Re: [Samba] PDC with winbind functionality

[Ramses van Pinxteren]

Hahaha in other words: youa lso didnt have much luck getting such a 
setup to work?

Bye
ramses

Had the same problem here with pdc+winbind+ftp.
i used a somewhat older pam module, and left the winbind part out..
That's all the feedback i have 4 you.
Goodluck
Collen
Ramses van Pinxteren wrote:
Hiya,
I am giving up. i just cant get winbind working when installing a 
PDC. this is what I need:

-a PDC/AD on it own domain, no need for other servers to sync etc etc.
-winbind so I can use ntlm_auth
no other features, just plain and simple. I really dont know how to 
get this working, and I hope that SOMEONE here has a config similar 
to this wishlist that I can get in contact with.

Kind regards
ramses
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

SV: [Samba] 3.0.14 and MacOs X (tiger)

[Roland Carlsson]

Hi William!

I have done some more research and after getting my brain to work I have
made the following:

1) We updated our MS 2003 ADS to servicepack 1.
2) Servicepack 1 made a few changes in Kerberos.
3) We updated our samba-installation to 3.0.14 to keep up with the changes
in how our ADS handles Kerberos.
4) I upgraded to OSX 10.4 and added my computer to our domain, eg OSX uses
kerberos.
5) If I use smbclient and logs in with username and password everything
works correctly.
6) If I try to use Finder to browse the server Finder hangs and I have to
restart it.
7) Since we had to update samba on our fileserver my best guess is that
Apple also need to follow the changes in Kerberos that MS decided to do.
8) Our Microsoft products is going to fly burning from the highest tower we
can find if they keep on doing this kind of changes in the future.


(point 8 was perhaps not 100% serious) ...

Is there anyone who actually have a working ADS sp1 with OsX-computers in
the domain that can verify or trash my thinking?

Regards
Roland Carlsson


Den 05-05-10 14.52, skrev "William Enestvedt" <[EMAIL PROTECTED]>:

> Roland Carlsson asked about the Samba client functionality breaking
> after the upgrade to 10.4, to which I reply:
>The 10.4 upgrade involved some significant changes to OS X (which I
> personally feel Apple hasn't explained enough). For example, many kernel
> APIs were changed, which broke most VPN client software.
>Do the server logs show anything about these failed connections? Have
> you checked the Mac's console log? Did the Samba _server's_ name or IP
> address change? Are there cached network connection preferences (for
> example, the list of "favorites" that you see when you press Command-K)
> or credentials somewhere on your Mac?
>Just thinking out loud, and planning for my own 10.4 upgrade!
> -wde
> --
> Will Enestvedt
> UNIX System Administrator
> Johnson & Wales University -- Providence, RI

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Force GID specific number

[Nir B]

Hi All,

My linux machines are part of NIS domain, I want to move them to work with 
my AD using winbind.
The clearcase permissions are based on specific GID (50).
I saw that you define on the smb.conf  "idmap gid = 1-2" and all 
your AD gruops GID start at 1
Is there any way to force that each user will get GID 50 as one of his 
groups?

Thanks In Advanced!

Nir B



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Group Nesting

[John H Terpstra]

On Tuesday 10 May 2005 22:07, [EMAIL PROTECTED] wrote:
> Hey all,
>
> Is there a comprehensive how-to on the new group nesting features? I've
> found a little bit of info, but nothing that paints a clear picture of
> the process. If anyone has any insight or can point me to a tutorial it
> would be much appreciated.
>
> I created the local groups and mapped them. Wbinfo and getent all seem
> to be working.
>
> I've been trying to do the 'net rpc group addmem domadm "DOM\Domain
> Admins"' with no luck. So far I have gotten NO COMMAND: ADDMEM and
> NT_STATUS_ACCESS_DENIED for my trouble.
> I've been using the following links for reference:
> http://lists.samba.org/archive/samba/2004-May/086586.html
> http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.
> html

I am working on documenting the 'net' command in the new HOWTO at this very 
moment. Keep watching 
http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf as all changes are 
implemented within 24 hours of my commits.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Group Nesting

[Zachary_Reneau]

Hey all,

Is there a comprehensive how-to on the new group nesting features? I've
found a little bit of info, but nothing that paints a clear picture of
the process. If anyone has any insight or can point me to a tutorial it
would be much appreciated.

I created the local groups and mapped them. Wbinfo and getent all seem
to be working.

I've been trying to do the 'net rpc group addmem domadm "DOM\Domain
Admins"' with no luck. So far I have gotten NO COMMAND: ADDMEM and
NT_STATUS_ACCESS_DENIED for my trouble.
I've been using the following links for reference:
http://lists.samba.org/archive/samba/2004-May/086586.html
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.
html

Thanks,

Zachary Reneau
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Does or doesn't vampiring users add them into multipl e groups at the same time?

[Geoff Scott]

Geoff Scott wrote:
> John H Terpstra wrote:
>> On Tuesday 10 May 2005 01:33, Geoff Scott wrote:
>>> Hi all,
>>> 
>>> The new NT migration chapter of Samba guide seems to indicate in the
>>> migration Log Validation (section 9.3.1.1) that users get added to
>>> all the same groups that they were in under the NT4 domain.  However
>>> I am not seeing this despite having had a seemingly successful
>>> migration. All my users get added into the Domain User group but
>>> not into any other group. Is the text below now wrong or right
>> 
>> If you use version 3.0.12 or later, for most migrations the
>> multi-group info should transfer OK. I am now aware that if the NT4
>> domain is post SP5 on some migrations multi-group info is not
>> transferred and some account (both user and machine) password
>> entries are not transferred either. 
>> 
>> Maybe Andrew Bartlett will chime in on this?
> 
> OK. After testing this out on a vanilla system that I built to test
> out the changes to chapter 9 for you John, it appears that on a
> system configured like this:  
> Ubuntu Hoary
> All ldap, nss_ldap, etc obtained from Ubuntu sources Samba 3.0.13
> Debian stable from samba.planetmirror.com smbldap-tools-0.8.7.tgz
> Users in ou=People,dc=guestshire,dc=com  etc And the adduser script
> like this:   
> add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'
> NT4 server system SP6a
> 
> vampiring users works %100, there are absolutely no errors in the
> error log, and the vampire log show the users being added to the
> multiple groups successfully. The users all have  sambaLMPassword &
> sambaNTPassword set properly and *all* old settings are brought
> across.
> 
> So what is the difference between the 2 servers? The differences are
> these: 
> 
> The "add user script =" has "smbldap-useradd -a -m '%u'"  I added a
> "-a" 
> after looking at the output of "smbldap-useradd -?" as that coupled
> with The *OLD* version of the NT migration chapter (I thought that
> the omission of that in the NEW sample chapter 9 smb.conf was a typo)
> seemed to indicate that only POSIX attributes would be added if the
> "-a" was left out.   
> However, adding the "-a" to the smbldap-useradd script in the
> smb.conf results in errors along the lines of "user already exists
> with samba attributes" in the vampire error log and no multiple group
> membership, no passwords, no sambaHomeDrive, no sambaMungedDial and
> so on.
> 
> My users are in
> ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au to fit in
> with OpenExchange.  
> 
> I am using samba 3.0.14a
> 
> I am using smbldap-tools-0.8.8.tgz (which as you mentioned to me
> recently appear to be broken) 
> 
> The questions I now ask are these:
> Is the subtraction of "-a" for the smbldap-useradd script only for
> the migration?  Does it need to be added back in later? 
> Can the smbldap-tools cope with  an extra "ou" ?
> If after testing some of my findings on the non-vanilla server and
> finding them to work can I set the NetBIOS aliases to include the old
> server name as the sambaHomeDrive directive in LDAP after vampiring
> lists the path as \\oldserver\username .  How can I work around old
> settings such as these?
> 
> I will now go and test against the non-vanilla server.
> 

The other thing that I forgot to ask was this.  I understand for reasons of
efficency and simplicity why it is that we generally put the machine
accounts into ou=People,dc=domain,dc=com.  But on Both systems after
vampiring the computers end up with an entry in ldap of gidNumber: 513  and
a sambaPrimaryGroupSID: that ends in -513 this is even though I have
defaultComputerGid="515" set in smbldap.conf.  Can I provide any further
info to help figure out what is going on?


Regards Geoff Scott
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Horrendously slow transfer speeds in FC3 is driving me crazy!!! Please help...

[AragonX]

> Hello,
>
> I recently posted a message with the subject: "Strangely slow transfers
> speeds with samba 3.0.10 and FC3..."
>
> My problem is basically that I've setup a samba server with Fedora Core 3,
> the version used is 3.0.10-1.fc3.
>
> I can put files on the server at reasonable speeds, but getting them from
> the server with a Windows 2000/XP client is another matter, the speeds
> drop
> to a pathetic rate. With smbclient (in Linux) it's even worse; the speed
> falls to 1/10 of the rate!
>
> OK, the figures: a 540MB file when transferred via FTP or NFS (Linux
> client)
> takes about 61 seconds (rate is around 8MB/s), via samba (win 2k/XP) takes
> over 4 minutes, via smbclient (Linux) takes about 20 minutes!!!
>
> Does anyone have any idea why smbclient is so slow? Note that I'm using
> CIFS
> as SMB with Samba 3 is even worse!
>
> Is there something drastically wrong with the Fedora versions of Samba?

Hello,

I've seen several people post similar issues as yours.  Perhaps it is
hardware related?  Can you post your hardware specifications?  I've done
some benchmarking over the past few days and I'll show you what I have:

Samba Server
AMD Duron 1.3ghz
Abit (?) k7a or something like that motherboard (KT133 chipset)
512mb PC133 SDRAM
Intel gigabit NIC
WD 120gb hard drives
Netgear gigabit switch (no jumbo frames)

Fedora Core 3
Kernel 2.6.10-1.766_FC#
Samba 3.0.10-1.fc3

Now I can FTP to and from the server getting in the 14.5 - 15 MB/sec
range.  When I use Samba I get from 12.6 - 14.4 MB/sec.  I use a 4gb .gz
file for testing.  Since my server does many things, I've noticed that it
can take a minute or so for the transfer rates to settle down.

hdparm -tT /dev/hdc average results:
 Timing cached reads: 306.785
 Timing buffered disk reads: 33.785

Given my hdparm results, I should be able to do better than 14MB/sec. 
Next I'll try copying from one drive to another and see how long that
takes.

If needed, I could post my smb.conf file but there really isn't anything
in there.  I just used the default one and added my share info.

So, in short, I don't think there is a problem with Fedora Core 3.  There
could be some issue with your hardware or configuration.  Perhaps the new
version of Samba is a memory hog and requires 256mb or more to run
smoothly?  I guess you could take a look at top and see if you have any
high states.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Does or doesn't vampiring users add them into multipl e groups at the same time?

[Geoff Scott]

John H Terpstra wrote:
> On Tuesday 10 May 2005 01:33, Geoff Scott wrote:
>> Hi all,
>> 
>> The new NT migration chapter of Samba guide seems to indicate in the
>> migration Log Validation (section 9.3.1.1) that users get added to
>> all 
>> the same groups that they were in under the NT4 domain.  However I am
>> not seeing this despite having had a seemingly successful migration.
>> All my users get added into the Domain User group but not into any
>> other group. Is the text below now wrong or right
> 
> If you use version 3.0.12 or later, for most migrations the
> multi-group info should transfer OK. I am now aware that if the NT4
> domain is post SP5 on some migrations multi-group info is not
> transferred and some account (both user and machine) password entries
> are not transferred either.
> 
> Maybe Andrew Bartlett will chime in on this?

OK. After testing this out on a vanilla system that I built to test out the 
changes to chapter 9 for you John, it appears that on a system configured
like this:
Ubuntu Hoary
All ldap, nss_ldap, etc obtained from Ubuntu sources
Samba 3.0.13 Debian stable from samba.planetmirror.com
smbldap-tools-0.8.7.tgz
Users in ou=People,dc=guestshire,dc=com  etc
And the adduser script like this:
add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'
NT4 server system SP6a

vampiring users works %100, there are absolutely no errors in the error log,
and the vampire log show the users being added to the multiple groups
successfully. The users all have  sambaLMPassword & sambaNTPassword set
properly and *all* old settings are brought across.

So what is the difference between the 2 servers? The differences are these:

The "add user script =" has "smbldap-useradd -a -m '%u'"  I added a "-a"
after looking at the output of "smbldap-useradd -?" as that coupled with The
*OLD* version of the NT migration chapter (I thought that the omission of
that in the NEW sample chapter 9 smb.conf was a typo) seemed to indicate
that only POSIX attributes would be added if the "-a" was left out.
However, adding the "-a" to the smbldap-useradd script in the smb.conf
results in errors along the lines of "user already exists with samba
attributes" in the vampire error log and no multiple group membership, no
passwords, no sambaHomeDrive, no sambaMungedDial and so on.

My users are in ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au to
fit in with OpenExchange.

I am using samba 3.0.14a 

I am using smbldap-tools-0.8.8.tgz (which as you mentioned to me recently
appear to be broken)

The questions I now ask are these:
Is the subtraction of "-a" for the smbldap-useradd script only for the
migration?  Does it need to be added back in later?
Can the smbldap-tools cope with  an extra "ou" ?
If after testing some of my findings on the non-vanilla server and finding
them to work can I set the NetBIOS aliases to include the old server name as
the sambaHomeDrive directive in LDAP after vampiring lists the path as
\\oldserver\username .  How can I work around old settings such as these?

I will now go and test against the non-vanilla server.

Regards Geoff Scott
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Read-only and POSIX ACLs

[Dmitry Melekhov]

- Original Message -
From: "Jeremy Allison" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, May 10, 2005 11:25 PM
Subject: Read-only and POSIX ACLs


> Hi all,
>
> I can make a simple change to smbd for the next stable
> release that will cause POSIX ACLs to be checked before returning
> the DOS mode of a file is "read-only".

IMHO, this is good idea.

> The question is, shall I make that change and if so should I have
> a fallback parameter to turn off the behaviour if people require
> it ?

We don't use read-only files, afaik, so I don't need this parameter. But,
anyway, fallback parameter is always good thing :-)


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] pam authentication?

[John H Terpstra]

On Tuesday 10 May 2005 15:53, Richard Williams wrote:
> I'm very new to samba, and am under the impression that it uses it's "own"
> password and login mechanisms for authentication. Can it be configured to
> use PAM/LDAP and/or login instead?
>
> rw

I hope this is documented this in the Samba-HOWTO-Collection. A copy has been 
specially reserved for you at:

http://www.samba.org/samba/doc/Samba-HOWTO-Collection.pdf

Enjoy.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: roaming profiles problem for new users

[John H Terpstra]

On Tuesday 10 May 2005 15:47, Jon Wilson wrote:
> Eric Hines wrote:
> > This isn't entirely fair.  There are three kinds of newbies []
> > The third kind has read the docs and still has a problem, else they
> > wouldn't be on the mailing list looking for help.
>
> I don't think the word "newbie" applies, sorry guys. I've been using
> unix since about 1991 and Samba since the early 2.x releases. I believe
> I had a geniune problem, and is now solved.
>
> My "logon path" setting was quoted, and thus broken. OK, the docs now
> say NOT to do this, but the quoted setting worked fine on the previous
> (FreeBSD) installation. Should I be expected to trawl through every
> documentation change related to every possible explanation of my
> problem? I think not. I asked on the list, got some example configs
> which were known to work, and compared them closely. Problem solved.
> Thank you.
>
> What the docs do not say is that "logon path" seems to be used only in
> the creation of new profiles. Existing users have their profile path
> configured in the tdb database, and so thinks worked fine for them.
> Someone with a clearer understanding of the internals may wish to submit
> some documentation on how all this is meant to work.
>
> Jon

I have expanded the warning in the man page for this section so that the
apparent tatoo effect is better documented. Thanks for the feedback.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] $B40A4L5NAF02h

[[EMAIL PROTECTED]]

(B
(B $B7|>^%a%k%^%5!<%S%9(J===
(B
(B2005.05.010$B!J2P!K(J
$B7|>^%a%k%^%5!<%S%9$O2q0wMM8BDj$K%[%C%H$J>pJs$r$*FO$1$7$F$*$j$^$9!#(J
$B:#=5$O!X40A4L5NA%,!<%k%:%(%s%8%'%k!YMM$+$i$N$*CN$i$;$G$9!#(J
(B
(B==
(B
$B!!(.(,(/(.(,(/(.(,(/(.(,(/(.(,(/(.(,(/(.(,(/(J $B!!(J 
$B!!(-40(-(-A4(-(-L5(-(-NA(-(-$N(-(-F0(-(-2h(-(J
$B!!(1(,(0(1(,(0(1(,(0(1(,(0(1(,(0(1(,(0(1(,(0(J
$B(Jhttp://girls-angel.com/?s1
(B
$B(,!y(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,!y(,(J
$B!!!y!!0-http://girls-angel.com/?s1
$B!!5pF}$N$^$*%A%c%s$O!"H`;a$K%Q%$%:%j$r$;$,[EMAIL PROTECTED](J
(B
$B-"$_$+!J(J19$B:[EMAIL PROTECTED];_2hIU![(J http://girls-angel.com/?s1
$B!!%^%8%J%s%Q$N%O%a;#$j$G$9!*$_$+%A%c%s$,%P%$%V$G96$a$i$l!&!&!&!#(J
(B
$B-#$5$-$A$c$s!J(J18$B:P!K!!(Jhttp://girls-angel.com/?s1
$B!!HkL)$NK?M-L>?M$H1g!{8r:]$9$k!"$f$+%A%c%s$,!"%^%8%U%!!{%/!*(J
$B!!(J
(B
$B(.(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(/(J
$B!y!!$*BT$?$;CW$7$^$7$?$C!*?k$KEP>l%^%K%"8~$1F02h!!!yWD(J
$B(1(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(0(J
(B
$B""(/!!%3%9%W%l$O9%$-$G$9$+!)OCBj$N%3%9%W%l%J%$%H>\:Y(J
$B(1(0(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(J
$B>\:Y!'(J http://girls-angel.com/?s1
(B
(B
$B""(/!!5f6K$N%5%I$O!"%(%`Lr$b$G$-$k%O%:$G$9!#(J
$B(1(0(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(J
$B>\:Y!'(J http://girls-angel.com/?s1
(B
(B
$B""(/!!NT$7$$?M:JC#$NHkL)$N=82q$4B8CN$G$9$+!)!!(J
$B(1(0(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(,(J
$B>\:Y!'(J http://girls-angel.com/?s1
(B
(B
(B
$B"#JT=8It$h$j(J
(B
$B!&Ev6I$O!"%a!<%k%^%,[EMAIL PROTECTED](J
$B!&Ev6I$+$i$N%a!<%k%^%,%8%s$NFbMF!"$4MxMQ$K4X$7$F$O!"$49XFI<[EMAIL 
(BPROTECTED]/[EMAIL PROTECTED](J
$B!&Ev6I$+$i$4>R2p$5$;$FD:$$$F$$$k%5%$%H$K$*$1$k$$$+$J$k%H%i%V%kB;[EMAIL 
(BPROTECTED]@UG$$rIi$$$+$M$^$9!#(J
$B!&Ev6I$+$i$N%a!<%k%^%,%8%s$NFbMF$K$D$$$F$N$4:\$9$k;v$r6X;_CW$7$^$9!#(J
(B--
$B""9XFI2r=|J}K!(J
$B9XFI2r=|$r$44uK>$NJ}$O!"$*https://lists.samba.org/mailman/listinfo/samba

[Samba] pam authentication?

[Richard Williams]

I'm very new to samba, and am under the impression that it uses it's "own"
password and login mechanisms for authentication. Can it be configured to
use PAM/LDAP and/or login instead?

rw
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: roaming profiles problem for new users

[Jon Wilson]

Eric Hines wrote:
This isn't entirely fair.  There are three kinds of newbies []  
The third kind has read the docs and still has a problem, else they 
wouldn't be on the mailing list looking for help.   
I don't think the word "newbie" applies, sorry guys. I've been using 
unix since about 1991 and Samba since the early 2.x releases. I believe 
I had a geniune problem, and is now solved.

My "logon path" setting was quoted, and thus broken. OK, the docs now 
say NOT to do this, but the quoted setting worked fine on the previous 
(FreeBSD) installation. Should I be expected to trawl through every 
documentation change related to every possible explanation of my 
problem? I think not. I asked on the list, got some example configs 
which were known to work, and compared them closely. Problem solved. 
Thank you.

What the docs do not say is that "logon path" seems to be used only in 
the creation of new profiles. Existing users have their profile path 
configured in the tdb database, and so thinks worked fine for them. 
Someone with a clearer understanding of the internals may wish to submit 
some documentation on how all this is meant to work.

Jon
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba + pptp

[Robert Schetterer]

Hi Hans sorry i didnt
answer your question
if you have the pptp vpn allready working
you have the rights of used vpn user
on samba ,watch your log files they will tell you why you cant access
use the same username/password pair in the samba and vpn setup
cause samba treats you allready as user if you logged in via pptpd
Regards
Hans du Plooy schrieb:
> Hi guys,
> 
> I have samba domain controller running at a client.  It's a fairly
> simple and straightforward setup, uses smbpasswd for auth, nothing
> fancy.
> 
> The client wants to be able to vpn in and access their files.  I setup
> pptp, and use the built in WindowsXP client.
> 
> After establishing the vpn connection, I can access the domain
> controller.  I get asked for my username and pass - type in DOMAIN\user
> + pass, and can see a list of the shares in explorer.  But I can't
> access anything.  I just get a message saying something like I don't
> have permission to access this resource (sorry, paraphrasing).
> 
> Has anybody done this sort of thing before?  Any tips?
> 
> Thanks
> 


-- 
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org

\**
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba + pptp

[Robert Schetterer]

Hi Hans,
user auth via smbpasswd for pptpd/ppp is outdated ( after all backend
smbpasswd is still working for samba 3 but not recommended )
as far i remember this was possible with a patch to ppp 2.4.1 ( this
should be still found via google )
but it was not ported to pppd 2.4.2 or 2.4.3
so for this versions either use the ldap/radius auth ( for sure can use
 plain chap ever in all versions, with having plain passwords in
chap.secrets ) or now try winbind auth
with pppd 2.4.3 which works nice for me.
Its real nice to create a group like vpnuser ( in ldap/samba )
trough the desired users in it and have the pptpd auth working
against the samba pdcs domain.
Dont smash your head about the so called stripped domain patch
which simply make the domain part of the login ignore, this is only
working with chap auth and not for winbind auth ( as it would make no
sense here at all, also there seems to be bug here about the domain part
of the login, so dont activate that on the win client vpn pptp entries )
At auth to a group with winbind to a smb pdc i have the bug that the
domain name is not recognized, but using the group SID works. ( but this
may be a distro thing with suse 9.2 / havent tried this setup with suse
9.3 yet.
I have not heard any bugs from users which did pppd winbind auth to a
real win server, running pptpd/pppd samba member servers.
Regards


Hans du Plooy schrieb:
> Hi guys,
> 
> I have samba domain controller running at a client.  It's a fairly
> simple and straightforward setup, uses smbpasswd for auth, nothing
> fancy.
> 
> The client wants to be able to vpn in and access their files.  I setup
> pptp, and use the built in WindowsXP client.
> 
> After establishing the vpn connection, I can access the domain
> controller.  I get asked for my username and pass - type in DOMAIN\user
> + pass, and can see a list of the shares in explorer.  But I can't
> access anything.  I just get a message saying something like I don't
> have permission to access this resource (sorry, paraphrasing).
> 
> Has anybody done this sort of thing before?  Any tips?
> 
> Thanks
> 


-- 
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org

\**
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba + pptp

[Hans du Plooy]

Hi guys,

I have samba domain controller running at a client.  It's a fairly
simple and straightforward setup, uses smbpasswd for auth, nothing
fancy.

The client wants to be able to vpn in and access their files.  I setup
pptp, and use the built in WindowsXP client.

After establishing the vpn connection, I can access the domain
controller.  I get asked for my username and pass - type in DOMAIN\user
+ pass, and can see a list of the shares in explorer.  But I can't
access anything.  I just get a message saying something like I don't
have permission to access this resource (sorry, paraphrasing).

Has anybody done this sort of thing before?  Any tips?

Thanks

-- 
Kind regards
Hans du Plooy
SagacIT (Pty) Ltd
hansdp at sagacit dot com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Windows XP SP2, Azureus, and Samba

[Daniel Goertzen]

*Gerald (Jerry) Carter* jerry at samba.org 

/Fri Aug 27 14:59:03 GMT 2004/

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Villalovos, John L wrote:
|/ Okay.  I setup a Windows XP SP2 system as the server and
/|/ using an Windows XP SP2 system as the client.
/|/
/|/ I started downloading two 350 MB sized files
/|/ with Azureus.
/|/
/|/ So far I have downloaded 280 MB of one file and 90 MB
/|/ of the other file. Everything is working just fine.  No
/|/ errors or any problems.
/|/
/|/ When I do the same thing when saving to a Samba share
/|/ I usually get an error within the first 10 MB or so.
/
Can you send me a level 10 debug log of the failure
(from the beginning of the connection until it dies).
And possible a raw tcpdump file?
(tcpdump -s 0 -w /tmp/dump.pcap -i eth0 host 
cheers, jerry
I am experiencing the same problem described by John, namely:
- I run Azureus on a Windows XP SP2 machine.
- I tell Azureus to store downloading files on linux samba machine.
- Azureus blows up with multiple file errors within 15 minutes or so 
(while downloading 13 torrents).

Did John and Jerry ever pursue this problem?  Would anybody like to look 
at a debug dump / tcpdump?

Thanks,
Dan.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Resolution logon script trouble (net use lpt), a problem with windows 98se

[Andrés Yacopino]

Previus Post
 Andrés Yacopino ayacopino at acasalud.com.ar
Mon May 9 13:43:51 GMT 2005

  a.. Previous message: [Samba] samba and domain local groups
  b.. Next message: [Samba] login on WinNT and 9X
  c.. Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]




Good Morning, I have the some problem mapping printer ports on win98se.
I think this problem ocurrs when a port is use by a printer, in example when
i have a printer connected in lpt1, when i tried to map this port to a samba
queue, it raises the error you told.
Did you find any solution to this?
It doesn 't happen on windows 2000, Windows xp.
Thanks,

Andrés Yacopino
Dpto Sistemas
AcaSalud


RESOLUTION
SYMPTOMS
When you are logging on to a Microsoft Windows NT domain from a Windows
workstation, you may receive the following error message when you are
capturing an LPT port in the Windows NT logon script:

The device does not exist on the network

CAUSE
This error can occur if all of the following conditions exist:
  • A NET USE command is issued in the logon script to map an LPT port
to a network printer.
  • The LPT port does not physically exist on the local computer.
  • The Spool MS-DOS Print Jobs option is enabled in the printer's
properties. Note that this option is enabled by default.



RESOLUTION
To resolve this issue, use the appropriate method to disable the Spool
MS-DOS Print Jobs option.

Individual Printer
To disable the Spool MS-DOS Print Jobs option for an individual printer,
follow these steps:
  1. Click Start, point to Settings, and then click Printers.
  2. Right-click the printer, and then click Properties on the menu that
appears.
  3. Click the Details tab, and then click Port Settings.
  4. Click to clear the Spool MS-DOS Print Jobs check box.

Multiple Printers
WARNING: Using Registry Editor incorrectly can cause serious issues that may
require you to reinstall Windows. Microsoft cannot guarantee that issuess
resulting from the incorrect use of Registry Editor can be solved. Use
Registry Editor at your own risk.

NOTE: For information about how to edit the registry, view the Changing Keys
And Values online Help topic in Registry Editor (Regedit.exe). Note that you
should make a backup copy of the registry files (System.dat and User.dat)
before you edit the registry.

To disable the Spool MS-DOS Print Jobs option for all printers on a Windows
workstation, add the two DWORD values
   DOSSpoolMask
   PrintersMask

Andrés Yacopino
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] high network traffic

[eric roseme]

I tested W2000 and XP-SP2 on 3.0.8 on HP-UX 11i v1 (HP CIFS Server). 
All writes from 50KB file-save (notepad) were at MTU size, Samba was 
actually a little more efficient (than 2003) using about 40 fewer 
packets for the exchange.  Try testing a different app (notepad), to see 
if it is app-specific.

The file size reporting is also unknown (JFS 3.3 layout 4).  My server 
correctly lists file size over a share with XP-SP2.

An easy test is to install HP CIFS Server (it can co-exist with 
Opensource Samba) and either test it, or "smbd -b" and see how the build 
differs from yours (and smb.conf defaults).

Eric Roseme
Hewlett-Packard
Thierry ITTY wrote:
hello
I'm experiencing problems with samba (2.2.7a on linux & 3.0.15 on hp-ux)
with windows xp (sp2) clients
to make it short, an application reads and writes files on a share
when the share is on a windows (2003) server, the network traffic is "normal"
when the share is on a samba server, the network traffic is very high and
the application response time increases very badly
I took some traces (tcpdump, ethereal...) and I see that
- when the file is on a windows share, the file is read or written with big
blocks sizes (say 1000 bytes), and thus for a 50 KB file I get ca. 100
network frames
- when the file is on a samba share, the blocks are as small as 5 bytes
(yes, the trace shows "read andx" 5 bytes at offset 0, then 5 bytes at
offset 5, and so on), and the amount of network frames goes up to 20,000
for the same file, with obvious performance degradation
I tried various configuration changes (oplocks, raw io, case sensitiveness,
and so on), but nothing really helps
and more the open process looks the same with both server types : I checked
each value and flag in the open request and answer, and only saw that one
had the archive flag not set, and that allocation size differs ("true" file
size for windows = 50 K, 1 MB size for hp-ux, may look as some hp
filesystem allocation block ???), and I also saw that in both cases an
oplock was granted.
I have no more idea about what to do and I'd really appreciate any help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Read-only and POSIX ACLs

[Jeremy Allison]

Hi all,

I can make a simple change to smbd for the next stable
release that will cause POSIX ACLs to be checked before returning
the DOS mode of a file is "read-only". This will fix the case
that people are complaining about where a POSIX ACL allows write
access to a file but the standard owner "w" bit is missing (smbd
currently returns DOS read-only for that case if the DOS attributes
are not being stored in EA's).

The question is, shall I make that change and if so should I have
a fallback parameter to turn off the behaviour if people require
it ?

Comments please (btw: I have to be out in the UK all this week
but will try and work on things intermittently).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File Modify/Delete Problems with Samba 3.0.14a and Windows XP

[Jeremy Allison]

On Tue, May 10, 2005 at 08:20:03PM +0200, Hans Otto Lunde wrote:
> Hi Federico 
> 
> I have the same problems that you describe.
> Using force group with Samba 3.0.14a casues problems as
> described by you and me (see "force group broken in 3.0.14 in the
> May archive") for Win XP Pro SP2 clients.
> Win 98 Clients - no problems
> Win XP Pro SP1 - no problems up a certain point/update which I haven´t
> nailed down yet.
> I have not tried to roll back Samba as you did, but that also solved
> the problem?! 
> 
> It seems as some unhappy combination of changes within XP but also
> within Samba. I really love this kind of shit - undocumented as it
> propably is..
> My problem is that we could just change the configuration to something
> that works, like force user f.eks, but I like the way it works now.
> But I wonder why everybody is ignoring our threads: I think the problem
> is relevant, and I'm pretty sure that I have a theoretically correct
> configuration. 
> 
> What are we going to do about it. Call Microsoft and/or Tridqell? 

Well personally I'd rather you tested the current code in SVN to
see if we've fixed it for you yet :-). I think that'd be more
helpful :-).

Seriously, I've put some fixes into SVN for this, and when Jerry
does the next pre-release if you can't get anonymous SVN access
then you should be able to test the code. Please let me know
if it is fixed for you (it works for me now).

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Using ldap for permissions/authenication

[Carlos Rodrigues]

Jennifer Fountain wrote:
Hi all:
I am currently using Active Directories (via openldap client) to
authenicate my linux clients and would like to have samba use AD (ldap -
not winbind) as well.  I really haven't seen any documentation on how to
implement, however.  Does anyone have any information regarding ldap and
samba (redhat rpm)?
If you are already using LDAP to authenticate against Active Directory 
(/etc/ldap.conf or /etc/libnss-ldap.conf already configured), then there 
isn't much to do on the Samba side. Samba will see the users as if they 
were local.

You will have to install kerberos (either MIT or Heimdal - configuring 
/etc/krb5.conf not needed) and use an smb.conf with a global section 
somewhat like this:

[global]
workgroup = EXAMPLE
realm = EXAMPLE.REALM.COM
server string = My Server
security = ADS
password server = *
local master = No
invalid users = root
read only = No
Then do an "net ads join -U Administrator" to join the box to the domain.
There is no need to have winbind running (and it shouldn't).
The only snag with this setup is that permissions (on the file/folder 
"security" tab) will show as "YOURSAMBASERVER\user" instead of 
"DOMAIN\user", but that's only cosmetic as it works just fine (I guess 
it behaves somewhat like if a trust was in place with the samba server).

Carlos Rodrigues
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File Modify/Delete Problems with Samba 3.0.14a and Windows XP

[Hans Otto Lunde]

Hi Federico 

I have the same problems that you describe.
Using force group with Samba 3.0.14a casues problems as
described by you and me (see "force group broken in 3.0.14 in the
May archive") for Win XP Pro SP2 clients.
Win 98 Clients - no problems
Win XP Pro SP1 - no problems up a certain point/update which I haven´t
nailed down yet.
I have not tried to roll back Samba as you did, but that also solved
the problem?! 

It seems as some unhappy combination of changes within XP but also
within Samba. I really love this kind of shit - undocumented as it
propably is..
My problem is that we could just change the configuration to something
that works, like force user f.eks, but I like the way it works now.
But I wonder why everybody is ignoring our threads: I think the problem
is relevant, and I'm pretty sure that I have a theoretically correct
configuration. 

What are we going to do about it. Call Microsoft and/or Tridqell? 

Hans Otto Lunde
Egmont Højskolen
Denmark 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbindd and squid ... help please

[Phibee Network operation Center]

Hi
i use WInbind with Squid and SquidGuard ... but it's not stable ... 
squid don't sent all time the Auth at squidguard and i have
a "Access Denied" ... anyone have a answer to this problems ?

I use ntlm_auth ... can i use other software for put the 
authentification and delete squidguard for put
a group based access ? (wb_group ??)

thanks for your help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Browsing across networks

[Alexander Lazarevich]

On Tue, 10 May 2005, John H Terpstra wrote:
On Tuesday 10 May 2005 10:40, Alexander Lazarevich wrote:
On Tue, 10 May 2005, Paul Gienger wrote:
[global]
   wins support = yes
Have you pointed your machines at this one for their wins server?  This
is crucial.  As an alternative, have you looked at the remote sync
related parameters?
Yes. XP clients WINS settings are pointing to the samba server. I've also
tried not using samba as a WINS server, pointing both samba and XP clients
to other WINS servers in the WAN, but that doesn't work either.
What other WINS servers do you have? How is WINS replication configured?
We currently have one wins server in our subnet, that is the samba PDC 
(when it's wins support = yes). Before I set up samba as a PDC WINS 
server, there were 0 wins servers in our subnet. I prefer not to have a 
wins server in our subnet. Our old NT4 PDC (not a wins server) and XP 
clients have always pointed to wins servers outside our subnet but on our 
WAN, and the NT4 PDC has always kept a perfect browse list of all domains 
in the WAN.

I don't know what wins replication is but now that you've mentioned it 
I'll look into it. Hopefully that's my problem and fixing that will make 
the browse list work correctly.

Thanks!
Alex
- John T.
Thanks for the tip though. Any more?
Alex
I have a similar problem, except I'm not going through a VPN, I'm in a
university WAN. My samba PDC cannot get the browse list of any domains
outside of my subnet. I've gotten some responses saying you should just
be able to see the browse list no problem, others saying they can't see
the browse list. Documentation on this is terrible. Commands I've used
to troubleshoot are: findsmb, nmblookup and smbclient -L, but all they
tell me is what I already know: my nmbd cannot get the browse list from
any domains outside of my own subnet yet still in the WAN.
Interestingly, I have an NT 4 PDC on the same subnet which can do
exactly that: it see's every domain in the WAN. In all other respects
samba PDC works perfectly, but if I can't fix this browse list issue, we
can't replace our windows PDC with samba.
If you find the solution, please let me know. I'll do the same. If you
find any additional troublshooting tools, please let me know.
Alex
On Tue, 10 May 2005, Craig Main wrote:
Hi All,
I have a openvpn setup between two Linux boxes. The internal networks
on each side are on seperate network ranges.
I can ping all boxes from either side, and if I search for a box using
it's ip address, I can see the box and access it's shares.
What I would like to do however is to be able to see the the pc's in
their workgroups (each subnet has it's own workgroup).
I have tried setting up each samba box as a wins server for it's own
workgroup, and then pointed the pc's on the other network to use it as
its wins server, this didn't seen to work either.
Can anyone help in this regard, what else should I do?
Regards
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] home directories on two server

[Eric Peyremorte]

Hi,

I have one samba PDC(3.0.12) with openldap. I have many users and i would
like to do some load balancing : I would like to use the ldap directive
sambahomepath to map some users [homes] to an other samba server in the
same domain :
i have server A (PDC) with ldap, and server B(domain member,
security=domain, password server = server_A). In ldap, user1 has
sambahomepath = \\server_a\user1 and user2 has
sambahomepath=\\server_b\user2. But when i try to connect as user2 in the
domain, samba search my home on server_a and i get an error :-(
Does anyone knows how to do to get it work ?

Regards,
Eric PEYREMORTE
Tch Info

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question about LDAP migration...

[Paul Gienger]

You're right, my existing server is running OpenLDAP 2.0.27 and my lab's
server is running OpenLDAP 2.2.23.
I guess the biggest concern I have is any problems that may have come into
play because of the version differences.  I'm using this lab as a "practice
run" for the real upgrade later in the year.  I'd like to resolve all o fhte
issues now and not then. ;-)
 

Quickly, I can say that 2.2 is much more strict about what objects you 
put into it and I believe how the objects are defined.  If this is the 
only thing you had complain going between the two, be happy ;)  When we 
made this switch we had inetOrgPerson and posixAccount in the same 
objects which didn't play nicely together in 2.whateverwewentto, I think 
it was 2.1.

Basically 2.0 will let you just slap any old object class together and 
call it a day, 2.2 is requiring you to flesh out the object inheritance 
more.  You're just explicitly stating what 2.0 is taking for granted or 
not caring about at all.

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Question about LDAP migration...

[Collins, Kevin]

> >My question is this:  My existing LDAP directory doesn't have thais 
> >definition and I'm able to use the Administrator account 
> without problems.
> >So, why am I getting this error?  Additionally, what impact 
> will this 
> >change have (if any)?
> >  
> >
> Are you running the same version of ldap server on both 
> machines?  This sounds a lot like the changes we had to deal 
> with when going from OLDAP 2.0 - 2.1.  I can't remember 
> offhand what we did, but I could be pressed to find it maybe ;)

Paul,

Thanks for the reply

You're right, my existing server is running OpenLDAP 2.0.27 and my lab's
server is running OpenLDAP 2.2.23.

I guess the biggest concern I have is any problems that may have come into
play because of the version differences.  I'm using this lab as a "practice
run" for the real upgrade later in the year.  I'd like to resolve all o fhte
issues now and not then. ;-)

Kevin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question about LDAP migration...

[Paul Gienger]

My question is this:  My existing LDAP directory doesn't have thais
definition and I'm able to use the Administrator account without problems.
So, why am I getting this error?  Additionally, what impact will this change
have (if any)?
 

Are you running the same version of ldap server on both machines?  This 
sounds a lot like the changes we had to deal with when going from OLDAP 
2.0 - 2.1.  I can't remember offhand what we did, but I could be pressed 
to find it maybe ;)

--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0 + AIX 5.2 Howto

[aspeagle]

Does anyone have a good howto for installing and configuring Samba 3.0 on
AIX 5.2?  The IBM Redbook is for v2.0 of Samba.  Perhaps someone can share
their success, please?

Thanks

Andy Speagle

"Always remember that you are unique.  Just like everybody else."

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can I tranfer my samba data to ldapsam from tdbsam?

[John H Terpstra]

On Tuesday 10 May 2005 11:00, Richmond Dyes wrote:
> I am using tdbsam to authenticate my samba server. I want to go to a
> PDC/BDC model using ldap. Can I transfer my info from tdbsam file to the
> ldapsam file you pdbedit?

First you must migrate the POSIX accounts to LDAP, then you can use pdbedit to 
migrate the SambaSAM accounts from tdbsam to ldapsam.

Scripts for migrating the POSIX accounts are available from www.padl.com.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can I tranfer my samba data to ldapsam from tdbsam?

[Guenther Deschner]

Hi,

On Tue, May 10, 2005 at 01:00:48PM -0400, Richmond Dyes wrote:
> I am using tdbsam to authenticate my samba server. I want to go to a 
> PDC/BDC model using ldap. Can I transfer my info from tdbsam file to the 
> ldapsam file you pdbedit?

yes, thats what the "pdbedit -i tdbsam:/path/to/your/passdb.tdb -e
ldapsam:ldap://localhost"; facility was done for.

Hope that helps,

Guenther


pgporJVSKhlvX.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Can I tranfer my samba data to ldapsam from tdbsam?

[Richmond Dyes]

I am using tdbsam to authenticate my samba server. I want to go to a 
PDC/BDC model using ldap. Can I transfer my info from tdbsam file to the 
ldapsam file you pdbedit?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Question about LDAP migration...

[Collins, Kevin]

Yesterday I started to build a test network to evaulate our planned move to
Samba 3.0.14 and Debian.  I started off by duplicating our LDAP directory.
On the exisiting Samba PDC/LDAP master machine, I did:

slapcat -v -l old.ldif

I put the 'old.ldif' file onto a floppy disk, went to the lab's server and
performed

slapadd -v -l /media/floppy/old.ldif

The process stopped on the "Administrator" user complaining about error No.
65, "No Structural Object Class Provided".  I took a look at the LDIF file
and compared my normal user account to that of the Administrator account.
The only difference between the two were the following lines:

objectClass: top
objectClass: account

Both of these lines were missing from the Administrator account's
definition.  I was able to add just the 'objectClass: account' line to the
definition and the import process worked fine after that.

My question is this:  My existing LDAP directory doesn't have thais
definition and I'm able to use the Administrator account without problems.
So, why am I getting this error?  Additionally, what impact will this change
have (if any)?

The unmodified Administrator LDAP definition:

dn: uid=Administrator,ou=Users,dc=nesbitt,dc=local
cn: Administrator
objectClass: posixAccount
objectClass: sambaSamAccount
gidNumber: 512
uid: Administrator
homeDirectory: /home/
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaPrimaryGroupSID: S-1-5-21-3325760187-3909277049-4208064797-512
sambaPwdMustChange: 2147483647
sambaAcctFlags: [U  ]
sambaHomePath: \\stargazer\homes
sambaProfilePath: \\stargazer\profiles
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomeDrive: H:
sambaLMPassword: [ *** REMOVED *** ]
sambaNTPassword: [ *** REMOVED *** ]
sambaSID: S-1-5-21-3325760187-3909277049-4208064797-1000
uidNumber: 0
sambaPwdCanChange: 1078782115
sambaPwdLastSet: 1078782115
modifiersName: cn=Manager,dc=nesbitt,dc=local
modifyTimestamp: 20040308214155Z
userPassword:: [ *** REMOVED *** ]

--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Browsing across networks

[John H Terpstra]

On Tuesday 10 May 2005 10:40, Alexander Lazarevich wrote:
> On Tue, 10 May 2005, Paul Gienger wrote:
> >> [global]
> >>wins support = yes
> >
> > Have you pointed your machines at this one for their wins server?  This
> > is crucial.  As an alternative, have you looked at the remote sync
> > related parameters?
>
> Yes. XP clients WINS settings are pointing to the samba server. I've also
> tried not using samba as a WINS server, pointing both samba and XP clients
> to other WINS servers in the WAN, but that doesn't work either.

What other WINS servers do you have? How is WINS replication configured?

- John T.

>
> Thanks for the tip though. Any more?
>
> Alex
>
> >> I have a similar problem, except I'm not going through a VPN, I'm in a
> >> university WAN. My samba PDC cannot get the browse list of any domains
> >> outside of my subnet. I've gotten some responses saying you should just
> >> be able to see the browse list no problem, others saying they can't see
> >> the browse list. Documentation on this is terrible. Commands I've used
> >> to troubleshoot are: findsmb, nmblookup and smbclient -L, but all they
> >> tell me is what I already know: my nmbd cannot get the browse list from
> >> any domains outside of my own subnet yet still in the WAN.
> >> Interestingly, I have an NT 4 PDC on the same subnet which can do
> >> exactly that: it see's every domain in the WAN. In all other respects
> >> samba PDC works perfectly, but if I can't fix this browse list issue, we
> >> can't replace our windows PDC with samba.
> >>
> >> If you find the solution, please let me know. I'll do the same. If you
> >> find any additional troublshooting tools, please let me know.
> >>
> >> Alex
> >>
> >> On Tue, 10 May 2005, Craig Main wrote:
> >>> Hi All,
> >>>
> >>> I have a openvpn setup between two Linux boxes. The internal networks
> >>> on each side are on seperate network ranges.
> >>>
> >>> I can ping all boxes from either side, and if I search for a box using
> >>> it's ip address, I can see the box and access it's shares.
> >>>
> >>> What I would like to do however is to be able to see the the pc's in
> >>> their workgroups (each subnet has it's own workgroup).
> >>>
> >>> I have tried setting up each samba box as a wins server for it's own
> >>> workgroup, and then pointed the pc's on the other network to use it as
> >>> its wins server, this didn't seen to work either.
> >>>
> >>> Can anyone help in this regard, what else should I do?
> >>>
> >>> Regards
> >>> Craig
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> > -- Paul GiengerOffice: 701-281-1884
> > Applied Engineering Inc.
> > Systems Architect   Fax:701-281-1322
> > URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba BDC in the same subnet not gettingconnection requests

[John H Terpstra]

On Tuesday 10 May 2005 10:32, Prakash Velayutham wrote:
> >>> Ian Clancy <[EMAIL PROTECTED]> 05/10/05 11:45 AM >>>
>
> Prakash Velayutham wrote:
> Ian Clancy <[EMAIL PROTECTED]> 05/10/05 9:33 AM >>>
> >
> >Prakash Velayutham wrote:
> >>Hi,
> >>
> >>Sorry for posting again. I would really appreciate any help with this.
> >>
> >>I have a Samba 3 PDC running with around 20 Windows XP/2K clients. The
> >>PDC and clients are in different subnets. Rrecently I decided to add
> >>a Samba 3 BDC in the same subnet as the clients, to give some failover
> >>and also to reduce across-switch traffic.
> >>After creating the BDC, I restarted one of the clients but don't see

I believe the windows client will try to access the first DC entry it receives 
in the response from the WINS server for the list of domain netlogon servers.
If your BDC is not first in the list it will be used by fall-back only if all 
DCs ahead of it fail to respond or are not available.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Browsing across networks

[Alexander Lazarevich]

On Tue, 10 May 2005, Paul Gienger wrote:

[global]
   wins support = yes
Have you pointed your machines at this one for their wins server?  This
is crucial.  As an alternative, have you looked at the remote sync
related parameters?
Yes. XP clients WINS settings are pointing to the samba server. I've also 
tried not using samba as a WINS server, pointing both samba and XP clients 
to other WINS servers in the WAN, but that doesn't work either.

Thanks for the tip though. Any more?
Alex


I have a similar problem, except I'm not going through a VPN, I'm in a 
university WAN. My samba PDC cannot get the browse list of any domains 
outside of my subnet. I've gotten some responses saying you should just be 
able to see the browse list no problem, others saying they can't see the 
browse list. Documentation on this is terrible. Commands I've used to 
troubleshoot are: findsmb, nmblookup and smbclient -L, but all they tell 
me is what I already know: my nmbd cannot get the browse list from any 
domains outside of my own subnet yet still in the WAN. Interestingly, I 
have an NT 4 PDC on the same subnet which can do exactly that: it see's 
every domain in the WAN. In all other respects samba PDC works perfectly, 
but if I can't fix this browse list issue, we can't replace our windows 
PDC with samba.

If you find the solution, please let me know. I'll do the same. If you 
find any additional troublshooting tools, please let me know.

Alex
On Tue, 10 May 2005, Craig Main wrote:
Hi All,
I have a openvpn setup between two Linux boxes. The internal networks
on each side are on seperate network ranges.
I can ping all boxes from either side, and if I search for a box using
it's ip address, I can see the box and access it's shares.
What I would like to do however is to be able to see the the pc's in
their workgroups (each subnet has it's own workgroup).
I have tried setting up each samba box as a wins server for it's own
workgroup, and then pointed the pc's on the other network to use it as
its wins server, this didn't seen to work either.
Can anyone help in this regard, what else should I do?
Regards
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ADS and Samba

[John H Terpstra]

On Tuesday 10 May 2005 08:55, Mattier, Ricardo wrote:
> Hi,
> I'm trying to get Solaris running Samba 3.0.9 to join an Active
> Directory Domain.  Are there steps on configuring Kerberos, and using
> the "NET" utility if there is one for Solaris?

Rick,

ADS domain membership requires that Samba-3 be compiled and linked correctly 
with OpenLDAP and Kerberos (MIT Kerberos 1.3.4 or later, or Heimdal 0.6.3 or 
later).

The steps for joining the domain are outlined in chapter 7 of the book 
"Samba-3 by Example" that can be obtained from:

http://www.samba.org/samba/docs/Samba-Guide.pdf

Enjoy.

PS: A process for building Samba-3 for this purpose can be obtained from:
http://samba.org/~jht/Notes/Samba-Install-Solaris9.txt

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba BDC in the same subnet not gettingconnection requests

[Prakash Velayutham]

>>> Ian Clancy <[EMAIL PROTECTED]> 05/10/05 11:45 AM >>>
Prakash Velayutham wrote:

Ian Clancy <[EMAIL PROTECTED]> 05/10/05 9:33 AM >>>


>Prakash Velayutham wrote:
>
>  
>
>>Hi,
>>
>>Sorry for posting again. I would really appreciate any help with this.
>>
>>I have a Samba 3 PDC running with around 20 Windows XP/2K clients. The
>>PDC and clients are in different subnets. Rrecently I decided to add
>>a Samba 3 BDC in the same subnet as the clients, to give some failover
>>and also to reduce across-switch traffic.
>>After creating the BDC, I restarted one of the clients but don't see
it
>>establishing connection with the BDC, instead it connects as before
>>
>>
>with
>  
>
>>the PDC. How can I make a BDC effective in this case?
>>
>>Thanks,
>>Prakash
>>
>>
>
>Hi Prakash,
>Some questions before we can help.
>When you start the BDC what kind of output do you get in
>/var/log/messages ?
>Is your BDC registering itself as a logon server ?.
>In your smb.conf what is your log level setting ?.
>Is your WINS Server configured correctly and are your clients
configured
>to use it ?.
>What does 'nmblookup -S YOURBDC' return ?
>
>Hi Ian,
>
>What log level do you want me to set in smb.conf before getting the
>output of /var/log/samba/* (I think you meant this when you said
>/var/log/messages, as I do not get anything in /var/log/messages when I
>restart smb and nmb daemons). With log level at 3, here is the output
>*
>[2005/05/10 10:03:13, 3] smbd/server.c:exit_server(614)
>  Server exit (Caught TERM signal)
>[2005/05/10 10:03:16, 0] nmbd/nmbd.c:terminate(54)
>  Got SIGTERM: going down...
>[2005/05/10 10:03:16, 3]
>nmbd/nmbd_sendannounce.c:send_local_master_announcement(166)
>  send_local_master_announcement: type 0 for name FRONTIER on subnet
>10.10.80.111 for workgroup CMC-NT

...

 entry CMCCLIENT1 of type
>40011003 () on workgroup CMC-NT.
>[2005/05/10 10:03:52, 3]
>nmbd/nmbd_incomingrequests.c:process_name_query_request(454)
>***
>
>Yes, my BDC has "domain logons = yes" and "domain master = no" set.
>
>Currently I have set the log level to 10.
>
>I have no control over the WINS server, but my clients are looking at
>the WINS server correctly. What exactly do I need to look at in the
WINS
>server configuration?
>
>nmblookup -S frontier from a different Linux box in the same subnet as
>the BDC returns (frontier is the BDC)
>(I temporarily set log level to 3 here)
>querying frontier on 10.10.80.255
>10.10.80.111 frontier<00>
>Looking up status of 10.10.80.111
>FRONTIER<00> - H 
>FRONTIER<03> - H 
>FRONTIER<20> - H 
>..__MSBROWSE__. <01> -  H 
>CMC-NT  <00> -  H 
>CMC-NT  <1c> -  H 
>CMC-NT  <1d> - H 
>CMC-NT  <1e> -  H 
>
>MAC Address = 00-00-00-00-00-00
>
>Thanks for the help,
>Prakash
>  
>

Hi Prakash,
This looks ok. the line below means that your BDC is registering itself 
as a Domain controller

CMC-NT  <1c> -  H 

You can query the wins server directly using the 'U' flag in nmblookup. 

See the nmblookup man page for more details. For your domain try 
something like this :
 nmblookup -U  -R CMC-NT#1c

This will query the wins server for a list of Domain Controllers.

You could also try hardcoding which logon server to use into lmhosts on 
the clients but i'm not quite sure how you would go about this.
regards

-- 
Ian Clancy

Hi Ian,

Thanks. I realized that all along my clients were using the BDC for
domain logons but there was something wrong with the way they log
messages as the log messages did not arrive in the specified files.
Fortunately or unfortunately I was playing around with the Slave LDAP
server that the BDC connects to and I noticed that one of the Samba
clients did not let a user login saying the DC was down or something
like that. That made me realize that the client was connecting to the
BDC but due to LDAP connection failure, it was not proceeding further.
Your pointers in the direction of nmblookup proved it further as the
WINS server returns the following result:
*
nmblookup -U 10.1.3.200 -R "CMC-NT#1C"
querying CMC-NT on 10.1.3.200
10.10.80.111 CMC-NT<1c>
10.1.3.166 CMC-NT<1c>
10.1.3.166 CMC-NT<1c>
10.1.20.34 CMC-NT<1c>
*

Here 10.10.80.111 is my BDC. I am happy now. Now even the logging is
working fine.

Hope this thread helps someone in distress over the same issue. I have
one last quick question. I know this has been answered in the Samba-3
HOWTO, just reconfirming.
I will need to replicate the folders for the different services (like
netlogon, profiles etc.) onto the BDC manually correct? And what should
be the way I indicate the logon server from inside smb.conf. Is it %L?

Thanks,
P

Re: [Samba] Using ldap for permissions/authenication

[John H Terpstra]

On Tuesday 10 May 2005 08:18, Jennifer Fountain wrote:
> Hi all:
>
> I am currently using Active Directories (via openldap client) to
> authenicate my linux clients and would like to have samba use AD (ldap -
> not winbind) as well.  I really haven't seen any documentation on how to
> implement, however.  Does anyone have any information regarding ldap and
> samba (redhat rpm)?

It is possible to use the Microsoft Windows Services for UNIX (SFU) to extend 
the ADS schema with UNIX UID/GID information so that nss_ldap can be used to 
provide that directly your UNIX client. To get this functionality nss_ldap 
need to be built with support for ADS features - something I do not know 
whether or not your Red Hat package has.

Suggest you obtain the latest nss_ldap from the PADL web site and read the 
lastest info in it. You can obtain this from http://www.padl.com.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Browsing across networks

[Paul Gienger]

[global]
   wins support = yes
Have you pointed your machines at this one for their wins server?  This
is crucial.  As an alternative, have you looked at the remote sync
related parameters?

I have a similar problem, except I'm not going through a VPN, I'm in a 
university WAN. My samba PDC cannot get the browse list of any domains 
outside of my subnet. I've gotten some responses saying you should 
just be able to see the browse list no problem, others saying they 
can't see the browse list. Documentation on this is terrible. Commands 
I've used to troubleshoot are: findsmb, nmblookup and smbclient -L, 
but all they tell me is what I already know: my nmbd cannot get the 
browse list from any domains outside of my own subnet yet still in the 
WAN. Interestingly, I have an NT 4 PDC on the same subnet which can do 
exactly that: it see's every domain in the WAN. In all other respects 
samba PDC works perfectly, but if I can't fix this browse list issue, 
we can't replace our windows PDC with samba.

If you find the solution, please let me know. I'll do the same. If you 
find any additional troublshooting tools, please let me know.

Alex
On Tue, 10 May 2005, Craig Main wrote:
Hi All,
I have a openvpn setup between two Linux boxes. The internal networks
on each side are on seperate network ranges.
I can ping all boxes from either side, and if I search for a box using
it's ip address, I can see the box and access it's shares.
What I would like to do however is to be able to see the the pc's in
their workgroups (each subnet has it's own workgroup).
I have tried setting up each samba box as a wins server for it's own
workgroup, and then pointed the pc's on the other network to use it as
its wins server, this didn't seen to work either.
Can anyone help in this regard, what else should I do?
Regards
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba & Win2k AD domain membership

[Rodre Ghorashi-Zadeh]

Hi Gordon,

The reason I didn't want to run winbind is because I don't want to run my AD
server in compatability mode, which I believe is required for windbind to be
able to use a "CID" to query the users and groups stored in the AD.  Maybe I
am wrong?

~ Rodre

-Original Message-
From: Gordon Hopper [mailto:[EMAIL PROTECTED] 
Sent: Monday, May 09, 2005 3:39 PM
To: Rodre Ghorashi-Zadeh
Subject: RE: [Samba] Samba & Win2k AD domain membership

No, you need winbind to use domain groups.  

Kerberos (as it is used by Samba) validates the password.  If you're not
using winbind, then Samba uses /etc/passwd and /etc/group for the
username to user id (uid) mapping.  If you choose to list all of your
Domain Admin users in /etc/passwd and /etc/group, then it will work
without winbind.  (However, you will be unable to manage the group list
with Active Directory tools, obviously.)

You might want to read this paragraph on the Name Service Switch (NSS)
http://www.samba.org/samba/docs/man/Samba-HOWTO-
Collection/winbind.html#id2596800 .  You can think of winbind as
magically extending the /etc/passwd and /etc/group files, the same way
that NIS or other unix domain services do.  (But not /etc/shadow.
Authentication is handled separately via PAM.)

Hmm.. anyway, I'm not sure you need to understand all this to get it
working.  (I'm not sure I understand it all ;).  It sounds like you DO
want to run winbind, at least in /etc/nsswitch.conf.

Is there a reason you don't want to run winbind?  For example, do you
want to prevent users from telnetting to the box? (that should be the
default, unless you modify /etc/pam.d/login).  I'm not running it simply
because I ran out of time on the project, and the things we needed
worked ok without it.

Gordon


On Mon, 2005-05-09 at 09:35 -0700, Rodre Ghorashi-Zadeh wrote:
> Hello,
> 
> Thanks for your response. So if I understand this correctly, the Kerberos
> authenticates the client for access to the share, but the smbusers file
maps
> Windows accounts to UNIX accounts for file system access on the Samba
> server? Also, if I use the "force user =x" parameter on the share would I
> still be able to have the Windows "Domain Admins" group perform
> Read/Write/Delete operations on the share, and the "Domain Users" group
> perform only Read operations? If so, could you please provide a smb.conf
> example? Thanks again.
> 
> ~ Rodre
> 
> -Original Message-
> From: Gordon Hopper [mailto:[EMAIL PROTECTED] 
> Sent: Sunday, May 08, 2005 11:08 PM
> To: Rodre Ghorashi-Zadeh
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Samba & Win2k AD domain membership
> 
> No, you don't need to run winbind (provided that all of your Samba users
> already have unix accounts, or you list them in your smbusers file).  I
> use Samba+Kerberos (with Active Directory) without running winbind.  I
> didn't modify my pam settings because I'm using Kerberos only for Samba.
> 
> Note that, in this scenario, my AD users cannot log in to the box (with
> e.g. telnet).  Also, I map the file permissions with "force user = x",
> since the users don't have a read uid on the box.  (Also, I can't access
> AD groups without winbind...  There are some downsides, but Samba does
> work without it.)
> 
> Regards,
> 
> Gordon Hopper
> 
> 
> On Sat, 2005-05-07 at 13:17 -0700, Rodre Ghorashi-Zadeh wrote:
> > Hello,
> > 
> > I am trying to setup my samba server version 3.0.10-1.fc3 as a Win2k
> Domain
> > Member. What I need to know is once I have ADS security and Kerberos
> > working, do I still need to use winbind or ldap for client
authentication
> or
> > will Kerberos take care of it?
> > 
> >  
> > 
> > Rodre Ghorashi-Zadeh
> > 
> > Chief Systems Engineer
> > 
> > Conduit Technical Environments Corporation
> > 
> > 604.785.4888
> 
> 
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Error with usrmgr and groups.

[Joel Larsson, PF, Posten]

Hi everyone.

 

I have a problem when using samba together with usrmgr. When adding a
global group I get an error message. The group is still created. You
can't see before you refresh but that's a minor detail. 

 

In the logfiles 

May 10 17:47:27 lanchester smbd[28424]: [2005/05/10 17:47:27, 0]
passdb/pdb_tdb.c:tdbsam_tdbopen(195)

May 10 17:47:27 lanchester smbd[28424]:   Unable to open/create TDB
passwd

May 10 17:47:27 lanchester smbd[28424]: [2005/05/10 17:47:27, 0]
passdb/pdb_tdb.c:tdbsam_getsampwrid(488)

May 10 17:47:27 lanchester smbd[28424]:   pdb_getsampwrid: Unable to
open TDB rid database!

 

 

Also, when trying to add or remove members of the group the same error
message appears in the log file. And the error message in usrmgr is

"The user name could not be found." It appears when I try to add or
remove more than one user, but sometimes is appears when just adding or
removing one user. 

 

If I instead click on the user and add a group it works fine 100% of the
times. 

 

Any ideas what could be wrong? I have tried both 3.0.11 and 3.0.14a but
there is no difference. 

 

Cheers, 

Joel 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Are the following cockups in ldap entries or normal behaviour now ?

[John H Terpstra]

On Tuesday 10 May 2005 01:58, Geoff Scott wrote:
> When doing a vampire all my PC's are shown in the resulting log as being
> members of the Domain Users group and none of my "real users" are shown yet
> in Ldap all my users are shown with memberUid in the domain users group and
> no computers are shown eg:
>
> dn: cn=Domain Users,ou=Groups,
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 513
> cn: Domain Users
> 
> description: All domain users
> memberUid: administrator
> memberUid: deloitte
> memberUid: iusr_guests
> memberUid: template
>
>
> My machines all have a SID that ends in 513 the domain users RID:
> sambaPrimaryGroupSID: S-1-5-21--513
>
> My users have no passwords set eg:
>
> dn: uid=deloitte,ou=Users
> 
> sambaLMPassword: XXX
> sambaPrimaryGroupSID: S-1-5-21--513
> sambaNTPassword: XXX
>
>
> Is this expected behaviour when vampiring from an NT server using the
> smbldap-tools-0.8.8.tgz ?
>
> Or does it appear that I have stuffed up badly?

Geoff,

See the answer to the previous question I posted a reply to. I do not 
understand why migrations are at times most variable in completeness. It is 
possible that Samba-3's protocols are missing some security protocol function 
call that only gets used by NT4 under certain situations.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Does or doesn't vampiring users add them into multiple groups at the same time?

[John H Terpstra]

On Tuesday 10 May 2005 01:33, Geoff Scott wrote:
> Hi all,
>
> The new NT migration chapter of Samba guide seems to indicate in the
> migration Log Validation (section 9.3.1.1) that users get added to all the
> same groups that they were in under the NT4 domain.  However I am not
> seeing this despite having had a seemingly successful migration. All my
> users get added into the Domain User group but not into any other group. 
> Is the text below now wrong or right

If you use version 3.0.12 or later, for most migrations the multi-group info 
should transfer OK. I am now aware that if the NT4 domain is post SP5 on some 
migrations multi-group info is not transferred and some account (both user 
and machine) password entries are not transferred either.

Maybe Andrew Bartlett will chime in on this?

> "
>
> 7. Q: After merging multiple NT4 Domains into a Samba-3 Domain, I lost all
> multiple group
> mappings. Why?
> A: Samba-3 currently does not implement multiple group membership
> internally. If you
> use the Windows NT4 Domain User Manager to manage accounts and you have an
> LDAP
> backend, the multiple group membership is stored in the Posix groups area.
> If you use
> either tdbsam or smbpasswd backend, then multiple group membership is
> handled through
> the UNIX groups file. When you dump the user accounts no group account
> information
> is provided. When you edit (change) UIDs and GIDs in each file to which you
> migrated
> the NT4 Domain data, do not forget to edit the UNIX /etc/passwd and
> /etc/group
> information also. That is where the multiple group information is most
> closely at your
> fingertips.
>
> "

Oops. That one needs updating. Thanks for pointing it out.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Browsing across networks

[Alexander Lazarevich]

Craig,
My setup is: samba-3.0.10-1.4E on RHEL4-AS, smb.conf:
[global]
   workgroup = blah
   username map = /etc/samba/smbusers
   map to guest = Bad User
   logon drive = z:
   logon path =
   logon script = test-logon.bat
   security = user
   encrypt passwords = yes
   server string = blah Samba Domain
   netbios name = blah
   add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody 
-s /bin/false %m
   domain master = yes
   domain logons = yes
   local master = yes
   preferred master = yes
   wins support = yes
   hosts allow = ...
   os level = 65
   log level = 3
   max log size = 0
   log file = /var/log/samba/mxxx-samba.log

I have a similar problem, except I'm not going through a VPN, I'm in a 
university WAN. My samba PDC cannot get the browse list of any domains 
outside of my subnet. I've gotten some responses saying you should just be 
able to see the browse list no problem, others saying they can't see the 
browse list. Documentation on this is terrible. Commands I've used to 
troubleshoot are: findsmb, nmblookup and smbclient -L, but all they tell 
me is what I already know: my nmbd cannot get the browse list from any 
domains outside of my own subnet yet still in the WAN. Interestingly, I 
have an NT 4 PDC on the same subnet which can do exactly that: it see's 
every domain in the WAN. In all other respects samba PDC works perfectly, 
but if I can't fix this browse list issue, we can't replace our windows 
PDC with samba.

If you find the solution, please let me know. I'll do the same. If you 
find any additional troublshooting tools, please let me know.

Alex
On Tue, 10 May 2005, Craig Main wrote:
Hi All,
I have a openvpn setup between two Linux boxes. The internal networks
on each side are on seperate network ranges.
I can ping all boxes from either side, and if I search for a box using
it's ip address, I can see the box and access it's shares.
What I would like to do however is to be able to see the the pc's in
their workgroups (each subnet has it's own workgroup).
I have tried setting up each samba box as a wins server for it's own
workgroup, and then pointed the pc's on the other network to use it as
its wins server, this didn't seen to work either.
Can anyone help in this regard, what else should I do?
Regards
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Different shells

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nir B wrote:
| 1 - How can I set the shell per user?
You can't currently unless the compat NSS service would
allow you to override the shell for a given user.
| 2 - I noticed that if you logon as root, you can do SU
| to each user on the  Active Directory, without
| providing password. How can block this or force to
| provide the user password?
Fix the pam config for the su service.  There's probably
a pam_rootok.so entry if memory serves correctly.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCgM/yIR7qMdg1EfYRAgo1AKDR/WDODEdzVooBhFvO5jtbuK86mwCfRyED
QuPDcATZCFnd5i9ATge6adQ=
=R6X7
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] CIFS and DFS

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter Weiss wrote:
| hello,
|
| maybe this is the wrong place, but according to
|
| http://us1.samba.org/samba/Linux_CIFS_client.html
|
| linux kernel cifs should be able to handle M$ dfs shares.
| I looked at the installation and usage instructions
| but it doesn't work. On the mount.cifs manpage I
| found no hint about a special switch to activate dfs parsing.
|
| Can anybody put some light into this?
It's not implemented last time I spoke with Steve.
The cifs fs has its own list [EMAIL PROTECTED]
(you can subscribe from the mailman interface at
http://lists.samba.org/)


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCgM9uIR7qMdg1EfYRAvgeAKDF0ocRFcFI0b1BaHpN93B6eYhu9wCdFXsL
OZbUbzEvXbAFVXqmetvRrrs=
=j5a9
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question regarding share security

[Jeremy Allison]

On Tue, May 10, 2005 at 06:53:20AM -0400, Mark Ratering wrote:
> I have a samba server set up with a few shares and about 5 different 
> users.  My issue is this:  Whenever the admin user writes a new file to 
> the 'data' share the unix permissions become admin, admin.  Then the 
> guys in sales cant read it.  The same happens with our art department.  
> How to i tell Samba that any file written to the 'data' share by an 
> authenticated user should have the permissions 770 with root, data as 
> username/group?

Use "force create mode = 0770"

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ADS and Samba

[Mattier, Ricardo]

Hi,
I'm trying to get Solaris running Samba 3.0.9 to join an Active
Directory Domain.  Are there steps on configuring Kerberos, and using
the "NET" utility if there is one for Solaris?  
 
Rick Mattier
Systems Analyst II
Windriver Systems
120 Royall St
Canton, Ma 02021
[EMAIL PROTECTED]
Canton: 781 364-2002
Nashua: 603 897-2084
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Active Directory

[Mattier, Ricardo]

Hello,
Is there a way to push a Solaris machine onto a Active Directory
domain?  If so, what software do I need to upgrade to?  I am currently
using Solaris 9.  
 
Rick Mattier
Systems Analyst II
Windriver Systems
120 Royall St
Canton, Ma 02021
[EMAIL PROTECTED]
Canton: 781 364-2002
Nashua: 603 897-2084
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: A few questions

[Kev Buckley]

On 

 Mon, 09 May 2005 19:56:44 +0200

it was written:

> It might help to add your OS/distro  and Samba version.

then again, it might not help to do so, because on

 Fri, 06 May 2005 17:32:52 +0200

it was written.

> > > Does ANYONE have roaming profiles working under Samba 3.0.10,
> > > preferably on Mandrake Linux with WinXP SP2 clients?

> > "Yes", he answered cautiously. Not 3.0.10, but I did begin with 3.0.7
> > and they worked there, they also still work with 3.0.14a. And my distro
> > is Red Hat RHAS3, not Mandrake. But such is immaterial.


Apologies, but it not has been a good day so far and that has
brightened things up for me no end !

-- 
Regards,

--
*  Kevin M. Buckley  e-mail: [EMAIL PROTECTED]   *
**
*  Systems Administrator *
*  Computer Centre   *
*  Lancaster University  Voice:  +44 (0) 1524 5 93718*
*  LANCASTER. LA1 4YWFax  :  +44 (0) 1524 5 25113*
*  England.  *
**
*  My PC runs Linux/GNU, you still computing the Bill Gate$' way ?   *
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Using ldap for permissions/authenication

[Jennifer Fountain]

Hi all:

I am currently using Active Directories (via openldap client) to
authenicate my linux clients and would like to have samba use AD (ldap -
not winbind) as well.  I really haven't seen any documentation on how to
implement, however.  Does anyone have any information regarding ldap and
samba (redhat rpm)?

Thanks!

Kind Regards,

Jennifer Fountain
Systems Administrator/Security
R&B Distribution
3400 E Walnut Street
Colmar, PA  18915

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Different shells

[Nir B]

Hi All,

I added Linux machines to my AD domain (Windows 2000 native domain) and have 
the following problems / questions:

1 - How can I set the shell per user? (I know how to set per computer on the 
smb.conf  "template shell = /bin/sh", I have few users that work on the same 
machine and use different shells)

2 - I noticed that if you logon as root, you can do SU to each user on the 
Active Directory, without providing password. How can block this or force to 
provide the user password?

Thanks In Advanced!

Nir B 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Browsing across networks

[Craig Main]

Hi All,

I have a openvpn setup between two Linux boxes. The internal networks
on each side are on seperate network ranges.

I can ping all boxes from either side, and if I search for a box using
it's ip address, I can see the box and access it's shares.

What I would like to do however is to be able to see the the pc's in
their workgroups (each subnet has it's own workgroup).

I have tried setting up each samba box as a wins server for it's own
workgroup, and then pointed the pc's on the other network to use it as
its wins server, this didn't seen to work either.

Can anyone help in this regard, what else should I do?

Regards
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3 ADS problem with %g variable

[Talwar, Puneet (NIH/NIAID)]

Question, do you have to setup krb5.conf file to get winbind to work
properly?

__

 

Puneet Talwar


-Original Message-
From: Penny Willisson [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 10, 2005 7:31 AM
To: samba@lists.samba.org
Subject: [Samba] Samba 3 ADS problem with %g variable

Hi

I have successfully configured my SuSE Linux 9.0 server to use Samba 3.0.14
and accept my Windows 2000 users through Active Directory to access the
shares.

However I have some shares that have paths that are made up of %g/%U
variables.

The %U works fine but I cannot get the %g in any format to give me just the
group name I get DOMAIN/groupname sent through instead which is making the
paths invalid and my share folders inaccessible by the windows clients.  I
have tried making a directory structure that matches the DOMAIN/groupname
and it still isn't happy and I still get a message saying 'path not found'
when I try and access the shares.

Can anyone give me any ideas how to resolve this?

Your help is greatly appreciated.
 
Here is my smb.conf file
[global]
 unix charset = LOCALE
 workgroup = DOMAIN
 realm = DOMAIN.COM
 server string = Samba 3.0.14
 security = ADS
 username map = /etc/samba/smbusers
 log level = 1
 syslog = 3 
 log file = /var/log/samba/%m
 max log size = 50
 ldap ssl = no
 idmap uid = 1-2
 idmap gid = 1-2
 template primary group = "Domain Users"
 template shell = /bin/bash
 template homedir = /home/%U
 winbind separator = / 
 winbind enum users = yes
 winbind enum groups = yes
 winbind use default domain = no
 password server = *
 encrypt passwords = yes
 os level = 2
 domain logons = No
 preferred master = No
 wins support = Yes
 keep alive = 60
 dead time = 30

[homes]
 comment = Private Folders (%U)
 path = /data/private/%U
 valid users = %S
 read only = No
 browseable = No
 hide dot files = Yes
 veto files = /bin/public_html/.*/

[People]
 comment = Users Department Files (%g/%U)
 path = /data/departments/people/%g/%U
 read only = No
 valid users = @%g
 create mask = 0664
 directory mask = 6770
 veto files =/*.rem/*dontrem*/
 delete veto files = No

[Private]
 comment = Users Private Files (/data/private/%U)
 path = /data/private/%U
 read only = No
 browseable = Yes
 create mask = 0700
 directory mask = 6700
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] CIFS and DFS

[Peter Weiss]

hello,

maybe this is the wrong place, but according to

http://us1.samba.org/samba/Linux_CIFS_client.html 

linux kernel cifs should be able to handle M$ dfs shares. I looked at the
installation and usage instructions but it doesn't work. On the mount.cifs
manpage I found no hint about a special switch to activate dfs parsing.

Can anybody put some light into this?

TIA -- Peter

# uname -a
Linux Astor 2.6.10astor #1 SMP Mon Mar 14 21:23:28 CET 2005 i686 GNU/Linux
# mount -t cifs //nvgm015.muc/Fz-daten /mnt -o user=qx43144
Password: 
# ls /mnt
Administration
[...]
# cd /mnt/*
# ls
ls: reading directory .: Object is remote
# zgrep CIF /proc/config.gz 
CONFIG_CIFS=m
CONFIG_CIFS_STATS=y
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_CIFS_EXPERIMENTAL=y
# mount.cifs -V
mount.cifs version: 1.6

-- 
[EMAIL PROTECTED] ConSol* Software GmbH
Phone  +49 89 45841-100   Consulting & Solutions
Mobile +49 177 6040121Franziskanerstr. 38
http://www.consol.de  D-81669 München

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba BDC in the same subnet not getting connection requests

[Prakash Velayutham]

>>> Ian Clancy <[EMAIL PROTECTED]> 05/10/05 9:33 AM >>>
Prakash Velayutham wrote:

>Hi,
>
>Sorry for posting again. I would really appreciate any help with this.
>
>I have a Samba 3 PDC running with around 20 Windows XP/2K clients. The
>PDC and clients are in different subnets. Rrecently I decided to add
>a Samba 3 BDC in the same subnet as the clients, to give some failover
>and also to reduce across-switch traffic.
>After creating the BDC, I restarted one of the clients but don't see it
>establishing connection with the BDC, instead it connects as before
with
>the PDC. How can I make a BDC effective in this case?
>
>Thanks,
>Prakash
>  
>

Hi Prakash,
Some questions before we can help.
When you start the BDC what kind of output do you get in
/var/log/messages ?
Is your BDC registering itself as a logon server ?.
In your smb.conf what is your log level setting ?.
Is your WINS Server configured correctly and are your clients configured
to use it ?.
What does 'nmblookup -S YOURBDC' return ?

Hi Ian,

What log level do you want me to set in smb.conf before getting the
output of /var/log/samba/* (I think you meant this when you said
/var/log/messages, as I do not get anything in /var/log/messages when I
restart smb and nmb daemons). With log level at 3, here is the output
*
[2005/05/10 10:03:13, 3] smbd/server.c:exit_server(614)
  Server exit (Caught TERM signal)
[2005/05/10 10:03:16, 0] nmbd/nmbd.c:terminate(54)
  Got SIGTERM: going down...
[2005/05/10 10:03:16, 3]
nmbd/nmbd_sendannounce.c:send_local_master_announcement(166)
  send_local_master_announcement: type 0 for name FRONTIER on subnet
10.10.80.111 for workgroup CMC-NT
[2005/05/10 10:03:16, 3]
nmbd/nmbd_sendannounce.c:send_host_announcement(208)
  send_host_announcement: type 0 for host FRONTIER on subnet
10.10.80.111 for workgroup CMC-NT
  become_logon_server_success: Samba is now a logon server for workgroup
CMC-NT on subnet UNICAST_SUBNET
[2005/05/10 10:03:18, 2] lib/interface.c:add_interface(79)
  added interface ip=10.10.80.111 bcast=255.255.255.255 nmask=0.0.0.0
[2005/05/10 10:03:18, 3] smbd/server.c:main(790)
  loaded services
[2005/05/10 10:03:18, 3] smbd/server.c:main(805)
  Becoming a daemon.
[2005/05/10 10:03:18, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
  Registered MSG_REQ_POOL_USAGE
[2005/05/10 10:03:18, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2005/05/10 10:03:18, 3]
printing/printing.c:start_background_queue(1168)
  start_background_queue: Starting background LPQ thread
[2005/05/10 10:03:18, 2] smbd/server.c:open_sockets_smbd(324)
  waiting for a connection
[2005/05/10 10:03:20, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(236)
  add_name_to_subnet: Added netbios name FRONTIER<20> with first IP
10.10.80.111 ttl=0 nb_flags=60 to subnet 10.10.80.111
[2005/05/10 10:03:20, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(236)
  add_name_to_subnet: Added netbios name FRONTIER<03> with first IP
10.10.80.111 ttl=0 nb_flags=60 to subnet 10.10.80.111
[2005/05/10 10:03:20, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(236)
  add_name_to_subnet: Added netbios name FRONTIER<00> with first IP
10.10.80.111 ttl=0 nb_flags=60 to subnet 10.10.80.111
[2005/05/10 10:03:20, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(236)
  add_name_to_subnet: Added netbios name CMC-NT<00> with first IP
10.10.80.111 ttl=0 nb_flags=e0 to subnet 10.10.80.111
[2005/05/10 10:03:20, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(236)
  add_name_to_subnet: Added netbios name CMC-NT<1e> with first IP
10.10.80.111 ttl=0 nb_flags=e0 to subnet 10.10.80.111
[2005/05/10 10:03:20, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(236)
  add_name_to_subnet: Added netbios name CMC-NT<1c> with first IP
10.10.80.111 ttl=0 nb_flags=e0 to subnet 10.10.80.111
[2005/05/10 10:03:20, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
  become_logon_server_success: Samba is now a logon server for workgroup
CMC-NT on subnet 10.10.80.111
[2005/05/10 10:03:20, 3] nmbd/nmbd_elections.c:check_elections(362)
  check_elections: >>> Starting election for workgroup CMC-NT on subnet
10.10.80.111 <<<
[2005/05/10 10:03:22, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(421)
  write_browse_list: Wrote browse list into file
/var/lib/samba/browse.dat
[2005/05/10 10:03:23, 2] nmbd/nmbd_elections.c:send_election_dgram(41)
  send_election_dgram: Sending election packet for workgroup CMC-NT on
subnet 10.10.80.111
[2005/05/10 10:03:25, 2] nmbd/nmbd_elections.c:send_election_dgram(41)
  send_election_dgram: Sending election packet for workgroup CMC-NT on
subnet 10.10.80.111
[2005/05/10 10:03:27, 2] nmbd/nmbd_elections.c:send_election_dgram(41)
  send_election_dgram: Sending election packet for workgroup CMC-NT on
subnet 10.10.80.111
[2005/05/10 10:03:28, 2] nmbd/nmbd_elections.c:send_election_dgram(41)
  send_election_dgram: Sending election packet for workgroup CMC-NT on
subnet 10.10.80.111
[2005/05/10 1

Re: [Samba] PDC with winbind functionality

[Collen]

Had the same problem here with pdc+winbind+ftp.
i used a somewhat older pam module, and left the winbind part out..
That's all the feedback i have 4 you.
Goodluck
Collen
Ramses van Pinxteren wrote:
Hiya,
I am giving up. i just cant get winbind working when installing a PDC. 
this is what I need:

-a PDC/AD on it own domain, no need for other servers to sync etc etc.
-winbind so I can use ntlm_auth
no other features, just plain and simple. I really dont know how to get 
this working, and I hope that SOMEONE here has a config similar to this 
wishlist that I can get in contact with.

Kind regards
ramses
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Question regarding share security

[Mark Ratering]

I have a samba server set up with a few shares and about 5 different 
users.  My issue is this:  Whenever the admin user writes a new file to 
the 'data' share the unix permissions become admin, admin.  Then the 
guys in sales cant read it.  The same happens with our art department.  
How to i tell Samba that any file written to the 'data' share by an 
authenticated user should have the permissions 770 with root, data as 
username/group?

My other question is regarding a strange issue with a OS X computer.  It 
says that the fileserver has run out of space and it cannot write any 
more.  I am not implementing any sort of limiting on the amount of space 
that any user may use.  Copying works fine from windows computers.

Here the majority of the config i use now.  I had to remove a few lines 
in the interest of security.

# Global parameters
[global]
   #NetBIOS settings
   netbios name=   SMBSERVER
   workgroup   =   SMBDomain
   server string   =   CIFS Server
   log file=   /var/log/samba/log.%m
   max log size=   50
   time server =   yes
   hide dot files  =   yes
   log level   =   2
   #Logon options
   logon script=   %U.bat
   #This turns off roaming profiles
   logon path  =
   #Security settings
   security=   user
   domain logons   =   yes
   encrypt passwords   =   yes
   #Turn on the WINS server
   wins support=   yes
   #Make sure that Samba is the master browser and domain master 
browser
   domain master   =   yes
   local master=   yes
   preferred master=   yes
   os level=   65

   #Scripts for adding computers and users to the domain
   add user script =   /usr/sbin/useradd -d 
/var/lib/nobody -g 100 -s /bin/false -M %u
   add machine script  =   /usr/sbin/useradd -d 
/var/lib/nobody -g 100 -s /bin/false -M %u

[netlogon]
   path=   /files/netlogon
   writable=   no
   browsable   =   no
[phone]
   comment =   Files
   valid users =   art,dev,sales,admin
   writeable   =   yes
   write list  =   art,dev,sales,admin
   path=   /wwwroot/html
[files]
   comment =   Files
   valid users =   art,dev,sales,admin
   writeable   =   yes
   write list  =   art,dev,sales,admin
   path=   /share/data
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PDC with winbind functionality

[Ramses van Pinxteren]

Hiya,
I am giving up. i just cant get winbind working when installing a 
PDC. this is what I need:

-a PDC/AD on it own domain, no need for other servers to sync etc etc.
-winbind so I can use ntlm_auth
no other features, just plain and simple. I really dont know how to 
get this working, and I hope that SOMEONE here has a config similar 
to this wishlist that I can get in contact with.

Kind regards
ramses
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba BDC in the same subnet not getting connection requests

[Ian Clancy]

Prakash Velayutham wrote:
Hi,
Sorry for posting again. I would really appreciate any help with this.
I have a Samba 3 PDC running with around 20 Windows XP/2K clients. The
PDC and clients are in different subnets. Rrecently I decided to add
a Samba 3 BDC in the same subnet as the clients, to give some failover
and also to reduce across-switch traffic.
After creating the BDC, I restarted one of the clients but don't see it
establishing connection with the BDC, instead it connects as before with
the PDC. How can I make a BDC effective in this case?
Thanks,
Prakash
 

Hi Prakash,
Some questions before we can help.
When you start the BDC what kind of output do you get in /var/log/messages ?.
Is your BDC registering itself as a logon server ?.
In your smb.conf what is your log level setting ?.
Is your WINS Server configured correctly and are your clients configured to use 
it ?.
What does 'nmblookup -S YOURBDC' return ?
--
Ian Clancy
IT Systems Engineer
Connaught Electronics Ltd.
Dunmore Rd,
Tuam,
Co. Galway,
Ireland.
P : ++353 93 23151
F : ++353 93 23110
E : mailto:[EMAIL PROTECTED]
W : http://www.cel-europe.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba BDC in the same subnet not getting connection requests

[Prakash Velayutham]

Hi,

Sorry for posting again. I would really appreciate any help with this.

I have a Samba 3 PDC running with around 20 Windows XP/2K clients. The
PDC and clients are in different subnets. Rrecently I decided to add
a Samba 3 BDC in the same subnet as the clients, to give some failover
and also to reduce across-switch traffic.
After creating the BDC, I restarted one of the clients but don't see it
establishing connection with the BDC, instead it connects as before with
the PDC. How can I make a BDC effective in this case?

Thanks,
Prakash
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] 3.0.14 and MacOs X (tiger)

[William Enestvedt]

Roland Carlsson asked about the Samba client functionality breaking
after the upgrade to 10.4, to which I reply:
   The 10.4 upgrade involved some significant changes to OS X (which I
personally feel Apple hasn't explained enough). For example, many kernel
APIs were changed, which broke most VPN client software.
   Do the server logs show anything about these failed connections? Have
you checked the Mac's console log? Did the Samba _server's_ name or IP
address change? Are there cached network connection preferences (for
example, the list of "favorites" that you see when you press Command-K)
or credentials somewhere on your Mac?
   Just thinking out loud, and planning for my own 10.4 upgrade!
-wde
--
Will Enestvedt
UNIX System Administrator
Johnson & Wales University -- Providence, RI
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: getting SID on a Samba 2.2.2 domain

[Michal Kurowski]

jonathan.wilson [EMAIL PROTECTED] wrote:
>
>Replacing an old Samba 2.2.2 server with a newer Samba version, and
>would like to set the SID to the same as the old server. However,
>2.2.2 doesn't have the 'net' utilities or anything else that I can
>find to display the SID. Anyone have any hints?
 
A simple thing to do is to copy original "tdb" database. With some
caution applied it is also quite safe.

When doing so please make sure that both instances are stopped. There
might be some differences in filesystem location of the backend files.
Do something like "dpkg -L" or "rpm -ql".

Cheers,

-- 
Michal Kurowski
<[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] roaming profiles act as local (3.0.14a-1)

[Krisztian Andre]

The profiles are displayed as type: roaming, status: roaming in the 
profile manager on my winXPSP2 clienets, but the profile is not loading. 
If I log in at a different workstation I get only the default profile 
and I have to set up the desktop icons and everithing again just as if 
it was a local profile. Where can I look for the solution of this problem?

smb.conf:
[global]
netbios name = POSEIDON
workgroup = UNITY-WORLDWIDE
server string = PDC [on Debian :: Samba server %v]
hosts allow = 192.168.0.0/24 127.0.0.0/8
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth1
bind interfaces only = yes
local master = yes
os level = 65
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
logon script = login.bat  OR %U.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U\.9xprofile
wins support = yes
name resolve order = wins lmhosts hosts bcast
dns proxy = no
time server = yes
; log file = /var/log/samba3/log.%m
; max log size = 50
; smb passwd file = /etc/samba/private/smbpasswd
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel =r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
passwd program = /usr/bin/passwd %u
passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ 
"*Password changed*"
unix charset = ISO8859-1

[netlogon]
path = /var/lib/samba/netlogon browseable = no
[profiles]
path = /var/lib/samba/profiles
browseable = no
writeable = yes
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
write list = @users @root
create mode = 0600
directory mode = 0700
profile acls = yes
[homes]
path = /home/%U
browseable = no
valid users = %S
writable = yes
guest ok = no
inherit permissions = yes
[public]
comment = Public Stuff
path = /var/lib/samba/shares/public
public = yes
writeable = no
browseable = yes
[programs]
comment = Common Files
path = /var/lib/samba/shares/programs
public = no
writeable = yes
browsable = yes
;write list = @users  workstation07 (192.168.0.64) connect to service 
netlogon initially as user chris (uid=1002, gid=100) (pid 11638)
[2005/05/10 18:36:38, 1] smbd/service.c:make_connection_snum(642)
 workstation07 (192.168.0.64) connect to service chris initially as 
user chris (uid=1002, gid=100) (pid 11638)
[2005/05/10 18:36:46, 1] smbd/service.c:make_connection_snum(642)
 workstation07 (192.168.0.64) connect to service programs initially as 
user chris (uid=1002, gid=100) (pid 11638)
[2005/05/10 18:47:32, 1] smbd/service.c:close_cnum(830)
 workstation07 (192.168.0.64) closed connection to service netlogon
[2005/05/10 19:04:16, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:04:16, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:04:21, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:04:21, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:04:39, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:04:39, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:04:59, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:04:59, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:06:17, 1] smbd/service.c:make_connection_snum(642)
 workstation07 (192.168.0.64) connect to service unity initially as 
user chris (uid=1002, gid=100) (pid 11638)
[2005/05/10 19:06:18, 1] smbd/service.c:make_connection_snum(642)
 workstation07 (192.168.0.64) connect to service public initially as 
user chris (uid=1002, gid=100) (pid 11638)
[2005/05/10 19:10:16, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:10:16, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:11:32, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:11:32, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:11:42, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:11:42, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open printcap file /etc/printcap for read!
[2005/05/10 19:11:43, 0] printing/pcap.c:pcap_cache_reload(149)
 Unable to open pr

Re: [Samba] getting SID on a Samba 2.2.2 domain

[Chuck Theobald]

Hi Jonathan,
If the machine is a domain controller, log onto one of your Windows 
machines that has joined the domain and check the registry under 
HKEY_USERS, there will be entries there that reflect the SID of the domain. 
I used this to discover the SID of a TAS server for which I needed the SID. 
TAS was not cooperative, but my client machines were.

If your old machine is not a domain controller, I think it does not matter 
that the SID changes when going to the new machine, as there is no user 
information dependent upon the SID of the server in this case. Please, if 
this is not correct, someone write a clarification.

Regards,
Chuck
At 12:53 PM 5/5/2005, jonathan.wilson wrote:
Replacing an old Samba 2.2.2 server with a newer Samba version, and would 
like to set the SID to the same as the old server. However, 2.2.2 doesn't 
have the 'net' utilities or anything else that I can find to display the 
SID. Anyone have any hints?

Thanks,
Jonathan Wilson
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] login on WinNT and 9X

[Juliano Medeiros Coimbra]

Hi, I am a new member of this list and I couldn't find and message to 
help me in the Samba archives.
We're migrating from a FreeBSD 4.0 server with Samba2 to a FreeBSD 5.3 
server with Samba 3.0.12_1,1.
These too servers are  on the same network, but workgoups are different 
(old server is DESQ-Samba and the new one is NDESQ).
Our network have Windows 95, 98, NT, 2k and XP!
This old server uses the master.passwd to authenticate users, I tried to 
do the same with the new one, but I couldn't get a passwd backend (plain 
text) to do this, so I moved to smbpasswd backend and now everything 
works fine, except for Windows 9X and NT - users cannot login to any share.
Theres is no firewall in the new server (yet). I am attaching my 
smb.conf file to your apreciattion.
If there is a reason to ignore this problem, considering the old server 
will go down when the new one gets 100% fine, please, tell me.

best regards!
Juliano
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/05/09 13:53:22

# Global parameters
[global]
workgroup = NDESQ
server string = Teste (Samba %v)
interfaces = 143.106.19.25/255.255.255.192, 127.
bind interfaces only = Yes
encrypt passwords = No
update encrypted = Yes
password server = kappa.desq.feq.unicamp.br
passdb backend = smbpasswd
root directory = /
passwd program = /usr/bin/passwd %u
password level = 8
log file = /var/log/samba/log.%m
max log size = 500
name resolve order = host wins lmhosts bcast
time server = Yes
server signing = auto
load printers = No
logon path = 
logon home = 
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = 143.106.19.2
ldap ssl = no
socket address = 143.106.19.25
NIS homedir = Yes
invalid users = root, toor, operator, tty, kmem, bin, daemon, games, 
news, man, sshd, smmsp, mailnul, bind, proxy, pop, www, nobody
hosts allow = 143.106.19.0/255.255.255.192, 
143.106.19.64/255.255.255.192, 143.106.123.0/255.255.255.192
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j

[tmp]
comment = Temporary file space
path = /tmp/share
force user = nobody
read only = No
create mask = 0777
guest only = Yes
guest ok = Yes
fstype = FAT

[homes]
comment = Homes directories
read only = No
veto files = /*.mp3/*.wmv/
browseable = No
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Printer sleep mode problem

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tor wrote:
| Eric,
|
| Thank you for the quick response!
| I guess my next question then is, does Samba
| handle wake up calls of printers?
| If so, where do I find documentation about it?
Samba is simply a user space spooler when it
comes to printing.  It acts just like a user
running lpr.  There is no direct interaction with
the hardware.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCgJ+jIR7qMdg1EfYRAu2oAKDMDpCWh1F7a3LFUbnFzY0AVUhhyQCgty6D
BEByq8J243mDFI8mNDsW+Vg=
=0Lee
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3 ADS problem with %g variable

[Penny Willisson]

Hi

I have successfully configured my SuSE Linux 9.0 server to use Samba 3.0.14 and 
accept my Windows 2000 users through Active Directory to access the shares.

However I have some shares that have paths that are made up of %g/%U variables.

The %U works fine but I cannot get the %g in any format to give me just the 
group name I get DOMAIN/groupname sent through instead which is making the 
paths invalid and my share folders inaccessible by the windows clients.  I have 
tried making a directory structure that matches the DOMAIN/groupname and it 
still isn't happy and I still get a message saying 'path not found' when I try 
and access the shares.

Can anyone give me any ideas how to resolve this?

Your help is greatly appreciated.
 
Here is my smb.conf file
[global]
 unix charset = LOCALE
 workgroup = DOMAIN
 realm = DOMAIN.COM
 server string = Samba 3.0.14
 security = ADS
 username map = /etc/samba/smbusers
 log level = 1
 syslog = 3 
 log file = /var/log/samba/%m
 max log size = 50
 ldap ssl = no
 idmap uid = 1-2
 idmap gid = 1-2
 template primary group = "Domain Users"
 template shell = /bin/bash
 template homedir = /home/%U
 winbind separator = / 
 winbind enum users = yes
 winbind enum groups = yes
 winbind use default domain = no
 password server = *
 encrypt passwords = yes
 os level = 2
 domain logons = No
 preferred master = No
 wins support = Yes
 keep alive = 60
 dead time = 30

[homes]
 comment = Private Folders (%U)
 path = /data/private/%U
 valid users = %S
 read only = No
 browseable = No
 hide dot files = Yes
 veto files = /bin/public_html/.*/

[People]
 comment = Users Department Files (%g/%U)
 path = /data/departments/people/%g/%U
 read only = No
 valid users = @%g
 create mask = 0664
 directory mask = 6770
 veto files =/*.rem/*dontrem*/
 delete veto files = No

[Private]
 comment = Users Private Files (/data/private/%U)
 path = /data/private/%U
 read only = No
 browseable = Yes
 create mask = 0700
 directory mask = 6700
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] rid_idmap_get_id_from_sid: no suitable range available for sid

[John]

Hello,

I have the following message posted on the linux.samba newsgroup, but so far
no response. Therefore I try again in this group, hoping that there are
other people reading this group, and yes, that hopefully somebody can help
me with my samba winbind problems.

John Knappers



Hello,

"John" <[EMAIL PROTECTED]> schreef in bericht
news:[EMAIL PROTECTED]
> Hello list,
>
>
> "John" <[EMAIL PROTECTED]> schreef in bericht
> news:[EMAIL PROTECTED]
>> Hello,
>>
>> I have some trouble with rid_idmap facility. STFI did'nt help me this
>> time..
>> Other issues I red about resolved to a too smal idmap range
>> specification.
>> But this an other issue..
>>
>> It looks that the rid_idmap facility tries to map the sid's from
>> Administrators, Backup operators and several other build in groups to a
>> uid <330
>>
>> Configuration:
>> OS Suse 9.1
>> Samba 3.0.14 backport from Suse
>> W2k3 DC in testlab is a NT4 domain upgrade
>>
>> smb.conf snippet
>> workgroup DOM1
>> security = ADS
>> realm:CORP.DOM1..COM
>> passwd server = *
>> Allow trusted domains = no
>> loglevel =3
>> winbind seperator = no
>> idmap backend = idmap_rid:DOM=330-10
>> idmap uid = 330-10
>> idmap gid = 330-10
>> winbind use default domain = yes
>> etc
>>
>> Joining the ADS domain goes smoothly
>> wbinfo -u gives list with domain users
>> wbinfo -n 'Domain Users' gives list SID  from domain Users
>> wbinfo -n 'Administrators' gives: Could not lookup name Administratos
>> wbinfo -n 'Backup Operators' gives: Could not lookup name Backup
>> Operators
>>
>> id Administrator has  uid 1000 and lot's of guid's from different groups
>> he's member of, but not the guid from the Administrators and backup
>> operators group. I'm also getting log entries like
>> rid_idmap_get_id_from_sid: No available range availeble for sid.
>>
>> It's difficult to paste complete logs at the moment, because the W2k dc
>> and samba ADS member are running in a isolated testlab.
>>
>> Does anybody know what I'm missing or what's going wrong?
>>
>> John Knappers
>> Argentia B.V.
>> The Netherlands
>>
>>
> Hello,
>
> A carefull look in the morning reveiled:
> The group Administrators / Powerusers ect are translated in samba to:
> BUILDIN/Administrators BUILDIN/Power users etc.
>
> But wbinfo -n BUILDIN/Administrators gives:
> S-1-5-32-544 Well-known Group (5)
> and wbinfo -Y  S-1-5-32-544 gives:
> Could not convert sid S-1-5-32-544 to gid...
>
> Are those sid's not very short? As I remembered the were much longer.
> It look that the Sid's from the BUILDIN groups are truncated!
> duh, how is that possible?
>
> A wbinfo -n 'Domain Admins' gives:
> S-1-5-21-431110786-547713429-883519231-512 Domain Group (2)
> and wbinfo -y S-1-5-21-431110786-547713429-883519231-512
> 1012
>
> Looking on the production network, that's still running a NT4 DC.
> The samba host there is running winbind without the idmap_rid facility.
> But there wbinfo -n 'BUILDIN/Administrators' also gives
> S-1-5-32-544 Well-known Group (5)
> becouse winbind is running without idmap_rid facility
> a wbinfo -Y S-1-5-32-544 resolves to
> 10063
>
> Does someone has any id what's going on here?
>
> regards,
>
> John Knappers
> Argentia B.V.
> The Netherlands
>
After a bit futher searching the internet I found some answers in the
following link:
http://support.microsoft.com/kb/q163846/

There I did find out that the BUILDIN local group and some special groups
/users have always the same short SID
Built-In Local Groups
BUILTIN\ADMINISTRATORS S-1-5-32-544  (=0x220)
BUILTIN\USERSS-1-5-32-545  (=0x221)
BUILTIN\GUESTS S-1-5-32-546  (=0x222)
BUILTIN\ACCOUNT OPERATORS  S-1-5-32-548  (=0x224)
BUILTIN\SERVER OPERATORS   S-1-5-32-549  (=0x225)
BUILTIN\PRINT OPERATORSS-1-5-32-550  (=0x226)
BUILTIN\BACKUP OPERATORS   S-1-5-32-551  (=0x227)
BUILTIN\REPLICATOR S-1-5-32-552  (=0x228)
Special Groups
\CREATOR OWNER S-1-3-0
\EVERYONE  S-1-1-0
NT AUTHORITY\NETWORK   S-1-5-2
NT AUTHORITY\INTERACTIVE   S-1-5-4
NT AUTHORITY\SYSTEMS-1-5-18
NT AUTHORITY\authenticated users   S-1-5-11 *
NT AUTHORITY\LOCAL SERVICE S-1-5-19
NT AUTHORITY\NETWORK SERVICE S-1-5-

Those SID's matches, with what I found on our samba system.

So, it's clear now, that those SID's are not accidentely truncated, but are
so
by design. How does this fit in the Samba rid_idmap?
Does anybody has a clue??

Regards,

John Knappers
Argentia B.V.
The Netherlands








-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Fail to find correct group

[Fred Lacombe]

Hi team,

deploying samba 3.0.4 as PDC on HP-UX 11.00, I've got a singular behaviour
on one specific server. Our configuration is working fine on other
servers.

We want to manage policies based on group membership. We've the following
extract of configuration for this purpose :

[netlogon]
path = /etc/samba/netlogon/%g
writable = Yes
browsable = No
locking = No

>From a computer member of the domain, we try to connect as user eidinst,
member of group 'installation' gid=1000, rid=3001. this user can identify
himself correctly (smbclient, etc.).
When trying to open a session on the workstation, it tries to access to
netlogon directory /etc/samba/netlogon/sys, due to a switch to 'root' user
as shown on the log level 3 below ('sys' is the gid of root user) :

[Tue May 10 10:11:21 2005
, 3] smbd/lanman.c:api_reply(3571)
  Doing WWkstaUserLogon
[Tue May 10 10:11:21 2005
, 3] smbd/lanman.c:api_WWkstaUserLogon(2833)
  Username of UID 1034 is eidinst
[Tue May 10 10:11:21 2005
, 3] smbd/lanman.c:api_WWkstaUserLogon(2841)
  WWkstaUserLogon uLevel=1 name=EIDINST
[Tue May 10 10:11:21 2005
, 3] smbd/process.c:process_smb(890)
  Transaction 4 of length 67
[Tue May 10 10:11:21 2005
, 3] smbd/process.c:switch_message(685)
  switch message SMBtconX (pid 10500)
[Tue May 10 10:11:21 2005
, 3] smbd/sec_ctx.c:set_sec_ctx(287)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[Tue May 10 10:11:21 2005
, 3] smbd/service.c:make_connection_snum(391)
  Forced user root
[Tue May 10 10:11:21 2005
, 3] smbd/service.c:make_connection_snum(440)
  Forced group sys
[Tue May 10 10:11:21 2005
, 3] smbd/service.c:make_connection_snum(457)
  Connect path is '/etc/samba/netlogon/sys' for service [netlogon]

Has anyone an idea why this is happening ?

Many thanks

-- 
Fred LacombeLinagora S.A.
Open Source Project Manager30, rue Saint Augustin
  Tel. : +33 (0)1 58 18 68 28
  Fax. : +33 (0)1 58 18 68 29

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Refreshing file info in the Windows XP clients

[Beatriz Díez]

I have installed Samba server in a Red Hat Enterprise ES 3.0 (kernel
2.4.21), with Windows XP clients.
I need that the clients refresh the file information (size, deleting...)
automatically. I heard that it is possible with Samba 3.0, but I have not
been able to reach it.
Thanks for your help.

Beatriz Díez
Dpto. Sistemas
Ingeniero T. Telecomunicación
PROMOVISA
Central Madrid
Avda. Pablo Iglesias 15
28003 Madrid (Spain)
Telf: (+34) 91 456 2090
Fax: (+34) 91 533 2166
www.promovisa.es

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Are the following cockups in ldap entries or normal behaviour now ?

[Geoff Scott]

When doing a vampire all my PC's are shown in the resulting log as being
members of the Domain Users group and none of my "real users" are shown yet
in Ldap all my users are shown with memberUid in the domain users group and
no computers are shown eg:

dn: cn=Domain Users,ou=Groups,
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users

description: All domain users
memberUid: administrator
memberUid: deloitte
memberUid: iusr_guests
memberUid: template


My machines all have a SID that ends in 513 the domain users RID:
sambaPrimaryGroupSID: S-1-5-21--513

My users have no passwords set eg:

dn: uid=deloitte,ou=Users

sambaLMPassword: XXX
sambaPrimaryGroupSID: S-1-5-21--513
sambaNTPassword: XXX


Is this expected behaviour when vampiring from an NT server using the
smbldap-tools-0.8.8.tgz ?

Or does it appear that I have stuffed up badly?

Regards Geoff Scott
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Does or doesn't vampiring users add them into multiple groups at the same time?

[Geoff Scott]

Hi all,

The new NT migration chapter of Samba guide seems to indicate in the
migration Log Validation (section 9.3.1.1) that users get added to all the
same groups that they were in under the NT4 domain.  However I am not seeing
this despite having had a seemingly successful migration. All my users get
added into the Domain User group but not into any other group.  Is the text
below now wrong or right

"

7. Q: After merging multiple NT4 Domains into a Samba-3 Domain, I lost all
multiple group
mappings. Why?
A: Samba-3 currently does not implement multiple group membership
internally. If you
use the Windows NT4 Domain User Manager to manage accounts and you have an
LDAP
backend, the multiple group membership is stored in the Posix groups area.
If you use
either tdbsam or smbpasswd backend, then multiple group membership is
handled through
the UNIX groups file. When you dump the user accounts no group account
information
is provided. When you edit (change) UIDs and GIDs in each file to which you
migrated
the NT4 Domain data, do not forget to edit the UNIX /etc/passwd and
/etc/group
information also. That is where the multiple group information is most
closely at your
fingertips.

"



Regards Geoff Scott


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaDomainName=DOMAIN for next free id

[John H Terpstra]

On Tuesday 10 May 2005 00:15, Geoff Scott wrote:
> Tony Earnshaw wrote:
> > man, 09.05.2005 kl. 05.51 skrev Geoff Scott:
> >> I'm following JHT's example doc off the web.  I just applied a patch
> >> for the confiure.pl script for the smbldap-tools that John gave me.
> >> It now makes the sambaUnixIdPooldn object default to:
> >> cn=sambaDomainName=DOMAIN whereas the output of the configure.pl
> >> script given in Chapter 9 of the book is shown as:
> >> sambaDomainName=DOMAIN
> >
> > cn doesn't exist as an attribute in this objectClass. sambaDomain is
> > the objectClass, sambaDomainName and sambaSID are required
> > attributes, sambaNextRID, sambaNextGroupRID, sambaNextUserRID and
> > sambaAlgorithmicRidBase are allowedattributes.
>
> Thank you Tony.

Scary! You found an obvious bug that has had me hopping mad for not being able 
to see the forest for the trees. Thank you! You have again proven the 
importance of the many-eyes paradigm.

Now, if only we could get more feedback and review of the new docs I will be 
thrilled even further. :-)

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Sv: [Samba] 3.0.14 and MacOs X (tiger)

[Roland Carlsson]

Hi David!

Thanks for your answer. I can't find the problem. My local firewall is
disabled and enable client to access my computer doesn't help either, it
actually seems quite backwards to have to share my computer to be able to
connect to other samba-installations.

Any other ideas?

Thanks in advance
Roland Carlsson


Den 05-05-09 18.07, skrev "David Michaels" <[EMAIL PROTECTED]>:

> When I upgraded to Tiger just the other day, my network settings showed
> that the Windows service was shut off.  I think Tiger resets some of
> those things (all of those things?) to defaults.  Now, I think this only
> applies to shares the Mac is serving, but it may also apply to accessing
> Windows shares.
> 
> Go to System Preferences -> Sharing, and poke around in there.  I forget
> exactly where the setting is, and I'm not in front of my Mac at the
> moment, but find the Windows service in there, and turn it on (it might
> also be under Firewall -- the default is to deny the protocol, so that
> would also kill Mac access to Windows shares).
> 
> --Dragon
> 
> Roland Carlsson wrote:
> 
>> Hi!
>> 
>> I upgraded our sambainstallation today since it got into problems with
>> Windows ADS 2003.
>> 
>> So I installed all suse rmps for 9.2 (samba 3.0.14) and tested with a few
>> windows boxes and everything works perfektly. No more strange errormessages
>> in the logs about not finding existing users.
>> 
>> Now to the problem, when I came back to my own computer, MacOs X 10.4, i
>> suddenly can't use any samba-shares.  It even freeze finder when trying  to
>> connect. As far as I can se there is not mention of any problem is log.smbd
>> or log.winbindd.
>> 
>> Any ideas of what would cause this problem?
>> 
>> Thanks in advance
>> Roland Carlsson
>> 
>> 
>>  
>> 
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba