Re: [Samba] 3.0.7 - NT Create AndX Response, Error:, QUERY_PATH_INFO, Error:

[david rankin]

- Original Message - 
From: "Damen, Frank (damenf)" <[EMAIL PROTECTED]>

I noticed your comments on the samba web site about the performance
issue you were experiencing with the delay in opening files.  I am
having similar issues when accessing files off the server, I was
wondering if you ever found a resolution or cause to the problem.  The
strange thing is that I have two identical computers and am experiencing
the issue only on one.



Frank:

Is the one you are experiencing problems with a laptop with mapped drives 
for 2 different servers?? Like home and work?? I had all problems solved in 
3.0.14a, but 3.0.20 has brought new challenges with printer support, but 
file access is flawless. If you are using windows clients make sure you 
don't have any stray drives mapped that are not mapped to the current 
server. This drives Samba nuts with the AndX chatter. Also, delete all of 
the stray network locations under the My Network Places. Also, printers can 
kill you. If you have a laptop with priters configured for work and home, 
when you connect at home if your default printer is set for work, this also 
creates the chatter. I don't fully understand it yet, but by process of 
elimination I know what makes it better and worse.


JT, Gerry:

(A follow up to our call JT)

   I'm looking into this printer deal. I installed 3.0.20-1 on my SuSE 9.0 
box and it killed printing to the laserjet 4 attached to lp0 on the SuSE 
box. What is strange is the clients are dual-boot and if I boot linux, the 
clients have no problem printing to the lj4 on the suse box. Nothing else 
changed. No changes to smb.conf or cupsd.conf. (all have been shut down and 
restarted along with nmb) So it is definately a smb win XP issue -- feels 
like an authentication issue. Same loop, tcp, smb and dcerp packets. Take XP 
out of the equation and everything works flawlessly (funny how that works). 
What is strange is that after the 3.0.20 update, it also killed my pdf-gen 
on the 9.0 box that is nothing more than a share that passes ps to the 
ps2pdf13 utility. Any thoughts?? Anything I can send you??



--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbclient & NT_STATUS_LOGON_FAILURE

[Jiann-Ming Su]

On 8/26/05, Michel van der Klei <[EMAIL PROTECTED]> wrote:
> 
> Hi,
> 
> IIRC you should use mount.cifs instead of smbclient on a ADS
> 

How do I get a more verbose output?

  mount.cifs //fileserver/ /mountpoint -o credentials=auth_file
  mount error 13 = Permission denied
  Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

Also, are you saying it's not possible to simply view what shares are
available like I was able to with smbclient?
-- 
Jiann-Ming Su
"I have to decide between two equally frightening options. 
 If I wanted to do that, I'd vote." --Duckman
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba works!: Samba, Kerberos, Win2K Active Directory authentication

[Ditirambo]

After some days, here is my personal cookbook for
Samba in Solaris.
I needed to share a folder in my Solaris server, but
using my Windows Active Directory Account. Here are my
proccess, if it can help to anyone or if anyone can
make corrections or suggestions.
Thx.

Personal Cookbook for Samba.

 
Objective:
To enable a Unix server for share folders
for Microsoft Windows machines with authentication
through Active Directory accounts used in the Windows
client session. 

 

Prerequisites:
Unix Solaris 8
gcc compiler
Samba 3
Kerberos 5
OpenLDAP 2.2
Windows 2000 Server Domain Controller

 

Proccess:
0. Get the software:
krb5-1.4.1-signed.tar   at
http://web.mit.edu/kerberos/www/

openldap-2.2.26.tar  at
http://www.openldap.org/software/download/

samba-3.0.14a.tar.gzat
http://us1.samba.org/samba/

 

0.1  Verify the gcc compiler (v.g. execute ‘type
gcc’; if the program exist, the instruction return the
path, for example /usr/local/bin)

0.2  Verify that env var CC point to
/usr/local/bin/gcc. (Make required modifies in the
file /etc/profile)

 

1.Unpack the files in a temp directory. Here is
used unixmachine# /export/programs/samba
tar xvf krb5-1.4.1-signed.tar
it creates the directory kerberos

tar xvf openldap-2.2.26.tar
it creates the directory openldap-2.2.26

tar xvf samba-3.0.14a.tar.gz
it creates the directory samba-3.0.14a

 

2.  Compile and install programs. Here is made the
explicit instruction that the programs be installed in
/home1/. Follow this order:

2.1.   Kerberos
  Locate in kerberos/krb5-1.4.1/src
  Execute 
./configure --prefix=/home1/kerberos5 \
CC=/usr/local/bin/gcc

make
make install

 
2.2.   OpenLDAP
  Locate in  openldap-2.2.26
  Execute
./configure --prefix=/home/openldap –-without-bdb \
–-disable-bdb –-enable-null

make depend
make 
make install

 
2.3.   Samba
  Locate in samba-3.0.14a/source
  Put this env vars:
export LDFLAGS=”-L/home1/openldap/lib –Wl,\
-R/home1/openldap/lib”

export CPPFLAGS=-I/home1/openldap/include

  Execute
./configure –prefix=/home1/samba –with-winbind \
–with-ads –with-ldap –with-krb5=/home1/kerberos5
make
make install


3.  Create a user account in your Windows 2000
Domain Controller with the same name that your machine
(use the lastname field). Enable option User cannot
change password y Password never expires. 

 

4.  Generate the keytab for Kerberos in your Win2k
Domain Controller:

C:\temp\ktpass –princ
host/[EMAIL PROTECTED] 
–mapuser unixmachine –pass password  
-out unixmachine.keytab

 
4.1.   Copy the file unixmachine.keytab to the
unixmachine under the directory /etc/krb5/ (It can  be
made with ftp o scp, depending of the unix server)
 
4.2.   Register the key in your unixmachine:
/home1/kerberos5/sbin/ktutil
ktutil: rkt /etc/krb5/unixmachine.keytab
ktutil: wkt /etc/krb5/krb5.keytab
ktutil: q

5.  Configure some env vars::
KRB5_CONFIG=/etc/krb5/krb5.conf
KRB5_KDC_PROFILE=/var/kerberos/krb5kdc/kdc.conf
DEFAULT_KEYTAB_NAME=/etc/krb5/krb5.keytab 
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local: \
/usr/local/include:/usr/local/lib:/usr/lib/iconv

export KRB5_CONFIG KRBR_KDC_PROFILE LD_LIBRARY_PATH \
DEFAULT_KEYTAB_NAME

 
6.  Generate libraries links for nsswitch

  Copy from 
/export/programas/samba/samba-3.0.14a/source/nsswitch
the file libnss_winbind.so to the directory /usr/lib

   Generate these soft links in /usr/lib/:
ln -s libnss_winbind.so libnss_winbind.so.1
ln –s libnss_winbind.so nss_winbind.so.1
ln –s libnss_winbind.so nss_winbind.so.2

 
7.  Generate in /etc/init.d/ the file samba:
--
#!/bin/sh
#
#
# This file should have uid root, gid sys and chmod 
# 744

#
if [ ! -d /usr/bin ]
then# /usr not mounted
exit
fi

killproc() {# kill the named process(es)
pid=`/usr/bin/ps -e |
 /usr/bin/grep -w $1 |
 /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
[ "$pid" != "" ] && kill $pid
}

# Start/stop processes required for samba server
case "$1" in

'start')
 /home1/samba/sbin/nmbd -D \
-l/home1/samba/var/log.%m
 /home1/samba/sbin/winbindd
 /home1/samba/sbin/smbd -D
   ;;

'stop')
   killproc nmbd
   killproc smbd
   killproc winbindd
   echo "Killing nmbd, smbd, winbindd OK..."
   ;;

'restart')
   killproc nmbd
   killproc smbd
   killproc winbindd
   echo "Killing OK..."

/home1/samba/sbin/nmbd -D \
-l/home1/samba/var/log.%m
/home1/samba/sbin/winbindd
/home1/samba/sbin/smbd -D

   echo "Starting Samba OK..."
   ;;

*)
   echo "Usage: /etc/init.d/samba { start | stop \
 | restart }"

   ;;

esac

---

Re: [Samba] Windows XP Cient Not Seeing Samba Shares

[Michel van der Klei]

On Fri, Aug 26, 2005 at 05:45:51PM -0600, Chris Cejka wrote:
> X-Mitch IT-MailScanner: Found to be clean
> X-MailScanner-From: [EMAIL PROTECTED]
> 
> I sent a message earlier in regards to this problem and got one response
> which did not fix the problem.  Can someone please help in fixing this
> problem.  I have a Windows XP professional Client that cannot see my Samba
> shares on a Unix AIX box.  Please look at my previous message for the
> details.

Well, Chris ... maybe you can give us some more details.

For example did you add your user to the smbpasswd file with smbpasswd,
what kind of error message do you receive  etc. etc.

Michel


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Windows XP Cient Not Seeing Samba Shares

[Chris Cejka]

Hello all,

 

I sent a message earlier in regards to this problem and got one response
which did not fix the problem.  Can someone please help in fixing this
problem.  I have a Windows XP professional Client that cannot see my Samba
shares on a Unix AIX box.  Please look at my previous message for the
details.

 

 

Thanks, 

 

Chris

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] OT - windows networking mail list

[Craig White]

On Fri, 2005-08-26 at 23:58 +0200, Geert Stappers wrote:
> On Fri, Aug 26, 2005 at 09:15:09AM +0200, Brendon Schafer wrote:
> > Craig White wrote:
> > 
> > >Is there a Windows mail list for Network Administrators similar to this
> > >where I can ask and monitor Windows networking discussions? I can't seem
> > >to find anything other than Microsoft sponsored news groups. Looking for
> > >a recommendation.
> > >
> > Do a search for winnt-l. I lurked on the list a few years ago. It wasn't 
> > sponsored/owned or anything by M$ back then, but I think they did 
> > monitor the list (rumours).
> 
> Is it  [EMAIL PROTECTED] 
> or should I search further?

thanks to Brendon - and to close the topic (sorry for the noise)



Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbclient & NT_STATUS_LOGON_FAILURE

[Michel van der Klei]

On Fri, Aug 26, 2005 at 06:47:17PM -0400, Jiann-Ming Su wrote:
> X-Mitch IT-MailScanner: Found to be clean
> X-MailScanner-From: [EMAIL PROTECTED]
> 
> I'm running smbclient 3.0.14a-Debian.  I'm trying to view shares on a
> Windows server on a Active Directory domain:
> 
>   $ smbclient //fileserver/ 
>   Password: 
>   session setup failed: NT_STATUS_LOGON_FAILURE

Hi,

IIRC you should use mount.cifs instead of smbclient on a ADS

Greetz,

Michel
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem Mappig Groups to shares

[William Marques]

Hi list,

I have a problem here that's make me insane...
I have to make a share only available to persons in a group, it means 
that the directory have to be 0770 permission o Linux, right?

Here is my situation:
I use samba with LDAP, and everithing is working fine.
With smbldap-tools, I created the group and with 
I see that it maps rigth to Unix Group:

grupoteste (S-1-5-21-980314579-3254781846-1046201792-3071) -> grupoteste

I putt all the people who should have acces to the share inside the 
group, as I can see with smbldap-groupshow grupoteste:


dn: cn=grupoteste,ou=Groups,dc=feam,dc=br
objectClass: posixGroup,sambaGroupMapping
cn: grupoteste
gidNumber: 1035
memberUid: william,lvlira
sambaSID: S-1-5-21-980314579-3254781846-1046201792-3071
sambaGroupType: 2
displayName: grupoteste
description: Local Unix group
with getent group grupoteste I have:
grupoteste:x:1035:william,lvlira

The share:
ls -ald /home/pasta-teste
drwxrwx---2 root grupoteste 4096 Ago 26 18:10 /home/pasta-teste/

In smb.conf:

[global]
   workgroup = HOSPITAL
   netbios name = FEAM001
   server string = Servidor FEAM
   encrypt passwords = Yes
   update encrypted = Yes

security = user
#   unix password sync = Yes
os level = 255
log level = 1
time server = yes
#time offset = 60
passwd program = /usr/local/sbin/smbldap-passwd -u %U
passwd chat = "Mudando a senha para*\nNew password*" %n\n "*Digite 
novamente a senha*" %n\n"

min passwd length = 6
   ldap passwd sync = yes
   passdb backend = ldapsam:ldap://127.0.0.1/
   ldap admin dn = cn=Manager,dc=feam,dc=br
   ldap suffix = dc=feam,dc=br
   ldap group suffix = ou=Groups
   ldap user suffix = ou=Users
   ldap machine suffix = ou=Computers
   ldap ssl = no
logon home =
logon path =
   log file = /var/log/samba/samba-all.log
   max log size = 0
   name resolve order = wins lmhosts host bcast
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   oplocks = yes
   veto oplock files = 
/*.idx/*.ind/*.IDX/*.IND/*.db/*.DB/*.mdb/*.MDB/*.px/*.PX/*.seq/*.SEQ/*.int/*.INT/

   read raw = yes
   write raw = yes
   max xmit = 65535
   dead time = 15
   getwd cache = yes
   logon script = %U.bat
   domain logons = Yes
   preferred master = Yes
   domain master = Yes
   dns proxy = No
   wins support = Yes
   printing = lprng
   preserve case = No
   short preserve case = No
   unix charset = UTF8
   display charset = UTF8
   dos charset = cp850

[pastateste]
comment = teste
path = /home/pasta-teste
create mask = 0770
force create mode = 0770
preserve case = yes

I have also tried put in the share:
valid users = +grupotest

But the same error occours:
I Can't open the share using samba...
In logs:

chdir (/home/pasta-teste) failed

Any clues about that?

Regards,

--
William Henrique Siqueira Marques
[EMAIL PROTECTED]





___ 
Yahoo! Acesso Grátis - Internet rápida e grátis. 
Instale o discador agora! http://br.acesso.yahoo.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbclient & NT_STATUS_LOGON_FAILURE

[Jiann-Ming Su]

I'm running smbclient 3.0.14a-Debian.  I'm trying to view shares on a
Windows server on a Active Directory domain:

  $ smbclient //fileserver/ 
  Password: 
  session setup failed: NT_STATUS_LOGON_FAILURE

I'm pretty sure the username and password is correct since it works
when I use a Windows client to connect to the fileserver.  What does
the NT_STATUS_LOGON_FAILURE mean in this context?  Is there something
obvious I'm missing?  I apologize if there isn't enough detail. 
Thanks for any tips.
-- 
Jiann-Ming Su
"I have to decide between two equally frightening options. 
 If I wanted to do that, I'd vote." --Duckman
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] OT - windows networking mail list

[Geert Stappers]

On Fri, Aug 26, 2005 at 09:15:09AM +0200, Brendon Schafer wrote:
> Craig White wrote:
> 
> >Is there a Windows mail list for Network Administrators similar to this
> >where I can ask and monitor Windows networking discussions? I can't seem
> >to find anything other than Microsoft sponsored news groups. Looking for
> >a recommendation.
> >
> Do a search for winnt-l. I lurked on the list a few years ago. It wasn't 
> sponsored/owned or anything by M$ back then, but I think they did 
> monitor the list (rumours).

Is it  [EMAIL PROTECTED] 
or should I search further?


St

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Login and logout auditing

[Michal Kurowski]

Fabiano Caixeta Duarte [EMAIL PROTECTED] wrote:
> 
> Is there a way of logging date/time/workstation/username for every logon 
> and logoff in a samba domain?
> 
> I realized that it isn't possible to use log level auth for this purpose.
> 
> I tried to use connections to netlogon service written on the logs. But I 
> realized that those connections are closed before the user logs out.
> 
> The main idea behind this is to have information enought to generate 
> reports about user profiling and machine usage.
> 
> Could anyone help me?

Use the "utmp" option in your smb.conf.
And then - "last" for your recording purposes.

Cheers,

-- 
Michal Kurowski
<[EMAIL PROTECTED]> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Renewing WINS entries

[Leon Stringer]

Hi,

I posted this ages ago (http://lists.samba.org/archive/samba/2004-
September/093635.html) and never solved the problem so I thought I'd ask
again as I've been digging deeper and have more information.

I'm using Samba as a WINS server but it's not working reliably. The
initial registration works fine on startup but renewals sometimes fail.

I tested with a server for which WINS wasn't resolving the name.

When Windows started it successfully registered its name with the WINS
server, i.e. tested successfully with nmblookup.

However, when I did 'nbtstat -RR' on the server this entry stopped
working, i.e. nmblookup no longer resolved the name.

I'm using Samba 3.0.4 and Red Hat 9. I realise this is an old version
but don't want to upgrade unless anyone is confident there's a fix in
there (I had a problematic upgrade once).

Thanks in advance for any help,

Leon...


***
This e-mail is confidential and privileged. If you are not the intended
recipient please accept our apologies; please do not disclose, copy or
distribute information in this e-mail or take any action in reliance on its
contents: to do so is strictly prohibited and may be unlawful. Please
inform us that this message has gone astray before deleting it. Thank you
for your co-operation.
***

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple instances of samba

[Denis Vlasenko]

On Friday 26 August 2005 15:50, Ed Curtis wrote:
>  I found instructions on how to start 2 instances of samba binding each
> instance to an individual ip address or interface on the server but it
> will only start the first insatnce I try.
>
> /usr/sbin/smbd -s /etc/samba/smb.conf.DOMAIN1
> /usr/sbin/nmbd -s /etc/samba/smb.conf.DOMAIN1
> /usr/sbin/smbd -s /etc/samba/smb.conf.DOMAIN2
> /usr/sbin/nmbd -s /etc/samba/smb.conf.DOMAIN2
>
> Only the DOMAIN1 will start. I get no errors when running the commands to
> start the second instance but it's not running.
>
>  Any ideas?

use strace, read the logs, read the manpages on smb.conf etc...
(I suspect second samba fails to open listening sockets)
--
vda
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cannot see the samba shares with Windows XP professional

[Michel van der Klei]

On Fri, Aug 26, 2005 at 02:44:08PM -0600, Chris Cejka wrote:
> X-Mitch IT-MailScanner: Found to be clean
> X-MailScanner-From: [EMAIL PROTECTED]
> 
> Hello,
> 
>  
> 
> My name is Chris and I'm new with Samba.  Currently, the problem I'm having
> is that I cannot see my samba shares from my Windows XP Professional
> workstation.  Below is a copy of my smb.conf file:
> 
> 
>   encrypt passwords = no

Windows XP uses encrypted passwords by default. 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

[Chris Cejka]

Hello,

 

My name is Chris and I'm new with Samba.  Currently, the problem I'm having
is that I cannot see my samba shares from my Windows XP Professional
workstation.  Below is a copy of my smb.conf file:

 

#=== Global Settings
=

[global]

  workgroup = na.dsmain.com

  server string = Samba Server

  load printers = yes

  printing = aix

  guest account = nobody

  log file = /var/samba/log/log.%m

  max log size = 50

  security = share

  encrypt passwords = no

  update encrypted = yes

  socket options = TCP_NODELAY

  dns proxy = no

 

# Share Definitions
==

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

 

 [printers]

   comment = All Printers

   path = /tmp

   browseable = yes

   guest ok = yes

   writable = no

   printable = yes

 

 [tmp]

   comment = Temporary file space

   path = /tmp

   read only = no

   public = yes

 

# ICIS Private Home directory set up

# Aaron

[Aaron]

   comment = Aaron's Directory

   path = /home/afilo

   valid users = afilo

   public = no

   writable = yes

   printable = no

 

# Chris

[Chris]

   comment = Chris's Directory

   path = /home/ccejka

   valid users = ccejka

   public = no

   writable = yes

   printable = no

# End ==

 

 

The following is the results of the command: smbclient -L rafiki -U%

 

added interface ip=166.34.206.78 bcast=166.34.207.255 nmask=255.255.252.0

added interface ip=166.37.40.115 bcast=166.37.40.127 nmask=255.255.255.192

added interface ip=166.37.40.54 bcast=166.37.40.63 nmask=255.255.255.192

Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.0.7]

 

Sharename  Type  Comment

-    ---

printers   Printer   All Printers

tmpDisk  Temporary file space

Aaron  Disk  Aaron's Directory

Chris  Disk  Chris's Directory

IPC$   IPC   IPC Service (Samba Server)

smoky  Printer

 

Server   Comment

----

COSNS01  Samba Server

DRACOSamba Server

RAFIKI   Samba Server

TIMONSamba Server

 

WorkgroupMaster

----

MYGROUP  TIMON

 

Host: rafiki, User: ccejka

 

 

Any help would certainly be appreciated!

 

 

Chris

 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Cannot see the samba shares with Windows XP professional

[Chris Cejka]

Hello,

 

My name is Chris and I'm new with Samba.  Currently, the problem I'm having
is that I cannot see my samba shares from my Windows XP Professional
workstation.  Below is a copy of my smb.conf file:

 

#=== Global Settings
=

[global]

  workgroup = na.dsmain.com

  server string = Samba Server

  load printers = yes

  printing = aix

  guest account = nobody

  log file = /var/samba/log/log.%m

  max log size = 50

  security = share

  encrypt passwords = no

  update encrypted = yes

  socket options = TCP_NODELAY

  dns proxy = no

 

# Share Definitions
==

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

 

 [printers]

   comment = All Printers

   path = /tmp

   browseable = yes

   guest ok = yes

   writable = no

   printable = yes

 

 [tmp]

   comment = Temporary file space

   path = /tmp

   read only = no

   public = yes

 

# ICIS Private Home directory set up

# Aaron

[Aaron]

   comment = Aaron's Directory

   path = /home/afilo

   valid users = afilo

   public = no

   writable = yes

   printable = no

 

# Chris

[Chris]

   comment = Chris's Directory

   path = /home/ccejka

   valid users = ccejka

   public = no

   writable = yes

   printable = no

# End ==

 

 

The following is the results of the command: smbclient -L rafiki -U%

 

added interface ip=166.34.206.78 bcast=166.34.207.255 nmask=255.255.252.0

added interface ip=166.37.40.115 bcast=166.37.40.127 nmask=255.255.255.192

added interface ip=166.37.40.54 bcast=166.37.40.63 nmask=255.255.255.192

Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.0.7]

 

Sharename  Type  Comment

-    ---

printers   Printer   All Printers

tmpDisk  Temporary file space

Aaron  Disk  Aaron's Directory

Chris  Disk  Chris's Directory

IPC$   IPC   IPC Service (Samba Server)

smoky  Printer

 

Server   Comment

----

COSNS01  Samba Server

DRACOSamba Server

RAFIKI   Samba Server

TIMONSamba Server

 

WorkgroupMaster

----

MYGROUP  TIMON

 

Host: rafiki, User: ccejka

 

 

Any help would certainly be appreciated!

 

 

Chris

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] profiles, profdata & homes

[Geert Stappers]

On Fri, Aug 26, 2005 at 12:14:01PM -0600, John H Terpstra wrote:
> On Friday 26 August 2005 11:44, Geert Stappers wrote:
  [homes] [profiles] [profdata] 
> > (profdata is common keyword on the search engines)
> >
> > Is there a document that describes the logon proces?
> > (less detailed that the source code of samba? ;-)
> 
> Geert,
> 
> This has nothing to do with the login process. I used the 'profdat'  share as 
> an example in my book "Samba-3 By Example" to demonstrate how it is possible 
> to implement folder redirection. Check chapter 5 of my book, available 
> on-line at:
> 
> http://www.samba.org/samba/docs/Samba3-ByExample.pdf
> 
> Folder redirection makes the loading of roaming profiles snappy and fast 
> because it is not necessary to transfer the entire contents of the profile 
> folders over the network. Also, because the profile is reduced to a very 
> basic information set, it is possible to do away with roaming profiles and 
> instead just have a global Network Default User profile that uses folder 
> redirection. Again, read through chapter 5.


Mmm, again tricked by an optimalization
( http://lists.samba.org/archive/samba/2005-August/109681.html
  Now I get it, I did see a strange single trail, but it are several
  trails.  ( s/trail/configuration/ ) )


What about this patch?
--- MASSIVE/smb.conf
+++ MASSIVE/smb.conf
@@ -98,6 +98,7 @@

 [profdata]
comment = Profile Data Share
+   # for folder redirection
path = /var/lib/samba/profdata
read only = No
profile acls = Yes



Cheers
Geert Stappers
rereading chapter 5




signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC logon without connexion

[Tomasz Chmielewski]

Paul Gienger schrieb:

By default, you can logon 10 times without a network connection.
You can set it up to 50, or set to 0 if you don't like it.



This can't possibly be accurate.  I've got people here with laptops that
haven't touched our network in months and reboot their machine every day.

Ok, I dug around in the Local Security policy and it doesn't appear (to me)
to be the number of login sessions to allow for a particular user, but the
number of users to remember.  S, you can have 10 (the last 10) users
able to log in on your machine in case the DC is unavailable.

There is another option to 'require domain controller auth to unlock
workstation.  You might want to try that if you want to disable the feature.


I haven't tried that, but 10 is what Microsoft documentation says:

http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/gp/579.asp

Number of previous logons to cache (in case domain controller is not 
available)


(...)

In this policy setting, a value of 0 disables logon caching. Any value 
above 50 will only cache 50 logon attempts. For servers, this policy is 
defined by default in Local Computer Policy and the default value is 10 
logons.



--
Tomek
http://wpkg.org
Automated software deployment with Samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC logon without connexion

[Tomasz Chmielewski]

Bruno Guerreiro schrieb:

Hi,
I think it's more than 10 times.
I've logged on much more than that in my notebook during vacations, and it
always worked.


It's possible that you have it higher, or for laptops it works somehow 
different.


http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/gp/579.asp

Number of previous logons to cache (in case domain controller is not 
available)


Computer Configuration\Windows Settings\Security Settings\Local 
Policies\Security Options

Description

Determines the number of user logons to a Windows domain that are cached.

Windows 2000 caches previous users' logon information locally so that 
they will be able to log on in the event that a domain controller is 
unavailable during subsequent logon attempts. If a domain controller is 
unavailable and a user's logon information is cached, the user will be 
prompted with a dialog that reads:


A domain controller for your domain could not be contacted. You have 
been logged on using cached account information. Changes to your profile 
since you last logged on may not be available.


If a domain controller is unavailable and a user's logon information is 
not cached, the user is prompted with this message:


The system cannot log you on now because the domain  is not 
available.


In this policy setting, a value of 0 disables logon caching. Any value 
above 50 will only cache 50 logon attempts. For servers, this policy is 
defined by default in Local Computer Policy and the default value is 10 
logons.


--
Tomek
http://wpkg.org
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Login and logout auditing

[Fabiano Caixeta Duarte]

Hi all!

Is there a way of logging date/time/workstation/username for every logon 
and logoff in a samba domain?


I realized that it isn't possible to use log level auth for this purpose.

I tried to use connections to netlogon service written on the logs. But I 
realized that those connections are closed before the user logs out.


The main idea behind this is to have information enought to generate 
reports about user profiling and machine usage.


Could anyone help me?

Thanks in advance!

--
Fabiano Caixeta Duarte
Seção Técnica de Informática
FEA-RP/USP-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem to delete directory in samba (on solaris 2.x)

[SALOME Alexandre]

 

Hello!

I am use samba 2.2.2 on solaris8 and 2.2.11 on solaris9. My user can create
directory and files. When they try delete a directory (create by theirself),
give a message "accesso denied". If they connect directly on solaris and
execute the command "rm -r", it´s work. What variable I must put in smb.conf
to permit that they can delete their directory?

 

My smb.conf is:

 

# Samba config file created using SWAT

# Global parameters

[global]

workgroup = COMAU

server string = Comau do Brasil - servidor %L versao %v

security = user

encrypt passwords = Yes

unix password sync = Yes

update encrypted = Yes

username map = /etc/smbusers   

restrict anonymous = Yes

log file = /usr/local/samba/var/log/log.%m

max log size = 500

comment = SAMBA %v

invalid users = root @root @sys reboot desliga

create mask = 0777

force create mode = 0777

directory mask = 0777

hosts allow = 172.18.150. 172.18.151. 172.18.152. 172.18.153.

browseable = No

hide dot files = yes

 

 

[processo]

comment = usuario restritos processo

path = /usr/processo

writeable = Yes

create mask = 0777

force create mode = 0777

directory mask = 0777

browseable = No

valid users =  @processo

Thanks

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Groupmapping problems in 3.0.20

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas Bork wrote:
> Gerald (Jerry) Carter wrote:
> 
>>> Cannot reproduce this with 3.0.20 (unpatched):
>> It was pretty easy to reproduce for me.  Are you using ldapsam?
> 
> No - smbpasswd. I double checked this, cannot reproduce the error
> (output from 'net rpc group list') with the unpatched sources.

new patch posted.  The bug only existed in the ldapsam code.
So there is no change when not using ldap.

Thanks.  I would have missed this without your help.






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDD2ayIR7qMdg1EfYRAr+kAJ9sm0Gg0oYc7bKitSrEixj/Wv5cQQCeNGd4
llpTmfwipUCcD4HRAv52rjI=
=eJhU
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] net ads join error

[Theodore Jencks]

So now it looks like I can join the domain however I get the following
output.  Seems like there might be an issue with samba-3.0.20 and the
new GCC 4 and glibc.

Any idea's possibilities?  I'm also not quite sure my previous problem
went away the only thing I changed was adding my kdc server into the
samba lmhosts file.

Regards,
Theo



[EMAIL PROTECTED] samba]# net ads join -U tjencks%PASSWD
Using short domain name -- HQ
Joined 'THEO' to realm 'HQ.NAVIS.NET'
*** glibc detected *** net: free(): invalid pointer: 0x007eedb0 ***
=== Backtrace: =
/lib/libc.so.6[0x415124]
/lib/libc.so.6(__libc_free+0x77)[0x41565f]
/lib/libcom_err.so.2(remove_error_table+0x4b)[0x111abb]
/usr/lib/libkrb5.so.3[0x78c8c4]
/usr/lib/libkrb5.so.3[0x78c5c7]
/usr/lib/libkrb5.so.3[0x7dd9da]
/lib/ld-linux.so.2[0xb9e2d8]
/lib/libc.so.6(exit+0xc5)[0x3dcba9]
/lib/libc.so.6(__libc_start_main+0xe7)[0x3c6d67]
net[0x1dc941]
=== Memory map: 
00111000-00113000 r-xp  08:02 1653405/lib/libcom_err.so.2.1
00113000-00114000 rw-p 1000 08:02 1653405/lib/libcom_err.so.2.1
00114000-00129000 r-xp  08:05 68293
/usr/lib/libsasl2.so.2.0.20
00129000-0012a000 rw-p 00015000 08:05 68293
/usr/lib/libsasl2.so.2.0.20
0012a000-0013c000 r-xp  08:05 67504
/usr/lib/libz.so.1.2.2.2
0013c000-0013d000 rw-p 00011000 08:05 67504
/usr/lib/libz.so.1.2.2.2
0013d000-0013f000 r-xp  08:05 129857
/usr/lib/gconv/UTF-16.so
0013f000-00141000 rw-p 1000 08:05 129857
/usr/lib/gconv/UTF-16.so
00141000-00143000 r-xp  08:05 129764
/usr/lib/gconv/IBM850.so
00143000-00145000 rw-p 1000 08:05 129764
/usr/lib/gconv/IBM850.so
00145000-0014e000 r-xp  08:02 1653268
/lib/libnss_files-2.3.5.so
0014e000-0014f000 r--p 8000 08:02 1653268
/lib/libnss_files-2.3.5.so
0014f000-0015 rw-p 9000 08:02 1653268
/lib/libnss_files-2.3.5.so
0015-00159000 r-xp  08:02 1653361
/lib/libgcc_s-4.0.1-20050727.so.1
00159000-0015a000 rw-p 9000 08:02 1653361
/lib/libgcc_s-4.0.1-20050727.so.1
001ad000-0039 r-xp  08:05 1945158/usr/bin/net
0039-003a1000 rw-p 001e2000 08:05 1945158/usr/bin/net
003a1000-003b2000 rw-p 003a1000 00:00 0 
003b2000-004d5000 r-xp  08:02 1653269/lib/libc-2.3.5.so
004d5000-004d7000 r--p 00123000 08:02 1653269/lib/libc-2.3.5.so
004d7000-004d9000 rw-p 00125000 08:02 1653269/lib/libc-2.3.5.so
004d9000-004db000 rw-p 004d9000 00:00 0 
004db000-005d3000 r-xp  08:02 1653406
/lib/libcrypto.so.0.9.7f
005d3000-005e5000 rw-p 000f8000 08:02 1653406
/lib/libcrypto.so.0.9.7f
005e5000-005e8000 rw-p 005e5000 00:00 0 
0077d000-007ec000 r-xp  08:05 67813  /usr/lib/libkrb5.so.3.2
007ec000-007ef000 rw-p 0006e000 08:05 67813  /usr/lib/libkrb5.so.3.2
0084b000-0084c000 r-xp 0084b000 00:00 0 
00889000-0088b000 r-xp  08:05 67792
/usr/lib/libkrb5support.so.0.0
0088b000-0088c000 rw-p 1000 08:05 67792
/usr/lib/libkrb5support.so.0.0
008a8000-008aa000 r-xp  08:02 1653327/lib/libdl-2.3.5.so
008aa000-008ab000 r--p 1000 08:02 1653327/lib/libdl-2.3.5.so
008ab000-008ac000 rw-p 2000 08:02 1653327/lib/libdl-2.3.5.so
00924000-0092b000 r-xp  08:05 67239
/usr/lib/libpopt.so.0.0.0
0092b000-0092c000 rw-p 6000 08:05 67239
/usr/lib/libpopt.so.0.0.0
009de000-009eb000 r-xp  08:05 67393
/usr/lib/liblber-2.2.so.7.0.16
009eb000-009ec000 rw-p c000 08:05 67393
/usr/lib/liblber-2.2.so.7.0.16
00a79000-00a88000 r-xp  08:02 1653392/lib/libresolv-2.3.5.so
00a88000-00a89000 r--p e000 08:02 1653392/lib/libresolv-2.3.5.so
00a89000-00a8a000 rw-p f000 08:02 1653392/lib/libresolv-2.3.5.so
00a8a000-00a8c000 rw-p 00a8a000 00:00 0 
00ad6000-00ae8000 r-xp  08:02 1653234/lib/libnsl-2.3.5.so
00ae8000-00ae9000 r--p 00011000 08:02 1653234/lib/libnsl-2.3.5.so
00ae9000-00aea000 rw-p 00012000 08:02 1653234/lib/libnsl-2.3.5.so
00aea000-00aec000 rw-p 00aea000 00:00 0 
00b14000-00b2b000 r-xp  08:05 67850
/usr/lib/libgssapi_krb5.so.2.2
00b2b000-00b2c000 rw-p 00017000 08:05 67850
/usr/lib/libgssapi_krb5.so.2.2
00b9-00baa000 r-xp  08:02 1653266/lib/ld-2.3.5.so
00baa000-00bab000 r--p 00019000 08:02 1653266/lib/ld-2.3.5.so
00bab000-00bac000 rw-p 0001a000 08:02 1653266/lib/ld-2.3.5.so
00c88000-00cab000 r-xp  08:05 67807  /uAborted
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] net ads join error

[Theodore Jencks]

If you run this command: net ads join -U admin%pass  There is nothing
logged in smbd.log.

Regards,
Theo

-Original Message-
From: Kevin Wilson [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 26, 2005 11:07 AM
To: Theodore Jencks
Cc: 'samba@lists.samba.org'
Subject: RE: [Samba] net ads join error

in smb.conf add line

log level = 10 

then restart nmb, smb and winbind.


-Original Message-
From: Theodore Jencks [mailto:[EMAIL PROTECTED]
Sent: Friday, August 26, 2005 1:03 PM
To: samba@lists.samba.org
Subject: RE: [Samba] net ads join error


Where would I find the log for this?  How would I set the debug level to
10 on a Redhat system?

Regards,
Theo

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 26, 2005 10:11 AM
To: Theodore Jencks
Cc: samba@lists.samba.org
Subject: Re: [Samba] net ads join error

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Theodore Jencks wrote:
> Compiling version 3.0.20 from source on RedHat Fedora Core 4
everything
> seems to go smoothly.  However upon trying to join a 2000 domain with
> the following command "net ads join -U Administrator%Password 'OU'"  I
> get the following error:
> 
>  
> 
> [2005/08/26 09:43:56, 0] utils/net_ads.c:ads_startup(191)
> 
>   ads_connect: No such file or directory
> 
>  
> 
> I have checked my smb.conf file with the testparm utility and Kerberos
> seems to be working fine using kinit.  Does anyone have any info on
this
> error or how to workaround/fix the problem.

Better look at a level 10 debug log fron the 'net join' to see
why the error is being generated.  That's my advice at least.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDD007IR7qMdg1EfYRAnPmAKCOwcriQUybsEUZv398ALHjEKAXkwCg3o2X
JeTTF775me+aSUqskFX0dhQ=
=w6Py
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Groupmapping problems in 3.0.20

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas Bork wrote:
> Gerald (Jerry) Carter wrote:
> 
>>> Cannot reproduce this with 3.0.20 (unpatched):
>> It was pretty easy to reproduce for me.  Are you using ldapsam?
> 
> No - smbpasswd. I double checked this, cannot reproduce the error
> (output from 'net rpc group list') with the unpatched sources.

Yup.  Reproduced it.  grrr ok.  Now for a fix.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDD14vIR7qMdg1EfYRAn7qAJ94OcURXzG1Z8jyKtVszcx93C1yNgCcCx46
eRRvBk9U2wNHcPBXsL3JPDs=
=94vR
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] profiles, profdata & homes

[John H Terpstra]

On Friday 26 August 2005 11:44, Geert Stappers wrote:
> Hello,
>
> Due the trees, I can't see the forest.
>
> I understand the concept of home directories on the file server
> becoming a share for the user on the smb-client computer.
>
> I have a vague idea of "profiles", but I'm lost at "profdata".
> How does that last one fit in? Where can I read more about it?
> (profdata is common keyword on the search engines)
>
> Is there a document that describes the logon proces?
> (less detailed that the source code of samba? ;-)

Geert,

This has nothing to do with the login process. I used the 'profdat'  share as 
an example in my book "Samba-3 By Example" to demonstrate how it is possible 
to implement folder redirection. Check chapter 5 of my book, available 
on-line at:

http://www.samba.org/samba/docs/Samba3-ByExample.pdf

Folder redirection makes the loading of roaming profiles snappy and fast 
because it is not necessary to transfer the entire contents of the profile 
folders over the network. Also, because the profile is reduced to a very 
basic information set, it is possible to do away with roaming profiles and 
instead just have a global Network Default User profile that uses folder 
redirection. Again, read through chapter 5.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] On the fly Machine accounts

[Eric Feldhusen]

Craig White wrote:

On Fri, 2005-08-26 at 12:48 -0400, Eric Feldhusen wrote:

John H Terpstra wrote:

On Friday 26 August 2005 10:07, Paul Gienger wrote:
What is your OS platform? Does it implement controls over permitted home 
directories and shells that can be specified to the useradd command? 

More than one Linux distro will NOT permit the creation of a user account 
(that is what a Windows domain member trust account is on the UNIX host) with 
a shell other than what is defined in /etc/shells, and some will not permit a 
home directory that consists of /dev/null. 

If your Linux distro has paranoid controls like that, a work around is 
necessary. Here is a possible work-around:


add machine script = /usr/sbin/useradd -d /var/nodirs -g computers 
-s /bin/false '%u'


Note that the %u is quoted with single quotes. 


Add to the /etc/shells:  /bin/false

Create the directory /var/nodirs with permissions set:
chown root:root /var/nodirs
chmod 550 /var/nodirs

In other words,  all access to /var/nodirs prevents user ability to write to 
the directory. It should also have no contents.


- John T.


Will this work with Redhat Enterprise 3 & 4? Just curious, and I'm not 
in a position to check at the moment.


RHEL 3/4 support invalid shells and home directory of /dev/null so this
workaround shouldn't be necessary
Craig


But, from experience, RHEL3/4 doesn't support usernames with a $ at the 
end.  The reasoning I've heard was it's not POSIX compliant.  The fix 
I've heard to do with replace the shadow-utils rpm in RHEL4 with the 
shadow-utils rpm from Fedora Core 3, but I do so hate to mix and match 
rpms considering I help manage nearly 100 servers with other people, so 
I like to keep them "standard" as much as possible.


--
Eric Feldhusen
System Administrator http://www.remc1.org
PO Box 270  (906) 482-4520  x239
809 Hecla St(906) 482-5031 fax
Hancock, MI  49930  (906) 370 6202 mobile
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] net ads join error

[Kevin Wilson]

in smb.conf add line

log level = 10 

then restart nmb, smb and winbind.


-Original Message-
From: Theodore Jencks [mailto:[EMAIL PROTECTED]
Sent: Friday, August 26, 2005 1:03 PM
To: samba@lists.samba.org
Subject: RE: [Samba] net ads join error


Where would I find the log for this?  How would I set the debug level to
10 on a Redhat system?

Regards,
Theo

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 26, 2005 10:11 AM
To: Theodore Jencks
Cc: samba@lists.samba.org
Subject: Re: [Samba] net ads join error

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Theodore Jencks wrote:
> Compiling version 3.0.20 from source on RedHat Fedora Core 4
everything
> seems to go smoothly.  However upon trying to join a 2000 domain with
> the following command "net ads join -U Administrator%Password 'OU'"  I
> get the following error:
> 
>  
> 
> [2005/08/26 09:43:56, 0] utils/net_ads.c:ads_startup(191)
> 
>   ads_connect: No such file or directory
> 
>  
> 
> I have checked my smb.conf file with the testparm utility and Kerberos
> seems to be working fine using kinit.  Does anyone have any info on
this
> error or how to workaround/fix the problem.

Better look at a level 10 debug log fron the 'net join' to see
why the error is being generated.  That's my advice at least.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDD007IR7qMdg1EfYRAnPmAKCOwcriQUybsEUZv398ALHjEKAXkwCg3o2X
JeTTF775me+aSUqskFX0dhQ=
=w6Py
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] On the fly Machine accounts

[John H Terpstra]

On Friday 26 August 2005 10:48, Eric Feldhusen wrote:
> John H Terpstra wrote:
> > On Friday 26 August 2005 10:07, Paul Gienger wrote:
> >>Many people on this list.
> >
> > What is your OS platform? Does it implement controls over permitted home
> > directories and shells that can be specified to the useradd command?
> >
> > More than one Linux distro will NOT permit the creation of a user account
> > (that is what a Windows domain member trust account is on the UNIX host)
> > with a shell other than what is defined in /etc/shells, and some will not
> > permit a home directory that consists of /dev/null.
> >
> > If your Linux distro has paranoid controls like that, a work around is
> > necessary. Here is a possible work-around:
> >
> > add machine script = /usr/sbin/useradd -d /var/nodirs -g computers
> > -s /bin/false '%u'
> >
> > Note that the %u is quoted with single quotes.
> >
> > Add to the /etc/shells:  /bin/false
> >
> > Create the directory /var/nodirs with permissions set:
> > chown root:root /var/nodirs
> > chmod 550 /var/nodirs
> >
> > In other words,  all access to /var/nodirs prevents user ability to write
> > to the directory. It should also have no contents.
> >
> > - John T.
>
> Will this work with Redhat Enterprise 3 & 4? Just curious, and I'm not
> in a position to check at the moment.

Why do you ask? Why do you suspect it will not?

All I suggested is that you need to establish the capabilities of the specific 
implementation of the useradd command on your platform of choice. Samba can 
not solve a limitation that is caused by one of the basic utilities that is 
part of the operating system platform.

Debian and Red Hat have at times had paranoid restrictions in their useradd 
toolsets. I do not remember which versions and releases, but I do know that 
there were some updates that later removed some of the restrictions. The 
right answer is, try running useradd from the command line, like this:

useradd -d /dev/null -s /bin/false jim

If it works, you are in good shape. If not, find an alternative way to achieve 
the same result.

Each Linux distribution is a little different. Sometimes, just to keep ahead 
of the pack, a distribution vendor will adopt a particular nuance of paranoia 
that breaks the world apart. That's life, and fortunately, with Linux it is 
not terminal - you can always replace the problematic component.

If your platform of choice is limited in any way, and you want automated 
computer account creation to work correctly, you will need to find an 
alternative method. Why will an alternative method not work? I am perplexed 
by the question. Apologies if I have misundertsood you.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba clients fail after reboot

[Kevin Wilson]

Yep, and you will sometimes succeed and sometimes fail. Just be sure to stop
all the services, do the join then start all the services in their proper
order and that usually allows you to pull a good list.

-Original Message-
From: Leen Toelen [mailto:[EMAIL PROTECTED]
Sent: Friday, August 26, 2005 12:55 PM
To: Kevin Wilson
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba clients fail after reboot


Hi,

I remove the security update from out w2k pdc, and rebooted it. After
I remove the linux client from the domain, do a  net join (which
succeeds), the linux client shows up again in the domain. wbinfo -u
gets an "Ertror looking up domain users" again.

Regards,
Leen

On 8/26/05, Leen Toelen <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> in the thread a solution is not mentioned. Did you roll back the
> update on the w2k box, or change the samba confi.
> 
> On a sidenote, is it better to use security = ads and configure
> kerberos, or still use security = domain and use the net rpc commands?
> 
> Regards,
> Leen
> 
> On 8/26/05, Kevin Wilson <[EMAIL PROTECTED]> wrote:
> > Please follow this thread:
> >
> > Subject = "[Samba] wbinfo can not convert User names and Group name to S
ID"
> >
> > -Original Message-
> > From: Leen Toelen [mailto:[EMAIL PROTECTED]
> > Sent: Friday, August 26, 2005 12:14 PM
> > To: samba@lists.samba.org
> > Subject: [Samba] Samba clients fail after reboot
> >
> >
> > Hi all,
> >
> > since three weeks ago, whenever one of our Linux client gets rebooted,
> > it can't get access to a W2K domain anymore. Everything is working,
> > nothing is changed in the configs, the Linux machines are simply
> > rebooted. Does anyone know whether tehre is a security update or so on
> > w2K that causes this? Another strange thing is that once in a while
> > for an unknown reason loggin in to the linux box works again and 10
> > minutes later it stops without touching the box.
> >
> >
> > On the domain controller I get in the event viewer:
> > The session setup from the computer LNXSRV failed to authenticate. The
> > name of the account referenced in the security database is LNXSRV$.
> > The following error occurred:
> > Access is denied.
> >
> > On the linux side I get:
> >
> > # wbinfo --sequence
> > PEAK4S : 1
> > BUILTIN : 1
> > PEAKADILLY : DISCONNECTED
> >
> > # wbinfo -D PEAKADILLY
> > Name  : PEAKADILLY
> > Alt_Name  : PEAKADILLY.LOCAL
> > SID   : S-1-5-21-725345543-813497703-839522115
> > Active Directory  : Yes
> > Native: No
> > Primary   : Yes
> > Sequence  : -1
> >
> > # wbinfo -u
> > Error looking up domain users
> >
> > # wbinfo -g
> > BUILTIN\System Operators
> > BUILTIN\Replicators
> > BUILTIN\Guests
> > BUILTIN\Power Users
> > BUILTIN\Print Operators
> > BUILTIN\Administrators
> > BUILTIN\Account Operators
> > BUILTIN\Backup Operators
> > BUILTIN\Users
> >
> > Any idea anyone?
> >
> > Regards,
> > Leen Toelen
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba clients fail after reboot

[Kevin Wilson]

Jerry Carter (from Samba) picked up on the thread and is testing 3.0.20 to
see if it works. The only thing we did was bring up a AD-PDC that does not
include the August 9th security fix from MS. While we can access our shares
now the wbinfo commands do not work 100%. I believe this is simply due to
our secondary DC that still has the Aug 9th fix in it is queried/answers
first.

As for your second question, I can't answer it. Maybe someone else would be
able to give you the 411.

-Original Message-
From: Leen Toelen [mailto:[EMAIL PROTECTED]
Sent: Friday, August 26, 2005 12:38 PM
To: Kevin Wilson
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba clients fail after reboot


Hi,

in the thread a solution is not mentioned. Did you roll back the
update on the w2k box, or change the samba confi.

On a sidenote, is it better to use security = ads and configure
kerberos, or still use security = domain and use the net rpc commands?

Regards,
Leen

On 8/26/05, Kevin Wilson <[EMAIL PROTECTED]> wrote:
> Please follow this thread:
> 
> Subject = "[Samba] wbinfo can not convert User names and Group name to S
ID"
> 
> -Original Message-
> From: Leen Toelen [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 26, 2005 12:14 PM
> To: samba@lists.samba.org
> Subject: [Samba] Samba clients fail after reboot
> 
> 
> Hi all,
> 
> since three weeks ago, whenever one of our Linux client gets rebooted,
> it can't get access to a W2K domain anymore. Everything is working,
> nothing is changed in the configs, the Linux machines are simply
> rebooted. Does anyone know whether tehre is a security update or so on
> w2K that causes this? Another strange thing is that once in a while
> for an unknown reason loggin in to the linux box works again and 10
> minutes later it stops without touching the box.
> 
> 
> On the domain controller I get in the event viewer:
> The session setup from the computer LNXSRV failed to authenticate. The
> name of the account referenced in the security database is LNXSRV$.
> The following error occurred:
> Access is denied.
> 
> On the linux side I get:
> 
> # wbinfo --sequence
> PEAK4S : 1
> BUILTIN : 1
> PEAKADILLY : DISCONNECTED
> 
> # wbinfo -D PEAKADILLY
> Name  : PEAKADILLY
> Alt_Name  : PEAKADILLY.LOCAL
> SID   : S-1-5-21-725345543-813497703-839522115
> Active Directory  : Yes
> Native: No
> Primary   : Yes
> Sequence  : -1
> 
> # wbinfo -u
> Error looking up domain users
> 
> # wbinfo -g
> BUILTIN\System Operators
> BUILTIN\Replicators
> BUILTIN\Guests
> BUILTIN\Power Users
> BUILTIN\Print Operators
> BUILTIN\Administrators
> BUILTIN\Account Operators
> BUILTIN\Backup Operators
> BUILTIN\Users
> 
> Any idea anyone?
> 
> Regards,
> Leen Toelen
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: net rpc rights command

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Michael Lueck wrote:
> Pau Garcia i Quiles wrote:
> 
>> The problem was I had "invalid users = root" in my smb.conf (this
>> comes by
>> default in Debian). I just commmented that line and the problem
>> disappeared.
> 
> They do that by DEFAULT now?!?!? aa, at least when I came up with
> the core of our Samba config standard a year and a quarter ago, that
> spells death for getting the M$ Add Printer Wizard driver upload to work
> properly... at least that is what I remember the affect being. Though no
> person in their right mind would log in to a Windows box as an ID "root"
> expecting it to be a domain account, thus it "should" be safe to set
> that user as invalid, it seemed to really do some evil things to Samba's
> internal security thinking.
> 
> Samba folks, feel free to correct me if I am all wet about setting root
> as an invalid user. Personally I would lean towards that setting Debian
> is said to be using.

Sorry Michael.  You are wrong here.

Prior to 3.0.11, just placing 'printer admin = +ntadmin' in [global]
was enough.  >= 3.0.11 you just assign the SePrintOperatorPrivilege
to a group.

'root' has never been 100% necessary for print management.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDD1j7IR7qMdg1EfYRAjQ1AJ41L6CU6OEjI1ZxNPK0Gv9319Z/cQCeKu70
1VcCQh/SMmyQG7yAJXR0VGs=
=58y/
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] net ads join error

[Theodore Jencks]

Where would I find the log for this?  How would I set the debug level to
10 on a Redhat system?

Regards,
Theo

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 26, 2005 10:11 AM
To: Theodore Jencks
Cc: samba@lists.samba.org
Subject: Re: [Samba] net ads join error

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Theodore Jencks wrote:
> Compiling version 3.0.20 from source on RedHat Fedora Core 4
everything
> seems to go smoothly.  However upon trying to join a 2000 domain with
> the following command "net ads join -U Administrator%Password 'OU'"  I
> get the following error:
> 
>  
> 
> [2005/08/26 09:43:56, 0] utils/net_ads.c:ads_startup(191)
> 
>   ads_connect: No such file or directory
> 
>  
> 
> I have checked my smb.conf file with the testparm utility and Kerberos
> seems to be working fine using kinit.  Does anyone have any info on
this
> error or how to workaround/fix the problem.

Better look at a level 10 debug log fron the 'net join' to see
why the error is being generated.  That's my advice at least.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDD007IR7qMdg1EfYRAnPmAKCOwcriQUybsEUZv398ALHjEKAXkwCg3o2X
JeTTF775me+aSUqskFX0dhQ=
=w6Py
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] profiles, profdata & homes

[awilliam]

I understand the concept of home directories on the file server
becoming a share for the user on the smb-client computer.
I have a vague idea of "profiles", but I'm lost at "profdata".
How does that last one fit in? Where can I read more about it?
(profdata is common keyword on the search engines)


profdata?  I've been running a Samba DC with LDAP support since 2.2.1a and I
don't recall every seeing that term.


Is there a document that describes the logon proces?
(less detailed that the source code of samba? ;-)


Any good Windows Administration text.  You need to understand what the
workstation wants, and the workstation is a Windows box.


This message was sent using IMP, the Internet Messaging Program.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba clients fail after reboot

[Leen Toelen]

Hi,

I remove the security update from out w2k pdc, and rebooted it. After
I remove the linux client from the domain, do a  net join (which
succeeds), the linux client shows up again in the domain. wbinfo -u
gets an "Ertror looking up domain users" again.

Regards,
Leen

On 8/26/05, Leen Toelen <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> in the thread a solution is not mentioned. Did you roll back the
> update on the w2k box, or change the samba confi.
> 
> On a sidenote, is it better to use security = ads and configure
> kerberos, or still use security = domain and use the net rpc commands?
> 
> Regards,
> Leen
> 
> On 8/26/05, Kevin Wilson <[EMAIL PROTECTED]> wrote:
> > Please follow this thread:
> >
> > Subject = "[Samba] wbinfo can not convert User names and Group name to S ID"
> >
> > -Original Message-
> > From: Leen Toelen [mailto:[EMAIL PROTECTED]
> > Sent: Friday, August 26, 2005 12:14 PM
> > To: samba@lists.samba.org
> > Subject: [Samba] Samba clients fail after reboot
> >
> >
> > Hi all,
> >
> > since three weeks ago, whenever one of our Linux client gets rebooted,
> > it can't get access to a W2K domain anymore. Everything is working,
> > nothing is changed in the configs, the Linux machines are simply
> > rebooted. Does anyone know whether tehre is a security update or so on
> > w2K that causes this? Another strange thing is that once in a while
> > for an unknown reason loggin in to the linux box works again and 10
> > minutes later it stops without touching the box.
> >
> >
> > On the domain controller I get in the event viewer:
> > The session setup from the computer LNXSRV failed to authenticate. The
> > name of the account referenced in the security database is LNXSRV$.
> > The following error occurred:
> > Access is denied.
> >
> > On the linux side I get:
> >
> > # wbinfo --sequence
> > PEAK4S : 1
> > BUILTIN : 1
> > PEAKADILLY : DISCONNECTED
> >
> > # wbinfo -D PEAKADILLY
> > Name  : PEAKADILLY
> > Alt_Name  : PEAKADILLY.LOCAL
> > SID   : S-1-5-21-725345543-813497703-839522115
> > Active Directory  : Yes
> > Native: No
> > Primary   : Yes
> > Sequence  : -1
> >
> > # wbinfo -u
> > Error looking up domain users
> >
> > # wbinfo -g
> > BUILTIN\System Operators
> > BUILTIN\Replicators
> > BUILTIN\Guests
> > BUILTIN\Power Users
> > BUILTIN\Print Operators
> > BUILTIN\Administrators
> > BUILTIN\Account Operators
> > BUILTIN\Backup Operators
> > BUILTIN\Users
> >
> > Any idea anyone?
> >
> > Regards,
> > Leen Toelen
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Uploading printer drivers to Samba from XP SP2

[Jean-François Rouanet]

Hello all,

I am using samba 3.0.14-2a on Fedora core 4. Uploading printer drivers from
win2k works perfectly but with the same server and a windows XP-SP2 workstation,
I can't upload the driver, the "new driver" button on the "advanced" tab of the
"printer properties" is always greyed. Since it's OK with win2k, I suppose than
XP SP2 is the problem. Is there an option in XP to activate the "new driver"
button ( of course I have the option "use client driver = No" in smb.conf ).
 
Best regards.
JF.


-- 
ROUANET Jean-Francois
Responsable Regional Informatique INSERM AQUITAINE

INSERM ADR 9, Institut Francois Magendie
Rue Léo Saignat
33077   BORDEAUX CEDEX - FRANCE
Tel.:   05 57 57 36 50
Mobile: 06 87 83 64 12
mél: [EMAIL PROTECTED]


-
 Message envoyé par IMP: http://horde.org/imp/

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] profiles, profdata & homes

[Geert Stappers]

Hello,

Due the trees, I can't see the forest.

I understand the concept of home directories on the file server
becoming a share for the user on the smb-client computer.

I have a vague idea of "profiles", but I'm lost at "profdata".
How does that last one fit in? Where can I read more about it?
(profdata is common keyword on the search engines)

Is there a document that describes the logon proces?
(less detailed that the source code of samba? ;-)



Cheers
Geert Stappers



signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: net rpc rights command

[Michael Lueck]

Pau Garcia i Quiles wrote:


The problem was I had "invalid users = root" in my smb.conf (this comes by
default in Debian). I just commmented that line and the problem 
disappeared.


They do that by DEFAULT now?!?!? aa, at least when I came up with the core of our Samba config standard a year and a quarter ago, that spells death for getting the M$ Add Printer Wizard driver 
upload to work properly... at least that is what I remember the affect being. Though no person in their right mind would log in to a Windows box as an ID "root" expecting it to be a domain account, 
thus it "should" be safe to set that user as invalid, it seemed to really do some evil things to Samba's internal security thinking.


Samba folks, feel free to correct me if I am all wet about setting root as an 
invalid user. Personally I would lean towards that setting Debian is said to be 
using.

--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

Remove the upper case letters NOSPAM to contact me directly.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] On the fly Machine accounts

[Craig White]

On Fri, 2005-08-26 at 12:48 -0400, Eric Feldhusen wrote:
> John H Terpstra wrote:
> > On Friday 26 August 2005 10:07, Paul Gienger wrote:
> >>Many people on this list.
> > 
> > 
> > What is your OS platform? Does it implement controls over permitted home 
> > directories and shells that can be specified to the useradd command? 
> > 
> > More than one Linux distro will NOT permit the creation of a user account 
> > (that is what a Windows domain member trust account is on the UNIX host) 
> > with 
> > a shell other than what is defined in /etc/shells, and some will not permit 
> > a 
> > home directory that consists of /dev/null. 
> > 
> > If your Linux distro has paranoid controls like that, a work around is 
> > necessary. Here is a possible work-around:
> > 
> > add machine script = /usr/sbin/useradd -d /var/nodirs -g computers 
> > -s /bin/false '%u'
> > 
> > Note that the %u is quoted with single quotes. 
> > 
> > Add to the /etc/shells:  /bin/false
> > 
> > Create the directory /var/nodirs with permissions set:
> > chown root:root /var/nodirs
> > chmod 550 /var/nodirs
> > 
> > In other words,  all access to /var/nodirs prevents user ability to write 
> > to 
> > the directory. It should also have no contents.
> > 
> > - John T.
> 
> Will this work with Redhat Enterprise 3 & 4? Just curious, and I'm not 
> in a position to check at the moment.

RHEL 3/4 support invalid shells and home directory of /dev/null so this
workaround shouldn't be necessary

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba clients fail after reboot

[Leen Toelen]

Hi,

in the thread a solution is not mentioned. Did you roll back the
update on the w2k box, or change the samba confi.

On a sidenote, is it better to use security = ads and configure
kerberos, or still use security = domain and use the net rpc commands?

Regards,
Leen

On 8/26/05, Kevin Wilson <[EMAIL PROTECTED]> wrote:
> Please follow this thread:
> 
> Subject = "[Samba] wbinfo can not convert User names and Group name to S ID"
> 
> -Original Message-
> From: Leen Toelen [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 26, 2005 12:14 PM
> To: samba@lists.samba.org
> Subject: [Samba] Samba clients fail after reboot
> 
> 
> Hi all,
> 
> since three weeks ago, whenever one of our Linux client gets rebooted,
> it can't get access to a W2K domain anymore. Everything is working,
> nothing is changed in the configs, the Linux machines are simply
> rebooted. Does anyone know whether tehre is a security update or so on
> w2K that causes this? Another strange thing is that once in a while
> for an unknown reason loggin in to the linux box works again and 10
> minutes later it stops without touching the box.
> 
> 
> On the domain controller I get in the event viewer:
> The session setup from the computer LNXSRV failed to authenticate. The
> name of the account referenced in the security database is LNXSRV$.
> The following error occurred:
> Access is denied.
> 
> On the linux side I get:
> 
> # wbinfo --sequence
> PEAK4S : 1
> BUILTIN : 1
> PEAKADILLY : DISCONNECTED
> 
> # wbinfo -D PEAKADILLY
> Name  : PEAKADILLY
> Alt_Name  : PEAKADILLY.LOCAL
> SID   : S-1-5-21-725345543-813497703-839522115
> Active Directory  : Yes
> Native: No
> Primary   : Yes
> Sequence  : -1
> 
> # wbinfo -u
> Error looking up domain users
> 
> # wbinfo -g
> BUILTIN\System Operators
> BUILTIN\Replicators
> BUILTIN\Guests
> BUILTIN\Power Users
> BUILTIN\Print Operators
> BUILTIN\Administrators
> BUILTIN\Account Operators
> BUILTIN\Backup Operators
> BUILTIN\Users
> 
> Any idea anyone?
> 
> Regards,
> Leen Toelen
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba clients fail after reboot

[Kevin Wilson]

Please follow this thread:

Subject = "[Samba] wbinfo can not convert User names and Group name to S ID"

-Original Message-
From: Leen Toelen [mailto:[EMAIL PROTECTED]
Sent: Friday, August 26, 2005 12:14 PM
To: samba@lists.samba.org
Subject: [Samba] Samba clients fail after reboot


Hi all,

since three weeks ago, whenever one of our Linux client gets rebooted,
it can't get access to a W2K domain anymore. Everything is working,
nothing is changed in the configs, the Linux machines are simply
rebooted. Does anyone know whether tehre is a security update or so on
w2K that causes this? Another strange thing is that once in a while
for an unknown reason loggin in to the linux box works again and 10
minutes later it stops without touching the box.


On the domain controller I get in the event viewer:
The session setup from the computer LNXSRV failed to authenticate. The
name of the account referenced in the security database is LNXSRV$. 
The following error occurred:
Access is denied.  

On the linux side I get:

# wbinfo --sequence
PEAK4S : 1
BUILTIN : 1
PEAKADILLY : DISCONNECTED

# wbinfo -D PEAKADILLY
Name  : PEAKADILLY
Alt_Name  : PEAKADILLY.LOCAL
SID   : S-1-5-21-725345543-813497703-839522115
Active Directory  : Yes
Native: No
Primary   : Yes
Sequence  : -1

# wbinfo -u
Error looking up domain users

# wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users
BUILTIN\Print Operators
BUILTIN\Administrators
BUILTIN\Account Operators
BUILTIN\Backup Operators
BUILTIN\Users

Any idea anyone?

Regards,
Leen Toelen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: I can't access Linux shared folder from Windows XP.

[Robert Dzikowski]

Robert Dzikowski  interia.pl> writes:

> 
> Hi
> 
> I would be grateful if somebody would tell me why can't I access 
> shared folder on Ubuntu 5.04 computer (computer name is
> my-computer) from my Windows XP computer (its name is tablet-pc). I am
> using Samba 3.0.10-Ubuntu. I see this folder in Windows XP but when I
> try to access it I get error "\\My-computer\backup is not accessible.
> [...] Network access is denied."
> 

Sorry that I bothered you, I didn't read The F Manual

http://us1.samba.org/samba/docs/using_samba/ch02.html.



Robert



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba clients fail after reboot

[Leen Toelen]

Hi all,

since three weeks ago, whenever one of our Linux client gets rebooted,
it can't get access to a W2K domain anymore. Everything is working,
nothing is changed in the configs, the Linux machines are simply
rebooted. Does anyone know whether tehre is a security update or so on
w2K that causes this? Another strange thing is that once in a while
for an unknown reason loggin in to the linux box works again and 10
minutes later it stops without touching the box.


On the domain controller I get in the event viewer:
The session setup from the computer LNXSRV failed to authenticate. The
name of the account referenced in the security database is LNXSRV$. 
The following error occurred:
Access is denied.  

On the linux side I get:

# wbinfo --sequence
PEAK4S : 1
BUILTIN : 1
PEAKADILLY : DISCONNECTED

# wbinfo -D PEAKADILLY
Name  : PEAKADILLY
Alt_Name  : PEAKADILLY.LOCAL
SID   : S-1-5-21-725345543-813497703-839522115
Active Directory  : Yes
Native: No
Primary   : Yes
Sequence  : -1

# wbinfo -u
Error looking up domain users

# wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users
BUILTIN\Print Operators
BUILTIN\Administrators
BUILTIN\Account Operators
BUILTIN\Backup Operators
BUILTIN\Users

Any idea anyone?

Regards,
Leen Toelen
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net ads join error

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Theodore Jencks wrote:
> Compiling version 3.0.20 from source on RedHat Fedora Core 4 everything
> seems to go smoothly.  However upon trying to join a 2000 domain with
> the following command "net ads join -U Administrator%Password 'OU'"  I
> get the following error:
> 
>  
> 
> [2005/08/26 09:43:56, 0] utils/net_ads.c:ads_startup(191)
> 
>   ads_connect: No such file or directory
> 
>  
> 
> I have checked my smb.conf file with the testparm utility and Kerberos
> seems to be working fine using kinit.  Does anyone have any info on this
> error or how to workaround/fix the problem.

Better look at a level 10 debug log fron the 'net join' to see
why the error is being generated.  That's my advice at least.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDD007IR7qMdg1EfYRAnPmAKCOwcriQUybsEUZv398ALHjEKAXkwCg3o2X
JeTTF775me+aSUqskFX0dhQ=
=w6Py
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] How to get Samba, PAM & MS-AD all working together properly

[Kevin Wilson]

The biggest thing we have stopping us from adopting Samba-Linux 100% for our
file and print servers is permissions administration/flexibility. Does
anyone have a good resource that outlines how to get PAM working so
permissions can be managed like MS's are? Guess what I am asking is can PAM
do permissions like MS and if yes, can the be done in the same easy fashion
as 'right-click->properties', etc. ?

Also, does PAM aid in the sharing and permissions to network printers?

Please don't point me to the howto's, I've been there done that. I am
looking to see if anyone here has successfully emulated a MS file server
(and its easy ui share/permission administration) using Samba and Linux. If
not, is it possible? or would we need to use a Linux based LDAP server as
our primary domain security catalog?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] On the fly Machine accounts

[Eric Feldhusen]

John H Terpstra wrote:

On Friday 26 August 2005 10:07, Paul Gienger wrote:

Many people on this list.



What is your OS platform? Does it implement controls over permitted home 
directories and shells that can be specified to the useradd command? 

More than one Linux distro will NOT permit the creation of a user account 
(that is what a Windows domain member trust account is on the UNIX host) with 
a shell other than what is defined in /etc/shells, and some will not permit a 
home directory that consists of /dev/null. 

If your Linux distro has paranoid controls like that, a work around is 
necessary. Here is a possible work-around:


add machine script = /usr/sbin/useradd -d /var/nodirs -g computers 
-s /bin/false '%u'


Note that the %u is quoted with single quotes. 


Add to the /etc/shells:  /bin/false

Create the directory /var/nodirs with permissions set:
chown root:root /var/nodirs
chmod 550 /var/nodirs

In other words,  all access to /var/nodirs prevents user ability to write to 
the directory. It should also have no contents.


- John T.


Will this work with Redhat Enterprise 3 & 4? Just curious, and I'm not 
in a position to check at the moment.


--
Eric Feldhusen
System Administrator http://www.remc1.org
PO Box 270  (906) 482-4520  x239
809 Hecla St(906) 482-5031 fax
Hancock, MI  49930  (906) 370 6202 mobile
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] net ads join error

[Theodore Jencks]

Compiling version 3.0.20 from source on RedHat Fedora Core 4 everything
seems to go smoothly.  However upon trying to join a 2000 domain with
the following command "net ads join -U Administrator%Password 'OU'"  I
get the following error:

 

[2005/08/26 09:43:56, 0] utils/net_ads.c:ads_startup(191)

  ads_connect: No such file or directory

 

I have checked my smb.conf file with the testparm utility and Kerberos
seems to be working fine using kinit.  Does anyone have any info on this
error or how to workaround/fix the problem.

 

Best regards,

Theo

 


===

Theodore A. Jencks

Network Systems Administrator

1000 Broadway, Suite 150

Oakland, CA 94607

Phone: (510) 267.5152

Fax:(510) 267.5100 

Email:  [EMAIL PROTECTED]

http://www.navis.com  

 

This e-mail message and any files attached to it are intended only for
the recipients named above, and may contain information that is
PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, or
the employee or agent responsible for delivering this message to an
intended recipient, you are strictly prohibited from reading, copying,
distributing, disclosing or otherwise using  this communication.  Please
immediately notify the sender, either by replying to this message or by
telephoning (+1 510 267 5000), and delete all copies of this message
from your system.

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] On the fly Machine accounts

[John H Terpstra]

On Friday 26 August 2005 10:07, Paul Gienger wrote:
> > I have added both of these to my smb.conf
> >
> >  add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
> > %u
> >  add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
> > Neither of these seems to do anything.
>
> So here you're running useradd without giving the username to add as the
> required argument to useradd.  Try putting a %u on the end of there and see
> if you get closer.  You may also want to surround your variables with
> single quotes.
>
> > Anyone actually using samba in a production enviroment?
>
> Many people on this list.

What is your OS platform? Does it implement controls over permitted home 
directories and shells that can be specified to the useradd command? 

More than one Linux distro will NOT permit the creation of a user account 
(that is what a Windows domain member trust account is on the UNIX host) with 
a shell other than what is defined in /etc/shells, and some will not permit a 
home directory that consists of /dev/null. 

If your Linux distro has paranoid controls like that, a work around is 
necessary. Here is a possible work-around:

add machine script = /usr/sbin/useradd -d /var/nodirs -g computers 
-s /bin/false '%u'

Note that the %u is quoted with single quotes. 

Add to the /etc/shells:  /bin/false

Create the directory /var/nodirs with permissions set:
chown root:root /var/nodirs
chmod 550 /var/nodirs

In other words,  all access to /var/nodirs prevents user ability to write to 
the directory. It should also have no contents.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] On the fly Machine accounts

[Paul Gienger]

> I have added both of these to my smb.conf
> 
>  add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
> %u
>  add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
> Neither of these seems to do anything.

So here you're running useradd without giving the username to add as the
required argument to useradd.  Try putting a %u on the end of there and see
if you get closer.  You may also want to surround your variables with single
quotes.
 
> Anyone actually using samba in a production enviroment?
Many people on this list.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] On the fly Machine accounts

[DSanchez]

I have been trying for 2 months to get my samba server to add machine
accounts 'on the fly"
I have added both of these to my smb.conf

 add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
 add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false

Neither of these seems to do anything.

I have around 250 computers to add, so adding the machine accounts
manuelly isn't going to happen.

I've read the documentation that says i should be able to do this so i
know it can be done.
Anyone actually using samba in a production enviroment?
Do you have samba creating the Machine accounts on the fly?

Thanks

Here is my smb.conf file

# Global parameters
[global]
workgroup = ETNET
server string = Samba PDC
password server = None
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 5
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
logon script = logon.bat
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431

[homes]
comment = Home Directories
path = %H
valid users = %S
read only = No
browseable = No

[netlogon]
comment = Network Logon Service
path = /opt/samba/netlogon
write list = @ntadmins

[research]
comment = Research Dept Share
path = /dept/research
valid users = @research, @ntamins
write list = @research, @ntadmins
read only = No
create mask = 0770
directory mask = 0770
browseable = No
blocking locks = No

[production]
comment = Production Dept Share
path = /dept/production
valid users = @users
force group = users
read only = No
create mask = 0770
directory mask = 0770
dos filetimes = Yes

[producer]
comment = Producers Dept Share
path = /dept/producer
valid users = @producer, @ntamins
write list = @producer, @ntadmins
read only = No
create mask = 0770
directory mask = 0770
browseable = No
blocking locks = No

[online]
comment = Online Dept Share
path = /dept/online
valid users = @online, @ntamins
write list = @online, @ntadmins
read only = No
create mask = 0770
directory mask = 0770
browseable = No
blocking locks = No

[clearance]
comment = Clearance Dept Share
path = /dept/clearance
read only = No

[finance]
comment = Finance Dept Share
path = /dept/finance
read only = No

[engineer]
comment = Engineer Dept Share
path = /dept/engineer
read only = No

[music]
comment = Music Dept Share
path = /dept/music
read only = No

[post]
comment = Post Dept Share
path = /dept/post
read only = No

[vault]
comment = Tape Vault Dept Share
path = /dept/vault
read only = No

[IT]
comment = IT Dept Share
path = /dept/it
read only = No

[printers]
path = /tmp
printable = Yes
cups options = raw
browseable = No
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Groupmapping problems in 3.0.20

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas Bork wrote:
> Gerald (Jerry) Carter wrote:
> 
>>> Cannot reproduce this with 3.0.20 (unpatched):
>> It was pretty easy to reproduce for me.  Are you using ldapsam?
> 
> No - smbpasswd. I double checked this, cannot reproduce the error
> (output from 'net rpc group list') with the unpatched sources.

ok.  I'll double check with the mapping are stored in a local
tdb then and see what happens.  I think I have a good idea though.
Probably will be later on today or over the weekend though.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDDzowIR7qMdg1EfYRAlOIAJ9wTmIuXKdHTgJaV8zvFFPIs/ybOgCgtjFE
vAQDsE1HxPKVEMkb83IHiCk=
=D29N
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Groupmapping problems in 3.0.20

[Thomas Bork]

Gerald (Jerry) Carter wrote:


Cannot reproduce this with 3.0.20 (unpatched):

It was pretty easy to reproduce for me.  Are you using ldapsam?


No - smbpasswd. I double checked this, cannot reproduce the error 
(output from 'net rpc group list') with the unpatched sources.



There were actually 2 bugs.  One that I found after the first
revision of that patch.  I started a "recent releases patch
page" yesterday.  Take a look at http://www.samba.org/samba/patches/
v2 of the group enumeration patch is available from there.


Also with v2:

vmeis # net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-xxx-yyy-zzz-512) -> root
Domain Guests (S-1-5-21-xxx-yyy-zzz-514) -> nogroup
Domain Users (S-1-5-21-xxx-yyy-zzz-513) -> users
Domain Power Users (S-1-5-21-xxx-yyy-zzz-1007) -> sys
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
vmeis # net rpc group list
Password:
 <=== no output
 <=== no output
 <=== no output
 <=== no output
vmeis #

The output from unpatched sources is okay...


der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: net rpc rights command

[Pau Garcia i Quiles]

Quoting Andreas Bauer <[EMAIL PROTECTED]>:

I had this same problem two days ago.

The problem was I had "invalid users = root" in my smb.conf (this comes by
default in Debian). I just commmented that line and the problem disappeared.


Jerome Tournier a ecrit:

try "enable" instead of "enables".

Hello,
thanks a lot, now testparm is running without a fault.
But there is following error running the net rpc command:
amd:~ # net rpc rights grant testuser10 SeMachineAccountPrivilege
Password:
Could not connect to server 127.0.0.1
The username or password was not correct.



But I can logon in my Domain with testuser10 with a XP CLient and I can join
Windows Workstation to the Domain with the password of Administrator, who is
a member of the Domain Admin Group and be requested at net rpc
rights.?
The testuser10 is existing and a member of the Domain users group.
Perhaps a problem with ACL rights?

Many thanks in advance and best regards
Andreas



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] get primary group from vbscript

[Fred Blaise]

Hello all

How can I retrieve a user's primary group via a vbscript (launched as
netlogon on the user's workstation)?

Thanks.

Best,
chap.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba PDC logon without connexion

[Paul Gienger]

> By default, you can logon 10 times without a network connection.
> You can set it up to 50, or set to 0 if you don't like it.

This can't possibly be accurate.  I've got people here with laptops that
haven't touched our network in months and reboot their machine every day.

Ok, I dug around in the Local Security policy and it doesn't appear (to me)
to be the number of login sessions to allow for a particular user, but the
number of users to remember.  S, you can have 10 (the last 10) users
able to log in on your machine in case the DC is unavailable.

There is another option to 'require domain controller auth to unlock
workstation.  You might want to try that if you want to disable the feature.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cannot copy Files > 2GB

[David Sonenberg]

This is a know limitation of the smbfs kernel driver.  This can be
overcome by using the cifs kernel driver, and mounting using the
following syntax:
mount -t cifs //smb-server/share /path/to/mount/ -ousername=myuser

Martin Kammerlander wrote:
> Hi all
> 
> I'm using Samba version 3.0623 on my rhel3 with kernel 2.4.21
> I mounted a windows partition with the command "smbmount".
> Now I have the problem, that I cannot copying files which are larger than 2GB.
> 
> The cp command starts and everything works fine until the 2GB are reached. 
> Then
> the bash gives me the error: "The maximum file size is exceeded"
> 
> 
> the /var/log/messages file gives the following output:
> 
> Aug 26 10:17:50 mypc kernel: smb_get_length: recv error = 512
> Aug 26 10:17:50 mypc kernel: smb_request: result -512, setting invalid
> Aug 26 10:17:50 mypc kernel: smb_retry: caught signal
> Aug 26 10:17:50 mypc kernel: smb_retry: caught signal
> Aug 26 10:17:51 mypc kernel: smb_retry: successful, new pid=6082, 
> generation=10
> 
> What can I do to solve this?
> 
> thanks
> martin


-- 
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
Tel 212.981.6527
Fax 917.495.4918

This message is for the named person's use only.  It may contain
confidential, proprietary or legally privileged information. No right to
confidential or privileged treatment of this message is waived or lost
by any error in transmission.  If you have received this message in
error, please immediately notify the sender by e-mail or by telephone at
212.981.6540, delete the message and all copies from your system and
destroy any hard copies.  You must not, directly or indirectly, use,
disclose, distribute, print or copy any part of this message if you are
not the intended recipient.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Groupmapping problems in 3.0.20

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas Bork wrote:
> Carsten Sander schrieb:
> 
>> On 3.0.20
>> net rpc group list:
>> returns the unix groupnames instead of the mapped groupnames
> 
> Cannot reproduce this with 3.0.20 (unpatched):

It was pretty easy to reproduce for me.  Are you using ldapsam?

> vmeis # net groupmap list
> System Operators (S-1-5-32-549) -> -1
...
> vmeis # net rpc group list
> Password:
> Domain Admins
> Domain Guests
> Domain Users
> Domain Power Users
> vmeis #
> 
> 
> 3.0.20 patched with
> http://www.samba.org/~jerry/patches/post-3.0.20/groupname_enumeration.patch:
> 
> vmeis # net groupmap list
> System Operators (S-1-5-32-549) -> -1

> vmeis # net rpc group list
> Password:
> <=== no output
> <=== no output
> <=== no output
> <=== no output
> vmeis #

There were actually 2 bugs.  One that I found after the first
revision of that patch.  I started a "recent releases patch
page" yesterday.  Take a look at http://www.samba.org/samba/patches/
v2 of the group enumeration patch is available from there.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDDy1FIR7qMdg1EfYRApz2AKCunJphiopFI+T1jLCiXAx5VRKzqwCg2suh
JLYOkWwDy3zioO9hyv/TJoI=
=Mp/c
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Groupmapping problems in 3.0.20

[Thomas Bork]

Carsten Sander schrieb:


On 3.0.20
net rpc group list:
returns the unix groupnames instead of the mapped groupnames


Cannot reproduce this with 3.0.20 (unpatched):

vmeis # net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-xxx-yyy-zzz-512) -> root
Domain Guests (S-1-5-21-xxx-yyy-zzz-514) -> nogroup
Domain Users (S-1-5-21-xxx-yyy-zzz-513) -> users
Domain Power Users (S-1-5-21-xxx-yyy-zzz-1007) -> sys
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
vmeis # net rpc group list
Password:
Domain Admins
Domain Guests
Domain Users
Domain Power Users
vmeis #


3.0.20 patched with 
http://www.samba.org/~jerry/patches/post-3.0.20/groupname_enumeration.patch 
:


vmeis # net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-xxx-yyy-zzz-512) -> root
Domain Guests (S-1-5-21-xxx-yyy-zzz-514) -> nogroup
Domain Users (S-1-5-21-xxx-yyy-zzz-513) -> users
Domain Power Users (S-1-5-21-xxx-yyy-zzz-1007) -> sys
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
vmeis # net rpc group list
Password:
<=== no output
<=== no output
<=== no output
<=== no output
vmeis #


der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20 on Solaris: problem with fileaccess in a automounted filesystem

[Knut Hellebø]

Regards,

Sent this one before, here's another go:

My sambaserver, let's call it sserv, is running Solaris 8 (latest 
Recommended set) or 9 (tried both) compiled with automount support.
When PC client A tries to access a file in a automounted mapping from 
sserv, the client is freezing and Windows Explorer has to be restarted.
The NFS server which the samba server automounts from is a Solaris 2.5.1 
system.
The strange thing is that the same scenario works OK when the samba 
server is an Sgi IRIX system. The following pops up in the log for PC 
client A on sserv:


[2005/08/26 15:57:29, 0] smbd/oplock.c:(1081)
  request_oplock_break: no response received to oplock break request to 
pid 16838 on port 58990 for dev = 4f4001d, inode = 187327, file_id = 51

[2005/08/26 15:57:29, 0] smbd/open.c:(726)
  open_mode_check: exlusive oplock left by process 16838 after break ! 
For file test.zip, dev = 4f4001d, inode = 187327. Deleting it to continue...


Someone's got a clue ?
--

  **
  * Knut Hellebø | DAMN GOOD COFFEE !! *
  * Hydro IS Partner ESI (Unix) Team | (and hot too)   *
  *  | *
  * E-mail: [EMAIL PROTECTED]   | Dale Cooper, FBI*
  **



***
NOTICE: This e-mail transmission, and any documents, files or previous
e-mail messages attached to it, may contain confidential or privileged
information. If you are not the intended recipient, or a person
responsible for delivering it to the intended recipient, you are
hereby notified that any disclosure, copying, distribution or use of
any of the information contained in or attached to this message is
STRICTLY PROHIBITED. If you have received this transmission in error,
please immediately notify the sender and delete the e-mail and attached
documents. Thank you.
***

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: net rpc rights command

[Jerome Tournier]

Le Thu, Aug 25, 2005 at 11:38:08PM +0200, Andreas Bauer a ecrit:
> But there is following error running the net rpc command:
> amd:~ # net rpc rights grant testuser10 SeMachineAccountPrivilege
> Password:
> Could not connect to server 127.0.0.1
> The username or password was not correct.

you should use the root account, for ex:
net -U root%XXX rpc rights grant testuser10 SeMachineAccountPrivilege
(with XXX the root's password)
or, if the root account is not a samba account, any member of the
gidNumber=512 group.
-- 
Jerome
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: net rpc rights command

[Andreas Bauer]

Thanks a lot Michael,

I will study your script. There are many interesting themes
inside. Thanks for your help.
I have also integrated an openldap server with samba. There will
be some more difficults with ACL rigths using net rpc.

Andreas 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple instances of samba

[Ed Curtis]

 I found instructions on how to start 2 instances of samba binding each
instance to an individual ip address or interface on the server but it
will only start the first insatnce I try.

/usr/sbin/smbd -s /etc/samba/smb.conf.DOMAIN1
/usr/sbin/nmbd -s /etc/samba/smb.conf.DOMAIN1
/usr/sbin/smbd -s /etc/samba/smb.conf.DOMAIN2
/usr/sbin/nmbd -s /etc/samba/smb.conf.DOMAIN2

Only the DOMAIN1 will start. I get no errors when running the commands to
start the second instance but it's not running.

 Any ideas?

Thanks,

Ed

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 compiles in aio support on aix by default, and when asked not to

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

J Raynor wrote:
> 
> I'm trying to install samba-3.0.20 on aix 5.2, and I don't want 
> to use aio, but the build process is compiling it in
> anyway.  By default, it isn't supposed to build in aio support, but
> it does.  When I pass --with-aio-support=no to configure, it
> also builds in support.  It builds in aio support whether I
> use gcc or xlc.
> 
> Here's what ldd shows:
> 
> # ldd bin/smbd
> bin/smbd needs:
>  /usr/lib/libc.a(shr.o)
>  /usr/lib/libc.a(posix_aio.o)
>  /usr/lib/librtl.a(shr.o)
>  /unix
>  /usr/lib/libcrypt.a(shr.o)

J,

Would you file this as a bug report for me?  Then either Jeremy
or I will get it cleaned up.  Thanks.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDDxdHIR7qMdg1EfYRAiHdAKDAXIBiWhZVvpv53XhlwP1IiYk5mgCdHRCa
SUHKQw4GSDdX7p6D/goFsaE=
=Z4Xl
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] default_quota

[Robert Schetterer]

maxxik schrieb:


Hello samba,

Who uses samba vfs object = default_quota ?

 What does it do ? What configuration options ?  

 


Hi,
as far i remember this makes the quotas of the samba underlying 
filesystem visible in win explorer

try searching the faqs and the src for more
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20

[stefanke]

Hi,

sorry but Samba is not responsilbe for binarys! 

You will find current SUSE 8.2 binarys at:

ftp://ftp.sernet.de/pub/samba/suse/suse82/


Cheers Stefan

 Original Message 
Subject: [Samba] 3.0.20 (26-Aug-2005 12:52)
From:[EMAIL PROTECTED]
To:  samba@lists.samba.org

> 
> Will there be an RPM for Suse 8.2? As the last one available is the 3.0.14a
> and I would like to update the Samaba server to 3.0.20. If not, how can I
> upgrade my existing one?
> 
> Thanks!
> 
> Raymond
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] default_quota

[maxxik]

Hello samba,

Who uses samba vfs object = default_quota ?

  What does it do ? What configuration options ?  

-- 
Best regards,
 maxxik  mailto:[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.20

[raymond]

Will there be an RPM for Suse 8.2? As the last one available is the 3.0.14a
and I would like to update the Samaba server to 3.0.20. If not, how can I
upgrade my existing one?

Thanks!

Raymond

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: net rpc rights command

[Michael Lueck]

Andreas Bauer wrote:


Hello,
thanks a lot, now testparm is running without a fault.
But there is following error running the net rpc command:
amd:~ # net rpc rights grant testuser10 SeMachineAccountPrivilege
Password:
Could not connect to server 127.0.0.1
The username or password was not correct.


I am going to assume your security model is messed up at some level. Take a look at my presentation on setting up a Samba 3 PDC for Win2K clients and see if it helps you work through the permissions 
issue.


ftp://ftp.lueckdatasystems.com/pub/presentations/klugsamba3pdc-bookreview.pdf

Note that the line:
admin users = @domadmin
is now deprecated since there are these "rights grant" options. So back that 
out of my sample config.

Oh, and the correct syntax for granting permissions is as follows:
net rpc rights grant mydomain\\theaccount SeMachineAccountPrivilege

And you must be logged in to Linux with an account which is a member of the domain administrator group, thus you set up the accounts, groups, samba group mappings all before you can run this command 
as this command will utilize that security model.


--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

Remove the upper case letters NOSPAM to contact me directly.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba PDC logon without connexion

[Bruno Guerreiro]

Hi,
I think it's more than 10 times.
I've logged on much more than that in my notebook during vacations, and it
always worked.

Best regards,
Bruno Guerreiro

-Original Message-
From: Tomasz Chmielewski [mailto:[EMAIL PROTECTED]
Sent: sexta-feira, 26 de Agosto de 2005 9:54
To: Ronan LANORE
Cc: Liste samba générale
Subject: Re: [Samba] Samba PDC logon without connexion


Ronan LANORE schrieb:
> Hi,
> 
>  
> 
> We have a Samba 3.0.14 PDC,
> 
>  
> 
> when a client Win XP SP2 open session without LAN connexion the user CAN
log
> into domain, why ? and how manipulate this features ?
> 
>  
> 
> I think that client use their own SAM database, is it right ?

It is stored somewhere in the Windows registry - Windows caches passwords.
I don't remember where it was, try googling for something like "cached 
logon" etc.

By default, you can logon 10 times without a network connection.
You can set it up to 50, or set to 0 if you don't like it.


-- 
Tomek
http://wpkg.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC logon without connexion

[Tomasz Chmielewski]

Ronan LANORE schrieb:

Hi,

 


We have a Samba 3.0.14 PDC,

 


when a client Win XP SP2 open session without LAN connexion the user CAN log
into domain, why ? and how manipulate this features ?

 


I think that client use their own SAM database, is it right ?


It is stored somewhere in the Windows registry - Windows caches passwords.
I don't remember where it was, try googling for something like "cached 
logon" etc.


By default, you can logon 10 times without a network connection.
You can set it up to 50, or set to 0 if you don't like it.


--
Tomek
http://wpkg.org
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba PDC logon without connexion

[Ronan LANORE]

Hi,

 

We have a Samba 3.0.14 PDC,

 

when a client Win XP SP2 open session without LAN connexion the user CAN log
into domain, why ? and how manipulate this features ?

 

I think that client use their own SAM database, is it right ?

 

 

I am sorry for my poor englsih. 

Thanks

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Cannot copy Files > 2GB

[Martin Kammerlander]

Hi all

I'm using Samba version 3.0623 on my rhel3 with kernel 2.4.21
I mounted a windows partition with the command "smbmount".
Now I have the problem, that I cannot copying files which are larger than 2GB.

The cp command starts and everything works fine until the 2GB are reached. Then
the bash gives me the error: "The maximum file size is exceeded"


the /var/log/messages file gives the following output:

Aug 26 10:17:50 mypc kernel: smb_get_length: recv error = 512
Aug 26 10:17:50 mypc kernel: smb_request: result -512, setting invalid
Aug 26 10:17:50 mypc kernel: smb_retry: caught signal
Aug 26 10:17:50 mypc kernel: smb_retry: caught signal
Aug 26 10:17:51 mypc kernel: smb_retry: successful, new pid=6082, generation=10

What can I do to solve this?

thanks
martin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] OT - windows networking mail list

[Brendon Schafer]

Craig White wrote:


Is there a Windows mail list for Network Administrators similar to this
where I can ask and monitor Windows networking discussions? I can't seem
to find anything other than Microsoft sponsored news groups. Looking for
a recommendation.

Craig

 

Do a search for winnt-l. I lurked on the list a few years ago. It wasn't 
sponsored/owned or anything by M$ back then, but I think they did 
monitor the list (rumours).

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba