Re: [Samba] samba-ldap

[Anthony Hess]

Do you have any entries showing up in your log.smbd or your ldap
error/access logs that look applicable?

Tony

On 8/17/05 6:32 PM, "Scott Mayo" <[EMAIL PROTECTED]> wrote:

> Well, I am still having problems with my samba server.  For some reason,
> I cannot add all of the users in.  I am running a batch useradd program.
>   I can get about 450 or so added in, then it gives me an error that the
> user does not exist  when I go to add the last 60 or so.
> 
> My batch program actually reads in the users name and then does
> something like:
> 
> /opt/IDEALX/sbin/smbldap-useradd -a -u 1000 -G bes,bhs bobbyb
> then it echos the passwd to /opt/IDEALX/sbin/smbldap-passwd to set the
> password
> 
> Here is what I get on output on my last batch:
> 
> /opt/IDEALX/sbin/smbldap-passwd:  user bobbyb doesn't exit
> 
> It is like it did not do the first line to create the user, so it cannot
> update the password.
> 
> I am at a loss, and needed this going today.  If I do a 'getent passwd',
> it only shows me so many users, but they are actually there.  I can
> logon with the others that are not show.  If I do an 'id username' of a
> user that getent does not show, it shows me the information.
> 
> I remember having a problem similiar to this last year, which ended up
> being one of my groups had too many members.  I guess the line length
> got too long, so I had to break the group up.  I don't know if this is
> the problem or not.  If so, I do not know how to remedy it, since the
> users are all automatically added into the 'Domain Users' group.
> 
> Any idea why these users would not show up with the getent, but they are
> there and what would cause samba to quit accessing


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Creating directories before resource connect

[Rashid N. Achilov]

On Thursday 18 August 2005 12:11, Michal Kurowski wrote:
> Rashid N. Achilov [EMAIL PROTECTED] wrote:
> > When I have fileserver with many users homedirs (but all users from AD 
through 
> > winbind), how can I autocreate /usr/home/blabla, when I have just create 
user 
> > blabla in AD? Samba required existed directory to connect to resource, 
> > preexec= starts only after succesful connection. I'd like to automate 
process 
> > - when I have just create user blabla, when it connect first time to their 
> > homedir at fileserver, their homedir will autocreate. How can I do it?
> 
> It's been discussed recently in here. See these threads:
> 
> http://lists.samba.org/archive/samba/2005-June/106507.html
> http://lists.samba.org/archive/samba/2005-June/106954.html

It shouldn't work and doesn't work. Resource path is (i.e.) /usr/home/blabla. 
User blabla already exist in domain and can login from any w/s. But 
path /usr/home/blabla still does NOT exist. And Samba catch an error, when 
try to connect to this resource

cd: can't cd to /usr/home/blabla
[2005/08/18 13:07:28, 0] smbd/service.c:make_connection_snum(633)
  '/usr/home/blabla' does not exist or is not a directory, when connecting to 
[blabla]

root preexec= is a good parameter, it covers a small trouble, but doesn't 
cover big - I should check domain users through wbinfo -u, parse list and 
check presence /usr/home/ for each user from domain. It leads to 
presence a big, big bunch of empty directories in /usr/home and I need to 
start script or restart Samba each time, when new user will created.

Is there any parameters, which setup to autocreate resourse directory, when it 
missed BEFORE try to connect to it?
-- 
   With Best Regards.
   Rashid N. Achilov (RNA1-RIPE), Web: http://granch.ru/~shelton
   Granch Ltd. system administrator, e-mail: achilov [at] granch [dot] ru
   PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A


pgpjCeQUsmyit.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Urgent help needed for passdb backend

[Doug VanLeuven]

Lonnie wrote:

Hello all,

I have compiled into RPM's on my Fedora 3 now 3 different versions of 
Samba (3.0.10, 3.0.14, and 3.0.20) which installs just fine but I am 
getting errors when trying to start the service.

---
[2005/08/17 12:43:32, 0] smbd/server.c:main(802)
 smbd version 3.0.20rc2 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/08/17 12:43:32, 0] lib/debug.c:reopen_logs(591)
 Unable to open new log file /var/log/samba/users/smbd.log: No such file 
or directory


Make sure /var/log/samba and /var/log/samba/users exist


[2005/08/17 12:43:32, 0] lib/debug.c:reopen_logs(591)
 Unable to open new log file /var/log/samba/users/smbd.log: No such file 
or directory


Same here


[2005/08/17 12:43:32, 0] passdb/pdb_interface.c:make_pdb_methods_name(756)
 Plugin is available, but doesn't register passdb backend 
/usr/lib/samba/pdb/mysql.so


Someone familiar with the all the requirements of registering a plugin will
have to answer this.


[2005/08/17 12:43:32, 1] passdb/pdb_interface.c:make_pdb_context_list(872)
 Loading /usr/lib/samba/pdb/mysql.so:mysql failed!
--

I added the "--with-expsam=mysql" to the SPEC file for the configuration 
and it seems to have generated the plugin just fine.


Can someone please help me to resolve this problem?
or
Does anyone have MySQL support compiled into some RPM's that will run on 
my Fedora 3 that I can get from you?


Any help would be greatly appreciated.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Creating directories before resource connect

[Michal Kurowski]

Rashid N. Achilov [EMAIL PROTECTED] wrote:
> When I have fileserver with many users homedirs (but all users from AD 
> through 
> winbind), how can I autocreate /usr/home/blabla, when I have just create user 
> blabla in AD? Samba required existed directory to connect to resource, 
> preexec= starts only after succesful connection. I'd like to automate process 
> - when I have just create user blabla, when it connect first time to their 
> homedir at fileserver, their homedir will autocreate. How can I do it?

It's been discussed recently in here. See these threads:

http://lists.samba.org/archive/samba/2005-June/106507.html
http://lists.samba.org/archive/samba/2005-June/106954.html

Cheers,

-- 
Michal Kurowski
<[EMAIL PROTECTED]>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] change passwd from win XP ALT+CTRL+DEL

[Jeremy Allison]

On Thu, Aug 18, 2005 at 04:26:10AM +, Nuwan Jeewantha wrote:
> When i try to change my smb passwd through windows XP by pressing 
> ALT+CTRL+DEL smb expects that my domain passwd to be my smb share passwd, 
> and when i change it i get an error mesage that i dont have permissons to 
> chang my passwd but it acctualy changes my smb passwd.
> i want to know why?

It's a bug we've fixed for 3.0.20.

Regards,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] change passwd from win XP ALT+CTRL+DEL

[Nuwan Jeewantha]

When i try to change my smb passwd through windows XP by pressing 
ALT+CTRL+DEL smb expects that my domain passwd to be my smb share passwd, 
and when i change it i get an error mesage that i dont have permissons to 
chang my passwd but it acctualy changes my smb passwd.

i want to know why?

_
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Creating directories before resource connect

[Rashid N. Achilov]

When I have fileserver with many users homedirs (but all users from AD through 
winbind), how can I autocreate /usr/home/blabla, when I have just create user 
blabla in AD? Samba required existed directory to connect to resource, 
preexec= starts only after succesful connection. I'd like to automate process 
- when I have just create user blabla, when it connect first time to their 
homedir at fileserver, their homedir will autocreate. How can I do it?
-- 
   With Best Regards.
   Rashid N. Achilov (RNA1-RIPE), Web: http://granch.ru/~shelton
   Granch Ltd. system administrator, e-mail: achilov [at] granch [dot] ru
   PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A


pgphkbzWCdaQo.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Database Password Encoding Question

[Lonnie]

Hello All,

Well, I am making progress on getting th MySQL passdb to work with Samba.

Can someone please tell me how do the columns:

lm_pw
nt_pw

encode the password from the pdbedit program or other method?

--
Thanks,

Lonnie

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to use cmd profiles

[John H Terpstra]

On Wednesday 17 August 2005 10:45, collet_l wrote:
> Hi
>
> I have a problem with the cmd : profiles.
> I want to change the sid in a ntuser.dat.
> I have already read many message in mailing list who explain how to use
> profiles but it's dont't work.
>
>
> i use profile like this:
> profiles -c S-1-5-21-my-old-sid -n S-1-5-21-my-new-sid ./ntuser.dat

I just checked this operation as follows:

profiles -c S-1-5-21-726309263-4128913605-1168186429-500 -n \ 
S-1-5-21-726309263-4128913605-1168186429-501 NTUSER.DAT

Executing:

profiles NTUSER.DAT

Confirmed that the SID has been changed.

> on the output i see the new sid like i want but the change take no effect
> on the file
> when i do profiles -v ./ntuser.dat i had always the old sid
>
> what's my problem?

Sorry, I am not your psychiatrist! :-)

Please subscribe to the Samba list for future requests. We are blocking 
non-subscribers in an attempt to eliminate complaints from our subscribers 
regarding the volume of spam on the list.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba-ldap

[Scott Mayo]

Well, I am still having problems with my samba server.  For some reason, 
I cannot add all of the users in.  I am running a batch useradd program. 
 I can get about 450 or so added in, then it gives me an error that the 
user does not exist  when I go to add the last 60 or so.


My batch program actually reads in the users name and then does 
something like:


/opt/IDEALX/sbin/smbldap-useradd -a -u 1000 -G bes,bhs bobbyb
then it echos the passwd to /opt/IDEALX/sbin/smbldap-passwd to set the 
password


Here is what I get on output on my last batch:

/opt/IDEALX/sbin/smbldap-passwd:  user bobbyb doesn't exit

It is like it did not do the first line to create the user, so it cannot 
update the password.


I am at a loss, and needed this going today.  If I do a 'getent passwd', 
it only shows me so many users, but they are actually there.  I can 
logon with the others that are not show.  If I do an 'id username' of a 
user that getent does not show, it shows me the information.


I remember having a problem similiar to this last year, which ended up 
being one of my groups had too many members.  I guess the line length 
got too long, so I had to break the group up.  I don't know if this is 
the problem or not.  If so, I do not know how to remedy it, since the 
users are all automatically added into the 'Domain Users' group.


Any idea why these users would not show up with the getent, but they are 
there and what would cause samba to quit accessing

--
Scott Mayo
Technology Coordinator
Bloomfield Schools
PH: 573-568-5669
FA: 573-568-4565
Pager: 800-264-2535 X2549

Duct tape is like the force, it has a light side and a dark side and it
holds the universe together.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] pdbedit

[Donald W Watson]

Hi,

I have a co-worker who has RHELAS4 installed with samba, but the install
failed to install pdbedit.  I have attempted to build and install pdbedit
by itself, but have not successfully covered all the dependencies.  Does
anyone know a safe way to build/install only pdbedit?

Thanks in advance.

Sincerely,Don Watson
Linux Technology and Solutions; Beaverton, OR
503-578-4861/TL: 775-4861; [EMAIL PROTECTED]
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] unable to connect to SAMBA

[Hannah Kim]

My computer (an ibook G3) has suddenly been unable to
print - In the printer center window, a message would
read "Unable to access SAMBA host - will try in 60
seconds". My setup is extremely simple - My laptop is
hooked up to an HP Laserjet 1300 printer via a USB
cable. 

Your (prompt) response would be GREATLY appreciated!

Truly,
Hannah





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] how to use cmd profiles

[collet_l]

Hi

I have a problem with the cmd : profiles.
I want to change the sid in a ntuser.dat.
I have already read many message in mailing list who explain how to use 
profiles
but it's dont't work.


i use profile like this:
profiles -c S-1-5-21-my-old-sid -n S-1-5-21-my-new-sid ./ntuser.dat

on the output i see the new sid like i want but the change take no effect on 
the file
when i do profiles -v ./ntuser.dat i had always the old sid

what's my problem?

thank you for your answers (I'm not suscribed)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Slow browsing from Win2k and WinXP

[Chuck Theobald]

Hi Jonathan,

Just got back to the samba list and saw your post.  Thank you for the heads 
up.  Oddly, my slow browsing issues seem to have just gone away.  I do not 
have any such delays and have not heard further complaints from the staff, 
so I am hypothesizing that something of the sort you mentioned in Windows 
got flushed out after a week or so.  I did follow up on your lead and did 
indeed find some old items in the registry, though they appear to be not 
interfering with browsing, at least at this time.


Thanks,
Chuck


At 06:04 PM 8/9/2005, you wrote:
See David Beck's post "Samba - XP performance problem" dated 8/8 and my 
reply dated 8/9.


--Jonathan Johnson

Chuck Theobald wrote:


Hi,

I have Samba 3.0.14a + OpenLDAP 2.2.24 installed on Solaris 8 as a PDC 
for serving files only (no profiles, no printing).  Performance of 
network browsing is slow in Windows 2000 and XP, taking 10-15 seconds to 
open and display the contents of a folder.  The same browsing activity 
from a Mac works fine with no unacceptable delays.  I'm trying to sell 
Samba here, but these delays are not helping.  Any suggestions on 
diagnosing this would be appreciated.  smb.conf to follow.


Thanks,
Chuck


Chuck Theobald
System Administrator
The Robert and Beverly Lewis Center for Neuroimaging
University of Oregon
P: 541-346-0343
F: 541-346-0345

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUG: samba-3.0.14a & samba-3.0.20pre2 endless loop AIX 5.3 (jfs2) & Win98

[Jeremy Allison]

On Wed, Aug 17, 2005 at 05:10:24PM -0600, Steve Williams wrote:
> 
> That's cool, I will try to get this for you tomorrow morning.  
> 
> How would you like me to get this to you?

Open a bugzilla bug so I can track this and attach the log
to that bug please.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Urgent help needed for passdb backend

[Lonnie]

Hello all,

I have compiled into RPM's on my Fedora 3 now 3 different versions of 
Samba (3.0.10, 3.0.14, and 3.0.20) which installs just fine but I am 
getting errors when trying to start the service.

---
[2005/08/17 12:43:32, 0] smbd/server.c:main(802)
 smbd version 3.0.20rc2 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/08/17 12:43:32, 0] lib/debug.c:reopen_logs(591)
 Unable to open new log file /var/log/samba/users/smbd.log: No such 
file or directory

[2005/08/17 12:43:32, 0] lib/debug.c:reopen_logs(591)
 Unable to open new log file /var/log/samba/users/smbd.log: No such 
file or directory

[2005/08/17 12:43:32, 0] passdb/pdb_interface.c:make_pdb_methods_name(756)
 Plugin is available, but doesn't register passdb backend 
/usr/lib/samba/pdb/mysql.so

[2005/08/17 12:43:32, 1] passdb/pdb_interface.c:make_pdb_context_list(872)
 Loading /usr/lib/samba/pdb/mysql.so:mysql failed!
--

I added the "--with-expsam=mysql" to the SPEC file for the configuration 
and it seems to have generated the plugin just fine.


Can someone please help me to resolve this problem?
or
Does anyone have MySQL support compiled into some RPM's that will run on 
my Fedora 3 that I can get from you?


Any help would be greatly appreciated.

--
Thanks,

Lonnie Cumberland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUG: samba-3.0.14a & samba-3.0.20pre2 endless loop AIX 5.3 (jfs2) & Win98

[Steve Williams]

Jeremy Allison wrote:


On Wed, Aug 17, 2005 at 05:26:36PM -0500, Gerald (Jerry) Carter wrote:
 


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steve Williams wrote:

   

My "gut feeling" is that it is related to jfs2.  No 
concrete proof though.  This is the ONLY problem we encountered

with the entire upgrade, and the only thing that we did
"radically" different was use jfs2 rather than JFS.  The advantage
we saw was that JFS2 can "shrink" the filesystems, which can
be nice in a year or two when requirements change.
 

Did you do testing on AIX?  I was not aware that I could 
get an "ext3" fs on AIX.  If you are interested in persuing

this further, I will try to set things up to do some
troubleshooting...  I am remote to the  location & will
need to have someone work with me.. not a big deal, they
have a good summer student... but does need some coordination.
 


I spoke with Jeremy about it.  He believes that it is a
problem with  the way we implement resume keys now.  Apparently
on;y win9x uses resume keys these days in the findfirst/findnext
sequence.  WinNT and later uses resume by name.
   



Although to confirm it I'd like to see a debug level 10 log
of one of your clients "looping" with a directory listing
against a 3.0.20 Samba server please.

Jeremy.
 


Hi,

That's cool, I will try to get this for you tomorrow morning.  


How would you like me to get this to you?

Cheers,
Steve Williams



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem: Smbpasswd allowing two users with the same SID

[Emidio Augusto Arantes Macedo]

When adding a new user using throw smbpasswd and the  SID  to be added 
already exists in tdbsam database, an error message is displayed like that:

hostname#  "( echo 'password'; echo 'password' ) | smbpasswd -as
'newuser'"
Unable to modify TDB passwd ! Error: Record exist
Unable to modify TDB passwd ! Error: Record exists
occured while storing the RID index (RID_4a3c)
Failed to add entry for user newuser."

But when the same command  is runned again, the user is added with the 
same SID as the one already added, without any warnings. The SID 
calculated by the samba algorithm is based on the unix uid, but in my 
network uids are always being renewed. Does anybody had the same 
problem? Is there anyway to always block smbpasswd when adding a new 
user with an existing SID? Thanks! Using samba 3.14a


Emidio
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUG: samba-3.0.14a & samba-3.0.20pre2 endless loop AIX 5.3 (jfs2) & Win98

[Jeremy Allison]

On Wed, Aug 17, 2005 at 05:26:36PM -0500, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Steve Williams wrote:
> 
> > My "gut feeling" is that it is related to jfs2.  No 
> > concrete proof though.  This is the ONLY problem we encountered
> > with the entire upgrade, and the only thing that we did
> > "radically" different was use jfs2 rather than JFS.  The advantage
> > we saw was that JFS2 can "shrink" the filesystems, which can
> > be nice in a year or two when requirements change.
> 
> > Did you do testing on AIX?  I was not aware that I could 
> > get an "ext3" fs on AIX.  If you are interested in persuing
> > this further, I will try to set things up to do some
> > troubleshooting...  I am remote to the  location & will
> > need to have someone work with me.. not a big deal, they
> > have a good summer student... but does need some coordination.
> 
> I spoke with Jeremy about it.  He believes that it is a
> problem with  the way we implement resume keys now.  Apparently
> on;y win9x uses resume keys these days in the findfirst/findnext
> sequence.  WinNT and later uses resume by name.

Although to confirm it I'd like to see a debug level 10 log
of one of your clients "looping" with a directory listing
against a 3.0.20 Samba server please.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[John H Terpstra]

On Wednesday 17 August 2005 15:57, Geert Stappers wrote:
> On Wed, Aug 17, 2005 at 10:56:39AM -0600, John H Terpstra wrote:
> > On Wednesday 17 August 2005 10:05, Geert Stappers wrote:
>
>
>
> > The problem is one of the ability to find the computer account via NSS.
> >
> > > My questions:
> > >
> > > * the version with the bug, did they work with
> > >
> > >   ldap suffix = dc=foobar,dc=biz
> > >   ldap user suffix = ou=People
> > >   ldap machine suffix = ou=Computers,ou=People
> > >
> > > in smb.conf succesfull?
> > >
> > >
> > > * In which version was the bug fixed?
> >
> > This was not a Samba bug as explained above.
> >
> > PS: Suggest you refer to chapter 5, section 5.3.1.7, of the current
> > Samba3-ByExample book. You can obtain it on-line from:
> >
> > http://www.samba.org/samba/docs/Samba3-ByExample.pdf
> >
> > This book will become available in computer stores by mid-September.
>
> In chapter 5 I found
>
> . ldap suffix [dc=abmas,dc=biz] >
> . ldap group suffix [ou=Groups] >
> . ldap user suffix [ou=People,ou=Users] >
> . ldap machine suffix [ou=Computers,ou=Users] >
> . Idmap suffix [ou=Idmap] >
>
>
> That makes this LDAP  tree(beard)
>
>
>  dc=abmas,dc=bz
>   /|\
>  / | \
> /  |  \
> ou=Groups  | ou=Idmap
>
> ou=Users
>   / \
>  /   \
> / \
> ou=Peopleou=Computers
>
>
> That allows a   nss_base_passwd   ou=Users,dc=abmas,dc=biz?one

No, if you want to perform a single search in nss_ldap you need:

nss_base_passwd ou=Users,dc=abmas,dc=biz?sub

Note: sub not one

>
>
> Shouldn't  /etc/samba/smb.conf contain
>
> ldap user suffix = ou=People,ou=Users
> ldap machine suffix = ou=Computers,ou=Users

Correct.

>
> or
>
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Users

No, that expects all the accounts to be in the ou=Users container.

>
> instead of the current
>
> ldap machine suffix = ou=People
> ldap user suffix = ou=People

That expects all user and machine accounts in the ou=People container.

>
> that is now in Example 5.7. LDAP Based smb.conf File, Server: MASSIVE
> global Section: Part B at
> http://us2.samba.org/samba/docs/man/Samba3-ByExample/happy.html ?

The example puts both user and machine accounts into the ou=People container. 
The diagnostic section explains how they CAN be separated.

Cheers,
John T. (Jan, de man die niet alles kan).
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUG: samba-3.0.14a & samba-3.0.20pre2 endless loop AIX 5.3 (jfs2) & Win98

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steve Williams wrote:

> My "gut feeling" is that it is related to jfs2.  No 
> concrete proof though.  This is the ONLY problem we encountered
> with the entire upgrade, and the only thing that we did
> "radically" different was use jfs2 rather than JFS.  The advantage
> we saw was that JFS2 can "shrink" the filesystems, which can
> be nice in a year or two when requirements change.

> Did you do testing on AIX?  I was not aware that I could 
> get an "ext3" fs on AIX.  If you are interested in persuing
> this further, I will try to set things up to do some
> troubleshooting...  I am remote to the  location & will
> need to have someone work with me.. not a big deal, they
> have a good summer student... but does need some coordination.

I spoke with Jeremy about it.  He believes that it is a
problem with  the way we implement resume keys now.  Apparently
on;y win9x uses resume keys these days in the findfirst/findnext
sequence.  WinNT and later uses resume by name.

It's on the list to be fixed in 3.0.21.  But a little too
invasive for the looming 3.0.20 release later the week.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA7mbIR7qMdg1EfYRAg3oAJ9YS6Q6zxMWp7YUaQ5rPrO7IexfJgCg4lCG
6lUc2/7AuYJdAidSAodu5fw=
=maJQ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUG: samba-3.0.14a & samba-3.0.20pre2 endless loop AIX 5.3 (jfs2) & Win98

[Steve Williams]

Gerald (Jerry) Carter wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steve Williams wrote:
 


Hi,

I have replaced an older AIX system with a new one running AIX 5.3, all
the latest patches.  It is acting as a PDC (I think irrelevant).  The
old server was running AIX 4.3.2 with Samba 3.0.14a (upgraded from
2.0.7) , and was working 100% fine. I had the old server running 3.0.14a
for 6 weeks prior to the upgrade as part of my migration plan.

There are Windows 98 boxes that connect to this server (workgroup), as
well as XP SP2 boxes that connect to the server (domain).  The shares
that I am having problems with are on IBM's "jfs2" filesystem.

The XP boxes are working perfectly.

The Windows 98 boxes work to read and save files.  HOWEVER... if one
"Explores" into one of the folders, Samba goes into an endless loop. 
The little flashlight in Windows 98 Explorer just keeps waving back and

forth.

The behavior can be duplicated by going into a DOS prompt and doing a
"DIR" on the shared directory.  It is more obvious what is happening,
because the screen updates continuously.  It just scrolls forever.  It
gets to the end of the directory listing and starts again at the
top...looping forever.

1.  AIX 4.3.2, jfs, samba-3.0.14a worked perfectly
2.  AIX 5.3, jfs2, samba-3.0.14a & samba-3.0.20pre2 have problem with 
Windows 98 computers
   



I can't reproduce this on ext3 with the current SAMBA_3_0 code.
Is this a jfs2 only problem?




jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA0dAIR7qMdg1EfYRAviZAJ9zhCALn6WfznbT0KfFSmAHQ0Q6fQCcDWdn
PdmSBUtHAlDAUX+ymsvdEXI=
=MPma
-END PGP SIGNATURE-
 


Hi,

My "gut feeling" is that it is related to jfs2.  No concrete proof 
though.  This is the ONLY problem we encountered with the entire 
upgrade, and the only thing that we did "radically" different was use 
jfs2 rather than JFS.  The advantage we saw was that JFS2 can "shrink" 
the filesystems, which can be nice in a year or two when requirements 
change.


Did you do testing on AIX?  I was not aware that I could get an "ext3" 
fs on AIX.  If you are interested in persuing this further, I will try 
to set things up to do some troubleshooting...  I am remote to the 
location & will need to have someone work with me.. not a big deal, they 
have a good summer student... but does need some coordination.


Thanks,
Steve.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[Geert Stappers]

On Wed, Aug 17, 2005 at 10:56:39AM -0600, John H Terpstra wrote:
> On Wednesday 17 August 2005 10:05, Geert Stappers wrote:

> The problem is one of the ability to find the computer account via NSS.
> 
> >
> > My questions:
> >
> > * the version with the bug, did they work with
> >
> > ldap suffix = dc=foobar,dc=biz
> > ldap user suffix = ou=People
> > ldap machine suffix = ou=Computers,ou=People
> >
> > in smb.conf succesfull?
> >
> >
> > * In which version was the bug fixed?
> 
> This was not a Samba bug as explained above.
> 
> PS: Suggest you refer to chapter 5, section 5.3.1.7, of the current 
> Samba3-ByExample book. You can obtain it on-line from:
> 
> http://www.samba.org/samba/docs/Samba3-ByExample.pdf
> 
> This book will become available in computer stores by mid-September.
>

In chapter 5 I found

. ldap suffix [dc=abmas,dc=biz] > 
. ldap group suffix [ou=Groups] > 
. ldap user suffix [ou=People,ou=Users] > 
. ldap machine suffix [ou=Computers,ou=Users] > 
. Idmap suffix [ou=Idmap] > 


That makes this LDAP  tree(beard)


 dc=abmas,dc=bz
  /|\
 / | \
/  |  \
ou=Groups  | ou=Idmap
   |
ou=Users
  / \
 /   \
/ \
ou=Peopleou=Computers


That allows a   nss_base_passwd   ou=Users,dc=abmas,dc=biz?one


Shouldn't  /etc/samba/smb.conf contain

ldap user suffix = ou=People,ou=Users
ldap machine suffix = ou=Computers,ou=Users

or

ldap user suffix = ou=Users
ldap machine suffix = ou=Users

instead of the current 

ldap machine suffix = ou=People
ldap user suffix = ou=People

that is now in Example 5.7. LDAP Based smb.conf File, Server: MASSIVE
global Section: Part B at
http://us2.samba.org/samba/docs/man/Samba3-ByExample/happy.html ?



Cheers
Geert Stappers



signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Squid Users ACL with Samba Primary Domain

[Robert Schetterer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Antonio G P schrieb:
| Hello!!!
|
| I have installed Suse 9.0 as a Prymary Domain Server with Samba and
| windows clients. It is working ok.
|
| Next step is to configure squid for windows clients but I don´t know hot
| yo implement ACL to control the access of  domain users. It is necesary
| to install winbind?
|
| Thank yoy very much for your help because I am a bit lost with this.
|
|
as far i remembered squid and samba in suse 9 ( as far you have the
orginal suse rpms ) had not worked to ntlm auth, cause of a bug in that
squid version.
I cant grant you that it working with suse 9.2. ( cause i have it up and
running
here is a snip from squid.conf
i had to use the sid of the related group cause winbind gaves me no
groupname back ( maybe a suse special or my fault )
( so this is the answer , you have to use winbind for ntlm auth for
squid, hope i remmeber right here )
there are few faqs in the web how to manage this. ( try google for squid
samba )
you have to configure winbind to use the local running samba pdc

- ---snip---
# we give the client browser the proxy entry via dns method, which works
# for firefox and ie, so we produce a pseudo transparent squid proxy
#(real transparent proxy does not work with any auth method , see man
# squid
# user group which are allowed to access the internet in general

auth_param ntlm program /usr/bin/ntlm_auth
- --helper-protocol=squid-2.5-ntlmssp
- --require-membership-of=S-1-5-21-3962140368-478742891-1658383817$
auth_param basic program /usr/bin/ntlm_auth
- --helper-protocol=squid-2.5-basic
- --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-$
auth_param basic children 5

#   auth_param ntlm use_ntlm_negotiate on
#   auth_param ntlm max_challenge_reuses 0
~auth_param ntlm max_challenge_lifetime 15 minutes

auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl user proxy_auth REQUIRED
http_access allow user

#pam auth against a system group works "here" too (nss_ldap), we use it
#to overide the redirector vor vips

external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g wwwdirect
acl direct external unix_group wwwdirect
redirector_access deny direct
always_direct allow direct
http_access allow direct


- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org

\**
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA6gLb0iqzJq+0MgRAi8/AJ9VMuIB4TLk8/3nPc8WNb8c4/uwBQCcCWb1
qa3Mqm2uJQ8Kqap+5bJ2eFY=
=KK1s
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Windows offline files synchronization failure for mounted Samba drive.

[PC]

Gerald (Jerry) Carter  samba.org> writes:

> 
> 
> PC wrote:
> 
> > Windows offline files synchronization fails for mounted 
> > Samba drive unless files are "owned" by the
> > user performing the synchronization.
> 
> What Samba version?  Does 'dos filemode = yes' help?
> 
> cheers, jerry
> =
> Alleviating the pain of Windows(tm)  --- http://www.samba.org
> GnuPG Key- http://www.plainjoe.org/gpg_public.asc
> "I never saved anything for the swim back." Ethan Hawk in Gattaca
> 


Jerry,

 

This problem occurs on Samba 3.0.14a running on Redhat ES4 from installed RH9 
rpm packages.

 

Added 'dos filemode = yes' to the share in smb.conf; same error.

 

Thanks for your time.  Let me know if there is anything else I can check out.  
The “force user = username” option is a limited work around but we would like 
to find a better solution.

 

Pat




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] HELP - Can't See the Forest for The TREES???

[david rankin]

Mates,

   I have configured samba 100 times, but this time, I'm doing something 
increadibly stupid that I just cannot see. Please HELP! I'm about to 
jump..


   Background,

   Old samba sever (nemesis) being replaced with new one (bonza). Both are 
up and operating. All networking is OK, Name resolution is fine, etc. The 
problem is that all users can see all the shares on the new machine (bonza) 
just fine. They can map and browse their home share, but *cannot* browse any 
of the other shares. I on the other hand, as admin user, can connect and 
browse the shares just fine. All users have unix accounts and entries in the 
smbpasswd file. All access groups are set up. All users can run "net view 
\\bonza" from the dos prompt and see all shares. The permissions of the 
shares are:


[EMAIL PROTECTED] samba]# ls -l
total 36
drw-rw   3 root bertin4096 Aug 13 10:54 bertin/
drw-rw   8 root ochiltree 4096 Aug 11 23:58 closed/
drw-rw   4 root ochiltree 4096 Aug 13 10:47 computer/
drw-rw  34 root ochiltree 4096 Aug 15 22:52 forms/
drw-rw   3 root guillory  4096 Aug 13 10:54 guillory/
drw-rw   5 root ochiltree 4096 Aug 16 23:31 joint/
drw-rw   3 root ochiltree 4096 Aug 13 10:54 office/
drw-rw   3 root rankin4096 Aug 13 10:54 rankin/
drw-rw   3 root ochiltree 4096 Mar 16 17:27 visionary/

Now, here is the problem I encounter with the smbclient test when attempting 
to connect as another user:


[EMAIL PROTECTED] /home]$ smbclient -U% -L bonza
Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.13]

   Sharename   Type  Comment
   -     ---
   config  Disk  Admin Config Share
   office  Disk  Shared Office Files
   rankin  Disk  Rankin Law Firm PLLC
   bertin  Disk  Darren Bertin
   guilloryDisk  David Guillory
   jointcases  Disk  Joint Client Files
   lawtoolsDisk  Case Development - Summation
   forms   Disk  Shared Forms and Briefs
   computerDisk  Computer Drivers and Software
   closed  Disk  Rankin Law Firm PLLC
   print$  Disk
   pdf-gen Printer   PDF Generator (only valid users)
   IPC$IPC   IPC Service (Samba Server 3.0.13)
   ADMIN$  IPC   IPC Service (Samba Server 3.0.13)
Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.13]

   Server   Comment
   ----
   BONZASamba Server 3.0.13
   NEMESIS  RB_LAW Samba Server 3.0.7

   WorkgroupMaster
   ----
   RB_LAW   NEMESIS

[EMAIL PROTECTED] /home]$ smbclient '\\bonza\rankin'
Password:
Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.13]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
[EMAIL PROTECTED] /home]$

I've even set the share permissions as 0777 and still no joy. This is 
killing me. I really can't see the forest for the trees. Can anybody see 
what I'm doing stupidly wrong??? I have worked chapter 12 DIAGNOSIS in Using 
Samba and I'm still stuck.


My smb.conf is shown below. Thank you for any help.

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[config]"
Processing section "[office]"
Processing section "[rankin]"
Processing section "[bertin]"
Processing section "[guillory]"
Processing section "[jointcases]"
Processing section "[lawtools]"
Processing section "[forms]"
Processing section "[computer]"
Processing section "[closed]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[pdf-gen]"
Global parameter printcap name found in service section!
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

# Global parameters
[global]
   workgroup = RB_LAW
   server string = Samba Server %v
   map to guest = Bad User
   log file = /var/log/samba/log.%m
   max log size = 50
   name resolve order = wins lmhosts bcast
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   printcap name = cups
   show add printer wizard = No
   domain logons = Yes
   dns proxy = No
   wins server = 192.168.7.14
   printer admin = @adm
   hosts allow = 192.168.7., 127., 66.76.63.120

[homes]
   comment = Home Directories
   read only = No
   browseable = No

[config]
   comment = Admin Config Share
   path = /
   valid users = david
   admin users = david
   force user = root
   force group = root
   read only = No

[office]
   comment = Shared Office Files
   path = /home/samba/office
   valid users = @ochiltree
   admin users = david
   force group = ochiltree
   read only = No
   inherit permissions = Yes

[rankin]
   comment = Rankin Law Firm PLLC
   path = /home/samba/rankin
   v

[Samba] Samba and Linux passwd file

[Lonnie]

Hello All,

I know that Samba can create users and passwords in the smbpasswd file, 
but is there a way to have Samba use the standard Linux passwd file for 
the user name and password?


Our users will just be connecting to their home directory via samba and 
I am not sure how to set the configuration to map their home directory 
and also use the existing Linux authentication from the passwd file.


Can anyone please explain to me what needs to be done or where I can 
read more on this?


--
Thanks,

Lonnie Cumberland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems upgrading from Samba 2.2.1 to 3.0.14a

[Douglas Vechinski]

I have an old Linux Mandrake 8.1 system that has (had) Samba 2.2.1
running on it.  I've been trying to upgrade to a later samba so that Win
XP machines could connect.  (I was told in a previous question that I
needed to update so something later than 3.0 to allow XP machines to
connect).

So a couple of weeks ago I downloaded the source for Samba 3.0.14a and
compiled it.  (During the modules section I received a number of
undefined references and had asked about this problem but never got a
response).  After this, I finally did an install.  I kill the old samba
deamons and start smbd and nmbd  (they initially didn't start  I think
because did not find the smb.conf.  (didn't see how to set this in the
configure script).  Anyway started them with a -s pointing to the
smb.conf file I used for the 2.2.1.  

Samba appears to start.  Now on a Windows machine I can see the Linux
machine.  But when I attempt to log in, giving username and password.
(The same as I had used previously) I get an error stating that
"\\Machine_name is not accessible.  The network name cannot be found."

Does the smb.conf file need to be modified in any way from 2.2.1 to
3.0.14a?  Anyother thing to test.  I ran testparm on the file. Just get
a note saying that Service homes is flagged unavailable.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] long filename issues

[Nathan Vidican]

We're still getting a lot of locked smbd processes, processes climbing to 98% 
or more usage and becoming un-responsive and thereby locking the particular 
user they're attached to from accessing the file.

It seems more and more so, that the longer the combined path and file name 
are, the more likely the end user is to get locked out. Aside from that, the 
issue has yet to form a pattern we've been able to dicifer, and even still it 
only happens at apparently random intervals to only a small number of users.

So I was curious, are there any issues regarding filename/pathname 
limitations? ie: 256 chars max filename, issues with say > 4 spaces in a 
filename, etc. Trying to narrow this down somehow and see what we can figure 
out, else we're just kinda banking on the next stable release to hopefully 
fix this issue.

We're running Samba-3.0.13 with a patch as supplied by (Jerry or Jeremy, sorry 
haven't got the email to see whom it was guys). The patch was to solve the 
locking issue with excel, and though it did help, it has not stopped the 
lockups all together. We're still getting on average about 10-15 a day.

--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Profiles 'problem'

[felipe]

Hello,

I use samba-3.0.14a_1,1 on FreeBSD 5.4-STABLE. Everything is running perfectly.

Today, the profile of my users are stored on the file server. For example:

John logon on the Windows 2000 Professional workstation called machine01. It's
the first logon of John on this machine, but him already have a profile stored
on the file server. When John logon to machine01, the profile of John are
downloaded from file server to machine01. Desktop, My Documents, Documents and
Settings and all other stuff of John are now in machine01, and John can access
all him stuffs on machine01. That's the problem.

I don't want John download (and upload to the file server too) all him stuff,
only the following directories:

a) c:\documents and settings\john\application data\mozilla;
b) c:\documents and settings\john\application data\thunderbird;

Does anybody knows how to do it?

Here, my smb.conf:

su-2.05b# cat /usr/local/etc/smb.conf
[global]
netbios name = FILESERVER
workgroup = MYDOMAIN
server string = My FILESERVER
passdb backend = smbpasswd
os level = 255
preferred master = yes
domain master = yes
local master = yes
security = user
domain logons = yes
logon path = \\%N\profiles\%U
logon drive = H:
logon home = \\homeserver\%U\winprofile
admin users = neuwald
time server = yes
logon script = %u.bat
add machine script = /usr/sbin/pw useradd -g machines -s /usr/bin/false
-d /dev/null -n %u
display charset = iso8859-1
log level = 20
[netlogon]
path = /data/NETLOGON
writable = no
browseable = no
[profiles]
path = /data/PROFILES
browseable = no
writable = yes
create mask = 0600
directory mask = 0700
[homes]
read only = no
browseable = no
guest ok = no
map archive = yes
[all]
comment = All
writable = yes
path = /data/SHARE/geral
create mode = 0666
force create mode = 0666
directory mode = 0777
force directory mode = 0777
[group1]
comment = Group 1
writable = yes
valid users = @group1
path = /data/SHARE/group1
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770

Thank you,

Felipe.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] error with rd /s in windows 2000 shell

[Jeremy Allison]

On Wed, Aug 17, 2005 at 06:12:48PM +0200, Thomas Sondag wrote:
> >
> So I build a freshly svn checkout of the SAMBA_3_0_RELEASE tree with the
> /debian directory package source files of the current (sarge / 
> 3.0.14a-3) version (with lot of hunk problems with the debian patch)
> 
> That doesn't solve the problem.
> 
> This a reproductible bug, I try it with different win2000 stations and
> sarge/samba servers.
> 
> I'll try to rebuild the samba debian package without the debian patch,
> but I'm not sure to have the time to do it before this week end.

If you're not building with the source we ship then we can't predict
what the problems will be. Why does Debian have a set of specific
patches ? If they work, they should be in the main tree. If they
don't, they shouldn't be in the build at all.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Squid Users ACL with Samba Primary Domain

[Antonio G P]

Hello!!!

I have installed Suse 9.0 as a Prymary Domain Server with Samba and windows 
clients. It is working ok.


Next step is to configure squid for windows clients but I don´t know hot yo 
implement ACL to control the access of  domain users. It is necesary to 
install winbind?


Thank yoy very much for your help because I am a bit lost with this.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Dos Filenames in samba 3.0.14a

[Jeremy Allison]

On Wed, Aug 17, 2005 at 01:58:20PM +0100, Ross McInnes wrote:
> Hi "the list"
> 
> Have an odd one, Dos filenames / 16 bit applications;
> 
> In dos filenames longer that 8 chars would be something like
> 
> Myexam~1.doc (myexample.doc) but under samba its appearing as something very
> weird! Consequently it breaks any links/references to it :/
> 
> Also we run studyscan which is a 16 bit application (32bit soon hopefully)
> again all the links are messed up.
> 
> How can I turn it back to the old way?

Set "mangling method = hash" in the [global] section of smb.conf.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[John H Terpstra]

On Wednesday 17 August 2005 10:05, Geert Stappers wrote:
> On Wed, Aug 17, 2005 at 09:30:31AM -0600, John H Terpstra wrote:
> > It is sufficient to specify:
> >
> > ldap suffix = dc=foobar,dc=biz
> > ldap machine suffix = ou=Computers
> > ldap user suffix = ou=People
> > ldap group suffix = ou=Groups
> > ldap idmap suffix = ou=Idmap
> >
> > Samba will take care of the catenation. These will all be expanded
> > correctly. For example the 'ldap user suffix' will be expanded to:
> >
> > ldap machine suffix = ou=Computers,dc=foobar,dc=biz
>
> Over here I have a dead tree copy of Samba-3 by Example
> which says on in Chapter 6, paragraph 3.5
> LDAP Initialization and Creation of User Group Accounts
>
>
>NOTE
>
> ... By placing all machine accounts  in the People
> container, we were able to side-step this bug.

This note has been significantly expanded in the second edition of this book. 
It is now in Chapter 5, section 5.4.5.  The more detailed explanation in the 
second edition demonstrates the fact that this was not a bug in Samba, but 
rather an identity resolution issue involving NSS. 

> So it seems the bug, that prevents samba from being able to search the LDAP
> database for computer accounts if they are placed in the Computers
> container, is gone.

The problem is one of the ability to find the computer account via NSS.

>
> My questions:
>
> * the version with the bug, did they work with
>
>   ldap suffix = dc=foobar,dc=biz
>   ldap user suffix = ou=People
>   ldap machine suffix = ou=Computers,ou=People
>
> in smb.conf succesfull?
>
>
> * In which version was the bug fixed?

This was not a Samba bug as explained above.

PS: Suggest you refer to chapter 5, section 5.3.1.7, of the current 
Samba3-ByExample book. You can obtain it on-line from:

http://www.samba.org/samba/docs/Samba3-ByExample.pdf

This book will become available in computer stores by mid-September.

Cheers,
John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] After net ads join, kinit fails: Client not found...

[P V]

   Hi Ross!
   Excuse my ignorance, but how can I reset the
administrators password?

--- Ross McInnes <[EMAIL PROTECTED]> wrote:

>  
> Hi, I *think* I had this issue. This was during my
> 1st setup, when I reset
> the  administrators password it worked fine
> afterwards.
> 
> Also look on the AD and make sure it actually joined
> the domain.
> 
> Cheers
> 
> Ross
> 
> 
> -Original Message-
> From:
> [EMAIL PROTECTED]
>
[mailto:[EMAIL PROTECTED]
> On Behalf Of P
> V
> Sent: 17 August 2005 15:33
> To: samba@lists.samba.org
> Subject: [Samba] After net ads join, kinit fails:
> Client not found...
> 
>   I'm installing Samba with Security ADS (compiled
> --with-winbind --with-ads
> --with-ldap --with-krb5) on Solaris 8, for connect
> with ActiveDirectory W2K.
>   First, I created in AD Windows an account with the
> same name that my
> solaris host and generated the keytab with this:
> C:\temp>ktpass princ
> host/[EMAIL PROTECTED] mapuser
> mysolarishost
> -pass ad_user_pwd out file.keytab
>   And add the file to /etc/krb5/krb5.keytab with
> kerberos/sbin/ktutil
>   I ran kinit host/[EMAIL PROTECTED], and
> it asked me for a
> password (ad_usr_pwd) and all right.
>   Then I ran net ads join -U Administrator.
>   It asked for password and sent:
> Using short domain name -- DOMAINNETBIOS Joined
> 'MYSOLARISHOST' to realm
> 'DOMAIN.COM.MX'
> 
>   After this, I ran SMB daemons. In log.smbd I get:
> [2005/08/16 19:12:48, 0] smbd/server.c:main(802)
>   smbd version 3.0.20rc1 started.
>   Copyright Andrew Tridgell and the Samba Team
> 1992-2004
> [2005/08/16 19:12:48, 0]
> libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password
> host/[EMAIL PROTECTED] failed: Client not
> found in Kerberos
> database
> 
>If I run kinit host/[EMAIL PROTECTED],
> I get this message:
> kinit(v5): Client not found in Kerberos database
> while getting initial
> credentials
> 
>So, the problem is when a run net ads join. After
> that the authentication
> with AD W2K is broken. If I delete the computer
> account in AD W2K, the kinit
> command works again.
> 
>Any idea?
>   
> Here my configuration files:
> smb.conf:
>  [global]
> workgroup = DOMAINNETBIOS
> netbios name = mysolarishost
> idmap uid = 1-2
> idmap gid = 1-2
> security = ads
> realm = DOMAIN.COM.MX
> password server = adw2kserver.domain.com.mx
> --
> 
> krb5.conf:
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = DOMAIN.COM.MX
> default_tgs_enctypes = des-cbc-crc
> des-cbc-md5
> default_tkt_enctypes = des-cbc-crc
> des-cbc-md5 [realms]
>DOMAIN.COM.MX = {
> kdc = adw2kserver.domain.com.mx
> kdc = otherADw2kserver.domain.com.mx
> admin_server =
> ad2kserver.domain.com.mx
> default_domain = domain.com.mx
> }
> [domain_realm]
> domain.com.mx = DOMAIN.COM.MX
> .domainnetbios = DOMAIN.COM.MX
> domainnetbios = DOMAIN.COM.MX
> ---
> 
> nsswitch:
> passwd: files winbind
> group:  files winbind
> hosts:  files wins
> shadow: files winbind
> 
> 
> __
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
> --
> To unsubscribe from this list go to the following
> URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 
> -- 
> To unsubscribe from this list go to the following
> URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Post 3.0.9 Win9X Domain Logon Problems

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ade Fewings wrote:
> Hi all,
> 
> We have Samba 3 up to and including 3.0.9 working fine using LDAP for
> the backend.  XP and 9X logons work fine.  On upgrading to newer
> versions (inc. 3.0.11, 3.0.14a and tried 3.0.20), in the same
> configuration, 9X logons stop working properly - they authenticate, but
> fail to get information such as groups and user's full name.  XP still
> works fine.
> We use KIX for our logon scripts and I have observed that the new Samba
> gives a different result to the KIX test script than the old one.  When
> running the KIX test script, our working build reports 'USER' privileges
> and has all the user details available.  The non-working, newer samba
> reports 'GUEST' privileges and is missing a lot of the user details. 
> I'm guessing this is, at least, a big sign over the problems we are
> having but have spent some time experimenting and basically fiddling
> with things in hope of success, but without any.

Ade,

Can you send me a reproducible test case?  a script or
a .exe file?





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA2ltIR7qMdg1EfYRAkw+AKCdYIezf3Q05YNkOa7ZfeGRYov7RwCfWHxd
vBKbdp0DKET6dwYSSxqjieA=
=CoOd
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Post 3.0.9 Win9X Domain Logon Problems

[Ade Fewings]

Hi all,

We have Samba 3 up to and including 3.0.9 working fine using LDAP for 
the backend.  XP and 9X logons work fine.  On upgrading to newer 
versions (inc. 3.0.11, 3.0.14a and tried 3.0.20), in the same 
configuration, 9X logons stop working properly - they authenticate, but 
fail to get information such as groups and user's full name.  XP still 
works fine. 

We use KIX for our logon scripts and I have observed that the new Samba 
gives a different result to the KIX test script than the old one.  When 
running the KIX test script, our working build reports 'USER' privileges 
and has all the user details available.  The non-working, newer samba 
reports 'GUEST' privileges and is missing a lot of the user details.  
I'm guessing this is, at least, a big sign over the problems we are 
having but have spent some time experimenting and basically fiddling 
with things in hope of success, but without any. 

I am not the only one to suffer from this, however.  A friend of mine 
who operates a separate local network that was built completely 
separately and without any commonality (both done from the ground-up 
using Samba docs, etc.) has the same problems.  We both now have the 
same problems.  Has anybody else seen anything like this? 

Both networks are based on Solaris on Sparc servers, but the other 
network has also tried FreeBSD on x86 and found exactly the same 
problems.  OpenLDAP on the backend in both cases.


Am finding this seriously frustrating now, so would really appreciate 
any ideas - I can't believe there can be two occurrences of this problem 
locally but nobody else would find it globally.  And, if it turns out to 
be something i've done stupid, then i'm now prepared to accept that and 
cope with the shame, just as long as it gets better!


Thanks in advance
Ade
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] error with rd /s in windows 2000 shell

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas Sondag wrote:

> So I build a freshly svn checkout of the SAMBA_3_0_RELEASE 
> tree with the /debian directory package source files of the
> current (sarge /  3.0.14a-3) version (with lot of hunk
> problems with the debian patch)
> 
> That doesn't solve the problem.
> 
> This a reproductible bug, I try it with different win2000 
> stations and sarge/samba servers.
> 
> I'll try to rebuild the samba debian package without 
> the debian patch, but I'm not sure to have the time to do
> it before this week end.

Thomas,

I cannot reproduce this froma Windows 2000 client
against 3.0.21pre1-SVN-build-9253 (which is the current
SAMBA_3_0 tree).  This is essentially the same as the
SAMBA_3_0_RELEASE tree right now.

rd /s of a directory with 1 files works fine.  Is there
anything special about the files in your directory or
directory tree?






cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA2SwIR7qMdg1EfYRAsLVAKCYP30OHXpbOzJK8PBprmc6AzbSWQCfV+a0
/m2c8QX2VUZRSbgBwvpsSx0=
=WqLp
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] error with rd /s in windows 2000 shell

[Thomas Sondag]

Gerald (Jerry) Carter a écrit :

> Thomas Sondag wrote:
>
> >Hi all,
>
> >We are running a samba (3.0.14a-3 / sarge) server with windows 2000
> >Client. (recent remplacement of a NT server)
>
> >The problem his that when I try to recursivly remove a folder on
> >a samba share with "rd /s" on the windows shell, the command
> >return an error and stop deletting subfile when the number of
> >subfile exceed (exactly) 130. At the end of the command only
> >130 are deleted and not the full directory.
>
> >That's very important for me because some of ours developers
> >use this command in a lot of shell script.
>
> >Should I increase some mysterious smb.conf paramater or
> >something else ?
>
>
> Could you test out the current SAMBA_3_0_RELEASE tree.
> We're getting ready to ship 3.0.20 and as far as I know
> directory listings and removal is working ok.   The changes
> between 3.0.14a and 3.0.20 are pretty substancial though
> so I can't point to a specific patch you could apply.
>
So I build a freshly svn checkout of the SAMBA_3_0_RELEASE tree with the
/debian directory package source files of the current (sarge / 
3.0.14a-3) version (with lot of hunk problems with the debian patch)

That doesn't solve the problem.

This a reproductible bug, I try it with different win2000 stations and
sarge/samba servers.

I'll try to rebuild the samba debian package without the debian patch,
but I'm not sure to have the time to do it before this week end.

Thank's for your help

   Thomas



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[Geert Stappers]

On Wed, Aug 17, 2005 at 09:30:31AM -0600, John H Terpstra wrote:
> It is sufficient to specify:
> 
>   ldap suffix = dc=foobar,dc=biz
>   ldap machine suffix = ou=Computers
>   ldap user suffix = ou=People
>   ldap group suffix = ou=Groups
>   ldap idmap suffix = ou=Idmap
> 
> Samba will take care of the catenation. These will all be expanded correctly. 
> For example the 'ldap user suffix' will be expanded to:
> 
>   ldap machine suffix = ou=Computers,dc=foobar,dc=biz
> 

Over here I have a dead tree copy of Samba-3 by Example
which says on in Chapter 6, paragraph 3.5
LDAP Initialization and Creation of User Group Accounts


   NOTE

... By placing all machine accounts  in the People
container, we were able to side-step this bug.


So it seems the bug, that prevents samba from being able to search the LDAP
database for computer accounts if they are placed in the Computers
container, is gone.

My questions:

* the version with the bug, did they work with

ldap suffix = dc=foobar,dc=biz
ldap user suffix = ou=People
ldap machine suffix = ou=Computers,ou=People

in smb.conf succesfull?


* In which version was the bug fixed?



Cheers
Geert Stappers



signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

William Jojo wrote:
> 
> On Wed, 17 Aug 2005, Gerald (Jerry) Carter wrote:
> 
> William Jojo wrote:
> 
>>need clarification of the use of:
> 
>>ldap suffix
>>ldap machine suffix
>>ldap user suffix
>>ldap idmap suffix
> 
>>smb.conf.5 indicates you should have a fully qualified suffix such as:
> 
>>   ldap suffix = dc=blah,dc=com
>>   ldap machine suffix = ou=People,dc=blah,dc=com
>>   ldap user suffix = ou=People,dc=blah,dc=com
>>   ldap group suffix = ou=Groups,dc=blah,dc=com
>>   ldap idmap suffix = ou=Idmap,dc=blah,dc=dom
> The man page is wrong.  You can use a fully DN only if
> 'ldap suffix' is an empty string.
> 
> 
> 
>> Ok. Should 'ldap suffix' ever be empty? Where would 
> Samba put sambaDomain objects if this were empty? It seems to
> me this should never be empty. :-)


True.  Can't really write the rootDSE now can you.
+1 for you.





cheers, jerry

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA1qzIR7qMdg1EfYRAi6TAKCjyZF3D+kSMPGTatuzo9sCw/KqlACeLzAM
X04BbWkomLpoynmxfm0N8qo=
=dlSI
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[John H Terpstra]

On Wednesday 17 August 2005 09:25, Gerald (Jerry) Carter wrote:
> William Jojo wrote:
> > need clarification of the use of:
> >
> > ldap suffix
> > ldap machine suffix
> > ldap user suffix
> > ldap idmap suffix
> >
> > smb.conf.5 indicates you should have a fully qualified suffix such as:
> >
> >ldap suffix = dc=blah,dc=com
> >ldap machine suffix = ou=People,dc=blah,dc=com
> >ldap user suffix = ou=People,dc=blah,dc=com
> >ldap group suffix = ou=Groups,dc=blah,dc=com
> >ldap idmap suffix = ou=Idmap,dc=blah,dc=dom
>
> The man page is wrong.  You can use a fully DN only if
> 'ldap suffix' is an empty string.

Oops. I had not caught that. Will fix it now.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[John H Terpstra]

On Wednesday 17 August 2005 09:15, William Jojo wrote:
> need clarification of the use of:
>
> ldap suffix
> ldap machine suffix
> ldap user suffix
> ldap idmap suffix
>
> smb.conf.5 indicates you should have a fully qualified suffix such as:
>
>ldap suffix = dc=blah,dc=com
>ldap machine suffix = ou=People,dc=blah,dc=com
>ldap user suffix = ou=People,dc=blah,dc=com
>ldap group suffix = ou=Groups,dc=blah,dc=com
>ldap idmap suffix = ou=Idmap,dc=blah,dc=dom

It is sufficient to specify:

ldap suffix = dc=foobar,dc=biz
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap

Samba will take care of the catenation. These will all be expanded correctly. 
For example the 'ldap user suffix' will be expanded to:

ldap machine suffix = ou=Computers,dc=foobar,dc=biz

- John T.

>
> as demonstrated by:
>
>  Example: ldap idmap suffix = ou=Idmap,dc=samba,dc=org
>
> and
>
>  Example: ldap group suffix =
>ou=Groups,dc=samba,ou=Groups
>
> (which, btw, is a not a good example)
>
>
> However, it appears from a log level 5 that this happens:
>
> [2005/08/17 11:05:57, 5] lib/smbldap.c:smbldap_search_ext(980)
>   smbldap_search_ext: base => [ou=Groups,dc=blah,dc=com,dc=blah,dc=com],
> filter
> => [(&(objectClass=sambaGroupMapping)(gidNumber=-2))], scope => [2]
>
> It combines two suffixes. Which is the correct behavior?
>
> I see utils/net_rpc_samsync.c seems to think the prior is true.
>
>
> This behavior is consistent all the way back to 3.0.11.
>
>
> Cheers,
>
>
> Bill

-- 
John H Terpstra, CTO
PrimaStasys Inc.
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[William Jojo]

On Wed, 17 Aug 2005, John H Terpstra wrote:

> On Wednesday 17 August 2005 09:15, William Jojo wrote:
> > need clarification of the use of:
> >
> > ldap suffix
> > ldap machine suffix
> > ldap user suffix
> > ldap idmap suffix
> >
> > smb.conf.5 indicates you should have a fully qualified suffix such as:
> >
> >ldap suffix = dc=blah,dc=com
> >ldap machine suffix = ou=People,dc=blah,dc=com
> >ldap user suffix = ou=People,dc=blah,dc=com
> >ldap group suffix = ou=Groups,dc=blah,dc=com
> >ldap idmap suffix = ou=Idmap,dc=blah,dc=dom
>
> It is sufficient to specify:
>
>   ldap suffix = dc=foobar,dc=biz
>   ldap machine suffix = ou=Computers
>   ldap user suffix = ou=People
>   ldap group suffix = ou=Groups
>   ldap idmap suffix = ou=Idmap
>
> Samba will take care of the catenation. These will all be expanded correctly.
> For example the 'ldap user suffix' will be expanded to:
>

Thanks, John. I failed to indicate that this is how I currently use it. I
wanted to clear up the confusion as I know you like documentation to be
very clear and concise.  :-) :-)


Cheers,

Bill


>   ldap machine suffix = ou=Computers,dc=foobar,dc=biz
>
> - John T.
>
> >
> > as demonstrated by:
> >
> >  Example: ldap idmap suffix = ou=Idmap,dc=samba,dc=org
> >
> > and
> >
> >  Example: ldap group suffix =
> >ou=Groups,dc=samba,ou=Groups
> >
> > (which, btw, is a not a good example)
> >
> >
> > However, it appears from a log level 5 that this happens:
> >
> > [2005/08/17 11:05:57, 5] lib/smbldap.c:smbldap_search_ext(980)
> >   smbldap_search_ext: base => [ou=Groups,dc=blah,dc=com,dc=blah,dc=com],
> > filter
> > => [(&(objectClass=sambaGroupMapping)(gidNumber=-2))], scope => [2]
> >
> > It combines two suffixes. Which is the correct behavior?
> >
> > I see utils/net_rpc_samsync.c seems to think the prior is true.
> >
> >
> > This behavior is consistent all the way back to 3.0.11.
> >
> >
> > Cheers,
> >
> >
> > Bill
>
> --
> John H Terpstra, CTO
> PrimaStasys Inc.
> Phone: +1 (650) 580-8668
>
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[William Jojo]

On Wed, 17 Aug 2005, Gerald (Jerry) Carter wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> William Jojo wrote:
> >
> >
> > need clarification of the use of:
> >
> > ldap suffix
> > ldap machine suffix
> > ldap user suffix
> > ldap idmap suffix
> >
> > smb.conf.5 indicates you should have a fully qualified suffix such as:
> >
> >ldap suffix = dc=blah,dc=com
> >ldap machine suffix = ou=People,dc=blah,dc=com
> >ldap user suffix = ou=People,dc=blah,dc=com
> >ldap group suffix = ou=Groups,dc=blah,dc=com
> >ldap idmap suffix = ou=Idmap,dc=blah,dc=dom
>
> The man page is wrong.  You can use a fully DN only if
> 'ldap suffix' is an empty string.
>
>

Ok. Should 'ldap suffix' ever be empty? Where would Samba put sambaDomain
objects if this were empty? It seems to me this should never be empty. :-)


Cheers,

Bill


>
>
>
>
> cheers, jerry
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.0 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDA1cHIR7qMdg1EfYRAsXyAKCq8GFqct+LEVBP3R+F0M7NzNOm1QCg8xZf
> 8WkxQg2zAzTtyEmyXdE/uDU=
> =LOaG
> -END PGP SIGNATURE-
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] After net ads join, kinit fails: Client not found...

[Ross McInnes]

 
Hi, I *think* I had this issue. This was during my 1st setup, when I reset
the  administrators password it worked fine afterwards.

Also look on the AD and make sure it actually joined the domain.

Cheers

Ross


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of P
V
Sent: 17 August 2005 15:33
To: samba@lists.samba.org
Subject: [Samba] After net ads join, kinit fails: Client not found...

  I'm installing Samba with Security ADS (compiled --with-winbind --with-ads
--with-ldap --with-krb5) on Solaris 8, for connect with ActiveDirectory W2K.
  First, I created in AD Windows an account with the same name that my
solaris host and generated the keytab with this:
C:\temp>ktpass princ host/[EMAIL PROTECTED] mapuser mysolarishost
-pass ad_user_pwd out file.keytab
  And add the file to /etc/krb5/krb5.keytab with kerberos/sbin/ktutil
  I ran kinit host/[EMAIL PROTECTED], and it asked me for a
password (ad_usr_pwd) and all right.
  Then I ran net ads join -U Administrator.
  It asked for password and sent:
Using short domain name -- DOMAINNETBIOS Joined 'MYSOLARISHOST' to realm
'DOMAIN.COM.MX'

  After this, I ran SMB daemons. In log.smbd I get:
[2005/08/16 19:12:48, 0] smbd/server.c:main(802)
  smbd version 3.0.20rc1 started.
  Copyright Andrew Tridgell and the Samba Team
1992-2004
[2005/08/16 19:12:48, 0]
libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password
host/[EMAIL PROTECTED] failed: Client not found in Kerberos
database

   If I run kinit host/[EMAIL PROTECTED], I get this message:
kinit(v5): Client not found in Kerberos database while getting initial
credentials

   So, the problem is when a run net ads join. After that the authentication
with AD W2K is broken. If I delete the computer account in AD W2K, the kinit
command works again.

   Any idea?
  
Here my configuration files:
smb.conf:
 [global]
workgroup = DOMAINNETBIOS
netbios name = mysolarishost
idmap uid = 1-2
idmap gid = 1-2
security = ads
realm = DOMAIN.COM.MX
password server = adw2kserver.domain.com.mx
--

krb5.conf:
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.COM.MX
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5 [realms]
   DOMAIN.COM.MX = {
kdc = adw2kserver.domain.com.mx
kdc = otherADw2kserver.domain.com.mx
admin_server =
ad2kserver.domain.com.mx
default_domain = domain.com.mx
}
[domain_realm]
domain.com.mx = DOMAIN.COM.MX
.domainnetbios = DOMAIN.COM.MX
domainnetbios = DOMAIN.COM.MX
---

nsswitch:
passwd: files winbind
group:  files winbind
hosts:  files wins
shadow: files winbind


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP suffixes

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

William Jojo wrote:
> 
> 
> need clarification of the use of:
> 
> ldap suffix
> ldap machine suffix
> ldap user suffix
> ldap idmap suffix
> 
> smb.conf.5 indicates you should have a fully qualified suffix such as:
> 
>ldap suffix = dc=blah,dc=com
>ldap machine suffix = ou=People,dc=blah,dc=com
>ldap user suffix = ou=People,dc=blah,dc=com
>ldap group suffix = ou=Groups,dc=blah,dc=com
>ldap idmap suffix = ou=Idmap,dc=blah,dc=dom

The man page is wrong.  You can use a fully DN only if
'ldap suffix' is an empty string.






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA1cHIR7qMdg1EfYRAsXyAKCq8GFqct+LEVBP3R+F0M7NzNOm1QCg8xZf
8WkxQg2zAzTtyEmyXdE/uDU=
=LOaG
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP suffixes

[William Jojo]

need clarification of the use of:

ldap suffix
ldap machine suffix
ldap user suffix
ldap idmap suffix

smb.conf.5 indicates you should have a fully qualified suffix such as:

   ldap suffix = dc=blah,dc=com
   ldap machine suffix = ou=People,dc=blah,dc=com
   ldap user suffix = ou=People,dc=blah,dc=com
   ldap group suffix = ou=Groups,dc=blah,dc=com
   ldap idmap suffix = ou=Idmap,dc=blah,dc=dom

as demonstrated by:

 Example: ldap idmap suffix = ou=Idmap,dc=samba,dc=org

and

 Example: ldap group suffix =
   ou=Groups,dc=samba,ou=Groups

(which, btw, is a not a good example)


However, it appears from a log level 5 that this happens:

[2005/08/17 11:05:57, 5] lib/smbldap.c:smbldap_search_ext(980)
  smbldap_search_ext: base => [ou=Groups,dc=blah,dc=com,dc=blah,dc=com],
filter
=> [(&(objectClass=sambaGroupMapping)(gidNumber=-2))], scope => [2]

It combines two suffixes. Which is the correct behavior?

I see utils/net_rpc_samsync.c seems to think the prior is true.


This behavior is consistent all the way back to 3.0.11.


Cheers,


Bill
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and User Mode Linux

[Geert Stappers]

On Wed, Aug 17, 2005 at 01:36:18PM +0200, [EMAIL PROTECTED] wrote:
> Hello,
>  
> has anyone experiences with uml and sambe, escpacially running 
> multiple uml instances with one samba instance in each uml instance?
>  
> Please tell me your experiences...


If it stays calm with the responses, then check Xen

 (  Xen is a virtual machine monitor for x86 that supports execution of
multiple guest operating systems with unprecedented levels of
performance and resource isolation. Xen is Open Source software,
released under the terms of the GNU General Public License. We have a
fully functional ports of Linux 2.4 and 2.6 running over Xen, and
regularly use it for running demanding applications like MySQL, Apache
and PostgreSQL. Any Linux distribution (RedHat, SuSE, Debian, Mandrake)
should run unmodified over the ported OS. )


The graphics at http://www.cl.cam.ac.uk/Research/SRG/netos/xen/performance.html
indicate that Xen performs better then UML.


Cheers
Geert Stappers

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems uploading printer drivers

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Cyrille Bollu wrote:
> 
> Hi Jerry,
> 
> Did you receive my logs?
> 
> Did you get a chance to have a look at it?

Doh!  They got filed in my TODO folder and
haven't been seen since.  I'll look at them today.



cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA09DIR7qMdg1EfYRAmTYAKCzeajZoznod87ahhlyqhacsAAxMQCeOmFr
UhQ5Arp7swwcOjZCVtnPsW8=
=eJ9/
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Dos Filenames in samba 3.0.14a

[Ross McInnes]

Hi "the list"

Have an odd one, Dos filenames / 16 bit applications;

In dos filenames longer that 8 chars would be something like

Myexam~1.doc (myexample.doc) but under samba its appearing as something very
weird! Consequently it breaks any links/references to it :/

Also we run studyscan which is a 16 bit application (32bit soon hopefully)
again all the links are messed up.

How can I turn it back to the old way?

Cheers

Ross

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] After net ads join, kinit fails: Client not found...

[P V]

  I'm installing Samba with Security ADS (compiled
--with-winbind --with-ads --with-ldap --with-krb5) on
Solaris 8, for connect with ActiveDirectory W2K.
  First, I created in AD Windows an account with the
same name that my solaris host and generated the
keytab with this:
C:\temp>ktpass princ host/[EMAIL PROTECTED]
mapuser mysolarishost -pass ad_user_pwd out
file.keytab
  And add the file to /etc/krb5/krb5.keytab with
kerberos/sbin/ktutil
  I ran kinit host/[EMAIL PROTECTED], and it
asked me for a password (ad_usr_pwd) and all right.
  Then I ran net ads join -U Administrator.
  It asked for password and sent:
Using short domain name -- DOMAINNETBIOS
Joined 'MYSOLARISHOST' to realm 'DOMAIN.COM.MX'

  After this, I ran SMB daemons. In log.smbd I get:
[2005/08/16 19:12:48, 0] smbd/server.c:main(802)
  smbd version 3.0.20rc1 started.
  Copyright Andrew Tridgell and the Samba Team
1992-2004
[2005/08/16 19:12:48, 0]
libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password
host/[EMAIL PROTECTED] failed: Client not
found in Kerberos database

   If I run kinit host/[EMAIL PROTECTED], I
get this message:
kinit(v5): Client not found in Kerberos database while
getting initial credentials

   So, the problem is when a run net ads join. After
that the authentication with AD W2K is broken. If I
delete the computer account in AD W2K, the kinit
command works again.

   Any idea?
  
Here my configuration files:
smb.conf:
 [global]
workgroup = DOMAINNETBIOS
netbios name = mysolarishost
idmap uid = 1-2
idmap gid = 1-2
security = ads
realm = DOMAIN.COM.MX
password server = adw2kserver.domain.com.mx
--

krb5.conf:
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.COM.MX
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
[realms]
   DOMAIN.COM.MX = {
kdc = adw2kserver.domain.com.mx
kdc = otherADw2kserver.domain.com.mx
admin_server =
ad2kserver.domain.com.mx
default_domain = domain.com.mx
}
[domain_realm]
domain.com.mx = DOMAIN.COM.MX
.domainnetbios = DOMAIN.COM.MX
domainnetbios = DOMAIN.COM.MX
---

nsswitch:
passwd: files winbind
group:  files winbind
hosts:  files wins
shadow: files winbind


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] %g variable not working

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Saravanan wrote:
> Hi,
> 
> I am trying to assign policies for groups. I am using
> the following netlogon configuration.
> 
> [netlogon]
>   path = /usr/local/samba/lib/%g/netlogon
>   browseable = No
> 
> it works fine with 
> 
> [netlogon]
>   path = /usr/local/samba/lib/%u/netlogon
>   browseable = No

I can't reproduce this against the current SAMBA_3_0 code.
%g works fine.  Perhaps the client is caching a connection
to the [netlogon] share.







ciao,  jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA0nhIR7qMdg1EfYRAmvuAKCVXhcaCWTAj3ge/w52a7OKfrWT7gCfa3YR
iMYDDF6j5lmdU908IoOFFrA=
=/gsM
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ppp winbind type 5 error

[Marcos Ferreira da Silva]

I'm having a trouble.

I use winXP to connect through L2TP/IPsec to one Linux server.
When I try to connect in my domain appear an error at log.

Plugin winbind.so loaded.
WINBIND plugin initialized.
using channel 36
Using interface ppp1
Connect: ppp1 <--> /dev/pts/3
sent [LCP ConfReq id=0x1   
  ]
rcvd [LCP ConfReq id=0x0
]
sent [LCP ConfRej id=0x0 ]
rcvd [LCP ConfAck id=0x1   
  ]
rcvd [LCP ConfReq id=0x1]
sent [LCP ConfAck id=0x1]
sent [CHAP Challenge id=0x97 <7eec83d8710952cf7dd2429904906dca727e>,
name = "VPNserver"]
rcvd [LCP code=0xc id=0x2 17 20 1f 33 4d 53 52 41 53 56 35 2e 31 30]
sent [LCP CodeRej id=0x2 0c 02 00 12 17 20 1f 33 4d 53 52 41 53 56 35 2e
31 30]
rcvd [LCP code=0xc id=0x3 17 20 1f 33 4d 53 52 41 53 2d 30 2d 4d 30 30
31]
sent [LCP CodeRej id=0x3 0c 03 00 14 17 20 1f 33 4d 53 52 41 53 2d 30 2d
4d 30 30 31]
rcvd [CHAP Response id=0x97 <02b7ac982f9050bb1272945451f4bd41>, name =
"CASA\\anapaula"]
WINBIND: Challenge type 5 unsupported
Peer CASA\\anapaula failed CHAP authentication
sent [CHAP Failure id=0x97 ""]
sent [LCP TermReq id=0x4 "Authentication failed"]
rcvd [LCP TermAck id=0x4 "Authentication failed"]
Connection terminated.
Plugin winbind.so loaded.
WINBIND plugin initialized.
using channel 37
Using interface ppp1
Connect: ppp1 <--> /dev/pts/3

sent [LCP ConfReq id=0x1   
  ]
rcvd [LCP ConfAck id=0x1   
  ]
rcvd [LCP ConfReq id=0x1
]
sent [LCP ConfRej id=0x1 ]
rcvd [LCP ConfReq id=0x2]
sent [LCP ConfAck id=0x2]
sent [CHAP Challenge id=0xc5 ,
name = "VPNserver"]
rcvd [LCP code=0xc id=0x3 1a df 15 ed 4d 53 52 41 53 56 35 2e 31 30]
sent [LCP CodeRej id=0x2 0c 03 00 12 1a df 15 ed 4d 53 52 41 53 56 35 2e
31 30]
rcvd [LCP code=0xc id=0x4 1a df 15 ed 4d 53 52 41 53 2d 30 2d 4d 30 30
31]
sent [LCP CodeRej id=0x3 0c 04 00 14 1a df 15 ed 4d 53 52 41 53 2d 30 2d
4d 30 30 31]
rcvd [CHAP Response id=0xc5 , name =
"CASA\\anapaula"]
WINBIND: Challenge type 5 unsupported
Peer CASA\\anapaula failed CHAP authentication
sent [CHAP Failure id=0xc5 ""]
sent [LCP TermReq id=0x4 "Authentication failed"]
rcvd [LCP TermAck id=0x4 "Authentication failed"]
Connection terminated.


I'm using:
Fedora 2.6.12-1.1398_FC4
ppp-2.4.3-5.fc4

options file:
ipcp-accept-local
ipcp-accept-remote
ms-dns  192.168.99.1
ms-wins 192.168.99.4
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
logfile /var/log/l2tpd.log
plugin winbind.so
ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"

I execute the command 
[EMAIL PROTECTED] ppp]# /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
Full-Username: CASA\anapaula
Password: a9n8a68
.
Authenticated: Yes


Marcos

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUG: samba-3.0.14a & samba-3.0.20pre2 endless loop AIX 5.3 (jfs2) & Win98

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steve Williams wrote:
> Hi,
> 
> I have replaced an older AIX system with a new one running AIX 5.3, all
> the latest patches.  It is acting as a PDC (I think irrelevant).  The
> old server was running AIX 4.3.2 with Samba 3.0.14a (upgraded from
> 2.0.7) , and was working 100% fine. I had the old server running 3.0.14a
> for 6 weeks prior to the upgrade as part of my migration plan.
> 
> There are Windows 98 boxes that connect to this server (workgroup), as
> well as XP SP2 boxes that connect to the server (domain).  The shares
> that I am having problems with are on IBM's "jfs2" filesystem.
> 
> The XP boxes are working perfectly.
> 
> The Windows 98 boxes work to read and save files.  HOWEVER... if one
> "Explores" into one of the folders, Samba goes into an endless loop. 
> The little flashlight in Windows 98 Explorer just keeps waving back and
> forth.
> 
> The behavior can be duplicated by going into a DOS prompt and doing a
> "DIR" on the shared directory.  It is more obvious what is happening,
> because the screen updates continuously.  It just scrolls forever.  It
> gets to the end of the directory listing and starts again at the
> top...looping forever.
> 
> 1.  AIX 4.3.2, jfs, samba-3.0.14a worked perfectly
> 2.  AIX 5.3, jfs2, samba-3.0.14a & samba-3.0.20pre2 have problem with 
> Windows 98 computers

I can't reproduce this on ext3 with the current SAMBA_3_0 code.
Is this a jfs2 only problem?




jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA0dAIR7qMdg1EfYRAviZAJ9zhCALn6WfznbT0KfFSmAHQ0Q6fQCcDWdn
PdmSBUtHAlDAUX+ymsvdEXI=
=MPma
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems uploading printer drivers

[Cyrille Bollu]

Hi Jerry,

Did you receive my logs?

Did you get a chance to have a look at it?

Best regards,

Cyrille




"Gerald (Jerry) Carter" <[EMAIL PROTECTED]> 
01/08/2005 20:02

A
Cyrille Bollu <[EMAIL PROTECTED]>
cc
samba@lists.samba.org
Objet
Re: [Samba] Problems uploading printer drivers






-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Cyrille,

Could you send me a level 10 debug log from smbd for the driver upload
and failure?  Thanks.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC7mPJIR7qMdg1EfYRAjrnAKDi9QjMCO+AjHWDklnwu8GZk1ZqqQCguaoN
BMSEnZN7zXpJR31VIOFZD/c=
=O7GC
-END PGP SIGNATURE-


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] "force groups" and file deletion on 3.0.14a

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Josh Kelley wrote:
> We recently upgraded our file servers from RHEL 3 running 
> Samba 3.0.11 to CentOS 4 running Samba 3.0.14a.  Since then,
> we've been getting some "permission denied" errors while
> deleting files.
> 
> Most of our shares have permissions set up similar to the following:
> 
> [database]
>valid users = @faculty randomsecretary1 randomsecretary2 @admin
>force group = faculty
> 
> Under Samba 3.0.11, users not in the primary group (such 
> as @admin and randomsecretary1) were forced into the appropriate
> group and so had full permissions on the drive.  Under Samba
> 3.0.14a, users not in the primary group can create and edit
> files but cannot delete them.  This occurs with Windows XP SP
> 2 clients;  oddly enough, smbclient can still delete the files.
> 
> I know that I can work around this by setting up proper groups or by
> using ACLs, but I'd prefer not to have to change my current setup.

Josh,

WinXP sp2 introduced uses an alternative method for deleting
files and directories.  This has caused us no end of pain.
I think things are ok in the current 3.0 tree now.
Have you got time to run a quick check of the
SAMBA_3_0_RELEASE tree for me?  We're getting ready for
3.0.20.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA0WHIR7qMdg1EfYRAg87AKCijy04hG613+x+m8aoEi2CFg69MQCdHZuz
1hgUWEvXVg5b/NcQDYHSRCo=
=MVtG
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbindd chokes on W2K users in only one group

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ed Plese wrote:

> Another symptom of this behavior is that executing "wbinfo 
> -r " with a user that is only a member of a single
> group (the primary group of the user) results in the error
> "Could not get groups for user ".  On any user in multiple
> groups, this command completes successfully, showing every
> group the user is a member of, including the user' primary group.
> 

> Looking over the code, it appears that the cause of the 
> problem is in the lookup_usergroups_alt function in
> winbindd_ads.c.  This function only gets called when the
> 'tokenGroups' attribute of the AD user object
> does not contain any groups.  According to the comments in 
> this file, instances where 'tokenGroups' does not contain any
> groups indicates a "buggy Win2k server".  The Active Directory
> domain controllers are running Windows 2000 SP4 with Active
> Directory in mixed mode  and every user object that I checked
> has an empty 'tokenGroups' attribute.
> 
...
> In the lookup_usergroups_alt function, for cases where the 
> user is not a member of any other groups other than
> the primary group, the query for any groups with the user
> as a member returns zero results.  Instead of returning just
> the primary group, lookup_usergroups_alt instead returns no
> groups.  Correcting the logic can easily be done by returning
> the primary group for this case.
> 
> Patches for 3.0.14a and SAMBA_3_0 branch included.

Ed,

This has got to be a model of the perfect bug report :-)
Really good work.  You have a reproducible test case I can use,
an analysis of what the problem is, and a patch.  Kudos to you.
This will be included in 3.0.20.  I've already run through
a series of tests and the patch looks good.

> Is there something uncommon about the above attributes in 
> AD?  Do these attributes vary with the different AD versions?

I'm looking into the history of this.  My guess is that it
may have been an initial windows 2000 bug that we were
working around.




cheers, jerry

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDAz0xIR7qMdg1EfYRArNYAJsGgvrxg6AoU37SVEYNCAvV7mApcQCeM28j
fwSvHOHYW3jcw5b1eRw37UA=
=3Pl5
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] overrun buffer

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Fred Blaise wrote:
> Hi all
> 
> I am getting this error, when running the command below from my workstation:
> 
> `--> sudo net rpc info -S SMBPDC
> [2005/08/17 14:33:16, 0] rpc_parse/parse_prs.c:prs_mem_get(537)
>   prs_mem_get: reading data of size 14287078 would overrun buffer.
> 
> However, if I run the same command from the PDC itself, 
> then it's ok:
> .
> ldapsmb-pdc:~# net rpc info
> Domain Name: ILR
> Domain SID: S-1-5-21-2633119842-899525101-3767551999
> Sequence number: 1124273803
> Num users: 21
> Num domain groups: 39
> Num local groups: 0
> 
> I don't like that overrun buffer.. doesn't sound nice. 
> Does anyone have an idea of why this happens?

I cannot reproduce this against the current SAMBA_3_0 code.
What version are you using in the success and failure case?
And what version is the Samba PDC running?





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDAzdkIR7qMdg1EfYRAn1fAKCwm3cEITYsEphrBiC7TB7c+FTfgwCgz6Hi
R8ijqGcAjYJUxesP8MOIIak=
=/X5f
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbindd chokes on W2K users in only one group

[Ed Plese]

On Thu, Jun 02, 2005 at 01:04:35PM -0400, neil klopfenstein wrote:
> I've been trying to set up Samba 3.0.14a with Active Directory 
> integration on a network with an ordinary W2k Server PDC. I'm currently 
> having a problem which I'm convinced has nothing to do with my Windows 
> or Samba configuration.
> 
> The problem only occurs when trying to connect to the Samba server from 
> an authenticated domain account which is only a member of the default 
> 'Domain users' group. When this is the case, the 
> 'make_server_info_from_pw' function returns NT_STATUS_NO_SUCH_USER, 
> incorrectly.
> 

I get the same behavior, with users completely unable to connect.  They
are unable to even view the shares on the server.

Another symptom of this behavior is that executing "wbinfo -r "
with a user that is only a member of a single group (the primary group
of the user) results in the error "Could not get groups for user ".
On any user in multiple groups, this command completes successfully,
showing every group the user is a member of, including the user's
primary group.

> If the same user is added to another group, it works fine, though.
> 
> I have experienced this problem in 3.0.13 and 3.0.14a. I didn't try any 
> earlier versions.

I also had this problem with 3.0.14a and upgrading to 3.0.20rc2 showed
the same behavior.  At quick glance, the SAMBA_3_0 SVN code appears to
have the same problem also.

Looking over the code, it appears that the cause of the problem is in
the lookup_usergroups_alt function in winbindd_ads.c.  This function
only gets called when the 'tokenGroups' attribute of the AD user object
does not contain any groups.  According to the comments in this file,
instances where 'tokenGroups' does not contain any groups indicates a
"buggy Win2k server".  The Active Directory domain controllers
are running Windows 2000 SP4 with Active Directory in mixed mode 
and every user object that I checked has an empty 'tokenGroups' attribute.

Instead of getting the user's group membership from the 'tokenGroups'
attribute, lookup_usergroups_alt queries AD for any groups that have
the user listed in their 'member' attribute.  Primary groups memberships
however don't appear to be contained in either the 'member' attribute
of the group or the 'memberOf' attribute of the user (at least in the
case of the Domain Users group).  Instead, the RID of the primary
group (e.g. 513 for Domain Users) is contained in the 'primaryGroupID'
attribute of the user.

In the lookup_usergroups_alt function, for cases where the user is
not a member of any other groups other than the primary group,
the query for any groups with the user as a member returns zero
results.  Instead of returning just the primary group,
lookup_usergroups_alt instead returns no groups.  Correcting the
logic can easily be done by returning the primary group for this case.

Patches for 3.0.14a and SAMBA_3_0 branch included.

Is there something uncommon about the above attributes in AD?  Do these
attributes vary with the different AD versions?


Ed Plese
diff -ur samba-3.0.14a/source/nsswitch/winbindd_ads.c 
samba-3.0.14a-patched/source/nsswitch/winbindd_ads.c
--- samba-3.0.14a/source/nsswitch/winbindd_ads.c2005-04-14 
01:14:21.0 -0500
+++ samba-3.0.14a-patched/source/nsswitch/winbindd_ads.c2005-08-17 
07:46:54.0 -0500
@@ -494,37 +494,37 @@
}

count = ads_count_replies(ads, res);
-   if (count == 0) {
-   DEBUG(5,("lookup_usergroups: No supp groups found\n"));
-   
-   status = ads_ntstatus(rc);
-   goto done;
-   }
-   
+
+   /* always add the primary group to the user_gids list */
(*user_gids) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID *, count + 1);
(*user_gids)[0] = primary_group;

*num_groups = 1;
+
+
+   if (count > 0) {

-   for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, 
msg)) {
-   DOM_SID group_sid;
+   for (msg = ads_first_entry(ads, res); msg; msg = 
ads_next_entry(ads, msg)) {
+   DOM_SID group_sid;

-   if (!ads_pull_sid(ads, msg, "objectSid", &group_sid)) {
-   DEBUG(1,("No sid for this group ?!?\n"));
-   continue;
-   }
+   if (!ads_pull_sid(ads, msg, "objectSid", &group_sid)) {
+   DEBUG(1,("No sid for this group ?!?\n"));
+   continue;
+   }

-   if (sid_equal(&group_sid, primary_group)) continue;
+   if (sid_equal(&group_sid, primary_group)) continue;

-   (*user_gids)[*num_groups] = TALLOC_P(mem_ctx, DOM_SID);
-   if (!(*user_gids)[*num_groups]) {
-   status = NT_STATUS_NO_MEMORY;
-   goto done;
-   }
+

Re: [Samba] Winbind crash on startup with Win 2K3 sp1 domain controller.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rob Keeling wrote:
> Having migrated from NT 4 I am trying to re-install a number of machines
> to our New Win 2K3 SP1 Domain.
> 
> Most machines are  Suse 9.1, running heimdal 0.6.1rc3, samba 3.0.14a
> (rpm from samba site).

> [2005/08/13 11:40:32, 0] lib/fault.c:fault_report(36)
>   ===
> [2005/08/13 11:40:32, 0] lib/fault.c:fault_report(37)
>   INTERNAL ERROR: Signal 11 in pid 29578 (3.0.14a-0.1.4-SUSE)
>   Please read the appendix Bugs of the Samba HOWTO collection
> [2005/08/13 11:40:32, 0] lib/fault.c:fault_report(39)
>   ===
> [2005/08/13 11:40:32, 0] lib/util.c:smb_panic2(1463)
>   PANIC: internal error
> [2005/08/13 11:40:32, 0] lib/util.c:smb_panic2(1471)
>   BACKTRACE: 18 stack frames:
>#0 /usr/sbin/winbindd(smb_panic2+0x1ed) [0x80d7c18]
>#1 /usr/sbin/winbindd(smb_panic+0x25) [0x80d7a25]
>#2 /usr/sbin/winbindd [0x80c2f87]
>#3 /usr/sbin/winbindd [0x80c2ffd]
>#4 [0xe420]
>#5 /usr/lib/libkrb5.so.17 [0x400aed12]
>#6 /usr/sbin/winbindd(kerberos_kinit_password+0x9d) [0x819da88]
>#7 /usr/sbin/winbindd(cli_session_setup_spnego+0x35d) [0x80f7852]

There's a memory corruption bug in Heimdal 0.6.1rc3.  You're
best best is to install a later version of heimdal.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDAzKJIR7qMdg1EfYRAvHHAJ4vql0D2lMRuXmu4vQZscahWP+dQQCfWVnj
g7fKmeXw2ksOKeBnP3dhXwI=
=k4nk
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Windows C# unable to access Samba directories.

[PC]

Jeremy Allison  samba.org> writes:

> 
> On Mon, Aug 15, 2005 at 11:20:56PM -0400, PC wrote:
> > We have written a program which queries Windows mounted drives (including
> > Samba mounts) for files and directories.
> > 
> >  
> > 
> > The program cannot find folders which are not owned by the user who spawned
> > the application.  The user belongs to the group (owner - group - others)
> > with rw permissions and can locate all files and folders via Windows
> > Explorer.
> > 
> >  
> > 
> > It appears that Samba is unable to resolve the group permission for some
> > windows applications.
> > 
> >  
> > 
> > A similar problem can also be demonstrated when using Windows Offline files
> > / folder capability on a Samba mounted drive.  Synchronizing offline file
> > will fail unless all files and folders are owned by  the user who spawned
> > the application.
> 
> Can you send out the code/binary for the application with help on how
> to reproduce the problem so we can test this for you ?
> 
> Thanks,
> 
>   Jeremy.


We created a sample program which illustrates the Windows C# unable to access 
Samba directories. It is a quick project w wrote to demo reading subfolders 
and files.  Build the program located under HART Technologies/SambaDemo using 
visual studio.net or run the included .exe directly.

If anyone is interested in troubleshooting the problem, let me know and I'll 
send you the sample code.
 

Navigate using the browse function to a directory on a mounted samba drive. 
Select Ok to close the browse window; the program window should display a list 
to the sub directories and files.  If only one subfolder exists under the 
selected directory, the program returns “.”

 

I have determined the problem occur when browsing to a folder with only one 
subfolder.  The program returns “.” If you browse to a folder with only one 
subfolder and will return a complete list of folders if there are 2 or more 
subfolders.

 

This problem occurs on Samba 3.0.14a running on Redhat ES4 from installed RH9 
rpm packages.

 

PC



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] error with rd /s in windows 2000 shell

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas Sondag wrote:
> Hi all,
> 
> We are running a samba (3.0.14a-3 / sarge) server with windows 2000
> Client. (recent remplacement of a NT server)
> 
> The problem his that when I try to recursivly remove a folder on 
> a samba share with "rd /s" on the windows shell, the command
> return an error and stop deletting subfile when the number of
> subfile exceed (exactly) 130. At the end of the command only
> 130 are deleted and not the full directory.
> 
> That's very important for me because some of ours developers 
> use this command in a lot of shell script.
> 
> Should I increase some mysterious smb.conf paramater or 
> something else ?

Could you test out the current SAMBA_3_0_RELEASE tree.
We're getting ready to ship 3.0.20 and as far as I know
directory listings and removal is working ok.   The changes
between 3.0.14a and 3.0.20 are pretty substancial though
so I can't point to a specific patch you could apply.




cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDAzAgIR7qMdg1EfYRAthLAJkBjjsD5gJaNnPo1frXp1yNBfzqwQCgtEj8
IaC8ZSWmspzkeoag9XkA5fI=
=trHs
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] overrun buffer

[Fred Blaise]

Hi all

I am getting this error, when running the command below from my workstation:

`--> sudo net rpc info -S SMBPDC
[2005/08/17 14:33:16, 0] rpc_parse/parse_prs.c:prs_mem_get(537)
  prs_mem_get: reading data of size 14287078 would overrun buffer.

However, if I run the same command from the PDC itself, then it's ok:
.
ldapsmb-pdc:~# net rpc info
Domain Name: ILR
Domain SID: S-1-5-21-2633119842-899525101-3767551999
Sequence number: 1124273803
Num users: 21
Num domain groups: 39
Num local groups: 0

I don't like that overrun buffer.. doesn't sound nice. Does anyone
have an idea of why this happens?

thanks.

fred
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows offline files synchronization failure for mounted Samba drive.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

PC wrote:

> Windows offline files synchronization fails for mounted 
> Samba drive unless files are "owned" by the
> user performing the synchronization.


What Samba version?  Does 'dos filemode = yes' help?




cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDAy4LIR7qMdg1EfYRAqsDAJ40LbaDPZHaNaqBd9+RujgprGI7FwCgzeO5
XS+XOi/r1d72nmyM6eR4DbA=
=UfhI
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and User Mode Linux

[Dirk.Laurenz]

Hello,
 
has anyone experiences with uml and sambe, escpacially running 
multiple uml instances with one samba instance in each uml instance?
 
Please tell me your experiences...
 
Mit freundlichem Gruß, 


Dirk Laurenz 
Systems Engineer
PSO - Professional Service Organisation 
Fujitsu Siemens Computers 
Hildesheimer Strasse 25 
30880 Laatzen 
Germany 
Telephone:  +49 (511) 84 89 - 18 08 
Telefax:+49 (511) 84 89 - 25 18 08 
Mobile: +49 (170) 22 10 781 
Email:  mailto:[EMAIL PROTECTED] 
Internet:   http://www.fujitsu-siemens.com 

http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html
 
***
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] error with rd /s in windows 2000 shell

[Thomas Sondag]

Hi all,

We are running a samba (3.0.14a-3 / sarge) server with windows 2000
Client. (recent remplacement of a NT server)

The problem his that when I try to recursivly remove a folder on a samba
share with "rd /s" on the windows shell, the command return an error and
stop deletting subfile when the number of subfile exceed (exactly) 130.
At the end of the command only 130 are deleted and not the full directory.

That's very important for me because some of ours developers use this
command in a lot of shell script.

Should I increase some mysterious smb.conf paramater or something else ?

Thank's in advance,

Thomas
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [OT] search best and fast virus solution for Samba

[Stefan Sabolowitsch]

Hi List,

I look for good and fast (good performance) virus solution for Samba.
Or is a Kernel patch better?
Someone can report on its experiences.

Thanks

Stefan


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Discussion: Samba Virtual Server Setup w/ LDAP Backend

[Dirk.Laurenz]

Hello everybody,
 
(i can send level 10 logs on demand..the mail is to big for the list)
 
i'm just building up a complete Samba 3 Domain containing
 
one pdc
one bdc
four file servers
 
because i don't want to spent to much hardware, the four fileservers
are 4 seperate samba instances running on one SuSE SLES 9 Operating System.
 
The Samba Version is:
 
 3.0.14a from ftp.sernet.de   for sles9/i386.
 
Nearly the whole domain is running, but there's one major problem concerning
those 4 fileservers. We're not able to create local groups either using the
usermanager for domains or wbinfo -C. Only the the samba instance which
has been started at last allows creation of local groups (and only /w error's). 
And on this we get an error message (see attachements) altough the local group 
is created.
   - usermgr.jpg (Usermanager error)
   - fgesbo05.log (the system the user manager ran on)
   - smbd.log and winbindd.log
 
 
We have those seperate 4 instances for reasons:
   - starting an stopping them seperately
   - possible testing of newer samba versions
 (e.g. instance 1 is running with 3.0.14 and instance 2 is running with 
3.0.20)
   - easy moving of a samba instance to a new server
 
The problem is quite urgent and if any additional information is needed, please
ask! I will provide it. Thanks in advance
 
Additional Infos (smb.conf, etc)
 
Here's an ps -ef | grep smb of that server:
 

hgest3301:/samba/agest001/conf/etc # ps -ef | grep smb | egrep 
-v 'grep|smbe'
domaina  26240 1  0 09:15 ?00:00:00 /usr/sbin/nmbd 
-D -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina  26245 1  0 09:15 ?00:00:00 /usr/sbin/smbd 
-D -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina  26248 26245  0 09:15 ?00:00:00 /usr/sbin/smbd 
-D -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina  26253 1  0 09:15 ?00:00:00 
/usr/sbin/winbindd -B -s /samba/agest001/conf/etc/smb.conf -l 
/samba/agest001/conf/log
domaina  26254 26253  0 09:15 ?00:00:00 
/usr/sbin/winbindd -B -s /samba/agest001/conf/etc/smb.conf -l 
/samba/agest001/conf/log
domaina  26281 26245  0 09:17 ?00:00:00 /usr/sbin/smbd 
-D -s /samba/agest001/conf/etc/smb.conf -l /samba/agest001/conf/log
domaina  26372 1  0 09:21 ?00:00:00 /usr/sbin/nmbd 
-D -s /samba/agest002/conf/etc/smb.conf -l /samba/agest002/conf/log
domaina  26377 1  0 09:21 ?00:00:00 /usr/sbin/smbd 
-D -s /samba/agest002/conf/etc/smb.conf -l /samba/agest002/conf/log
domaina  26379 26377  0 09:21 ?00:00:00 /usr/sbin/smbd 
-D -s /samba/agest002/conf/etc/smb.conf -l /samba/agest002/conf/log
domaina  26384 1  0 09:21 ?00:00:00 
/usr/sbin/winbindd -B -s /samba/agest002/conf/etc/smb.conf -l 
/samba/agest002/conf/log
domaina  26385 26384  0 09:21 ?00:00:00 
/usr/sbin/winbindd -B -s /samba/agest002/conf/etc/smb.conf -l 
/samba/agest002/conf/log
domaina  26417 1  0 09:21 ?00:00:00 /usr/sbin/nmbd 
-D -s /samba/agest003/conf/etc/smb.conf -l /samba/agest003/conf/log
domaina  26422 1  0 09:21 ?00:00:00 /usr/sbin/smbd 
-D -s /samba/agest003/conf/etc/smb.conf -l /samba/agest003/conf/log
domaina  26424 26422  0 09:21 ?00:00:00 /usr/sbin/smbd 
-D -s /samba/agest003/conf/etc/smb.conf -l /samba/agest003/conf/log
domaina  26430 1  0 09:21 ?00:00:00 
/usr/sbin/winbindd -B -s /samba/agest003/conf/etc/smb.conf -l 
/samba/agest003/conf/log
domaina  26431 26430  0 09:21 ?00:00:00 
/usr/sbin/winbindd -B -s /samba/agest003/conf/etc/smb.conf -l 
/samba/agest003/conf/log
domaina  26462 1  0 09:21 ?00:00:00 /usr/sbin/nmbd 
-D -s /samba/agest004/conf/etc/smb.conf -l /samba/agest004/conf/log
domaina  26467 1  0 09:21 ?00:00:00 /usr/sbin/smbd 
-D -s /samba/agest004/conf/etc/smb.conf -l /samba/agest004/conf/log
domaina  26469 26467  0 09:21 ?00:00:00 /usr/sbin/smbd 
-D -s /samba/agest004/conf/etc/smb.conf -l /samba/agest004/conf/log
domaina  26474 1  0 09:21 ?00:00:00 
/usr/sbin/winbindd -B -s /samba/agest004/conf/etc/smb.conf -l 
/samba/agest004/conf/log
domaina  26475 26474  0 09:21 ?00:00:00 
/usr/sbin/winbindd -B -s /samba/agest004/conf/etc/smb.conf -l 
/samba/agest004/conf/log

hgest3301:/samba/agest001/conf/etc # id
uid=0(domainadmin) gid=0(root) groups=0(root),64(pkcs11)

hgest3301:/samba/agest001/conf/etc # wbinfo -m
AGEST004
BUILTIN

  

[Samba] missing tcp-ack in samba transfers

[Peter Menzebach]

Hi,
I am not shure if I am correct on this list, but maybe someone can give 
me a pointer...


We are running an samba server (3.0.10) on linux (2.6.12.5). Wenn we 
copy a file from a workstation to the server, we have *very* bad 
throughput, since we have tcp retransmissions.
These retransmissions are causes by a missing tcp-ack, which is not sent 
by the linux server.


This happens occasionally but if, then it happens every time at the last 
tcp packet of an "Write andX Request" (total about 60k bytes in 40 tcp 
packets). Here the ack for the last tcp packet is not sent by the 
server. I cannot see the ack with ethereal. So, it is lost in the 
server, not on the network...


The problem exists, since we upgraded to gigabit ethernet and happens 
only, if the file is sent from a machine, which has gigabit ethernet 
too. I cannot see such a problem, if I use ftp.


I hope, someone can give me a pointer...

Best regards
Peter
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba