Re: [Samba] Mapping Samba Server as a drive?

2005-04-07 Thread Collen 
Nope, just make 1 drive mapping with the right directories below it.
it's the same effect. ?
so instead of seeing all shares from a server, you have 1 share
with all direcrories below it!
(and if you have ACL installed, you can also do something with permissions!)
Just an option..
Collen
Adrian Chow wrote:
Hi Matthew,
I was talking about mapping a samba server to a drive NOT a share from the 
samba server to a drive.
net use h: \\servername
Any way of doing that?
Regards,
adrian
-- Original Message --
From: Matthew White <[EMAIL PROTECTED]>
Date:  Thu, 7 Apr 2005 09:43:21 -0700

you can map a samba server to a drive just like you'd map a windows-based
server:
net use h: \\servername\share
or right click on "My Network Places" and select "Map Network Drive..."
On Fri, Apr 08, 2005 at 12:28:18AM +0800, Adrian Chow ([EMAIL PROTECTED]) wrote:
Hi,
I was just wondering whether can we map a samba server as a drive?  If can, it 
would be GREAT! This is because we can make users who log on to the server see 
different directories (like novell) and i thought it would be EXCELLENT if we 
can map the samba server as a drive itself.
If we can, how can we achieve that?
Thanks.
adrian
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
Matthew White
District Systems Administrator
Tigard/Tualatin School District
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Custom Hidden Files?

2005-04-07 Thread Adi Nugraha 
Use veto files=/.*/

- Original Message - 
From: "Franco "Sensei"" <[EMAIL PROTECTED]>
To: "Samba" 
Sent: Friday, April 08, 2005 4:28 AM
Subject: [Samba] Custom Hidden Files?


> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: Re: [Samba] Mapping Samba Server as a drive?

2005-04-07 Thread Adrian Chow 
Hi Matthew,

I was talking about mapping a samba server to a drive NOT a share from the 
samba server to a drive.

net use h: \\servername

Any way of doing that?

Regards,

adrian

-- Original Message --
From: Matthew White <[EMAIL PROTECTED]>
Date:  Thu, 7 Apr 2005 09:43:21 -0700

>you can map a samba server to a drive just like you'd map a windows-based
>server:
>
>net use h: \\servername\share
>
>or right click on "My Network Places" and select "Map Network Drive..."
>
>On Fri, Apr 08, 2005 at 12:28:18AM +0800, Adrian Chow ([EMAIL PROTECTED]) 
>wrote:
>> Hi,
>> 
>> I was just wondering whether can we map a samba server as a drive?  If can, 
>> it would be GREAT! This is because we can make users who log on to the 
>> server see different directories (like novell) and i thought it would be 
>> EXCELLENT if we can map the samba server as a drive itself.
>> 
>> If we can, how can we achieve that?
>> 
>> Thanks.
>> 
>> adrian
>> 
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>-- 
>Matthew White
>District Systems Administrator
>Tigard/Tualatin School District
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and slapd.conf's TLSVerifyClient

2005-04-07 Thread Doug Campbell 
> > Either way, my question is where do I specify the client certificate for
> > Samba to use? or put another way, does Samba even support this?
> 
> evidently, no one else wanted to answer...

Thank you for trying :)  Maybe no one knows the answer :(

> samba has no means to provide a client certificate that I am aware of.
> Samba should be using nss/padl stuff so in a RHEL / Fedora environment,
> any references to certificates should be in /etc/ldap.conf and I believe
> that should encompass options not specified in smb.conf directly. Thus
> samba isn't providing a certificate because it cannot do so but would
> rely upon other external methods (nss/padl) if that is configured to do
> so.

This actually is not the case.  Samba appears to reference the OpenLDAP
client ldap.conf stored on my system in /etc/openldap.

I can show this in the following way:

1.  Comment out reference to the ca cert in both padl and openldap ldap.conf
files.
2.  Restart Samba
3.  The process hangs for a while with many errors indicating that Samba is
failing in starting a TLS connection.
4.  Restore the ca cert reference in the papl ldap.conf and restart Samba,
same result as before.
5.  comment out padl reference, restore openldap's ldap.conf ca cert
reference and restart Samba.  Samba starts fine.

This is why I found it necessary to say that I had this process working for
PADL stuff (like doing a su username or getent passwd), smbtools-ldap (the
smbldap-tools.conf file allows defining of all the necessary certificates to
use) and ldapsearch.

The problem I see is that Samba uses the openldap global ldap.conf but that
the tls_cert and tls_key directives are user level directives.  So, for
example, in order to get ldapsearch to work with the TLSVerifyClient demand
directive, I have to specify the tls_cert and tls_key directives in root's
.ldaprc file.

Samba from what I have been able to discern does not have a .ldaprc file of
it's own and it does appear to use root's .ldaprc file.

Would this be considered a samba bug if it does indeed not have a way to
specify a client certificate or would this considered a desired feature?

> Oh and it's rather rude to cross post the same message to different
> message bases - if you're gonna do that, you should have the courtesy of
> an announcement.

Sorry.  Why is this rude?  I posted the question first in the ldap-interop
and then thought that maybe it would make sense to ask the samba mailing
list as well.  I don't see how this would offend anyone.  I apologize if it
did.

Doug

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Joining domain across subnet

2005-04-07 Thread Ephi Dror 
Hi All,
 
If I have domain controller on a different subnet than the samba server
and I would like  to join that domain controller  in an environment
without WINS, meaning only DNS available.
 
Unfortunately, it failed.  
 
Is it possible to do it? I am using domain type DOMAIN (not ADS) in
smb.conf and the command I used is: "net  join -Uname%passwd"
 
I looked at the -d 10 log info and it looks like it broadcasts for the
domain name with the  netbios stuff but of course across subnet it
would not work.
 
 
So is it true that in a pure DNS environment without the great help of
WINS server around  in which the domain controller and the samba server
are on a different subnets, I must use domain type ADS?
 
 
Thanks for your tips,
 
Cheers,
Ephi
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] what is unix charset = LOCALE

2005-04-07 Thread Andrew Bartlett 
On Wed, 2005-04-06 at 15:38 +0200, Saskia Whigham wrote:
> Hey,
> 
> my English is not very good. My Question: What ist unix charset = LOCALE ? 

This is normally set for the 'display charset', but it causes Samba to
try and lookup the LANG= and other environment variable to figure out
what character set is in use on a given system.

The default for unix charset and display charset is 'UTF8', which is our
recommendation unless you have particular reasons (such as existing
filenames) to change it.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: How to turn off roaming profiles while holding onto logon scripts.

2005-04-07 Thread Mark Ratering 
nevermind,  I will google before posting next time.

On Apr 7, 2005 10:15 PM, Mark Ratering <[EMAIL PROTECTED]> wrote:
> I have a Samba server acting as my PDC and i need roaming profiles
> turned off.  How do i turn roaming profiles off while mantaining the
> ability to have logon scripts?
> 
> Thanks ahead of time,
> -Mark
> 


-- 
Mark Ratering
A+, CCNP
248-437-1938
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] How to turn off roaming profiles while holding onto logon scripts.

2005-04-07 Thread Mark Ratering 
I have a Samba server acting as my PDC and i need roaming profiles
turned off.  How do i turn roaming profiles off while mantaining the
ability to have logon scripts?

Thanks ahead of time,
-Mark
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'

2005-04-07 Thread Andrew Bartlett 
On Thu, 2005-04-07 at 16:14 +0200, fatima riadi wrote:
> Thank you for your reply.
> 
> > Are the permissions on the winbind privileged pipe
> > correct, what does
> > the winbindd.log say?
> 
> log.winbindd does not report any error.
> I set squid as group owner of the winbindd_privileged
> file. Permissions I found in the documentation
> (750)didn't work. I then set 777 as permission, the
> problem disapeares!

You must *not* set this to 777, and I think winbind will fail to restart
on that setting.  Try 750, with the group set to 'squid'.

Regarding the configure options, as long as you don't try to use the
squid helpers, they are harmless.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Custom Hidden Files?

2005-04-07 Thread Franco \"Sensei\" 
Hi.
A question on a feature that interests me... Can I specify samba to 
handle the dot files in our linux samba server as hidden files in 
windows? It's quite ugly seeing all the hidden unix files .* visible on 
windows...

--
Sensei  
   
   
   


signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] question about ldap passwd sync

2005-04-07 Thread FM 
Hello
for unix sync password we can add a custom script ot sync password :
passwd program =
Which ldap tool samba is using to sync password ? Is is possible to use 
a home made script ?

My unix password are hardcoded ([EMAIL PROTECTED]) because of kerberos 5 
auth so I use a perl script to update the krb5 database

thanks !
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind doesn't resolve id to user (win2003 ads)

2005-04-07 Thread Martynas 
I forgot to say, that I use fedora core 3 and samba 3.0.10.

regards,
Martynas

> Hello,
>
> I have problem with winbind. I joined samba tp win2003 ads domain. I tried
> to use id to user mapping through winbind. But I have such problem:
> after winbind restart I cannot get id to user maps like:
> id test
> id: test: No such user
>
> After I run: wbinfo -u (I get all my domain users), "id test" works but
> seems only for 10 seconds (I set winbind cache time = 10).
>
> So, why winbind doesn't resolve id to usernames after restart? And why
> these maps expires?
>
> regards,
> Martynas
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Noob having troubles with slapd-populate authentication

2005-04-07 Thread Chris Weiss 
I take it back, the RPMs didnt fix anything. Now it just fails silently.
Chris Weiss wrote:
Not really sure what version it was - it was part of the Fedora 
install, apparently and sat in 
/usr/share/doc/samba-3.0.10/LDAP/smbldap-tools/.

In any case, I found the solution to my problem - apparenly I did not 
have the authentication options in /etc/ldap.conf set up (was confused 
by the presence of /etc/ldap.conf and /etc/openldap/ldap.conf).

Additionally, I needed to install RPMs for the following:
perl-Crypt-SmbHash-0.02-8.i386
smbldap-tools-0.8.8-1.noarch.rpm
perl-Authen-SASL-2.08-1.1.fc3.rf.noarch.rpm 
perl-IO-Socket-SSL-0.96-1.1.fc3.rf.noarch.rpm
Now things seem to work fine

John H Terpstra wrote:
On Thursday 07 April 2005 13:25, Chris Weiss wrote:
 

I'm following the "The Linux Samba-OpenLDAP Howto" at
http://samba.idealx.org/smbldap-howto.en.html and seem to have run into
a problem...
I'm to the point where I want to do the initial database population
using smbldap-populate.pl, but when I run it, I'm getting:
Using builtin directory structure
adding new entry: dc=pirategames,dc=net
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate.pl line 323,  line 2.
adding new entry: ou=_USERS_,dc=pirategames,dc=net
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate.pl line 323,  line 3.
adding new entry: ou=_GROUPS_,dc=pirategames,dc=net
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate.pl line 323,  line 4.
etc...
  

It would appear from the above that you have not configured your 
smbldap-tools. You will need to do this by executing the configure.pl 
script in the smbldap-tools directory.

Also, what version of smbldap-tools are you using? The .pl extension 
suggests you are using an old version. What version of Samba are you 
using? Please ensure that the two are matching versions.

Samba pre-3.0.6 can use smbldap-tools 0.8.2 or 0.8.4
Samba 3.0.6 or later requires smbldap-tools 0.8.5 or later.
Samba 3.0.11 is best used with smbldap-tools 0.8.7 or later.
- John T.
 

Something I thought was interesting is it's not even pointing out the
SID, although I've got it and populated the smbldap.conf file and
slapd.conf.pm (I'm using Fedora 3 and the smbldap-tools included 
seem to
have a different default configuration, so I downloaded the RPM and did
an update. This problem was occurring before and after the RPM update).

Also, using smbldap-useradd.pl fails in the same manner.
$ smbldap-useradd.pl -m testuser1
failed to perform search; No such object at
/usr/local/sbin///smbldap_tools.pm line 154,  line 283.
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-useradd.pl line 249,  line 283.
No such object at /usr/local/sbin///smbldap_tools.pm line 178, 
line 283.
That message seems to indicate that I've not set the tools to choose
authentication - I've gone over the permissions settings a few times 
and
things should match up, can anyone help point me in the right direction
to look as to why this might be failing?


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.4 - Release Date: 4/6/2005
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
  

 




--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.4 - Release Date: 4/6/2005
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbind doesn't resolve id to user (win2003 ads)

2005-04-07 Thread Martynas 
Hello,

I have problem with winbind. I joined samba tp win2003 ads domain. I tried
to use id to user mapping through winbind. But I have such problem:
after winbind restart I cannot get id to user maps like:
id test
id: test: No such user

After I run: wbinfo -u (I get all my domain users), "id test" works but
seems only for 10 seconds (I set winbind cache time = 10).

So, why winbind doesn't resolve id to usernames after restart? And why
these maps expires?

regards,
Martynas


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LVS-domain logon -nmbd

2005-04-07 Thread vmoravek 
Hi all,

I try setup LVS and samba server and i found one problem when I registered 
computer to domain.

I drawed picture and attach it.

client(195.146.40.2)
|
|
LVS
VIP(195.146.40.1)
DIP(192.168.30.1)
|
|
samba(192.168.30.10)


For clearly understand : I have two networks, external and internal. When
nmbd receive announcment from client send answer to client. Answer packet
contain ipadress of samba server. But this IP is real samba server IP(in
my case internal) and client cannot connect directly samba.

Exist any way how can nmbd sent to client VIP address instead internal
address.

Thanks a lot.


my ipvsadm rules:

[EMAIL PROTECTED] ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port   Forward Weight ActiveConn InActConn
TCP  195.146.40.1:139 rr
  -> 192.168.30.10:139Masq1  0  0
UDP  195.146.40.1:137 rr
  -> 192.168.30.10:137Masq1  0  0
UDP  195.146.40.1:138 rr
  -> 192.168.30.10:138Masq1  0  0
TCP  195.146.40.1:445 rr
  -> 192.168.30.10:445Masq1  0  0
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Noob having troubles with slapd-populate authentication

2005-04-07 Thread Chris Weiss 
Not really sure what version it was - it was part of the Fedora install, 
apparently and sat in /usr/share/doc/samba-3.0.10/LDAP/smbldap-tools/.

In any case, I found the solution to my problem - apparenly I did not 
have the authentication options in /etc/ldap.conf set up (was confused 
by the presence of /etc/ldap.conf and /etc/openldap/ldap.conf).

Additionally, I needed to install RPMs for the following:
perl-Crypt-SmbHash-0.02-8.i386
smbldap-tools-0.8.8-1.noarch.rpm
perl-Authen-SASL-2.08-1.1.fc3.rf.noarch.rpm 
perl-IO-Socket-SSL-0.96-1.1.fc3.rf.noarch.rpm 

Now things seem to work fine
John H Terpstra wrote:
On Thursday 07 April 2005 13:25, Chris Weiss wrote:
 

I'm following the "The Linux Samba-OpenLDAP Howto" at
http://samba.idealx.org/smbldap-howto.en.html and seem to have run into
a problem...
I'm to the point where I want to do the initial database population
using smbldap-populate.pl, but when I run it, I'm getting:
Using builtin directory structure
adding new entry: dc=pirategames,dc=net
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate.pl line 323,  line 2.
adding new entry: ou=_USERS_,dc=pirategames,dc=net
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate.pl line 323,  line 3.
adding new entry: ou=_GROUPS_,dc=pirategames,dc=net
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate.pl line 323,  line 4.
etc...
   

It would appear from the above that you have not configured your 
smbldap-tools. You will need to do this by executing the configure.pl script 
in the smbldap-tools directory.

Also, what version of smbldap-tools are you using? The .pl extension suggests 
you are using an old version. What version of Samba are you using? Please 
ensure that the two are matching versions.

Samba pre-3.0.6 can use smbldap-tools 0.8.2 or 0.8.4
Samba 3.0.6 or later requires smbldap-tools 0.8.5 or later.
Samba 3.0.11 is best used with smbldap-tools 0.8.7 or later.
- John T.
 

Something I thought was interesting is it's not even pointing out the
SID, although I've got it and populated the smbldap.conf file and
slapd.conf.pm (I'm using Fedora 3 and the smbldap-tools included seem to
have a different default configuration, so I downloaded the RPM and did
an update. This problem was occurring before and after the RPM update).
Also, using smbldap-useradd.pl fails in the same manner.
$ smbldap-useradd.pl -m testuser1
failed to perform search; No such object at
/usr/local/sbin///smbldap_tools.pm line 154,  line 283.
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-useradd.pl line 249,  line 283.
No such object at /usr/local/sbin///smbldap_tools.pm line 178, 
line 283.
That message seems to indicate that I've not set the tools to choose
authentication - I've gone over the permissions settings a few times and
things should match up, can anyone help point me in the right direction
to look as to why this might be failing?

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.4 - Release Date: 4/6/2005
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
   

 


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.4 - Release Date: 4/6/2005
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Noob having troubles with slapd-populate authentication

2005-04-07 Thread John H Terpstra 
On Thursday 07 April 2005 13:25, Chris Weiss wrote:
> I'm following the "The Linux Samba-OpenLDAP Howto" at
> http://samba.idealx.org/smbldap-howto.en.html and seem to have run into
> a problem...
>
> I'm to the point where I want to do the initial database population
> using smbldap-populate.pl, but when I run it, I'm getting:
>
> Using builtin directory structure
> adding new entry: dc=pirategames,dc=net
> failed to add entry: modifications require authentication at
> /usr/local/sbin/smbldap-populate.pl line 323,  line 2.
> adding new entry: ou=_USERS_,dc=pirategames,dc=net
> failed to add entry: modifications require authentication at
> /usr/local/sbin/smbldap-populate.pl line 323,  line 3.
> adding new entry: ou=_GROUPS_,dc=pirategames,dc=net
> failed to add entry: modifications require authentication at
> /usr/local/sbin/smbldap-populate.pl line 323,  line 4.
> etc...

It would appear from the above that you have not configured your 
smbldap-tools. You will need to do this by executing the configure.pl script 
in the smbldap-tools directory.

Also, what version of smbldap-tools are you using? The .pl extension suggests 
you are using an old version. What version of Samba are you using? Please 
ensure that the two are matching versions.

Samba pre-3.0.6 can use smbldap-tools 0.8.2 or 0.8.4
Samba 3.0.6 or later requires smbldap-tools 0.8.5 or later.
Samba 3.0.11 is best used with smbldap-tools 0.8.7 or later.

 - John T.

>
> Something I thought was interesting is it's not even pointing out the
> SID, although I've got it and populated the smbldap.conf file and
> slapd.conf.pm (I'm using Fedora 3 and the smbldap-tools included seem to
> have a different default configuration, so I downloaded the RPM and did
> an update. This problem was occurring before and after the RPM update).
>
> Also, using smbldap-useradd.pl fails in the same manner.
> $ smbldap-useradd.pl -m testuser1
> failed to perform search; No such object at
> /usr/local/sbin///smbldap_tools.pm line 154,  line 283.
> failed to add entry: modifications require authentication at
> /usr/local/sbin/smbldap-useradd.pl line 249,  line 283.
> No such object at /usr/local/sbin///smbldap_tools.pm line 178, 
> line 283.
>
> That message seems to indicate that I've not set the tools to choose
> authentication - I've gone over the permissions settings a few times and
> things should match up, can anyone help point me in the right direction
> to look as to why this might be failing?
>
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.308 / Virus Database: 266.9.4 - Release Date: 4/6/2005
>
>
> --
> This message has been scanned for viruses and
> dangerous content, and is believed to be clean.

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Noob having troubles with slapd-populate authentication

2005-04-07 Thread Chris Weiss 
I'm following the "The Linux Samba-OpenLDAP Howto" at 
http://samba.idealx.org/smbldap-howto.en.html and seem to have run into 
a problem...

I'm to the point where I want to do the initial database population 
using smbldap-populate.pl, but when I run it, I'm getting:

Using builtin directory structure
adding new entry: dc=pirategames,dc=net
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate.pl line 323,  line 2.
adding new entry: ou=_USERS_,dc=pirategames,dc=net
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate.pl line 323,  line 3.
adding new entry: ou=_GROUPS_,dc=pirategames,dc=net
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate.pl line 323,  line 4.
etc...

Something I thought was interesting is it's not even pointing out the 
SID, although I've got it and populated the smbldap.conf file and 
slapd.conf.pm (I'm using Fedora 3 and the smbldap-tools included seem to 
have a different default configuration, so I downloaded the RPM and did 
an update. This problem was occurring before and after the RPM update).

Also, using smbldap-useradd.pl fails in the same manner.
$ smbldap-useradd.pl -m testuser1
failed to perform search; No such object at 
/usr/local/sbin///smbldap_tools.pm line 154,  line 283.
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-useradd.pl line 249,  line 283.
No such object at /usr/local/sbin///smbldap_tools.pm line 178,  
line 283.

That message seems to indicate that I've not set the tools to choose 
authentication - I've gone over the permissions settings a few times and 
things should match up, can anyone help point me in the right direction 
to look as to why this might be failing?


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.4 - Release Date: 4/6/2005
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Listing all users in a remote Samba server

2005-04-07 Thread Erik Torres Serrano 
Unfortunately is a standalone Samba server :(
Steve Feehan wrote:
On Thu, Apr 07, 2005 at 02:10:09PM -0400, Erik Torres Serrano wrote:
 

Hi,
I'm trying to develop a service for retrieving the entire user list of a 
remote samba server. The expected result is the same expected from the 
use of the samba command:

net rpc user
The service is coupled with one only request: should be written using 
Perl language. I have search at the internet and I have read a lot of 
documentation but I have no idea on how should I do it. Any clue or 
comment will be welcome.

Best regards,
Erik
   

If the passdb is in LDAP you could query the directory directly 
via Net::LDAP.

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Overwriting Symbolic Links

2005-04-07 Thread Herb Lewis 
That is a problem with the way word and some other programs edit files.
Word renames the original file, saves the edited output to a new file
of the original name and then deletes the backup (the original). When
the new file is created it is created as a regular file.
Jeffrey M. Johnson wrote:
I am having a "unique" problem with samba and can't seem to find a solution
to the problem.
 

I am running a samba 3.0.5 server on a Solaris 2.9 Server.
 

All Samba does is map the users home directory to there windows desktop.
 

In the home directory we have symbolic links to our web-server so users can
access their web-related content.  We have two types of symbolic links, one
to directories and others to specific files.
 

lrwxrwxrwx   1 user group   44 Apr  6 16:13 file.html ->
/htdocs/file.html
 

lrwxrwxrwx   1 user group   44 Apr  6 16:13 directory ->
/htdocs/directory
 

If a user modifies a file in directory there is no problem everything works
fine.
 

If a user modifies the file.html it over rights the file
 

-rwxrw-r--   1 user group  206 Apr  6  2005 file.html
 

However the problem does not exist with every piece of software, for example
notepad and wordpad do not overwrite the file while word and dreamweaver
does.
 

Any have a solution to this problem.
 

Jeff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Listing all users in a remote Samba server

2005-04-07 Thread Paul Gienger 

I'm trying to develop a service for retrieving the entire user list of 
a remote samba server. The expected result is the same expected from 
the use of the samba command:

net rpc user
Depending on your backend, there's several ways to go about it, 
including querying LDAP for the entries with an appropriate filter and 
parsing the smbpasswd file.  I believe you could also get some info out 
of pdbedit, but that could be a bit tedious. 

What is your backend?
The service is coupled with one only request: should be written using 
Perl language. I have search at the internet and I have read a lot of 
documentation but I have no idea on how should I do it. Any clue or 
comment will be welcome.

Best regards,
Erik
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Listing all users in a remote Samba server

2005-04-07 Thread Steve Feehan 
On Thu, Apr 07, 2005 at 02:10:09PM -0400, Erik Torres Serrano wrote:
> Hi,
> 
> I'm trying to develop a service for retrieving the entire user list of a 
> remote samba server. The expected result is the same expected from the 
> use of the samba command:
> 
> net rpc user
> 
> The service is coupled with one only request: should be written using 
> Perl language. I have search at the internet and I have read a lot of 
> documentation but I have no idea on how should I do it. Any clue or 
> comment will be welcome.
> 
> Best regards,
> 
> Erik

If the passdb is in LDAP you could query the directory directly 
via Net::LDAP.

-- 
Steve Feehan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Changed name of domain - accounts have old name

2005-04-07 Thread Paul Smith 
I'm using samba 3.0.11 on Suse 9.2.  smb.conf is at the end of this
post.

I created a samba pdc with domain name, "gamidom".  This I subsequently
changed to "phoenix" (the same as the server's netbios name).  Tried to
add a win2k machine to the domain and got an error regarding the
domain/server name being the same so I changed the name of the domain in
smb.conf to "adadom", restarted smbd/nmbd joined the win2k machine to a
workgroup, rebooted and joined it to the "adadom" domain.

All went fine, apart from when I look at the Windows 2000 system
properties under the User Profiles tab it shows the old domain account
name:

GAMIDOM\username

Instead of ADADOM\username

I've restarted smbd/nmbd and rebooted the server but it still creates
the user accounts in that way.  The Windows machine has a fresh copy of
Windows 2000 Pro installed this morning.

I thought it might be something to do with the defaultuser account but I
don't know where to start looking.  Any help would be very much
appreciated.

Thank you

Paul

[global]
idmap gid = 15000-2
add group script = /usr/sbin/groupadd %g
preserve case = no
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
logon drive = H:
domain master = yes
logon home = \\%L\%U
passdb backend = tdbsam
wins support = yes
netbios name = phoenix
printing = cups
idmap uid = 15000-2
local master = yes
workgroup = adadom
logon path =
os level = 35
add user script = /usr/sbin/useradd -m %u
printcap name = cups
security = user
preferred master = Yes
add machine script = /usr/sbin/useradd -s /bin/false -d /tmp %u
delete user script = /usr/sbin/userdel -r %u
domain logons = Yes
log level = 1


Apr  7 12:09:18 phoenix nmbd[19539]: [2005/04/07 12:09:18, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
Apr  7 12:09:18 phoenix nmbd[19539]:   *
Apr  7 12:09:18 phoenix nmbd[19539]:
Apr  7 12:09:18 phoenix nmbd[19539]:   Samba server PHOENIX is now a
domain master browser for workgroup ADADOM on subnet 10.10.10.4
Apr  7 12:09:18 phoenix nmbd[19539]:
Apr  7 12:09:18 phoenix nmbd[19539]:   *
A


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-tools not playing nice w/ samba ?

2005-04-07 Thread Ben Davis 
I tried this and it still did not work.  The problem as far as I can 
tell is that samba is not even attempting to search for the user after 
it adds it.  The very last operations in my slapd.log after the error 
occured,  were:

conn=20539 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=20539 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=2 SRCH 
base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
filter="(objectClass=sambaUnixIdPool)"
conn=20539 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=20539 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=20539 op=3 MOD attr=uidNumber
conn=20539 op=3 RESULT tag=103 err=0 text=
conn=20539 op=3 RESULT tag=103 err=0 text=
conn=20539 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(uidNumber=1109)"
conn=20539 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=20539 op=5 RESULT tag=105 err=0 text=
conn=20539 op=5 RESULT tag=105 err=0 text=
conn=20539 op=6 UNBIND
conn=20539 fd=32 closed

So, according to this,  samba searches for the machine,  and when it 
doesn't find it, it adds the machine successfully to the LDAP 
directory,  and that is the last thing that happens.

Any idea what's going on?

Joaquin Villanueva wrote:
I had the same problem here. The change you've made was the same. 
Going up to the root level of LDAP and set a sub search. No way. The 
solution was to put TWO nss_base_passwd lines:

nss_base_passwd ou=Users,dc=liga-acb,dc=es?one
nss_base_passwd ou=Computers,dc=liga-acb,dc=es?one
Try it and let me know...
Ben Davis wrote:
Joaquin wrote:
Ben Davis wrote:
Please help!
I'm having a difficult time getting a machine to join my domin.  
Samba sucessfully adds the machine account using the 
smbldap-useradd -w script,  but I get the error "The user name 
could not be found".

Here's what it looks like it's doing in the ldap logs:  1. There's 
a login as cn=Manager, which searches for the root account, and 
then for a bunch of gidNumbers.  It then searches for the machine$ 
with a sambaSamAccount objectclass, and exits.

2. It then reconnects anonymously and searches for machine$ and 
MACHINE$ twice (no results).
3. After that it connects again as cn=Manager and and searches for 
the machine$ under posixAccount (still no restuls).  It then 
finally adds the entry for machine$  but without the 
sambaSamAccount objectclass.

After that there are no more LDAP queries.   What could be causing 
the error I'm getting?

If you have a Machines= suffix different as the Users= suffix, the 
problem is in the ldap.conf settings. Nothing to do with the 
smbldap-tools. The smbldap-tools creates only a posix entry in the 
Machines tree, leaving to samba the addition of the SambaSamAccount 
class to the machine entry. The problem is that Samba relies in the 
ldap.conf config to search for the machine account. Usually, you 
have only a search here for the users account. The trick is to add a 
second nss_base_password line pinting to the machines tree of LDAP. 
And then works.

Yeah,  I read about that earlier and changed my  nss_base_password 
line to read:

nss_base_passwd   dc=pca-wichita,dc=com?sub
(that is my base dn).  The problem is that in the slapd logs,  the 
LAST thing happens before I get the error is samba ADDS the posix 
machine account.  It does nothing after that. Here's the slapd log of 
all operations of the last connection before the error occurs:

conn=9996 fd=18 ACCEPT from IP=127.0.0.1:52517 (IP=0.0.0.0:389)
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE 
ssf=0
conn=9996 op=0 RESULT tag=97 err=0 text=
conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=2 SRCH 
base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
filter="(objectClass=sambaUnixIdPool)"
conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=9996 op=3 MOD attr=uidNumber
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(uidNumber=1108)"
conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=6 UNBIND
conn=9996 fd=18 closed

As soon as it ADDs the machine account,  it doesn't try to modify 
it's objectClass, or anything like that. What's going on here?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Listing all users in a remote Samba server

2005-04-07 Thread Erik Torres Serrano 
Hi,
I'm trying to develop a service for retrieving the entire user list of a 
remote samba server. The expected result is the same expected from the 
use of the samba command:

net rpc user
The service is coupled with one only request: should be written using 
Perl language. I have search at the internet and I have read a lot of 
documentation but I have no idea on how should I do it. Any clue or 
comment will be welcome.

Best regards,
Erik
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unix to SMB Password Sync using PAM

2005-04-07 Thread Charles McLaughlin 
Hello,
I would like to configure PAM to sync Unix passwords to Samba passwords. 
 When I add a new Unix user or change an existing Unix user's password, 
I want the same password to be stored in /etc/smbpasswd.

I'm trying to follow these instructions:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2606200
It sounds like this is what I want to do:
 "A sample PAM configuration that shows the use of pam_smbpass to make 
sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) is 
changed."

I created the file /etc/pam.d/passwd-sync and pasted the following:
#%PAM-1.0
# password-sync
#
auth   requisitepam_nologin.so
auth   required pam_unix.so
accountrequired pam_unix.so
password   requisitepam_cracklib.so retry=3
password   requisitepam_unix.so shadow md5 use_authtok try_first_pass
password   required pam_smbpass.so nullok use_authtok try_first_pass
sessionrequired pam_unix.s
Then I rebooted and changed my Unix password using "passwd", but that 
didn't change my smbpassd.  I checked to make sure I have all of the 
needed PAM modules, but other than that I don't know what to look for. 
Am I missing something?  Any ideas?

Thanks in advance.
Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem testing libsmbclient on samba 3.0

2005-04-07 Thread Margarita Reyes 
Hi,
I´m new on samba and I´m trying to use samba functions (no daemons).
The case is I can´t execute any of the programs that is on
samba-3.0.11/testsuite/libsmbclient/src/
to prove that library. Does anybody know how to run it?
Thanks in advance..

--
**
Margarita Reyes Rodríguez
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and slapd.conf's TLSVerifyClient

2005-04-07 Thread Craig White 
On Thu, 2005-04-07 at 11:12 +0800, Doug Campbell wrote:
> I have Samba 3.0.13 and LDAP 2.2.24 installed.  I have placed the following
> directive in my slapd.conf file.
> 
> TLSVerifyClient demand
> 
> I have the PADL stuff configured and working fine.
> ldapsearch with -ZZ works fine.
> I even have the Idealx smbldap-tools working fine.
> 
> Samba won't work though unless I set
> 
> TLSVerifyClient try
> 
> According to the slapd.conf man page, "try" causes a client certificate to
> be requested.  If no client certificate is returned then the session
> proceeds normally.  If a client certificate is returned and it is bad the
> session is terminated otherwise it should proceed normally.
> 
> This seems to mean that either
> 
> 1.  Samba doesn't provide a client certificate
> 
> or
> 
> 2.  Samba is providing a bad client certificate
> 
> Either way, my question is where do I specify the client certificate for
> Samba to use? or put another way, does Samba even support this?

evidently, no one else wanted to answer...

samba has no means to provide a client certificate that I am aware of.
Samba should be using nss/padl stuff so in a RHEL / Fedora environment,
any references to certificates should be in /etc/ldap.conf and I believe
that should encompass options not specified in smb.conf directly. Thus
samba isn't providing a certificate because it cannot do so but would
rely upon other external methods (nss/padl) if that is configured to do
so.

Your question seems rather confused to me...

ldapsearch command actually doesn't use padl stuff at all - it uses a
file called ldap.conf that will be in the same folder as your slapd.conf

padl stuff uses /etc/ldap.conf 

thus there are likely 2 files called ldap.conf on your system and each
are used for different things.

Then I can't understand how IDEALX - smbldap is working fine but samba
isn't

I haven't used TLSVerifyClient commands so I can't really direct you
there. It does seem to me that you should verify that all clients can
connect via TLS before you make it mandatory.

Oh and it's rather rude to cross post the same message to different
message bases - if you're gonna do that, you should have the courtesy of
an announcement.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mapping Samba Server as a drive?

2005-04-07 Thread Matthew White 
you can map a samba server to a drive just like you'd map a windows-based
server:

net use h: \\servername\share

or right click on "My Network Places" and select "Map Network Drive..."

On Fri, Apr 08, 2005 at 12:28:18AM +0800, Adrian Chow ([EMAIL PROTECTED]) wrote:
> Hi,
> 
> I was just wondering whether can we map a samba server as a drive?  If can, 
> it would be GREAT! This is because we can make users who log on to the server 
> see different directories (like novell) and i thought it would be EXCELLENT 
> if we can map the samba server as a drive itself.
> 
> If we can, how can we achieve that?
> 
> Thanks.
> 
> adrian
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Matthew White
District Systems Administrator
Tigard/Tualatin School District
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Mapping Samba Server as a drive?

2005-04-07 Thread Adrian Chow 
Hi,

I was just wondering whether can we map a samba server as a drive?  If can, it 
would be GREAT! This is because we can make users who log on to the server see 
different directories (like novell) and i thought it would be EXCELLENT if we 
can map the samba server as a drive itself.

If we can, how can we achieve that?

Thanks.

adrian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba/Cups and printers

2005-04-07 Thread Bernard McAuley 
Hi All,

I'm trying to get samba to work with a CUPS printer setup.
Unfortuantely I'm falling over at the first hurdle.  I've installed
samba 3.0.12 from sources and I've a redhat 9.0 box running CUPS 1.1.71.

I've installed the following smb.conf file:-

[global]
load printers=yes
printings=cups
printcap name=cups
passdb backend = tdsam

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes
printer admin = root, @ntadmins

If I start samba and run:-

Rpcclient server -U root -c enumprinters

Then I get returned the message 'No printers returned'

I've scoured the logs at all levels from smbd, but the only line of
relevance I can find is:-  

Starting background LPQ thread.

This suggestes to me that smbd isn't using the CUPS backend, but is
using the BSD backend(!?).  However, I've checked the smbd binary and it
is linked to libcups.so.2.  I have also checked that cups is creating
the /etc/printcap file (which it is) - though I'm concerned that it
consists only of printer names and nothing else!

Any suggestions would be warmly welcomed.


Bernard McAuley




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-tools not playing nice w/ samba ?

2005-04-07 Thread Joaquin Villanueva 
I had the same problem here. The change you've made was the same. Going 
up to the root level of LDAP and set a sub search. No way. The solution 
was to put TWO nss_base_passwd lines:

nss_base_passwd ou=Users,dc=liga-acb,dc=es?one
nss_base_passwd ou=Computers,dc=liga-acb,dc=es?one
Try it and let me know...
Ben Davis wrote:
Joaquin wrote:
Ben Davis wrote:
Please help!
I'm having a difficult time getting a machine to join my domin.  
Samba sucessfully adds the machine account using the smbldap-useradd 
-w script,  but I get the error "The user name could not be found".

Here's what it looks like it's doing in the ldap logs:  1. There's a 
login as cn=Manager, which searches for the root account, and then 
for a bunch of gidNumbers.  It then searches for the machine$ with a 
sambaSamAccount objectclass, and exits.

2. It then reconnects anonymously and searches for machine$ and 
MACHINE$ twice (no results).
3. After that it connects again as cn=Manager and and searches for 
the machine$ under posixAccount (still no restuls).  It then finally 
adds the entry for machine$  but without the sambaSamAccount 
objectclass.

After that there are no more LDAP queries.   What could be causing 
the error I'm getting?

If you have a Machines= suffix different as the Users= suffix, the 
problem is in the ldap.conf settings. Nothing to do with the 
smbldap-tools. The smbldap-tools creates only a posix entry in the 
Machines tree, leaving to samba the addition of the SambaSamAccount 
class to the machine entry. The problem is that Samba relies in the 
ldap.conf config to search for the machine account. Usually, you have 
only a search here for the users account. The trick is to add a 
second nss_base_password line pinting to the machines tree of LDAP. 
And then works.

Yeah,  I read about that earlier and changed my  nss_base_password 
line to read:

nss_base_passwd   dc=pca-wichita,dc=com?sub
(that is my base dn).  The problem is that in the slapd logs,  the 
LAST thing happens before I get the error is samba ADDS the posix 
machine account.  It does nothing after that. Here's the slapd log of 
all operations of the last connection before the error occurs:

conn=9996 fd=18 ACCEPT from IP=127.0.0.1:52517 (IP=0.0.0.0:389)
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE 
ssf=0
conn=9996 op=0 RESULT tag=97 err=0 text=
conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=2 SRCH 
base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
filter="(objectClass=sambaUnixIdPool)"
conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=9996 op=3 MOD attr=uidNumber
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(uidNumber=1108)"
conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=6 UNBIND
conn=9996 fd=18 closed

As soon as it ADDs the machine account,  it doesn't try to modify it's 
objectClass, or anything like that. What's going on here?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] profiles samba & sesion windows

2005-04-07 Thread Lic. Fidelino Badillo 
Since Like a profiles does for windows xp or 2000. 
It He is that me gustaria that the servant of samba, was sending a profile the 
users of windows and it he  it was fixed that was not getting lost it of every 
user.

Since it is possible to do or that it is necessary to do, I do not find 
information. I cannot give a sure meeting to the usarios of windows because, 
they lose everything.
Thank you gentlemen, I wait for your  response. 
I do not write well the Englishman.
Fidelino
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbmount codepage / iocharset problem w/ W2k

2005-04-07 Thread Leo 
Hi:
I have written to this list once before regarding the same problem.
(ref  smbmount problem on 03/28/2005)
Paul Gienger sugested asking the "kernel boys" as they maintain smbmount. 
Maybe my problem wasn't deserving of a reply from them, maybe I subscribed 
to the wrong list.  Can someone suggest a kernel list where I may get a 
useful reply?

smbclient's ftp like interface works correctly, however the debug output 
(--debug 10) isn't helping me determine what codepage/iocharset is being 
used.  Is there a way to determine what codepage and iocharset are being used?

My smb.conf contains
   dos charset = 850
   unix charset = ISO8859-1
   display charset = ISO8859-1
so can I assume it's cp850 the codepage being used by smbclient?
is iso8859-1 the charset being used by smbclient?
Lastly can someone send me google keyword(s) where I can read up on how the 
smb protocol uses codepages and iocharsets?  (just to clear up the issue for 
me?)  Is it safe to presume that the MS implementation of the SMB protocol 
if compatible (they like to invent stuff just to muck up standards as I hear)?

TIA
Leo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] user's smbd process generates high cpu utilization

2005-04-07 Thread Dragan Krnic 
> We have a problem where occasionally (couple of times
> a day to a couple of times a week) a user smbd process
> pegs the cpu, causing login failures for other users.

If you dig a little further back in the Samba archives you 
may find a thread of mine that sounds suspiciously like
your itch. The cause of the problem (high cpu usage for
some users) was an inconsistency in the passwd/group
a slightly wrong spelling of a user name, IIRC. The thread 
ends with some shell and awk scripts to help check the files 
for possible inconcistencies. Perhaps it is not relevant 
for you since you are using ldap instead of files,
but who knows?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Changing file ownership from Windows

2005-04-07 Thread Marek Drápal 
Hi,

thank you very much for your reply. Actually it seems, that the problem is
somewhere else. I'll show why.
 
> It's possible you don't have ACL support either in your distro, Samba or
> both.

I think I have both. Here are some proofs:

1) xi:/home/public# mount
...
/dev/hda4 on /home type ext3 (rw,acl)

2)xi:/home/public# ll /home/public/ttt.txt
-rwxrwxrwx+ 1 root w2k-domain-admins 0 2005-04-07 15:55 /home/public/ttt.txt

xi:/home/public# getfacl /home/public/ttt.txt
getfacl: Removing leading '/' from absolute path names
# file: home/public/ttt.txt
# owner: root
# group: w2k-domain-admins
user::rwx
group::rwx
group:w2k-zamestnanci:r-x
mask::rwx
other::rwx

3) The same file after playing with windows exploder
xi:/home/public# ll /home/public/ttt.txt
-r--rwx---+ 1 root w2k-domain-admins 0 2005-04-07 15:55 /home/public/ttt.txt

xi:/home/public# getfacl /home/public/ttt.txt
getfacl: Removing leading '/' from absolute path names
# file: home/public/ttt.txt
# owner: root
# group: w2k-domain-admins
user::r--
group::r--
group:Ucetnici:r-x
mask::rwx
other::---

As you can see I was able to change the permissions, ACL group, BUT I am
unable to change main owner and group! When I try to change it I get no error,
but the group/owner I changed is added via ACL and the main group/owner is
unchanged (everything done under root in windows).
Turnig off inheritence doesn't help. 

Any hints?

   Marek Drapal

Here is some info about my system:

* Debian testing with 2.6.8-1-386

* smbd --version = Version 3.0.10-Debian

* smb.conf (parts):

[global]
admin users = root, TW\root
username map = /etc/samba/smbusers
netbios name = xi
workgroup = TW
server string = "TW XI Samba-3 Server"
wins support = yes
dns proxy = no
name resolve order = wins bcast host
security = user
encrypt passwords = true
passdb backend = tdbsam
unix password sync = no
domain master = yes
preferred master = yes
local master = yes
domain logons = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 33
map acl inherit = yes
nt acl support = yes
[public]
   path=/home/public
   comment = "Public Directories"
   browseable = yes
   writable = yes
   admin users = root

* xi:/home/public# net groupmap list
System Operators (S-1-5-32-549) -> -1
Ucetnici (S-1-5-21-1269125357-2084727546-3002100113-3037) -> Ucetnici
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-1269125357-2084727546-3002100113-512) -> 
w2k-domain-admins
Domain Guests (S-1-5-21-1269125357-2084727546-3002100113-514) -> 
w2k-domain-guests
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> w2k-domain-admins
Domain Users (S-1-5-21-1269125357-2084727546-3002100113-513) -> w2k-domain-users
Account Operators (S-1-5-32-548) -> -1
Zamestnanci (S-1-5-21-1269125357-2084727546-3002100113-3029) -> w2k-zamestnanci
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
 

> 
> --Tonni
> 
> -- 
> Nothing sucksseeds like a pigeon without a beak ...
> 
> mail: [EMAIL PROTECTED]
> http://www.billy.demon.nl
>  
> They love us, don't they, They feed us, won't they ...
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Error was Transport endpoint is not connected

2005-04-07 Thread Dimitri Yioulos 
On Thursday 07 April 2005 07:49 am, Meli Marco wrote:
> Hi,
> I running samba 3.0.13 on RH9, and share a folder in a mix network
> workstations (W2k, DOS, Win98SE, NT4) and I have set following smb.conf
> file:
>
>  netbios name = NETBIOSNAME
> os level = 16
> wins server = 10.90.17.80
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
> workgroup = DOMAIN
> realm = DOMAIN.COM
> security = ADS
> password server = kdcsrv.sinter.gkn.com
> encrypt passwords = yes
> #   null passwords = yes
> #   auth methods = guest sam_ignoredomain winbind:ntdomain
> allow trusted domains = Yes
> winbind use default domain = Yes
> winbind separator = /
> winbind enum users = Yes
> winbind enum groups = yes
> idmap uid = 1-10
> idmap gid = 1-10
> hide unreadable = Yes
> template homedir = /data/user/%U
> template shell = /bin/false
> use sendfile = No
> printer admin = ***
> admin users = ***
> log file = /var/log/samba/log.%m
> log level = 1 auth:5 sam:5
> max log size = 50
> printing = cups
> printcap name = cups
> load printers = Yes
> map acl inherit = Yes
> nt acl support = Yes
>
> Yesterday some local users doesn't login on the samba share, if I get in
> the window property panel I have noticed that these users was replaced by
> others (maybe id mapping problem) so I decided to relocate them on Windows
> 2003, delete them by the smbpasswd file and /etc/smbpasswd, run tdbbackup
> tool and disable auth methods option (no more local users authentication).
> Today everithing seems works fine but I have stranges messages by winbind
> and smbd log file again:
>
> Tail -f /var/log/samba/log.winbindd:
> [2005/04/06 10:29:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
>   user 'MILSALHP2200D_1' does not exist   
> <-
> this is a printer!
> [2005/04/06 10:33:01, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(474)
>   Could not convert gid 24329 to sid
>
> Tail -f /var/log/samba/log.smbd:
> [2005/04/06 08:33:57, 0] lib/util_sock.c:get_peer_addr(1150)
>   getpeername failed. Error was Transport endpoint is not connected
> [2005/04/06 08:58:21, 0] lib/util_sock.c:get_peer_addr(1150)
>   getpeername failed. Error was Transport endpoint is not connected
>
> How can I fix it?
> Thanks.
> Marco.

As I recall, it has something to do with smb trying to use both ports 139 and 
445, and there being some contention there.  Try adding the following to your 
smb.conf file:  smb ports = 445 (the default is smbports = 445 139).  At 
least this worked for me.

Dimitri
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-tools not playing nice w/ samba ?

2005-04-07 Thread Ben Davis 
Joaquin wrote:
Ben Davis wrote:
Please help!
I'm having a difficult time getting a machine to join my domin.  
Samba sucessfully adds the machine account using the smbldap-useradd 
-w script,  but I get the error "The user name could not be found".

Here's what it looks like it's doing in the ldap logs:  1. There's a 
login as cn=Manager, which searches for the root account, and then 
for a bunch of gidNumbers.  It then searches for the machine$ with a 
sambaSamAccount objectclass, and exits.

2. It then reconnects anonymously and searches for machine$ and 
MACHINE$ twice (no results).
3. After that it connects again as cn=Manager and and searches for 
the machine$ under posixAccount (still no restuls).  It then finally 
adds the entry for machine$  but without the sambaSamAccount 
objectclass.

After that there are no more LDAP queries.   What could be causing 
the error I'm getting?

If you have a Machines= suffix different as the Users= suffix, the 
problem is in the ldap.conf settings. Nothing to do with the 
smbldap-tools. The smbldap-tools creates only a posix entry in the 
Machines tree, leaving to samba the addition of the SambaSamAccount 
class to the machine entry. The problem is that Samba relies in the 
ldap.conf config to search for the machine account. Usually, you have 
only a search here for the users account. The trick is to add a second 
nss_base_password line pinting to the machines tree of LDAP. And then 
works.

Yeah,  I read about that earlier and changed my  nss_base_password line 
to read:

nss_base_passwd   dc=pca-wichita,dc=com?sub
(that is my base dn).  The problem is that in the slapd logs,  the LAST 
thing happens before I get the error is samba ADDS the posix machine 
account.  It does nothing after that. Here's the slapd log of all 
operations of the last connection before the error occurs:

conn=9996 fd=18 ACCEPT from IP=127.0.0.1:52517 (IP=0.0.0.0:389)
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE ssf=0
conn=9996 op=0 RESULT tag=97 err=0 text=
conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=2 SRCH 
base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
filter="(objectClass=sambaUnixIdPool)"
conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=9996 op=3 MOD attr=uidNumber
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(uidNumber=1108)"
conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=6 UNBIND
conn=9996 fd=18 closed

As soon as it ADDs the machine account,  it doesn't try to modify it's 
objectClass, or anything like that. What's going on here?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'

2005-04-07 Thread fatima riadi 
Thank you for your reply.

> Are the permissions on the winbind privileged pipe
> correct, what does
> the winbindd.log say?

log.winbindd does not report any error.
I set squid as group owner of the winbindd_privileged
file. Permissions I found in the documentation
(750)didn't work. I then set 777 as permission, the
problem disapeares!

> --with-winbind-auth-challenge doesn't exist any
> more.  It was a Samba
> 2.2 hack, the privileged pipe dir handled the access
> control to this now.
> 
> >  And I configure squid with
> >  (--enable-auth="ntlm,basic"
> >  --enable-basic-auth-helpers="winbind"
> >  --enable-ntlm-auth-helpers="winbind").
> 
> These last two options build helpers in the squid
> sources which are
> incompatible with Samba 3.0.  They should not be
> built or used.

Do you think that I have to rebuild Samba and squid
avoiding latter options?

Authentication works well now!






__
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Re: extd_audit log output and documentation

2005-04-07 Thread John H Terpstra 
On Thursday 07 April 2005 07:35, Marco De Vitis wrote:
> Il 07/04/2005, alle ore 15:13, John H Terpstra ha scritto:
> > The documentation will need to be updated based on a review of the
> > current source code. If there is a bug then the appropriate vehicle for
> > having it dealt with is a bug report on https://bugzilla.samba.org.
>
> ..which is what I already did:.
> https://bugzilla.samba.org/show_bug.cgi?id=2349
> "extd_audit VFS log output problems - unexpected behaviour"
>
> But nobody seems to have picked it up. What else can I do, as a
> non-programmer? Please help me to help you. :)

Understood.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Re: extd_audit log output and documentation

2005-04-07 Thread Marco De Vitis 
Il 07/04/2005, alle ore 15:13, John H Terpstra ha scritto:

> The documentation will need to be updated based on a review of the current 
> source code. If there is a bug then the appropriate vehicle for having it 
> dealt with is a bug report on https://bugzilla.samba.org.

...which is what I already did:
https://bugzilla.samba.org/show_bug.cgi?id=2349
"extd_audit VFS log output problems - unexpected behaviour"

But nobody seems to have picked it up. What else can I do, as a
non-programmer? Please help me to help you. :)

-- 
Ciao,
  Marco.

..."Red", King Crimson (1974)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.13 : ads_verify_ticket: unable to protect replay cache with mutex.

2005-04-07 Thread Buozis, Martynas 
Hello

I can't get my Samba 3.0.13 connected to ADS. Message
"ads_verify_ticket: unable to protect replay cache with mutex." is seen
in log.smbd file. Can anybody provide any tips about this error ?


With best regards
Martynas 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: extd_audit log output and documentation

2005-04-07 Thread John H Terpstra 
On Thursday 07 April 2005 03:02, Marco De Vitis wrote:
> Il 07/04/2005, alle ore 9:20, John H Terpstra ha scritto:
> > I would much appreciate if you could provide a documentation update. I am
> > bogged down with other priorities right now. If you can not provide a
> > detailed documentation update this will have to wait for several months
> > before I can even think of looking at this.
>
> Hi John, actually I didn't expect the problem to be in the documentation,
> but rather in extd_audit behaviour. I recall you telling that someone
> changed the VFS module behaviour after you wrote the doc, without
> notifying you.
>
> So I'd change the question to: is extd_audit ok as it is now, or does it
> need to be fixed?
> What the doc says seems to be a reasonable behaviour for extd_audit.
>
> Otherwise, I sincerely would have no idea where to start updating the
> documentations, because do not know how extd_audit works in first place.
> Good documentation cannot be written by trial and error. :-/
>
> Who is the developer of extd_audit? Can he be reached and asked for
> details?

The documentation will need to be updated based on a review of the current 
source code. If there is a bug then the appropriate vehicle for having it 
dealt with is a bug report on https://bugzilla.samba.org.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] idmap_rid: could not convert sid to uid

2005-04-07 Thread Maarten de Boer 
I just found the problem, I had both idmap uid/gid and winbind uid/gid 
specified,
and with ranges that caused problems.

> idmap uid = 500-1000
> idmap gid = 500-1000
> winbind uid = 1-2
> winbind gid = 1-2

I changed it to

idmap backend = idmap_rid:IUATST4W=3-4
idmap uid = 3-4
idmap gid = 3-4

and it works perfectly.

maarten


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-tools patch - careful string handling

2005-04-07 Thread Paul Gienger 

The issue is that some of the smb.conf parameters have quotes in funny places
that need to stay there (particularly the smbldap script "wrappers").  The
smbldap tools will issue funny warnings that help to sidetrack finding actual
problems...
Patch attached.
 

Have you submitted this to idealx? The would probably be interested in 
your fix.

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] idmap_rid: could not convert sid to uid

2005-04-07 Thread Maarten de Boer 
Hello,

I am trying (again) to get samba+winbind working, with the idmap_rid
backend. I am using a freshly installed samba server and client machine,
with samba-3.0.13. Most things seem to work, but when I try to get
the uid's for the samba users, I run into problems.

  # net rpc join
  Password: 
  Joined domain IUATST4W.
  # net rpc testjoin
  Join to 'IUATST4W' is OK
  # wbinfo -u
  root
  tst4usr1
  # wbinfo -n tst4usr1
  S-1-5-21-673783806-3852186271-4218622188-3116 User (1)
  # wbinfo -S S-1-5-21-673783806-3852186271-4218622188-3116
  Could not convert sid S-1-5-21-673783806-3852186271-4218622188-3116 to uid

and obviously, a
  # getent passwd tst4usr1
does not work either, and my log.winbindd says:

[2005/04/07 14:48:55, 10] sam/idmap_util.c:idmap_sid_to_uid(150)
  idmap_sid_to_uid: sid = [S-1-5-21-673783806-3852186271-4218622188-3116]
[2005/04/07 14:48:55, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
  error getting user id for sid S-1-5-21-673783806-3852186271-4218622188-3116

I configured samba with
--with-static-modules=idmap_rid \
--with-shared-modules=idmap_rid \

(I suppose only one of those would be enough)

Any suggestions/help would be much appreciated. If you want I can provide more
detailed logs.

maarten

-- PDC smb.conf 
[global]
   netbios name = TESTPDC
   workgroup = IUATST4W
   os level = 33
   passdb backend = tdbsam
   preferred master = yes
   domain master = yes
   local master = yes
   security = user
   domain logons = yes
   logon path = \\%N\profiles\%U
   logon drive = H:
   logon home = \\homeserver\%U\winprofile
   logon script = logon.cmd
   server string = %h server (Samba %v)
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   log level = 10

[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = yes
   read only = yes

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

-

- client smb.conf 

[global]
workgroup = IUATST4W
netbios name = TESTCLIENT
security = domain
password server = TESTPDC
allow trusted domains = No
idmap backend = idmap_rid:IUATST4W=500-1000
idmap uid = 500-1000
idmap gid = 500-1000
template primary group = "Domain Users"
template shell = /bin/bash
winbind separator = +
winbind uid = 1-2
winbind gid = 1-2
winbind use default domain = Yes
winbind enum users = no
winbind enum groups = no
winbind nested groups = yes
log level = 10
[testshare]
comment = Project directory
path = /mnt/testshare
read only = no
nt acl support = yes
unix extensions = yes

-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Domain reconnection after network outage

2005-04-07 Thread olly 
Hi All,

We have a Samba server connecting to a Windows 2000 Domain controller for 
authentication purposes using windbind. We have had a couple of network 
outages recently and the other servers, which are Windows 2000 member 
servers seem to resume normal authenication when the network returns, but 
the Samba server does not recover until samba is restarted. We have had this 
problem when the domain server was down for maintainence, so it is not 
specifically related it the network interface going down.

Is this behaviour limitation of samba, or is there an option I can set to 
continue retrying, or is it a bug? Is there a workaround? Any information 
would be useful. We are using Samba 3.0.11 suse 9.0 packages from samba.org. 
Please find at the bottom of the email the last few log entries in case it 
is of some use.

Thanks in advance,

Olly

[2005/04/06 17:31:25, 1] nsswitch/winbindd_group.c:fill_grent_mem(134)
  could not lookup membership for group rid 
S-1-5-21-1078081533-152049171-725345
543-2641 in domain MYDOMAIN (error: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2005/04/06 17:31:25, 0] nsswitch/winbindd_group.c:winbindd_getgrent(790)
  could not lookup domain group MYDOMAIN\npd committee
[2005/04/06 17:31:25, 1] nsswitch/winbindd_group.c:fill_grent_mem(134)
  could not lookup membership for group rid 
S-1-5-21-1078081533-152049171-725345
543-2717 in domain MYDOMAIN (error: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2005/04/06 17:31:25, 0] nsswitch/winbindd_group.c:winbindd_getgrent(790)
  could not lookup domain group MYDOMAIN\123users
[2005/04/06 17:31:25, 1] nsswitch/winbindd_group.c:fill_grent_mem(134)
  could not lookup membership for group rid 
S-1-5-21-1078081533-152049171-725345
543-2739 in domain MYDOMAIN (error: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2005/04/06 17:31:25, 0] nsswitch/winbindd_group.c:winbindd_getgrent(790)
  could not lookup domain group MYDOMAIN\project team
[2005/04/06 17:31:31, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(299)
  group fileshare in domain LINUX does not exist
[2005/04/06 17:31:53, 0] lib/util_sock.c:read_socket_with_timeout(321)
  read_socket_with_timeout: timeout read. read error = Connection reset by 
peer.
[2005/04/06 17:31:53, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
  cli_pipe: return critical error. Error was Read error: Connection reset by 
peer
[2005/04/06 17:32:48, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
  cli_pipe: return critical error. Error was Call timed out: server did not 
respond after 1 milliseconds
[2005/04/06 17:32:59, 0] lib/util_sock.c:read_socket_with_timeout(321)
  read_socket_with_timeout: timeout read. read error = Connection reset by 
peer.
[2005/04/06 17:32:59, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
  cli_pipe: return critical error. Error was Read error: Connection reset by 
peer
[2005/04/06 17:53:49, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
  cli_pipe: return critical error. Error was Call timed out: server did not 
respond after 1 milliseconds 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'

2005-04-07 Thread Andrew Bartlett 
On Thu, 2005-04-07 at 11:47 +0200, fatima riadi wrote:
>  Hi everybody,
>  
>  I setup squid-2.5.STABLE9 with samba-3.0.13 to use
>  winbind authentication over a Windows 2003 Active
>  Directory.
>  Web users' authentication from my proxy server box
>  succeedes.
>  But when a remote user try to authenticate himself,
>  authentication failes and Squid return the
>  following:
>authenticateNTLMHandleReply: Error validating user
>  via NTLM. Error returned 'BH
>  NT_STATUS_ACCESS_DENIED'

Are the permissions on the winbind privileged pipe correct, what does
the winbindd.log say?

>  I configured samba with (--with-ads --with-ldap
>  --with-winbind --with-winbind-auth-challenge).

--with-winbind-auth-challenge doesn't exist any more.  It was a Samba
2.2 hack, the privileged pipe dir handled the access control to this
now.

>  And I configure squid with
>  (--enable-auth="ntlm,basic"
>  --enable-basic-auth-helpers="winbind"
>  --enable-ntlm-auth-helpers="winbind").

These last two options build helpers in the squid sources which are
incompatible with Samba 3.0.  They should not be built or used.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Error was Transport endpoint is not connected

2005-04-07 Thread Meli Marco 


Hi,
I running samba 3.0.13 on RH9, and share a folder in a mix network
workstations (W2k, DOS, Win98SE, NT4) and I have set following smb.conf
file:

 netbios name = NETBIOSNAME
os level = 16
wins server = 10.90.17.80
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
workgroup = DOMAIN
realm = DOMAIN.COM
security = ADS
password server = kdcsrv.sinter.gkn.com
encrypt passwords = yes
#   null passwords = yes
#   auth methods = guest sam_ignoredomain winbind:ntdomain
allow trusted domains = Yes
winbind use default domain = Yes
winbind separator = /
winbind enum users = Yes
winbind enum groups = yes
idmap uid = 1-10
idmap gid = 1-10
hide unreadable = Yes
template homedir = /data/user/%U
template shell = /bin/false
use sendfile = No
printer admin = ***
admin users = ***
log file = /var/log/samba/log.%m
log level = 1 auth:5 sam:5
max log size = 50
printing = cups
printcap name = cups
load printers = Yes
map acl inherit = Yes
nt acl support = Yes

Yesterday some local users doesn't login on the samba share, if I get in the
window property panel I have noticed that these users was replaced by others
(maybe id mapping problem) so I decided to relocate them on Windows 2003,
delete them by the smbpasswd file and /etc/smbpasswd, run tdbbackup tool and
disable auth methods option (no more local users authentication).
Today everithing seems works fine but I have stranges messages by winbind
and smbd log file again:

Tail -f /var/log/samba/log.winbindd:
[2005/04/06 10:29:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'MILSALHP2200D_1' does not exist <-
this is a printer!
[2005/04/06 10:33:01, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(474)
  Could not convert gid 24329 to sid

Tail -f /var/log/samba/log.smbd:
[2005/04/06 08:33:57, 0] lib/util_sock.c:get_peer_addr(1150)
  getpeername failed. Error was Transport endpoint is not connected
[2005/04/06 08:58:21, 0] lib/util_sock.c:get_peer_addr(1150)
  getpeername failed. Error was Transport endpoint is not connected

How can I fix it?
Thanks.
Marco.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Fwd: [Samba] Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'

2005-04-07 Thread fatima riadi 
 Remarque : message transféré en pièce jointe. 






__
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File Name Changed

2005-04-07 Thread Venkatesh Subramaniam 
Hi,

I am using Samba 3.0.10 version. One of my user reported that his file is 
missing then I check in my server, the file was renamed with .TMP as shown 
below. The original file name is MAX-CANADA\ 2005.xls

MAX-CANADA\ 2005.xls~RF1c176be.TMP

Any particular reason ?
--
Venkat
+65 9855 1209
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'

2005-04-07 Thread fatima riadi 

 Hi everybody,
 
 I setup squid-2.5.STABLE9 with samba-3.0.13 to use
 winbind authentication over a Windows 2003 Active
 Directory.
 Web users' authentication from my proxy server box
 succeedes.
 But when a remote user try to authenticate himself,
 authentication failes and Squid return the
 following:
   authenticateNTLMHandleReply: Error validating user
 via NTLM. Error returned 'BH
 NT_STATUS_ACCESS_DENIED'
 
 I configured samba with (--with-ads --with-ldap
 --with-winbind --with-winbind-auth-challenge).
 
 And I configure squid with
 (--enable-auth="ntlm,basic"
 --enable-basic-auth-helpers="winbind"
 --enable-ntlm-auth-helpers="winbind").
 
 I edited my smb.conf and my krb5.conf files to much
my AD domain settings.

 I joined the domain.

 My squid.conf file containes the following:
   auth_param ntlm program
 /usr/local/samba/bin/ntlm_auth
 --helper-protocol=squid-2.5-ntlmssp
   auth_param ntlm children 5
   auth_param ntlm max_challenge_reuses 0
   auth_param ntlm max_challenge_lifetime 2 minutes
  
   auth_param basic program
 /usr/local/samba/bin/ntlm_auth
 --helper-protocol=squid-2.5-basic
   auth_param basic children 5
   auth_param basic realm Squid proxy-caching web
 server
   auth_param basic credentialsttl 2 hours
  
   acl authUsers proxy_auth REQUIRED
   http_access allow authUsers
   http_access deny all
 
 Someone told that this is basicly a samba error.
 Does anyone have an idea?
 Thanks in advance.
  






__
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Changing file ownership from Windows

2005-04-07 Thread Tony Earnshaw 
tor, 07.04.2005 kl. 09.06 skrev Marek Drápal:
> Hi all,

> would be somebody so nice, to tell me, if IT'S POSSIBLE to change file
> ownership from Windows native dialog? 

Yes, both user and group - depending on your OS/distro, Samba version
and compile-time options.

> In Samba HOWTO ch.14 (File, Directory and Share Access Controls) is written,
> that only special NT chown from Seclib NT security library is able to handle
> this, on the other hand in various dissusions I found, that it is possible to
> change it natively (as I understood).

Chapter 14 does not state this; on the contrary, it gives a full
description of how to manipulate ACLs using a Windows client (at least
the doco for Samba 3.0.11 does). What it doesn't What it doesn't discuss
is how to implement Posix ACLs. For this (Linux and IRIX) you should
consult your OS doco. Nor can I find references to compile-time options.

> >From my point of view I can't understand, the behaviour described in my
> previous post. If I can change permissions HOW is possible, that I can't
> change ownership?

It's possible you don't have ACL support either in your distro, Samba or
both.

--Tonni

-- 
Nothing sucksseeds like a pigeon without a beak ...

mail: [EMAIL PROTECTED]
http://www.billy.demon.nl
 
They love us, don't they, They feed us, won't they ...

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: extd_audit log output and documentation

2005-04-07 Thread Marco De Vitis 
Il 07/04/2005, alle ore 9:20, John H Terpstra ha scritto:

> I would much appreciate if you could provide a documentation update. I am 
> bogged down with other priorities right now. If you can not provide a 
> detailed documentation update this will have to wait for several months 
> before I can even think of looking at this.

Hi John, actually I didn't expect the problem to be in the documentation,
but rather in extd_audit behaviour. I recall you telling that someone
changed the VFS module behaviour after you wrote the doc, without
notifying you.

So I'd change the question to: is extd_audit ok as it is now, or does it
need to be fixed?
What the doc says seems to be a reasonable behaviour for extd_audit.

Otherwise, I sincerely would have no idea where to start updating the
documentations, because do not know how extd_audit works in first place.
Good documentation cannot be written by trial and error. :-/

Who is the developer of extd_audit? Can he be reached and asked for
details?

-- 
Ciao,
  Marco.

..."The Lamb Lies Down on Broadway", Genesis (1974)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-tools not playing nice w/ samba ?

2005-04-07 Thread Joaquin 
Ben Davis wrote:
Please help!
I'm having a difficult time getting a machine to join my domin.  Samba 
sucessfully adds the machine account using the smbldap-useradd -w 
script,  but I get the error "The user name could not be found".

Here's what it looks like it's doing in the ldap logs:  
1. There's a login as cn=Manager, which searches for the root account, 
and then for a bunch of gidNumbers.  It then searches for the machine$ 
with a sambaSamAccount objectclass, and exits.

2. It then reconnects anonymously and searches for machine$ and 
MACHINE$ twice (no results).
3. After that it connects again as cn=Manager and and searches for the 
machine$ under posixAccount (still no restuls).  It then finally adds 
the entry for machine$  but without the sambaSamAccount objectclass.

After that there are no more LDAP queries.   What could be causing the 
error I'm getting?
If you have a Machines= suffix different as the Users= suffix, the 
problem is in the ldap.conf settings. Nothing to do with the 
smbldap-tools. The smbldap-tools creates only a posix entry in the 
Machines tree, leaving to samba the addition of the SambaSamAccount 
class to the machine entry. The problem is that Samba relies in the 
ldap.conf config to search for the machine account. Usually, you have 
only a search here for the users account. The trick is to add a second 
nss_base_password line pinting to the machines tree of LDAP. And then works.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Can really anyone help ?

2005-04-07 Thread CIKALA Frédéric ROSI/SIPROD 
As i haven't found some solution to acces win share I unfortunately have to re 
install the winNT box and easyPhp ...

I'm sick of it and you cannot imagine my saddness. 




-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
De la part de Joris De Pooter
Envoyé : mercredi 6 avril 2005 17:22
À : samba@lists.samba.org
Objet : Re: [Samba] Can really anyone help ?


And what's the smbclient tool behavior ??
Same as when you mount ?

CIKALA Frédéric ROSI/SIPROD a écrit :

>Ok in fact, i wasnt clear enough
>
>After my "mount -t smbfs ..." (which telles me few errors), i can browse the 3 
>first degrees of the HD (and only see directories).
>Unfortunately (and i do not catch why) i cannot see the files or the above 
>directories 
>
>That very strange, it seems like a security module avoïd me to browse more and 
>to get access to the file (that i do not even see)
>I think, this security module has something to do with the kerberos...
>
>pleaZ help =(
>
>
>
>-Message d'origine-
>De : Joris De Pooter [mailto:[EMAIL PROTECTED]
>Envoyé : mercredi 6 avril 2005 17:05
>À : CIKALA Frédéric ROSI/SIPROD
>Cc : samba@lists.samba.org
>Objet : Re: [Samba] Can really anyone help ?
>
>
>Well, after re-thinking of it, it seems OK since you can list the 
>directories.
>Sorry, my bad...
>
>But, see anyway if you can browse using the smbclient tool
># smbclient -U"AD\user" //10.169.244.244/shares
>
>
>CIKALA Frédéric ROSI/SIPROD a écrit :
>
>  
>
>>ok, lets go on in english
>>(I precise that i'm quite a newbie with linux ...^^ but i want to learn)
>>So i d not exactly know what is the use of these files ...
>>
>>
>>So, here is my smb.conf :
>>[global]
>>workgroup = AD
>>server string = Samba Server //(a SAmba Server ?? why, im just a client ...)
>>printcap name = /etc/printcap
>>load printers = yes
>>cups options = raw
>>log file = /var/log/samba/%m.log
>>max log size = 50
>>security = ads
>>encrypt passwords = yes
>>smb passwd file = /etc/smbpasswd
>>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>dns proxy = no
>>idmap uid = 16777216-33554431
>>  idmap gid = 16777216-33554431
>>  template shell = /bin/false
>>  winbind use default domain = no
>>[homes]
>>  comment = Home Directories
>>  browseable = no
>>[printers]
>>  comment = All Printers
>>  path = /var/spool/samba
>>  browseable = no
>>  guest ok = no
>>  writable = no
>>  printable = yes
>>
>>Now, Here is the nsswitch.conf :
>>
>>passwd: files
>>shadow: files
>>group:  files
>>#hosts: db files nisplus nis dns
>>hosts:  files dns
>>bootparams: nisplus [NOTFOUND=return] files
>>ethers: files
>>netmasks:   files
>>networks:   files
>>protocols:  files
>>rpc:files
>>services:   files
>>netgroup:   files
>>publickey:  nisplus
>>automount:  files
>>aliases:files nisplus
>>
>>In fact, the only thing i did is to create the user who i want to join then 
>>mount the remote share ...
>>but i cannot even join ...
>>
>>for information, when i type winbind here is what i got (nothing)
>>[EMAIL PROTECTED] dl]# winbindd
>>[EMAIL PROTECTED] dl]#
>>
>>Thank you for helping me because i'm such in trouble with this problem :
>>I've told everyones of my new job that linux is The Solution (comparing to 
>>NT4 + easyPhp) ... and it doesn't work (yet ;))
>>
>>
>>
>>-Message d'origine-
>>De : Joris De Pooter [mailto:[EMAIL PROTECTED]
>>Envoyé : mercredi 6 avril 2005 16:29
>>À : CIKALA Frédéric ROSI/SIPROD
>>Objet : Re: [Samba] Can really anyone help ?
>>
>>
>>Oui, je parle français :p
>>
>>Mais on peut continuer en anglais, pour que tout le monde en profite ;)
>>
>>So, first can you provide us your smb.conf ?
>>Next, my first guess is samba can't find your AD controller.
>>Have you set up the nsswitch.conf with winbind ?
>>
>>CIKALA Frédéric ROSI/SIPROD a écrit :
>>
>> 
>>
>>
>>
>>>salut, 
>>>
>>>Apparement, tu parles français, et c'est tant mieux =)
>>>Effectivement, il apparrait qu'a franceTélécom, il faut d'abord que la 
>>>machine qui veuille accéder a ces ressources soit d'abord dans le domaine 
>>>concerné (ici AD)
>>>
>>>Alors je n'ai pas le mot de passe administrateur du filer, cependant j'ai un 
>>>login/password (non admin) qui me permet (en tout cas sous windauze) 
>>>d'accéder comme il faut aux fichiers .. mais lorsque je tente le net join 
>>>... là, cest le drame :
>>>
>>>[EMAIL PROTECTED] dl]# net join AD -U sero7472
>>>sero7472's password:
>>>[2005/04/06 16:02:09, 0] utils/net_ads.c:ads_startup(186)
>>>ads_connect: No such file or directory
>>>
>>>Unable to find a suitable server
>>>
>>>Unable to find a suitable server
>>>[EMAIL PROTECTED] dl]#
>>>
>>>je ne comprend pas ces erreurs ... et toi ?
>>>
>>>
>>>Merci ^^
>>>-Message d'origine-
>>>De : Joris De Pooter [mailto:[EMAIL PROTECTED]
>>>Envoyé : mercredi 6 avril 2005 16:00
>>>À : CIKALA Frédéric ROSI/SIPROD
>>>Cc : samba@lists.samba.org
>>>Objet : Re: [Samba] Can really anyone help ?
>>>
>>>
>>>Hello / Salut,
>>>
>>>That's odd

Re: [Samba] Password sync between W2k ADS and samba 2.2.x

2005-04-07 Thread J. Strohschnitter 


> > is there any chance to synchronize passwords between
> > the smbpasswd of samba 2.2.x and the ADS of a win2000
> > server-system, but without using winbind ?
> > We don't want to use winbind, because with this we
> > have to change our running infrastructure of samba
> > from Samba-PDC with smbpasswd.
> > Does there exists for example a little tool that can
> > be run by crontab to sync the passwords ?
> > 
> > Hope someone can help me ...
> 
> If you want to use your AD passwords in linux/unix systems, you don't
> even need samba. If you use pam-krb5 you actually authenticate unix
> systems against active directory.
> 


hm, a little tool that can be run by crontab does not exists ?
We don't have pam-krb5 running on our systems and I don't know
how to configure this. I thought on a quick solution running a
(perl)-script that synchronize the passwords of ADS-Users with
the smbpasswd of a running samba 2.2.8a.

-- 
Regards,

 Jens Strohschnitter

-
*!!!LINUX LINUX LINUX LINUX LINUX!!!*
 
* http://www.jens-strohschnitter.de *
-
Set the controls for 
 the heart of the sun
-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] kill this damn spam...

2005-04-07 Thread Simon Hobson 
Joe Cipale wrote:
Is there anyway we can stop this 'need Employee' or other kinds of 
spam that seems to infiltrate this mailing list?
The problem is that the list owners have made the decision that it 
will not be closed to public posts - on the grounds that many people 
needing help will not 'jump through the hoops' required to subscribe. 
This means that the list is open to spam from anyone. I know it's 
possible for a spammer to subscribe and then spam, but that requires 
a reasonable manual effort - but it does prevent automatic spamming 
to list addresses.

Personally I disagree with that decision, but I don't run the list. I 
believe that it's the only list I'm on that allows public posting.

Simon
PS - I won't post again on the subject and add to the noise.
--
Simon Hobson MA MIEE, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101
Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Seeking documentation for SAMBA3+LDAP but NOT PDC

2005-04-07 Thread Olivier Deckmyn - INGENIWEB 
Hi there,

I would like to build a _simple_ server for sharing files, using Samba3.
I use FreeBSD5, the machine works well with ldap, nss_switch, pam_ldap.
Users can login (ssh) using the ldap account : perfect.

Now i want them to access some file/shares using SMB with Samba3, using
their LDAP account.

BUT : **I don't want to turn this simple server into a PDC machine**
This would be overkill for my needs.

Is there a documentation around (I've been really searching) that would
help me build a SAMBA3+LDAP server NOT acting like a PDC. I just want to
have my users identify using their LDAP account, not more.

Any documentation found are huge tutorial spending a lot of energy
building a secured PDC server, which is not what i want  ;)

Thanx for your help,

Olivier.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] extd_audit log output and documentation

2005-04-07 Thread John H Terpstra 
On Tuesday 05 April 2005 09:04, Marco De Vitis wrote:
> Hello,
> any news about the inconsistencies between what the Samba HOWTO tells and
> the actual behaviour of the extd_audit VFS module?
> See https://bugzilla.samba.org/show_bug.cgi?id=2349

I would much appreciate if you could provide a documentation update. I am 
bogged down with other priorities right now. If you can not provide a 
detailed documentation update this will have to wait for several months 
before I can even think of looking at this.

Thanks.

- John T.

>
> Thanks in advance for any useful info.
>
> --
> Ciao,
>   Marco.
>
> .."Close To The Edge", Yes (1972).

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Staus of Sernet Debian packages?

2005-04-07 Thread Wolfgang Ratzka 
Has anybody out there tried the Debian packages offered by
sernet? The seem to be ina not-yet-usable state right now.
(E.g. the scripts normally found in /etc/init.d seem to be
missing.)
-- 
Wolfgang Ratzka  Phone: +49 6421 2823531  FAX: +49 6421 2826994
Uni Marburg,  HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany
  http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Domain Root Password

2005-04-07 Thread Gerald Cenir 
I've finally added it! Thanks so much for your help Ivan and the others.
I found out that it was due to 
ldap password sync = yes
in my smb.conf

Best regards,


-Original Message-
From: Ivan Toh Boon Cheong [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 07, 2005 3:01 PM
To: Gerald Cenir; samba@lists.samba.org
Subject: RE: [Samba] Domain Root Password

http://www.linuxforum.com/forums/index.php?showtopic=68203

http://www.spinics.net/lists/samba/msg19401.html



Hope these help



-Original Message-
From: Gerald Cenir [mailto:[EMAIL PROTECTED]
Sent: Thu 4/7/2005 2:49 PM
To: Ivan Toh Boon Cheong; samba@lists.samba.org
Cc:
Subject: RE: [Samba] Domain Root Password
   
   

Executing smbpasswd -a root result in this message:
   
[EMAIL PROTECTED] root]# smbpasswd -a root
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: LDAP Password could not be changed for user root: 
Object class violation
entry modify failed
ldapsam_add_sam_account: failed to modify/add user with uid = root (dn 
= uid=root,ou=Users,dc=company,dc=com)
Failed to add entry for user root.
Failed to modify password entry for user root
   
There is an Administrator user however. But my machine still can't join 
the domain when I use the Administrator user.
   
Regards,
   
-Original Message-
From: Ivan Toh Boon Cheong [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 07, 2005 2:21 PM
To: Gerald Cenir; samba@lists.samba.org
Subject: RE: [Samba] Domain Root Password
   
The fact that you seeing the error saying that samba cant find an entry 
for the root, is that you have to create an smbuser entry for root. The smbuser 
database does not synchronise automatically with /etc/passwd or ldap , if I'm 
not wrong.Hence, the command #smbpasswd -a root, will create an smbuser entry 
for root, and at the same time prompting you for a smbpasswd , which is also 
may not be the same as the system password.
   
-Original Message-
From: Gerald Cenir [mailto:[EMAIL PROTECTED]
Sent: Thu 4/7/2005 2:12 PM
To: samba@lists.samba.org
Cc:
Subject: RE: [Samba] Domain Root Password
 
 
   
Thanks but when I executed the command
#smbpasswd root
 
It says that it failed to find entry for user root.
I checked my directory using slapcat and there is a user root
 
dn: uid=root,ou=Users,dc=company,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
...
 
should I delete it and add it again?
 
 
 
 
-Original Message-
From: Mark Sarria [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 07, 2005 11:59 AM
To: Gerald Cenir; samba@lists.samba.org
Subject: Re: [Samba] Domain Root Password
 
all you need to do is type:
 
#smbpasswd root
 
-mark
 
- Original Message -
From: "Gerald Cenir" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, April 06, 2005 7:57 PM
Subject: [Samba] Domain Root Password
 
 
> Hi!
>
> How do we provide a password for the domain root?
> I am using Samba 3.0.3-5 and openldap-2.1.29-1 on a 
Fedora Core 2
>
> Following the steps found in
> http://samba.idealx.org/smbldap-howto.en.html I issued to 
command:
>
> # smbldap-populate
>
> In the howto after executing the command, the entries 
were added
and
> it asked to provide a password for the domain root. But in my 
case, it did
> not ask for a password.
>
> Regards,
>
 
 
--
To unsubscribe from this list go to the following URL and read 
the
instructions:  https://lists.samba.org/mailman/listinfo/samba
 
   
   

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Changing file ownership from Windows

2005-04-07 Thread Marek Drápal 
Hi all,

would be somebody so nice, to tell me, if IT'S POSSIBLE to change file
ownership from Windows native dialog? 

In Samba HOWTO ch.14 (File, Directory and Share Access Controls) is written,
that only special NT chown from Seclib NT security library is able to handle
this, on the other hand in various dissusions I found, that it is possible to
change it natively (as I understood).

>From my point of view I can't understand, the behaviour described in my
previous post. If I can change permissions HOW is possible, that I can't
change ownership?

Marek Drapal

Byl  5.duben (ÃterÃ), kdyÅ v 18:11:03 (CEST) 2005, [EMAIL PROTECTED] 
napsal(a):
> Hi all,
> 
> I've spent lot of time with reading various HOWTOs and mailing lists, but
> after all of that I can't change file ownership from Windows XP...
> I'm running Samba (3.0.11) PDC on a machine with EXT3 ACLs. From the admin 
> account I can change file permissions, add/remove ACL groups and their 
> permissions, but I'm unable to change the main unix group or user ownership.
> I'll really appreciate whatever hints.
> 
> Thanks
>   Marek Drapal
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Domain Root Password

2005-04-07 Thread Ivan Toh Boon Cheong 
http://www.linuxforum.com/forums/index.php?showtopic=68203
 
http://www.spinics.net/lists/samba/msg19401.html
 
 
 
Hope these help

 
 
-Original Message- 
From: Gerald Cenir [mailto:[EMAIL PROTECTED] 
Sent: Thu 4/7/2005 2:49 PM 
To: Ivan Toh Boon Cheong; samba@lists.samba.org 
Cc: 
Subject: RE: [Samba] Domain Root Password



Executing smbpasswd -a root result in this message:

[EMAIL PROTECTED] root]# smbpasswd -a root
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: LDAP Password could not be changed for user root: 
Object class violation
entry modify failed
ldapsam_add_sam_account: failed to modify/add user with uid = root (dn 
= uid=root,ou=Users,dc=company,dc=com)
Failed to add entry for user root.
Failed to modify password entry for user root

There is an Administrator user however. But my machine still can't join 
the domain when I use the Administrator user.

Regards,

-Original Message-
From: Ivan Toh Boon Cheong [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 07, 2005 2:21 PM
To: Gerald Cenir; samba@lists.samba.org
Subject: RE: [Samba] Domain Root Password

The fact that you seeing the error saying that samba cant find an entry 
for the root, is that you have to create an smbuser entry for root. The smbuser 
database does not synchronise automatically with /etc/passwd or ldap , if I'm 
not wrong.Hence, the command #smbpasswd -a root, will create an smbuser entry 
for root, and at the same time prompting you for a smbpasswd , which is also 
may not be the same as the system password.

-Original Message-
From: Gerald Cenir [mailto:[EMAIL PROTECTED]
Sent: Thu 4/7/2005 2:12 PM
To: samba@lists.samba.org
Cc:
Subject: RE: [Samba] Domain Root Password
  
  

Thanks but when I executed the command
#smbpasswd root
  
It says that it failed to find entry for user root.
I checked my directory using slapcat and there is a user root
  
dn: uid=root,ou=Users,dc=company,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
...
  
should I delete it and add it again?
  
  
  
  
-Original Message-
From: Mark Sarria [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 07, 2005 11:59 AM
To: Gerald Cenir; samba@lists.samba.org
Subject: Re: [Samba] Domain Root Password
  
all you need to do is type:
  
#smbpasswd root
  
-mark
  
- Original Message -
From: "Gerald Cenir" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, April 06, 2005 7:57 PM
Subject: [Samba] Domain Root Password
  
  
> Hi!
>
> How do we provide a password for the domain root?
> I am using Samba 3.0.3-5 and openldap-2.1.29-1 on a 
Fedora Core 2
>
> Following the steps found in
> http://samba.idealx.org/smbldap-howto.en.html I issued to 
command:
>
> # smbldap-populate
>
> In the howto after executing the command, the entries 
were added
and
> it asked to provide a password for the domain root. But in my 
case, it did
> not ask for a password.
>
> Regards,
>
  
  
--
To unsubscribe from this list go to the following URL and read 
the
instructions:  https://lists.samba.org/mailman/listinfo/samba
  



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba