri#8238;yf#8236; 
y#8238;ruo#8236; e#8238;iam#8236;l addr#8238;se#8236;s and a#8238;ssecc#8236; 
yo#8238;ru#8236; b#8238;kna#8236; ac#8238;oc#8236;unt , c#8238;il#8236;ck on 
the l#8238;kni#8236; b#8238;wole#8236;:

 [input] 
http://www.barclays.com/?lcQQwu3kC66T_rWx7tcVy9BT10ZcdhtMVoDCHVYo9S7g3hdIKiWqbzG2

 











-
Do you Yahoo!?
 Yahoo! Small Business - Try our new resources site! 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

svn commit: samba r6112 - in branches/SAMBA_4_0/source/librpc/ndr: .

2005-03-29 Thread metze 
Author: metze
Date: 2005-03-29 08:10:31 + (Tue, 29 Mar 2005)
New Revision: 6112

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6112

Log:
try to decompress all chunks and put them together

it produces the correct DATA_BLOB length, but only the first chunk is
successfull decompressed...

metze

Modified:
   branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c  2005-03-29 
06:45:25 UTC (rev 6111)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c  2005-03-29 
08:10:31 UTC (rev 6112)
@@ -25,67 +25,102 @@
 #ifdef HAVE_ZLIB
 #include zlib.h
 
-static NTSTATUS ndr_pull_compression_zlib(struct ndr_pull *subndr,
- struct ndr_pull *comndr,
- ssize_t decompressed_len)
+static NTSTATUS ndr_pull_compression_zlib_chunk(struct ndr_pull *ndrpull,
+   struct ndr_push *ndrpush,
+   struct z_stream_s *zs, int i)
 {
-   DATA_BLOB inbuf;
-   DATA_BLOB outbuf = data_blob_talloc(comndr, NULL, decompressed_len);
-   uint32_t outbuf_len = outbuf.length;
-   struct z_stream_s zs;
+   uint8_t *comp_chunk;
+   uint32_t comp_chunk_offset;
+   uint32_t comp_chunk_size;
+   uint8_t *plain_chunk;
+   uint32_t plain_chunk_offset;
+   uint32_t plain_chunk_size;
+   uint16_t unknown_marker;
int ret;
 
-   ZERO_STRUCT(zs);
+   /* I don't know why, this is needed... --metze */
+   if (i == 5) ndrpull-offset -=4;
 
-   if (subndr-data_size  10) {
-   return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, Bad ZLIB 
compressed header (PULL) subcontext size %d, 
- subndr-data_size);
+   NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, plain_chunk_size));
+   if (plain_chunk_size  0x8000) {
+   return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, Bad ZLIB 
plain chunk size %08X  0x8000 (PULL), 
+ plain_chunk_size);
}
 
-   inbuf.data = subndr-data+10;
-   inbuf.length = subndr-data_size-10;
+   NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, comp_chunk_size));
 
-   zs.avail_in = inbuf.length;
-   zs.next_in = inbuf.data;
-   zs.next_out = outbuf.data;
-   zs.avail_out = outbuf.length;
+   NDR_CHECK(ndr_pull_uint16(ndrpull, NDR_SCALARS, unknown_marker));
 
-   ret = inflateInit2(zs, -15);
-   if (ret != Z_OK) {
-   return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, Bad ZLIB 
(PULL) inflateInit2 error %d, 
- ret);
-   }
+   DEBUG(10,(plain_chunk_size: %08X (%u) comp_chunk_size: %08X (%u) 
unknown_marker: %04X (%u)\n,
+ plain_chunk_size, plain_chunk_size, comp_chunk_size, 
comp_chunk_size, unknown_marker, unknown_marker));
 
-   while(1) {
-   ret = inflate(zs, Z_SYNC_FLUSH);
+   comp_chunk_offset = ndrpull-offset;
+   NDR_CHECK(ndr_pull_advance(ndrpull, comp_chunk_size));
+   comp_chunk = ndrpull-data + comp_chunk_offset;
+
+   plain_chunk_offset = ndrpush-offset;
+   NDR_CHECK(ndr_push_zero(ndrpush, plain_chunk_size));
+   plain_chunk = ndrpush-data + plain_chunk_offset;
+
+   zs-avail_in = comp_chunk_size;
+   zs-next_in = comp_chunk;
+   zs-next_out = plain_chunk;
+   zs-avail_out = plain_chunk_size;
+
+   while (True) {
+   ret = inflate(zs, Z_BLOCK);
if (ret == Z_STREAM_END) {
-   
-   DEBUG(0,(inbuf.length: %d avail_in: %d, avail_out: 
%d\n, inbuf.length, zs.avail_in, zs.avail_out));
+   DEBUG(0,(comp_chunk_size: %u avail_in: %d, 
plain_chunk_size: %u, avail_out: %d\n,
+   comp_chunk_size, zs-avail_in, 
plain_chunk_size, zs-avail_out));
break;
}
if (ret != Z_OK) {
-   return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, Bad 
ZLIB (PULL) inflate error %d, 
+   return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, 
Bad ZLIB (PULL) inflate error %d, 
  ret);
}
}
 
-   inflateEnd(zs);
+   if ((plain_chunk_size  0x8000) || (ndrpull-offset+4 = 
ndrpull-data_size)) {
+   /* this is the last chunk */
+   return NT_STATUS_OK;
+   }
 
-   /* TODO: check if the decompressed_len == outbuf_len */
-   outbuf.length = outbuf_len - zs.avail_out;
+   return NT_STATUS_MORE_PROCESSING_REQUIRED;
+}
 
-   if (outbuf.length  16) {
-   return

svn commit: samba r6113 - in branches/SAMBA_4_0/source: . auth auth/gensec auth/kerberos build/smb_build libads libcli/auth

2005-03-29 Thread abartlet 
Author: abartlet
Date: 2005-03-29 08:24:03 + (Tue, 29 Mar 2005)
New Revision: 6113

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6113

Log:
Move GENSEC and the kerberos code out of libcli/auth, and into
auth/gensec and auth/kerberos.

This also pulls the kerberos configure code out of libads (which is
otherwise dead), and into auth/kerberos/kerberos.m4

Andrew Bartlett

Added:
   branches/SAMBA_4_0/source/auth/gensec/
   branches/SAMBA_4_0/source/auth/gensec/gensec.c
   branches/SAMBA_4_0/source/auth/gensec/gensec.h
   branches/SAMBA_4_0/source/auth/gensec/gensec.m4
   branches/SAMBA_4_0/source/auth/gensec/gensec.mk
   branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
   branches/SAMBA_4_0/source/auth/gensec/gensec_gsskrb5.c
   branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c
   branches/SAMBA_4_0/source/auth/gensec/gensec_ntlmssp.c
   branches/SAMBA_4_0/source/auth/gensec/ntlmssp.c
   branches/SAMBA_4_0/source/auth/gensec/ntlmssp.h
   branches/SAMBA_4_0/source/auth/gensec/ntlmssp_parse.c
   branches/SAMBA_4_0/source/auth/gensec/ntlmssp_sign.c
   branches/SAMBA_4_0/source/auth/gensec/schannel.c
   branches/SAMBA_4_0/source/auth/gensec/schannel.h
   branches/SAMBA_4_0/source/auth/gensec/schannel_sign.c
   branches/SAMBA_4_0/source/auth/gensec/schannel_state.c
   branches/SAMBA_4_0/source/auth/gensec/spnego.c
   branches/SAMBA_4_0/source/auth/gensec/spnego.h
   branches/SAMBA_4_0/source/auth/gensec/spnego_parse.c
   branches/SAMBA_4_0/source/auth/kerberos/
   branches/SAMBA_4_0/source/auth/kerberos/clikrb5.c
   branches/SAMBA_4_0/source/auth/kerberos/gssapi_parse.c
   branches/SAMBA_4_0/source/auth/kerberos/kerberos.c
   branches/SAMBA_4_0/source/auth/kerberos/kerberos.h
   branches/SAMBA_4_0/source/auth/kerberos/kerberos.m4
   branches/SAMBA_4_0/source/auth/kerberos/kerberos.mk
   branches/SAMBA_4_0/source/auth/kerberos/kerberos_verify.c
Removed:
   branches/SAMBA_4_0/source/libcli/auth/clikrb5.c
   branches/SAMBA_4_0/source/libcli/auth/gensec.c
   branches/SAMBA_4_0/source/libcli/auth/gensec.h
   branches/SAMBA_4_0/source/libcli/auth/gensec.m4
   branches/SAMBA_4_0/source/libcli/auth/gensec.mk
   branches/SAMBA_4_0/source/libcli/auth/gensec_gssapi.c
   branches/SAMBA_4_0/source/libcli/auth/gensec_gsskrb5.c
   branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c
   branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c
   branches/SAMBA_4_0/source/libcli/auth/gssapi_parse.c
   branches/SAMBA_4_0/source/libcli/auth/kerberos.c
   branches/SAMBA_4_0/source/libcli/auth/kerberos.h
   branches/SAMBA_4_0/source/libcli/auth/kerberos_verify.c
   branches/SAMBA_4_0/source/libcli/auth/ntlmssp.c
   branches/SAMBA_4_0/source/libcli/auth/ntlmssp.h
   branches/SAMBA_4_0/source/libcli/auth/ntlmssp_parse.c
   branches/SAMBA_4_0/source/libcli/auth/ntlmssp_sign.c
   branches/SAMBA_4_0/source/libcli/auth/schannel.c
   branches/SAMBA_4_0/source/libcli/auth/schannel.h
   branches/SAMBA_4_0/source/libcli/auth/schannel_sign.c
   branches/SAMBA_4_0/source/libcli/auth/schannel_state.c
   branches/SAMBA_4_0/source/libcli/auth/spnego.c
   branches/SAMBA_4_0/source/libcli/auth/spnego.h
   branches/SAMBA_4_0/source/libcli/auth/spnego_parse.c
Modified:
   branches/SAMBA_4_0/source/auth/auth.h
   branches/SAMBA_4_0/source/build/smb_build/main.pm
   branches/SAMBA_4_0/source/configure.in
   branches/SAMBA_4_0/source/libads/config.m4


Changeset:
Sorry, the patch is too large (14000 lines) to include; please use WebSVN to 
see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6113

svn commit: samba r6114 - in branches/SAMBA_4_0/source/librpc/ndr: .

2005-03-29 Thread metze 
Author: metze
Date: 2005-03-29 10:01:34 + (Tue, 29 Mar 2005)
New Revision: 6114

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6114

Log:
the marker is const and is 0x434B 'CK'

metze

Modified:
   branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c  2005-03-29 
08:24:03 UTC (rev 6113)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c  2005-03-29 
10:01:34 UTC (rev 6114)
@@ -35,7 +35,8 @@
uint8_t *plain_chunk;
uint32_t plain_chunk_offset;
uint32_t plain_chunk_size;
-   uint16_t unknown_marker;
+   uint8_t C_CK_marker;
+   uint8_t K_CK_marker;
int ret;
 
/* I don't know why, this is needed... --metze */
@@ -44,15 +45,20 @@
NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, plain_chunk_size));
if (plain_chunk_size  0x8000) {
return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, Bad ZLIB 
plain chunk size %08X  0x8000 (PULL), 
- plain_chunk_size);
+ plain_chunk_size);
}
 
NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, comp_chunk_size));
 
-   NDR_CHECK(ndr_pull_uint16(ndrpull, NDR_SCALARS, unknown_marker));
+   NDR_CHECK(ndr_pull_uint8(ndrpull, NDR_SCALARS, C_CK_marker));
+   NDR_CHECK(ndr_pull_uint8(ndrpull, NDR_SCALARS, K_CK_marker));
+   if (!(C_CK_marker == (uint8_t)'C'  K_CK_marker == (uint8_t)'K')) {
+   return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, Bad ZLIB 
invalid CK marker C[%02X] K[%02X] (PULL), 
+ C_CK_marker, K_CK_marker);
+   }
 
-   DEBUG(10,(plain_chunk_size: %08X (%u) comp_chunk_size: %08X (%u) 
unknown_marker: %04X (%u)\n,
- plain_chunk_size, plain_chunk_size, comp_chunk_size, 
comp_chunk_size, unknown_marker, unknown_marker));
+   DEBUG(10,(plain_chunk_size: %08X (%u) comp_chunk_size: %08X (%u)\n,
+ plain_chunk_size, plain_chunk_size, comp_chunk_size, 
comp_chunk_size));
 
comp_chunk_offset = ndrpull-offset;
NDR_CHECK(ndr_pull_advance(ndrpull, comp_chunk_size));
@@ -62,6 +68,8 @@
NDR_CHECK(ndr_push_zero(ndrpush, plain_chunk_size));
plain_chunk = ndrpush-data + plain_chunk_offset;
 
+   dump_data(10, comp_chunk, 16);
+
zs-avail_in = comp_chunk_size;
zs-next_in = comp_chunk;
zs-next_out = plain_chunk;

svn commit: samba r6115 - in branches/SAMBA_4_0/source/librpc/idl: .

2005-03-29 Thread metze 
Author: metze
Date: 2005-03-29 13:07:20 + (Tue, 29 Mar 2005)
New Revision: 6115

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6115

Log:
don't try to decompress level 7 buffers yet

metze

Modified:
   branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2005-03-29 10:01:34 UTC 
(rev 6114)
+++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2005-03-29 13:07:20 UTC 
(rev 6115)
@@ -500,11 +500,17 @@
typedef struct {
uint32 decompressed_length;
uint32 compressed_length;
-   
[subcontext(4),compression(NDR_COMPRESSION_ZLIB,compressed_length,decompressed_length),flag(NDR_REMAINING)]
 DATA_BLOB *decompressed;
-   
/*[subcontext(4),compression(NDR_COMPRESSION_ZLIB,compressed_length,decompressed_length)]
 drsuapi_DsGetNCChangesCtr1 *ctr1;*/
+   
[subcontext(4),subcontext_size(r-compressed_length),compression(NDR_COMPRESSION_ZLIB,compressed_length,decompressed_length),flag(NDR_REMAINING)]
 DATA_BLOB *decompressed;
+   
/*[subcontext(4),subcontext_size(r-compressed_length),compression(NDR_COMPRESSION_ZLIB,compressed_length,decompressed_length)]
 drsuapi_DsGetNCChangesCtr1 *ctr1;*/
} drsuapi_DsGetNCChangesCompressedInfo;
 
typedef struct {
+   uint32 decompressed_length;
+   uint32 compressed_length;
+   
[subcontext(4),subcontext_size(r-compressed_length),flag(NDR_REMAINING)] 
DATA_BLOB *decompressed;
+   } drsuapi_DsGetNCChangesCompressedInfo_Test;
+
+   typedef struct {
drsuapi_DsGetNCChangesCompressedInfo info;
} drsuapi_DsGetNCChangesCtr2;
 
@@ -531,7 +537,7 @@
typedef struct {
uint32 unknown1;
uint16 unknown2; /* enum */
-   drsuapi_DsGetNCChangesCompressedInfo info;
+   drsuapi_DsGetNCChangesCompressedInfo_Test info;
} drsuapi_DsGetNCChangesCtr7;
 
typedef [switch_type(int32)] union {

  1   2   >