Re: [Samba] net password from OS/2 client
I have done so, bug 2912. Thanks. Let me know if you need any traces or more info. I can reproduce it easily enough just let me know what you need. --- Jeremy Allison <[EMAIL PROTECTED]> wrote: > On Wed, Jun 08, 2005 at 05:20:44PM -0700, Olivier > Eymere wrote: > > > > I haven't heard anything for a week so I thought I > would repost my question > > and attach the debug level 100 log file. I cut > the log at the point when > > the SetUserPassword message is received, sorry I > know it is a lot to add to > > the post but it seemed the most logical point to > start from. At the very > > bottom is the point where smb_pwd_check_ntlmv1 > doesn't authenticate > > correctly where I would it expect it ti. > > > > I am trying to get 'net password ...' to work from > an OS/2 client to a Samba > > 3.1.15 server. However, I get an Invalid Password > error whenever I run net > > password. I am certain that I am providing the > correct password. With > > DEBUG_PASSWORD on in the build and tracing set to > 100 I ran 'net view > > \\server' which authenticates correctly and I ran > 'net password user > > oldpass netpass' which does not. > > > > Some important factors: > > 1. The selected protocol is LANMAN2.1 with either > test. > > 2. When running net password the SessionSetup > andX request is done > > anonymously (the username is blank in the request) > but when running net > > view the SessionSetup andX does include the > username in the request. > > 3. In smb_pwd_check_ntlmv1() the Part Password > (P16) is the same in both > > traces. > > I know it's been a while, but I now have an OS/2 > image to test with, > so I should be able to fix all these things soon. > Can you log a bug > with bugzilla.samba.org so I can track this ? > > Thanks, > > Jeremy. > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Need help setting up share permissions on my samba server
Thanks to all of the excellent help here on the list, I have gotten my samba servers all up and running. I need some guidance on how to properly configure the permissions / Users/ Groups so that things can be accessed by those who need to, and not by others. Here are the needs as I see them: Each Authenticated Domain User should have a private folder on the /homes share that only they (and the administrator) can access A teachers share: this share should be accessable by the teachers (Active Directory group Teachers) but not by the students -- Designed to serve as a file exchange point A Public share with Read permissions to everyone, but only specific users (Administrator, Root, and timholmes) have write access. A place to stash documents that many people might need, but should not be changed except by authorized people I have tried creating a document in a wide open share (root/root 777) to see what the username is that it is created with, and it showed as MCASCHOOL\timholmes (my account) for the owner and MCASCHOOL\Domain Users (one of several groups I am in) as the group. When I tried to chown my home folder to that setting, it does not recognize the user or group. I am in the process of working through the SAMBA HOW-TO book, but as yet have not hit the solution. Thanks for all your help TIM Timothy A. Holmes IT Manager / Webmaster / Science Teacher Medina Christian Academy A Higher Standard... Jeremiah 33:3 Jeremiah 29:11 Esther 4:14 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Undelete support for samba
On Fri, Jul 22, 2005 at 05:31:35PM -0400, Mike Sullivan wrote: > Is it possible to have samba move files to another directory instead of > removing them when a user deletes a file from a windows client? This > would allow a file to be restored if a user deleted the wrong file. > > If this is currently not an option would it be easy to implment. We > could do the source code mods on our end. Already implemented. See the vfs_recycle vfs plug-in. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Undelete support for samba
Is it possible to have samba move files to another directory instead of removing them when a user deletes a file from a windows client? This would allow a file to be restored if a user deleted the wrong file. If this is currently not an option would it be easy to implment. We could do the source code mods on our end. Thanks Mike -- Mike Sullivan President @lliance Technologies, Voice: (416) 385-3255 x 228, 18 Wynford Dr, Suite 407Fax: (416) 385-1774 Toronto, ON, Canada, M3C-3S2Toll Free:1-866-344-3255 http://www.alltec.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticate pptpd server on a domain controller
Hello. I have two servers: -One is a vpn server with pptpd. It has debian sarge 3.1, kernel(2.6.8), pptd(1.2.1-4), ppp(2.4.3-2) and Samba(3.0.14a-3). All the accounts to log on the vpn are on /etc/ppp/chap-secrets file. -The other is a pdc with samba(2.2.7) in red hat 8 I want the accounts in the first server (chap-secrets file) authenticate against the pdc server (/etc/samba/smbpasswd) on the second. I read that it is possible using winbind, kerberos and pam. I have been making some configurations but I haven't made yet it works. I want to know what is the best way and how to make. I have traied these two links.: 1- Replacing a Windows PPTP server with Linux HOWTO http://poptop.sourceforge.net/dox/replacing-windows-pptp-with-linux-howto.phtml 2- Chapter 23. Winbind: Use of Domain Accounts http://us2.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html but the two show the same error when I try to join the pptpd server on the pdc. All the configurations were made in the pptpd server not on the pdc. -The fisrt one displays Proxy2:/etc/samba# net join -U root root's password: [2005/07/22 16:02:01, 0] utils/net_ads.c:ads_startup(191) ads_connect: Transport endpoint is not connected [2005/07/22 16:02:01, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256) cli_nt_setup_creds: request challenge failed Creation of workstation account failed User specified does not have administrator privileges Unable to join domain DUCOR. -The second one displays Proxy2:/etc/samba# net rpc join -S servdb1 -U root [2005/07/22 16:03:35, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256) cli_nt_setup_creds: request challenge failed Password: Creation of workstation account failed User specified does not have administrator privileges Unable to join domain DUCOR. I would thank if somebody can help me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] filenames ending by . (point)
Hi On a linux machine with samba i have files named 1. or 2. etc if i make a samba connexion to this machin, ether from a Microsoft PC or by smb clent on linux, the name of the file visible through the connection changes ... it is like 1hz0là or something like this Question : is it possible to configure Samba server to preserve filenames? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT user token: (NULL) what does this mean?
Mike, I have the same error and have been trying to fix this problem for quite a while. 2005/07/22 10:34:10, 3] smbd/process.c:switch_message(886) switch message SMBecho (pid 10341) conn 0x0 [2005/07/22 10:34:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/07/22 10:34:10, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/07/22 10:34:10, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/07/22 10:34:10, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/07/22 10:34:10, 3] smbd/reply.c:reply_echo(3130) echo 1 times [2005/07/22 10:34:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/07/22 10:34:10, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/07/22 10:34:10, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/07/22 10:34:10, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) I would be very interested in your progress. Thanks , Kyle Gosnell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with Firewall
On Fri, 2005-07-22 at 12:37 -0700, Joshua Drake wrote: > Hello, > > O.k. question, is this possible: > > Map drive: > private_network->LinuxFirewall/IP-MASQ->Internet->LinuxFirewall/Portfordward->SambaServer > > ? probably not without using an vpn of some sort... your packets will likely be eaten by some host along the way. investigate openswan you might be able to do this with ssh and port mapping. brad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hints about large network!
Hi. In few weeks I'm planning to set up a windows network over our departmental net. I need some advices, suggestions about what you would do. We're in front of a large network. I'm expecting having 50+ + computers logging in the windows domain, many different users. Servers will be just unix (linux mainly, and aix/bsd for experiments only) The underlying structure is really simple. All clients (aix, bsd, linux, macosx) are authenticating over our kerberos realm (linux kdcs). User informations are on ldap (home, shell, gid, uid, additional gids...), no password since ldap uses kerberos via gssapi. File serving is provided by AFS. All users have their home in /afs/ cell.name/users/INITIAL/username, no local users. It works perfectly. Now, I'd like to add windows clients. Since they cannot authenticate over MIT using AFS and LDAP, I'm working with samba. Before starting from the wrong assumptions, I'd appreciate some suggestions. This is my plan for windows. -Since we have a realm CELL.NAME, I'd use a workgroup: WIN.CELL.NAME -Netbios name for pdc should be the same as in the dns: SMB.CELL.NAME -We have NO ldap passwords: tbsam. I have some concerns. What I'd really like is probably not good. - Passwords. We're using kerberos... Any change to samba should be redirected to kerberos. Anyone doing some tricks here? - Home directories. The logon home should be \\AFS\CELL.NAME\users \initial\%U --- quite weird for windows. Moreover, this creates some directories in the unix space (users and settings\user, with desktop & co). - Profiles. Is it a good idea to store profiles in each user's home? I'm confused, ms-network makes more difficulties than solving problems, but I have to do that... Can you give me some impressions? Add that I'd like to add a BDC... Any suggestion is really appreciated. I want to plan better before rather than complainig after :) Thanks! -- Sensei <[EMAIL PROTECTED]> cd /pub more beer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with Firewall
Hello, O.k. question, is this possible: Map drive: private_network->LinuxFirewall/IP-MASQ->Internet->LinuxFirewall/Portfordward->SambaServer ? Sincerely, Joshua D. Drake -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbind lookup errors
I'm going to follow-up to my own post... Using a W2k Server, SP4 *NOT* post SP4 Rollup 1 as the password server, Samba will behave as it should. Using a 2k3sp1 or 2ksp4+r1 machine as the password server, Samba misbehaves. I saw some traffic on the list a few weeks back that talked about something very similar to this. I didn't see any resolution (other than "don't install rollup 1"). What is the status of this situation? Thanks, Ben Vaughan Engineering Computing Support Services CLUE Network Admin 2240 Hoover Hall 515 294 1629 [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] [mailto:samba- > [EMAIL PROTECTED] On Behalf Of Vaughan, Ben R > [ECSS] > Sent: Friday, July 22, 2005 8:39 AM > To: samba@lists.samba.org > Subject: [Samba] winbind lookup errors > > Hello Samba folks, > > I have recently begun seeing some disturbing behavior from winbind. > Winbind will fail to look up users and groups. Examples: > > The machine is configured to use winbind as a nss module. > > "getent passwd " will yield no results. > > "wbinfo -n " will yield "Could not lookup name " > > "wbinfo -g" works... all of the domain groups are dumped > > "wbinfo -u" works. > > "wbinfo -t" says everything is ok. > > "net ads testjoin" says everything is ok. > > I have turned off winbind caching (by adding the -n flag) and have set > "winbind cache time = 0" in smb.conf in an attempt to remove caching as > a culprit. > > Any help would be greatly appreciated. This problem is affecting quite > a few of my servers (around a dozen). > > Interesting data is included below. > > Thanks, > > Ben Vaughan > College of Engineering > Iowa State University > > Here is a log level 10 dump from winbind.log after running "wbinfo -n > benvon" (my username): > > [2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603) > accepted socket 19 > [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) > process_request: request fn INTERFACE_VERSION > [2005/07/22 08:33:19, 3] > nsswitch/winbindd_misc.c:winbindd_interface_version(460) > [0]: request interface version > [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) > process_request: request fn WINBINDD_PRIV_PIPE_DIR > [2005/07/22 08:33:19, 3] > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) > [0]: request location of privileged pipe > [2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603) > accepted socket 21 > [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) > process_request: request fn INFO > [2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_info(448) > [0]: request misc info > [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) > process_request: request fn DOMAIN_NAME > [2005/07/22 08:33:19, 3] > nsswitch/winbindd_misc.c:winbindd_domain_name(470) > [0]: request domain name > [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) > process_request: request fn LOOKUPNAME > [2005/07/22 08:33:19, 3] > nsswitch/winbindd_sid.c:winbindd_lookupname(103) > [0]: lookupname ENGR\benvon > [2005/07/22 08:33:19, 5] nsswitch/winbindd_async.c:lookupname_recv(627) > lookup_name returned an error > [2005/07/22 08:33:19, 5] nsswitch/winbindd_sid.c:lookupname_recv(116) > lookupname returned an error > > > And a log level 10 dump from winbind.log after running "wbinfo -r > benvon" > > [2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603) > accepted socket 19 > [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332) > process_request: request fn INTERFACE_VERSION > [2005/07/22 08:34:12, 3] > nsswitch/winbindd_misc.c:winbindd_interface_version(460) > [0]: request interface version > [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332) > process_request: request fn WINBINDD_PRIV_PIPE_DIR > [2005/07/22 08:34:12, 3] > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) > [0]: request location of privileged pipe > [2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603) > accepted socket 21 > [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332) > process_request: request fn GETGROUPS > [2005/07/22 08:34:12, 3] > nsswitch/winbindd_group.c:winbindd_getgroups(916) > [0]: getgroups benvon > [2005/07/22 08:34:12, 7] > nsswitch/winbindd_group.c:winbindd_getgroups(952) > winbindd_getpwnam: My domain -- rejecting getgroups() for ENGR\benvon. > > > > Here is my smb.conf: > > [global] > #unix charset = UTF8 > workgroup = ENGR > realm = ENGR.super.secret > server string = Samba 3 server > security = ADS > #password server = domain.controller.example > username map = /etc/samba/smbusers > guest ok = no > log file = /var/log/samba/%m.log > max log size = 50 > log level = 1 > > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns pr
[Samba] can't join to a domain... can_add_account is returning false
I have just set up a domain and am trying to join a machine to it. When i watch the log i see [2005/07/22 14:56:26, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311) _samr_create_user: can add this account : False Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 892, line 283. [2005/07/22 14:56:28, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "newt$"' gave 127 so for some reason my account (root) is not passing the can_add_account test and the add user script is not being run as root. I don't know why since root is a member of the correct groups #groups root root : Domain Admins Administrators I've also tried it with "Administrator" who is a member of the same groups This is with the ldapsam backend for samba and libnss_ldap for linux. I thought I'd ask while I wait for samba to compile with my debugging in there... What did I do wrong? brad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems With MDB in Linux/Samba
[EMAIL PROTECTED] wrote: I work for a company that has a program localy developed, and we were having a problem when we started storing the application on the samba shared drived mabye simular to what you are expereienceing. in ur smb.conf (usuly in /etc/samba/smb.conf) make sure on the shared drive in samba the oplocks are set (example below) ... ;= Clinic === [shared] comment = Shared Drive Name path = /home/mysharedstuff public = yes printable = no write list = @mygroup oplocks = 0 level2 oplocks = 0 ... lines oplocks = 0 and level2 oplocks = 0 are the critical ones. This fixed the problems we were havign w/ the mdb might work for you :) I also was fiddeling around w/ my smb.conf and noticed that the buffer size was hidiously small, now if ur running a home pc w/ low resources that's fine but for a corperate machine might wanna up the buffer size to help out performance. it's set above like this: ;= Global = [global] workgroup = ltm comment = Welcome to LTM server string = Samba Server netbios name = swedish log file = /var/log/samba/%m.log log level = 3 max log size = 50 security = user socket options = TCP_NODELAY IPOS_LOWDELAY SO_RCVBUF=20480 SO_SNDBUF=20480 ... Good Luck, Argo Have a look at: http://www.drouillard.ca/Tips&Tricks/Samba/Oplocks.htm -- Regards -- Gerald Drouillard Technology Architect Drouillard & Associates, Inc. http://www.Drouillard.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba / AD authentication - one machine only !!!!
Folks -- thanks for all your help -- I have gotten the SAMBA AUTHENTICATION problem resolved -- I rebuilt the machine -- That machine has had as many as 5 different samba configs on it over the last 3 months as I have tried to get things figured out to make it work right. So now that I had a known working configuration, I just needed to clean all the other junk up Thanks so much for all your help I still have a few questions about how to configure permissions which I posted earlier, if anyone can help out, I would appreciate it TIM Timothy A. Holmes IT Manager / Webmaster / Science Teacher Medina Christian Academy A Higher Standard... Jeremiah 33:3 Jeremiah 29:11 Esther 4:14 Timothy A. Holmes IT Manager / Webmaster / Science Teacher Medina Christian Academy A Higher Standard... Jeremiah 33:3 Jeremiah 29:11 Esther 4:14 > -Original Message- > From: [EMAIL PROTECTED] [mailto:samba- > [EMAIL PROTECTED] On Behalf Of Tim Holmes > Sent: Thursday, July 21, 2005 1:29 PM > To: samba@lists.samba.org > Subject: [Samba] Samba / AD authentication - one machine only > > Hi Folks: > > I am continuing to work on the samba problems. This is a weird one!!! > > I have 3 servers with samba running: > > 2 of them work perfectly and the third one refuses to authenticated > > I am seeing a lot of the following error > > [2005/07/21 12:58:21, 0] lib/util_sock.c:get_peer_addr(1000) > getpeername failed. Error was Transport endpoint is not connected > > > Googleing around has found that it seems to be related to DNS issues, > but that makes no sense, since the two other servers running identical > [global] sections (only differences are machine names etc) and krb5 > configurations are working fine > > The web server works cool > The testbed server works kool > > When I try to access the file server, it asks for authentication > > Kinit shows no errors, so I assume that's working right > > > Here is the smb.conf > [global] > log file = /var/log/samba/%m.log > idmap gid = 1-4 > socket options = SO_RCVBUF=8192 > wins server = 192.168.0.2 > domain master = No > realm = MCASCHOOL.NET > netbios name = srvfs-01 > server string = MCA File Server (test conf) > password server = srvdc01.mcaschool.net > idmap uid = 1-4 > winbind enum users = yes > winbind nested groups = Yes > local master = No > workgroup = MCASCHOOL > os level = 20 > winbind enum groups = yes > security = ads > preferred master = no > > [users] > path = /home > read only = No > > > here is the nsswitch.conf > > # > # /etc/nsswitch.conf > # > # An example Name Service Switch config file. This file should be # > sorted with the most-used services at the beginning. > # > # The entry '[NOTFOUND=return]' means that the search for an # entry > should stop if the search in the previous entry turned # up nothing. > Note that if the search failed due to some other reason # (like no NIS > server responding) then the search continues with the # next entry. > # > # Legal entries are: > # > # nisplus or nis+ Use NIS+ (NIS version 3) > # nis or yp Use NIS (NIS version 2), also called YP > # dns Use DNS (Domain Name Service) > # files Use the local files > # db Use the local database (.db) files > # compat Use NIS on compat mode > # hesiod Use Hesiod for user lookups > # [NOTFOUND=return] Stop searching if not found so far > # > > # To use db, put the "db" in front of "files" for entries you want to be > # looked up first in the databases # # Example: > #passwd:db files nisplus nis > #shadow:db files nisplus nis > #group: db files nisplus nis > > passwd: files compat winbind > shadow: compat > group: files compat winbind > > #hosts: db files nisplus nis dns > hosts: files dns winbind > > # Example - obey only what nisplus tells us... > #services: nisplus [NOTFOUND=return] files > #networks: nisplus [NOTFOUND=return] files > #protocols: nisplus [NOTFOUND=return] files > #rpc:nisplus [NOTFOUND=return] files > #ethers: nisplus [NOTFOUND=return] files > #netmasks: nisplus [NOTFOUND=return] files > > bootparams: nisplus [NOTFOUND=return] files > > ethers: files > netmasks: files > networks: files > protocols: files winbind > rpc:files > services: files winbind > > netgroup: files winbind > > publickey: nisplus > > automount: files winbind > aliases:files nisplus > > > > > > And the /etc/krb5.conf > > > [libdefaults] > default_realm = MCASCHOOL.NET > > [realms] > MCASCHOOL.NET = { > kdc = srvdc01.mcaschool.net > } > > [domain_realm] > .mcaschool.net = MC
[Samba] Re: Samba and MSI package installer
If using a guest account, I think null passwords must be enabled in the global section. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mksmbpasswd
Hi, I used Samba years ago and I remember a command like this "cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smb" but now I can not find mksmbpasswd. Somebody Know what happend or where can I find this script for use the same password of linux in Samba. I use Samba 3.0.7 Thanks Agu Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, DFS and Junction Points
Hi Samba List, I believe I need to create a "Junction Point" on a Windows XP Pro machine that will seamlessly link up to a Samba Share on a Linux Server. >From my understanding, the creation of a "Junction Point" will hide from an application the fact that the "space referenced by that junction point" is actually located someplace else. While it is possible to create an "NTFS Junction Point" in Windows that links up to a completely separate local drive (that is, a drive connected to the same Windows XP Pro machine), it is NOT possible to create an "NTFS Junction Point" that links up to a network share. But it seems it IS possible to create a "DFS Junction Point" inside Windows that links up to a Samba Share. Is that true? If so, will Windows applications truly not know that the storage space is on a network drive? And if so, can anybody recommend a straightforward "how-to" on setting up DFS on the Samba side? Your thoughts would be appreciated Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc rights
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > Hello everybody, > > I'm going to update samba on a production server very soon > because i'm interested by the net rpc commands (especially > net rpc rights) but i'm wondering where the user privileges > are stored. I'm currently using an openldap server to > authenticate the users and store their profiles. I've updated > samba on a test server, have given specific privileges to > some users but i can't see where these settings are stored > : nothing has changed in the openldap base. Does anyone > know about this please ? Because of the specificity of my > configuration, i'm afraid of any "collateral damages". Currently they privilege values are stored in account_pol.tdb. We will probably have these pushed back in the passdb api for 3.0.21. I've been holding off on this since I really wanted to have DC to DC replication working but I doubt we can wait any longer. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC4Q11IR7qMdg1EfYRAruZAKC2i56Vma6jKKAXYjqYKJFcpvKMuwCeOKRC 6Ot6fCYHqiItjYCUl0/hFuM= =a/1R -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc rights
Hello everybody, I'm going to update samba on a production server very soon because i'm interested by the net rpc commands (especially net rpc rights) but i'm wondering where the user privileges are stored. I'm currently using an openldap server to authenticate the users and store their profiles. I've updated samba on a test server, have given specific privileges to some users but i can't see where these settings are stored : nothing has changed in the openldap base. Does anyone know about this please ? Because of the specificity of my configuration, i'm afraid of any "collateral damages". Thanx all Silk Hill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba and MSI package installer
Yannick Bergeron wrote: We are experiencing problems when we try to launch the installation of a MSI package from our samba share in a guest context. The problem was not present with 2.2.8a the error message received is: "This installation package could not be opened. Verify that the package exists and is accessible, or contact the application vendor to verify that this is a valid Windows Installer package." This is the following error code "ERROR_INSTALL_PACKAGE_OPEN_FAILED (1619)" samba-3.0.11 (still present in 3.0.20pre1) guest ok = Yes guest only = Yes WORKSFORME, samba-3.0.14a [msishare] comment = msi Software Deployment path = /foo/bar/msi read only = yes browseable = no public = yes guest only = yes -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE : RE : [Samba] Executable 'username map'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 François Laupretre wrote: > I am sorry but I don't have a patch and, as I am on > holiday out of home from tomorrow, I won't work on it > before mid-august. And I don't know very well the Samba > coding practice concerning portability. But, if it > is not done when I'm back, I send you a patch. I think I can work this up today before 3.0.20rc1. > Basically, I would run the command via smbrun(), connected > to a pipe(), with anything from stderr going to the smbd log. > The first line of stdout would contain the result. An empty > stdout would mean that the username cannot be mapped (like > for autofs executable maps). That's exactly what I was thinking. A good sign that its an intuitive solution. > We also have two choices for the 'username map' > parameter when 'username map script' is set : either it > is ignored, or it is parsed after the script, but only > if the script didn't return anything. Up to you. I think the script overrides the map. The two options should be mutually exclusive. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC4QIZIR7qMdg1EfYRAumtAJ9uMpOGkbG+qsMb48Dnclj+QEfgQQCgzlzW tfrDa3TeJ1Og35KR/rREwlI= =avmK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE : RE : [Samba] Executable 'username map'
I am sorry but I don't have a patch and, as I am on holiday out of home from tomorrow, I won't work on it before mid-august. And I don't know very well the Samba coding practice concerning portability. But, if it is not done when I'm back, I send you a patch. Basically, I would run the command via smbrun(), connected to a pipe(), with anything from stderr going to the smbd log. The first line of stdout would contain the result. An empty stdout would mean that the username cannot be mapped (like for autofs executable maps). We also have two choices for the 'username map' parameter when 'username map script' is set : either it is ignored, or it is parsed after the script, but only if the script didn't return anything. Up to you. Regards François > -Original Message- > From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] > Sent: Friday, July 22, 2005 3:26 PM > To: Laupretre, François (CALYON); Jeremy Allison > Subject: Re: RE : [Samba] Executable 'username map' > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > François Laupretre wrote: > > > In short, I think that the solution of getting the map from > > NIS or LDAP is a good one, but, if Samba could execute > > an external script to resolve the mappings, it would be > > much more general, not so complicated for the > > users, and easier to implement in the Samba code (and > > to document). It would also necessitate only one new > > configuration parameter. > > François, > > I actually retracted my initial statement last night. > Adding a 'username map script' is a flexible solution > to solving the directory integration problem. If you > have a patch, go ahead and send it to me or I can code > this up later today. > > > > cheers, jerry > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.0 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFC4PQFIR7qMdg1EfYRAjQOAKCMu77nMoRCjka9bBmyLDOKq7PfdACfYqNf > PaMzoqwRqfKnRJZcpH1tYOI= > =SdaT > -END PGP SIGNATURE- > Ce message et ses pièces jointes (le "message") est destiné à l'usage exclusif de son destinataire. Si vous recevez ce message par erreur, merci d'en aviser immédiatement l'expéditeur et de le détruire ensuite. Le présent message pouvant être altéré à notre insu, CALYON Corporate and Investment Bank ne peut pas être engagé par son contenu. Tous droits réservés. This message and/or any attachments (the "message") is intended for the sole use of its addressee. If you are not the addressee, please immediately notify the sender and then destroy the message. As this message and/or any attachments may have been altered without our knowledge, its content is not legally binding on CALYON Corporate and Investment Bank. All rights reserved. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba vs ActiveDirectory Kerberos error message
I have had the same issue as this in a Windows 2003 SBS Domain using Samba Version 3.0.14a-Debian. Under this weblink do a search for 0x19 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx#EDAA Microsoft recommends updating to the latest version of MIT Kerberos I downloaded, compiled and installed krb5-1.4.1 from http://web.mit.edu/kerberos/www/dist/ and it appears to have stopped the error. I will have to check my logs in the coming days because this fix is very new it may have reduced it or just delayed it. Pre-authentication failed: User Name:linux$ User ID: KK\linux$ Service Name: krbtgt/KK.LOCAL Pre-Authentication Type: 0x0 Failure Code: 0x19 Client Address: 1.2.3.4 -- A billion here, a billion there -- pretty soon it adds up to real money. -- Sen. Everett Dirksen, on the U.S. defense budget -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dfs is not working
Daniel: What does it look like when you do a: > ls -l name When you did the "ln -s" statement, did you enclose your msdfs: parameter in single quotes? That's what the SAMBA docs say to do. If you don't "escape" the comma somehow, it'll screw up your "ln" statement. Second issue: Why would you use DFS to serve out two different shares (shareA, and shareB) on the same server? AFAIK, that's not what DFS is for, and maybe it doesn't like that. Plus, that gives you no redundancy. You should use DFS for redundancy on identical read-only shares. serverA, and serverB should both have a copy of shareA. -Bill Daniel Müller wrote: Hi, i have a smba 3 working, and I’ m trying to build dfs .When I set up my dfs this way: ln –s msdfs:serverA\\shareA name, or ln-s msdfs:serverA\\shareB, it is working! But if I try ln-s msdfs:serverA\\shareA,serverA\\shareB name, I only can get the first share (shareA) in the network. Have someone did it and how can I succeed ? Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind lookup errors
Hello Samba folks, I have recently begun seeing some disturbing behavior from winbind. Winbind will fail to look up users and groups. Examples: The machine is configured to use winbind as a nss module. "getent passwd " will yield no results. "wbinfo -n " will yield "Could not lookup name " "wbinfo -g" works... all of the domain groups are dumped "wbinfo -u" works. "wbinfo -t" says everything is ok. "net ads testjoin" says everything is ok. I have turned off winbind caching (by adding the -n flag) and have set "winbind cache time = 0" in smb.conf in an attempt to remove caching as a culprit. Any help would be greatly appreciated. This problem is affecting quite a few of my servers (around a dozen). Interesting data is included below. Thanks, Ben Vaughan College of Engineering Iowa State University Here is a log level 10 dump from winbind.log after running "wbinfo -n benvon" (my username): [2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603) accepted socket 19 [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn INTERFACE_VERSION [2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [0]: request interface version [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [0]: request location of privileged pipe [2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603) accepted socket 21 [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn INFO [2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_info(448) [0]: request misc info [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn DOMAIN_NAME [2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_domain_name(470) [0]: request domain name [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn LOOKUPNAME [2005/07/22 08:33:19, 3] nsswitch/winbindd_sid.c:winbindd_lookupname(103) [0]: lookupname ENGR\benvon [2005/07/22 08:33:19, 5] nsswitch/winbindd_async.c:lookupname_recv(627) lookup_name returned an error [2005/07/22 08:33:19, 5] nsswitch/winbindd_sid.c:lookupname_recv(116) lookupname returned an error And a log level 10 dump from winbind.log after running "wbinfo -r benvon" [2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603) accepted socket 19 [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn INTERFACE_VERSION [2005/07/22 08:34:12, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [0]: request interface version [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/07/22 08:34:12, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [0]: request location of privileged pipe [2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603) accepted socket 21 [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn GETGROUPS [2005/07/22 08:34:12, 3] nsswitch/winbindd_group.c:winbindd_getgroups(916) [0]: getgroups benvon [2005/07/22 08:34:12, 7] nsswitch/winbindd_group.c:winbindd_getgroups(952) winbindd_getpwnam: My domain -- rejecting getgroups() for ENGR\benvon. Here is my smb.conf: [global] #unix charset = UTF8 workgroup = ENGR realm = ENGR.super.secret server string = Samba 3 server security = ADS #password server = domain.controller.example username map = /etc/samba/smbusers guest ok = no log file = /var/log/samba/%m.log max log size = 50 log level = 1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = xxx, yyy idmap uid = 10-20 idmap gid = 10-20 winbind enum users = no winbind enum groups = no winbind use default domain = yes winbind trusted domains only = yes winbind cache time = 0 wins support = no map hidden = no map archive = no map system = no # we had to do this... hope it helps. Don't confuse this with file locking # this turns off file caching on the client. oplocks = no Engineering Computing Support Services CLUE Network Admin 2240 Hoover Hall 515 294 1629 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and MSI package installer
We are experiencing problems when we try to launch the installation of a MSI package from our samba share in a guest context. The problem was not present with 2.2.8a the error message received is: "This installation package could not be opened. Verify that the package exists and is accessible, or contact the application vendor to verify that this is a valid Windows Installer package." This is the following error code "ERROR_INSTALL_PACKAGE_OPEN_FAILED (1619)" samba-3.0.11 (still present in 3.0.20pre1) guest ok = Yes guest only = Yes Yannick Bergeron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] migrate existing Unix password to sambapassword
> Considering we have more than 500 users, I still > wonder if there is a way I can populate their Samba > entries automatically and quickly -- even the value of > SambaPasword is set to be temporary and is different > from the correpsonding userPassword. smbpasswd command > seems only can be used at interactive mode. That is true, there used to be a flag to allow you to specify the password as an argument but that is no longer there. That being said, there are ways to get it to be scripted. Here the essence of a line I use in my automatic useradd script to get it done. This is valid bash once you replace the <>'s. I have it in perl with ``, yes there's probably better ways, but this is mine. (echo ; echo ) | -s -a -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Executable 'username map'
> - Message from François LAUPRETRE <[EMAIL PROTECTED] > com> on Thu, 21 Jul 2005 16:29:36 + (UTC) - > > To: > > samba@lists.samba.org > > Subject: > > [Samba] Executable 'username map' > > Hi, > > I currently manage an environment where my Unix and Windows usernames are > defined, but different. So, I must use a username map. But I have > several Samba > servers (one for each NFS package) and I must maintain all these username map > files. As we want everybody to map the same way on every Samba > servers in a NIS > domain, we added the 'Windows user' information to the NIS 'passwd' map (by > adding a string like '' to the gecos field). > > Now, as the only way for Samba to get this mapping information is through a > flat file, I have to push this file onto every samba server every > time I build > the NIS passwd map. And, in order to do that, I must maintain a listof these > servers on the NIS master server (assuming a standard path for storing this > file on each samba server). > Seems like a lot of trouble to maintain all those separate username map files. Why not just use a single copy of the file and nfs mount it via automounting so that all your Samba servers read the same file, then you only have to update a single file and all your Samba servers see the changes immediately. No push necessary. Regards, Arnold Andrews Sr. Systems Administrator Seagate Technology -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Executable 'username map'
> From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] > > I *really* don't like this. It's fine for a local hack > and probably a good solution in this case, but this will > bit rot in the tree so fast due to its very specific and > non-intuitive nature. > > A better general solution that would apply to more > networks would to allow the username map to be stored > in a directory services such as NIS or LDAP. > > If you want a pull based method, just have a cron job > on each server that rebuilds the file every 10 minutes. > No code changes necessary. Yes, in my case, I can easily generate a new NIS map, if Samba becomes able to read the mappings from it. And this solution would be perfect in my case. But, I thought that allowing an external program to provide the mappings with its own logic would be a better solution, as it solves a much greater range of cases. Example : - if the information lies outside of NIS or LDAP, I have to add a push mechanism to update NIS or LDAP anytime I change my reference data. Or a cron job, as you suggest :( - if I cannot easily generate a map, for any reason. A rather simple case (just as an example) : if I want to give a Unix mapping to a Windows username only if his corresponding Unix home directory is viewable (through the automounter) from the Samba host. I also could use an external mechanism (maybe another NIS map) to restrict access to the Samba servers in my domain. And there are still many cases where the logic of pushing a plain list cannot be used (without cron jobs, again). In short, I think that the solution of getting the map from NIS or LDAP is a good one, but, if Samba could execute an external script to resolve the mappings, it would be much more general, not so complicated for the users, and easier to implement in the Samba code (and to document). It would also necessitate only one new configuration parameter. Regards François Ce message et ses pièces jointes (le "message") est destiné à l'usage exclusif de son destinataire. Si vous recevez ce message par erreur, merci d'en aviser immédiatement l'expéditeur et de le détruire ensuite. Le présent message pouvant être altéré à notre insu, CALYON Corporate and Investment Bank ne peut pas être engagé par son contenu. Tous droits réservés. This message and/or any attachments (the "message") is intended for the sole use of its addressee. If you are not the addressee, please immediately notify the sender and then destroy the message. As this message and/or any attachments may have been altered without our knowledge, its content is not legally binding on CALYON Corporate and Investment Bank. All rights reserved. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Dfs is not working
Hi, i have a smba 3 working, and I m trying to build dfs .When I set up my dfs this way: ln s msdfs:serverA\\shareA name, or ln-s msdfs:serverA\\shareB, it is working! But if I try ln-s msdfs:serverA\\shareA,serverA\\shareB name, I only can get the first share (shareA) in the network. Have someone did it and how can I succeed ? Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] display disk size and free space
Hi, using samba 3.0.X I have the following situation: I defined a share [lab] with path = /lab /lab in fact is bound to an automounter map containing about 20 mountpoints so that (under linux) I am able to access /lab/A /lab/B ... I want the same situation using windows. My [lab] share enables me to use \\fileserver\lab\A \\fileserver\lab\B ... So far so good. But the data concerning disk size and free disk space showed up by windows explorer is wrong (20 MB disk size and 0 Byte free). This is because samba doens't get the disk usage for e.g. /lab/A but for /lab, which is the defined pathname of share [lab]. samba complains about [2005/07/21 14:31:31, 3] lib/sysquotas.c:sys_get_quota(413) sys_get_vfs_quota() failed for mntpath[/lab] bdev[automount(pid1844)] qtype[2] which is in fact correct because it cannot get disk usage from an automounter mountpoint. Now my questions: 1.) If sys_get_vfs_quota() fails, why does windows show 20 MB disk space and 0 Byte free? Wouldn't it be more sensfull to report unlimited free space? 2.) Has anybody a solution for my situation without specifying a single share for each /lab/xxx-mountpoint? -- Regards Christoph Christoph Litauer [EMAIL PROTECTED] Uni Koblenz, Computing Center, http://www.uni-koblenz.de/~litauer Postfach 201602, 56016 Koblenz Fon: +49 261 287-1311, Fax: -100 1311 PGP-Fingerprint: F39C E314 2650 650D 8092 9514 3A56 FBD8 79E3 27B2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] My first LDAP PDC - Win2k Profiles, redirection and guestaccounts
no, folow same procedure. >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Namens William Burns >Verzonden: donderdag 21 juli 2005 15:49 >Aan: samba@lists.samba.org >Onderwerp: Re: [Samba] My first LDAP PDC - Win2k Profiles, >redirection and guestaccounts > >Louis: > >The howto refers to win'95 machines. >Are there no changes to this procedure for working w/ win2k, >or XP clients? > >-Bill > >Louis van Belle wrote: > >>hi, >> >>its a policy template so you can manage you computers in >>your Domain. >> >>But you need poledit.exe to use it. >> >>.. never used policies ?? >> >>here's a small howto >> >> >>http://www.rescomp.berkeley.edu/about/training/senior/tc/Polic >y-HOWTO/Policy >>-HOWTO.html#toc2 >> >> >> > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbbind not quiried by nsswitch on solaris 8
Afternoon to all, I am having the following problem for 3 days now and am starting to bang head against wall :) Here is the setup : Solaris 8 box running Samba 3.0.4 server member in an NT 4 style domain I have managed to get it to join the domain and if I create a corresponding account on the sunbox (without password) users are able to log into shares with appropriate passwords and other credentials sourced from the domain controller. However what I want to do is not have to create the corresponding account on the sunbox and just use accounts stored in the domain. I have enabled winbind and wbinfo -u returns domain users correctly, I have also added winbind to /etc/nsswitch.conf but here the getent passwd only returns local accounts I have tried various combinations in smb.conf to no avail. According to various how-to's i have created the following links: ln -s /opt/samba/samba-3.0.4/source/nsswitch/libnss_winbind.so /usr/lib/libnss_winbind.so.1 ln -s /opt/samba/samba-3.0.4/source/nsswitch/libnss_winbind.so /usr/lib/libnss_winbind.so.2 ln -s /opt/samba/samba-3.0.4/source/nsswitch/libnss_winbind.so /usr/lib/sparcv9/libnss_winbind.so.1 ln -s /opt/samba/samba-3.0.4/source/nsswitch/libnss_winbind.so /usr/lib/sparcv9/libnss_winbind.so.2 Truss getent passwd returns refferences of it trying to get to winbind but nothing happaneds as shown below: stat("/usr/local/ssl/lib/nss_winbind.so.1", 0xFFBEED14) = 0 open("/usr/local/ssl/lib/nss_winbind.so.1", O_RDONLY) = 3 fstat(3, 0xFFBEED14)= 0 mmap(0x, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF27 mmap(0x, 90112, PROT_NONE, MAP_PRIVATE|MAP_NORESERVE|MAP_ANON, -1, 0) = 0xFF16 mmap(0xFF16, 10841, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xFF16 mmap(0xFF172000, 3601, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 8192) = 0xFF172000 mmap(0xFF174000, 4592, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFF174000 munmap(0xFF164000, 57344) = 0 memcntl(0xFF16, 3488, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3)= 0 mmap(0x, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF15 munmap(0xFF27, 8192)= 0 getpid()= 5656 [5655] getpid()= 5656 [5655] getpid()= 5656 [5655] lstat64("/tmp/.winbindd", 0xFFBEE748) = 0 lstat64("/tmp/.winbindd/pipe", 0xFFBEE748) = 0 so_socket(1, 2, 0, "", 1) = 3 connect(3, 0xFFBEE2D8, 110, 1) = 0 poll(0xFFBEE7A0, 1, 0) = 0 write(3, "\0\00518\0\0\001\0\01618".., 1304)= 1304 read(3, 0xFF173330, 1304) = 0 close(3)= 0 llseek(0, 0, SEEK_CUR) = 161715 Could someone make suggestions as to whats wrong? Any clue-bats wuld be most appreciated. Below is my smb.conf: [global] netbios name = sun_fileserver workgroup = my_workgroup server string = "sun_fileserver" security = domain password server = domain_controller_name log file = /var/adm/samba/%m.log max log size = 5000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 encrypt passwords = yes # Wins settings wins support = no wins proxy = no dns proxy = No wins server = domain_controller_name name resolve order = wins hosts bcast guest account = smbuser mangling method = hash2 # ^ Make sure this is set to 'hash2' as 'hash' had priveledge elevation vuln on Solaris # Winbind settings winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind enable local accounts = Yes winbind use default domain = Yes # Prevent SAMBA from becomming master browser local master = no domain master = no preferred master = no And my nsswitch.conf: passwd: files winbind group: files winbind hosts: files dns ipnodes:files networks: files protocols: files rpc:files ethers: files netmasks: files bootparams: files publickey: files # At present there isn't a 'files' backend for netgroup; the system will # figure it out pretty quickly, and won't use netgroups at all. netgroup: files automount: files aliases:files services: files sendmailvars: files printers: user files auth_attr: files prof_attr: files project:files Thanks, Regards, Boris * The information contained in this e-mail, and any attachments to it, is intended for the use of the addressee and is conf