[Samba] question regarding Perl + PAM + Winbindd

[Abhay Pradhan]

Hi

I'm using a Perl script to call PAM to authenticate using Winbind to contact
a Windows ADS. This is on a Debian Sarge box. The machine has been added to
the domain (using kerberos and net ads join command). Winbindd is configured
successfully and I get this when I try and run wbinfo -a

wbinfo -a abhay_pradhan%**
plaintext password authentication succeeded
challenge/response password authentication succeeded

However, when I use the Perl script (Authen::SimplePam package and calling
the service foobar), the winbind log shows that the user is authenticated
only using Plain-text. Why not challenge-response?

**
package FOO::PAM;

use Authen::SimplePam;
use strict;

sub is_good_pam
{
my ($user, $pass) = @_;
my $service = "foobar";

my $authn = new Authen::SimplePam();
if ($authn->auth_user($user, $pass, $service) eq 1) {
debug("success, returning 1");
return 1;
}
else {
debug("failure, returning 0 with user=$user and pass=$pass");
return 0;
}
}
1;
**
Here is the output from the winbind log.

[2005/09/24 11:40:24, 5] nsswitch/winbindd_pam.c:winbindd_pam_auth(361)
Plain-text authentication for user abhay_pradhan returned NT_STATUS_OK (PAM:
0)

Is there something I'm doing wrong? Here is the relevant foobar service

*
#%PAM-1.0

@include common-auth
@include common-account
auth sufficient /lib/security/pam_winbind.so debug
account sufficient /lib/security/pam_winbind.so debug
**

and here is the relevant smb.conf

**
# Global parameters
[global]
unix charset = LOCALE
workgroup = MYGROUP
netbios name = foo
server string = Samba Server
realm = AD.MYCOMPANY.COM 

# security
security = ADS
encrypt passwords = Yes
auth methods = winbind
password server = 192.168.200.53 

# logging
log level = 9
syslog = 0
log file = /var/log/samba/%m
max log size = 50

# user info
username map = /etc/samba/smbusers
#idmap backend = idmap_rid:MYGROUP=16777216-33554431
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
template homedir = /home/%D/%U
template primary group = "Domain Users"

# winbind
winbind use default domain = Yes
winbind separator = +
winbind enum users = No
winbind enum groups = No
winbind cache time = 300
winbind enable local accounts = no
winbind nested groups = Yes

# server related
allow trusted domains = No
obey pam restrictions = no
domain logons = No
add user script = /usr/sbin/useradd -s /bin/false '%u'
client signing = no
client use spnego = No
client schannel = no
**

help!
:)

cheers
Abhay
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ADS Issues and possible bug in 3.0.20

[Theodore Jencks]

As a follow up to my post I have run an strace on my system of the
following command:

Net ads join -U tjencks "HQ Servers"

Here is the end of the strace file:

gettimeofday({1127521399, 434197}, NULL) = 0
gettimeofday({1127521399, 434351}, NULL) = 0
select(7, [6], NULL, NULL, {0, 9})  = 0 (Timeout)
stat64("/var/lock/samba", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/var/lock/samba/unexpected.tdb", O_RDONLY|O_LARGEFILE) = 7
read(7, "TDB file\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
168) = 168
fstat64(7, {st_mode=S_IFREG|0644, st_size=73728, ...}) = 0
mmap2(NULL, 73728, PROT_READ, MAP_SHARED, 7, 0) = 0xb779e000
munmap(0xb779e000, 73728)   = 0
close(7)= 0
gettimeofday({1127521399, 524936}, NULL) = 0
close(6)= 0
time(NULL)  = 1127521399
open("/etc/localtime", O_RDONLY)= 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77af000
read(6, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0"...,
4096) = 1017
close(6)= 0
munmap(0xb77af000, 4096)= 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
time([1127521399])  = 1127521399
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0)  = 6
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
connect(6, {sa_family=AF_FILE, path="/dev/log"}, 16) = 0
send(6, "<11>Sep 23 17:23:19 net: [2005/0"..., 83, MSG_NOSIGNAL) = 83
geteuid32() = 0
write(2, "[2005/09/23 17:23:19, 0] utils/n"..., 58) = 58
time([1127521399])  = 1127521399
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
send(6, "<11>Sep 23 17:23:19 net:   ads_c"..., 66, MSG_NOSIGNAL) = 66
geteuid32() = 0
write(2, "  ads_connect: No such file or d"..., 41) = 41
exit_group(-1)  = ?
Process 4835 detached

Not really sure what to make of this, I can't really determine if the
program is really looking for a file that it can't find though I find
this entry odd: ("/var/lock/samba/unexpected.tdb"  Not quite sure what
the unexpected.tdb is for.

Regards,
Theo



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Theodore Jencks
Sent: Friday, September 23, 2005 4:34 PM
To: samba@lists.samba.org
Subject: [Samba] ADS Issues and possible bug in 3.0.20

Before I lay out the problems I am currently suffering from let me
describe my environment:

Dell OptiPlex GX270 2.6Ghz 512MB Ram RedHat Linux Fedora Core 3 with all
current updates.  Samba compile is version 3.0.20 stable.

 

Uname -a: Linux theo.hq.navis.net 2.6.12-1.1378_FC3 #1 Wed Sep 14
04:24:31 EDT 2005 i686 i686 i386 GNU/Linux

 

Everything was running fine until my last YUM update.  Where upon my
machine account via wbinfo -t failed to work.

 

While I am on the subject this particular directive doesn't work:

ldap idmap suffix = dc=hq,dc=navis,dc=net

I find from my LDAP logs that something is adding an extra comma at the
end of the LDAP DN when doing a search.  I was able to resolve this
issue with the help of:

Ldap suffix

Directive which doesn't append the comma.

 

So to get back on topic everything about ads was working fine for me I
then ran a recent YUM update which added a new kernel and some CUPS libs
I believe.  After which ADS is now broken...there is nothing wrong with
my Kerberos settings as I am granted a ticket when doing kinit
"username".

 

Now when I try and do a:

Net ads join -U tjencks "organizationalUnit" I get the following
response:

 

[EMAIL PROTECTED] nsswitch]# net ads join -U tjencks "HQ Servers"

tjencks's password: 

[2005/09/23 11:55:00, 0] utils/net_ads.c:ads_startup(191)

  ads_connect: No such file or directory

 

 

I've checked the web for this and I'm not sure what the function
ads_connect is really missing.  Below is my smb.conf file followed by my
samba 3.0.20 compile options:

 

[EMAIL PROTECTED] source]# testparm

Load smb config files from /etc/samba/smb.conf

Processing section "[software]"

Processing section "[printers]"

Loaded services file OK.

'winbind separator = +' might cause problems with group membership.

Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

 

[global]

workgroup = HQ

realm = HQ.NAVIS.NET

server string = Theo's samba server

security = ADS

password server = h

[Samba] ADS Issues and possible bug in 3.0.20

[Theodore Jencks]

Before I lay out the problems I am currently suffering from let me
describe my environment:

Dell OptiPlex GX270 2.6Ghz 512MB Ram RedHat Linux Fedora Core 3 with all
current updates.  Samba compile is version 3.0.20 stable.

 

Uname -a: Linux theo.hq.navis.net 2.6.12-1.1378_FC3 #1 Wed Sep 14
04:24:31 EDT 2005 i686 i686 i386 GNU/Linux

 

Everything was running fine until my last YUM update.  Where upon my
machine account via wbinfo -t failed to work.

 

While I am on the subject this particular directive doesn't work:

ldap idmap suffix = dc=hq,dc=navis,dc=net

I find from my LDAP logs that something is adding an extra comma at the
end of the LDAP DN when doing a search.  I was able to resolve this
issue with the help of:

Ldap suffix

Directive which doesn't append the comma.

 

So to get back on topic everything about ads was working fine for me I
then ran a recent YUM update which added a new kernel and some CUPS libs
I believe.  After which ADS is now broken...there is nothing wrong with
my Kerberos settings as I am granted a ticket when doing kinit
"username".

 

Now when I try and do a:

Net ads join -U tjencks "organizationalUnit" I get the following
response:

 

[EMAIL PROTECTED] nsswitch]# net ads join -U tjencks "HQ Servers"

tjencks's password: 

[2005/09/23 11:55:00, 0] utils/net_ads.c:ads_startup(191)

  ads_connect: No such file or directory

 

 

I've checked the web for this and I'm not sure what the function
ads_connect is really missing.  Below is my smb.conf file followed by my
samba 3.0.20 compile options:

 

[EMAIL PROTECTED] source]# testparm

Load smb config files from /etc/samba/smb.conf

Processing section "[software]"

Processing section "[printers]"

Loaded services file OK.

'winbind separator = +' might cause problems with group membership.

Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

 

[global]

workgroup = HQ

realm = HQ.NAVIS.NET

server string = Theo's samba server

security = ADS

password server = hqdc01.hq.navis.net

log file = /var/log/samba/smbd.log

max log size = 4096

name resolve order = wins lmhosts bcast

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

printcap name = /etc/printcap

dns proxy = No

wins server = 192.168.192.60

ldap admin dn = cn=Manager,dc=navis,dc=net

ldap suffix = ou=idmap,dc=hq,dc=navis,dc=net

idmap backend = ldap:ldap://localhost

idmap uid = 16777216-33554431

idmap gid = 16777216-33554431

template shell = /bin/bash

winbind separator = +

winbind cache time = 10

winbind use default domain = Yes

cups options = raw

 

[software]

comment = Software for the Navis Information Technology
department.

path = /share/software

valid users = tjencks

admin users = tjencks

create mask = 0765

force create mode = 0640

force directory mode = 0750

 

[printers]

comment = All Printers

path = /var/spool/samba

printable = Yes

browseable = No

 

 

CFLAGS="-O2 -march=i686"; export CFLAGS

./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
--datadir=/usr/share --sysconfdir=/etc -

-localstatedir=/var --infodir=/usr/share/info --mandir=/usr/share/man
--with-privatedir=/etc/samba --with-lo

ckdir=/var/lock/samba --with-piddir=/var/run/samba
--with-swatdir=/inet/swat --with-configdir=/etc/samba --w

ith-logfilebase=/var/log/samba --with-mandir=/usr/share/man
--with-smbwrapper --with-dce-dfs --with-ldap --w

ith-ads --with-krb5=/usr --with-automount --with-smbmount --with-pam
--with-pam_smbpass --with-syslog --with

-quotas --with-libsmbclient --with-acl-support --with-aio-support
--with-winbind

 

 

 

 


===

Theodore A. Jencks

Network Systems Administrator

1000 Broadway, Suite 150

Oakland, CA 94607

Phone: (510) 267.5152

Fax:(510) 267.5100 

Email:  [EMAIL PROTECTED]

http://www.navis.com  

 

This e-mail message and any files attached to it are intended only for
the recipients named above, and may contain information that is
PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, or
the employee or agent responsible for delivering this message to an
intended recipient, you are strictly prohibited from reading, copying,
distributing, disclosing or otherwise using  this communication.  Please
immediately notify the sender, either by replying to this message or by
telephoning (+1 510 267 5000), and delete all copies of this message
from your system.

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: strange error 1937

[kooto (sent by Nabble.com)]

Mario Gzuk wrote: 
> 
> ...
> Nobody can help me on this mailing list or are there some missing
> informations? Maybe there is an other mailing list for such problems?
> ...
> 

Nabble has a large software mailing list archive here: 
http://www.nabble.com/Software-f94.html 

Search for "smbldap-useradd" yields results from lists in Samba, Debian, and 
Open-Xchange communities.  

Try there, even if you could not find an exact answer, you can probably find 
the people who has discussed similiar issues that you can post a reply there or 
email them privately, hopefully they will respond.
--
Sent from the Samba forum at Nabble.com:
http://www.nabble.com/strange-error-1937-t30.html#a945117
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] VLAN issue

[Taolizhong]

Hi --
 
The environment we have is as follows,
  Domain controller:  samba 3.0.14a running Solaris 9/X86
  Authentication: openldap 2.2.14
  Clients: Windows XP with SP2
 
The issue I met:
  If both clients and Samba server are on the same physical switch (also same 
subnet), the clients can join the domain and users can log into their domain 
accounts without any problem. However, if the clients and the Samba server are 
networked via VLAN (not on the same switch but still virtually on the same 
subnet),  the clients still can join the domain, but, after  the clients are 
rebooted, users are greeted with message: "Please wait while the domain list is 
created" for about 5 minutes and then generate the following message:
"The remote procedure call failed and did not execute"
when the users try to login to their domain account.
 
It seems to me the issue came from the VLAN. I am wondering what configuration 
change I should request the person who is in charge of VLAN make to fix the 
problem. Or, any other ways I can do on the samba server side to walk around 
this issue?
 
Thanks 
--Lingtao
 


-
Yahoo! for Good
 Click here to donate to the Hurricane Katrina relief effort. 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] authentication problems from AD to NT4 domain w/samba servers

[Jeremy O'Leary]

We have serveral samba servers in an NT4 domain that has a one way trust
to a larger AD forest.  I have verified that I can use an account in the
AD forest to login to a host in the NT4 domain.  

However if we try to mount a samba share in the above NT4 domain using a
user account in AD the mount fails even with a usermap.txt file lining
up the usernames.  I have an eleven page logfile that appears to
indicate that the AD forest is just pointing users at the NT4 domain and
not actually authenticating the user.  Because the AD username doesn't
exist in the NT4 domain the whole thing just fails.

any suggestions?

thanks,

Jeremy



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] backing up and restoring a samba configuration

[Henrik Zagerholm]

You also need secrets.tdb.
You can use the built in utlity for backin up the TDB database.

//H
23 sep 2005 kl. 20.34 skrev Josh Howe:


Hi,



I'm trying to backup my samba configuration, including the users. I'm
making copies of these files:



/etc/samba/smb.conf

/etc/samba/smbpasswd

/etc/samba/smbusers





When I install samba on a new machine (I've recreated the directory
structure and Linux users) and replace the above files, users can't  
log

on to their shares. Am I missing a file? I thought the smbpasswd file
took care of this. If I run smbpasswd for one of the users they are  
able
to access their share, but the line for that user in smbpasswd  
isn't any

different than before I ran smbpasswd. Any ideas? Thanks!



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Password change caused lose X flag

[Li, Ying (ESG)]

Hello,

I have a question with password never expired flag during changing
password.

If X flag for password never expired has been set in account flags for a
user, password change would cause to lose the X flags. By taking a look
at the code of the line 993 in passdb/passdb.c, it said all other acb
flags will be inherited from current existing account ctrl bit, except
for (ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL). So I assume the
attribute ACB_PWNOEXP should present during changing password.

However, actually, when a password is changed, the attribute disappears,
so that administrator have to reset the attribute for all users. I just
want to know this behavior is a bug or by design.

Thanks in advance.
-Ying
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] net rpc rights problem with groups

[Dirk.Laurenz]

Hello Jerry,

here's the avtive group mapping:

hgest3201:~ # net groupmap list
Domain Admins (S-1-5-21-3768962547-785479325-491471131-512) -> Domain Admins
Domain Users (S-1-5-21-3768962547-785479325-491471131-513) -> Domain Users
Domain Guests (S-1-5-21-3768962547-785479325-491471131-514) -> Domain Guests
Domain Computers (S-1-5-21-3768962547-785479325-491471131-515) -> Domain 
Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
wksadd (S-1-5-21-3768962547-785479325-491471131-10213) -> wksadd
Subversion Admins (S-1-5-21-3768962547-785479325-491471131-10198) -> Subversion 
Admins
GES_BT (S-1-5-21-3768962547-785479325-491471131-10199) -> GES_BT
GES_BT-SN (S-1-5-21-3768962547-785479325-491471131-10200) -> GES_BT-SN
schreiben (S-1-5-21-3768962547-785479325-491471131-3007) -> schreiben
zugriff (S-1-5-21-3768962547-785479325-491471131-3011) -> zugriff
efsefewf (S-1-5-21-3768962547-785479325-491471131-10219) -> efsefewf
fcvxcvxcvxcvxcv (S-1-5-21-3768962547-785479325-491471131-10223) -> 
fcvxcvxcvxcvxcv
f2 (S-1-5-21-3768962547-785479325-491471131-10224) -> f2

hgest3201:~ # getent group | grep wksadd
wksadd:x:10213:laurenz.d,mathias

Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland 
Professional Service Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/services/index.html
***
  

-|  -Original Message-
-|  From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
-|  Sent: Friday, September 23, 2005 3:04 PM
-|  To: Oeltze, Benjamin
-|  Cc: samba@lists.samba.org; Laurenz, Dirk
-|  Subject: Re: [Samba] net rpc rights problem with groups
-|  
-|  -BEGIN PGP SIGNED MESSAGE-
-|  Hash: SHA1
-|  
-|  [EMAIL PROTECTED] wrote:
-|  
-|  | net rpc rights grant "TOPTEST\toptest.r" \
-|  |   SeMachineAccountPrivilege -U domainadmin
-|  |
-|  | net rpc rights shows:
-|  | hgest3201:~ # net rpc rights list accounts -Udomainadmin
-|  | Password:
-|  | TOPTEST\toptest.r
-|  | SeMachineAccountPrivilege
-|  |
-|  | The user can join workstations to TOPTEST.
-|  | But when I create a group named wksadd and grant
-|  | SeMachineAccountPrivilege to the group the users
-|  | of this group cant join workstations.
-|  |
-|  | net help rpc rights grant "TOPTEST\wksadd" \
-|  |   SeMachineAccountPrivilege -U domainadmin
-|  |
-|  | hgest3201:~ # net rpc rights list accounts -Udomainadmin
-|  | Password:
-|  | TOPTEST\wksadd
-|  | SeMachineAccountPrivilege
-|  |
-|  | Is this a bug ??
-|  
-|  Works fine here.  What group mapping do  have setup
-|  for TOPTEST\wksadd?
-|  
-|  
-|  
-|  
-|  
-|  
-|  cheers, jerry
-|  -BEGIN PGP SIGNATURE-
-|  Version: GnuPG v1.4.0 (GNU/Linux)
-|  Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-|  
-|  iD8DBQFDM/07IR7qMdg1EfYRAoQLAJ99Dn7FilutE7/M7dmnbcznvuXDbACgiya3
-|  tjlCiMVQ0OWJgVThsPLNBeI=
-|  =DQYM
-|  -END PGP SIGNATURE-
-|  
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] file locking

[Jeremy Allison]

On Sat, Sep 24, 2005 at 04:33:30AM +0530, Pramathesh Ambasta wrote:
> I am sure this is a subject which has been discussed a lot already. I have 
> been looking for pointers but have failed. So please bear with me and help.
> A linux box runs Samba and is connected to a win box. One word or excel file 
> is opened simultaneoulsy on both (on the linux system in OpenOffice and on 
> the win system in M$Office). How do I prevent simultaneous writes on both 
> machines? What I want is that one system gets r-w access and the other read 
> only.
> Is this a samba issue or is it an issue which the application program must 
> address?
> I have enabled strict locking and disabled oplocks.
> what more do I need to do?

This depends on what locks a Windows version takes, or if it relies
on share modes to detect other openers. If it just uses share modes,
then the linux oo client will not conflict, as the OO2.0 code uses
a POSIX fcntl byte range write lock over an open file (as tested on my SuSE 9.3
system with OO2.0) to detect other openers.

If the OO Windows client also uses byte-range locks then it should be able
to detect already open files on the Linux box (and vica-versa).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Role of TLS in LDAP for Samba 3.x

[Arup Biswas]

I am wondering if there is any documentation that describes the role TLS
plays in LDAP security in Samba 3.x. I would like to understand what is the
relationship of TLS with other LDAP security mechanisms like Kerberos via
SASL and if TLS provides any added security. Is it like TLS provides an
encrypted channel for all LDAP communications (privacy) whereas Kerberos
just provides the authentication?

I would appreciate any pointer,

Cheers,
-Arup



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] backing up and restoring a samba configuration

[Josh Howe]

Hi,

 

I'm trying to backup my samba configuration, including the users. I'm
making copies of these files:

 

/etc/samba/smb.conf

/etc/samba/smbpasswd

/etc/samba/smbusers

 

 

When I install samba on a new machine (I've recreated the directory
structure and Linux users) and replace the above files, users can't log
on to their shares. Am I missing a file? I thought the smbpasswd file
took care of this. If I run smbpasswd for one of the users they are able
to access their share, but the line for that user in smbpasswd isn't any
different than before I ran smbpasswd. Any ideas? Thanks! 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] pdb_mysql, pdb_pgsql and pdb_xml modules: request for maintainer

[Jelmer Vernooij]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi!

The experimental pdb modules (pdb_mysql, pdb_pgsql and pdb_xml) have
been a bit neglected during the last few releases of Samba 3 as they
haven't been actively maintained. I was the original author and
maintainer, but I no longer work on Samba 3 and I no longer use any of
the modules in production.

I'll remove these modules unless somebody steps up as a maintainer. If
there's anyone willing to take over maintainance of either one of
these modules, please let me know. Otherwise, I'll put the modules up
on my samba.org homepage as a separate tarball for those interested
(including some of the patches that have been published).

Cheers,

Jelmer
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDND9jPa9Uoh7vUnYRApXaAJsE+Zz2kn83jDOQ0BnOrbVfkvRTXACglGIG
6w/LFEbti8VrtM3tY83Ofe0=
=9L5h
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] file locking

[Pramathesh Ambasta]

I am sure this is a subject which has been discussed a lot already. I have 
been looking for pointers but have failed. So please bear with me and help.
A linux box runs Samba and is connected to a win box. One word or excel file 
is opened simultaneoulsy on both (on the linux system in OpenOffice and on 
the win system in M$Office). How do I prevent simultaneous writes on both 
machines? What I want is that one system gets r-w access and the other read 
only.
Is this a samba issue or is it an issue which the application program must 
address?
I have enabled strict locking and disabled oplocks.
what more do I need to do?
Grateful for help
Pramathesh
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] completed printjobs stay in queue after "upgrade" 3.0.20rc2 -> 3.0.20

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Brecht Samyn wrote:

| A few weeks ago, I upgraded Samba 3.0.1x to 3.0.14a
| . After the upgrade,  all completed printjobs on all
| 40 printers stayed in samba's print queue  (they were removed
| from the unix-printqueue). When I installed 3.0.20rc2,
| everything back to normal.

Scratch that last idea.  Could you send me a screen shot
of the windows print queu window showing the completed jobs ?






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDNDn8IR7qMdg1EfYRAoSbAJ4lLztoVpPDCWqwRwbKIu23QOCyEgCg3HpP
cijkDmU8hSs+C1PuY6fMI2E=
=VRq3
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] completed printjobs stay in queue after "upgrade" 3.0.20rc2 -> 3.0.20

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Brecht Samyn wrote:
| A sample printer definition from smb.conf. We use lprng to spool the
| jobs to our lprng printserver.
|
| [poco]
|comment = Kleurprinter
|path=/var/spool/lp/samba
|printable = yes
|browseable = yes
|writeable = no
|create mode = 0700
|printing = lprng
|print command = /usr/bin/lpr -r [EMAIL PROTECTED] -J '%J' %s
|lpq command = /usr/bin/lpq [EMAIL PROTECTED]

Brecht,

Just out of curiousity, try setting the lpq command to
"/usr/bin/lpq -s [EMAIL PROTECTED]".  LPRng has a way of reporting
completed jobs.  I'm still looking to this though.

$ lpq -Pq1
Printer: [EMAIL PROTECTED]
~ Queue: no printable jobs in queue
~ Server: no server active
~ Status: job '[EMAIL PROTECTED]' saved at 12:13:51.055
~ Rank   Owner/ID   Pr/Class Job Files Size Time
done   [EMAIL PROTECTED] A   250 smbprn.0005.5Pa 112115
12:13:50

$ lpq -s -Pq1
[EMAIL PROTECTED] 0 jobs










cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDNDj4IR7qMdg1EfYRAvTyAKDvnYGSUZiAR9U7RIIxYFArrl3ErACgkjGc
5863vnp1YXde6M53kacpSkM=
=npvy
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RES: [Samba] Re: ACLs with Problem

[Paul Kölle]

Luis Henrique de Faria Guimarães wrote:
> I believe that you it did not understand my explanation.  I have a Linux 
> server executing samba intergrated 
> with a server windows 2003 (PDC).  Linux is using the users of windows 2003 
> saw winbind.  But, the permissions 
> for these of archive do not function.  When I try to change the permissions 
> of an archive in the sharing of the
> samba, it I do not function.  The part of ACL of the samba is not 
> functioning, you understood me.
What you are saying is, it does not work as you think it should. The
getfacl output you showed seems to indicate that ACLs are working on the
linux side, so far so good. Then you say permissions are not correct
from windows explorer and you cannot set them correctly. To identify the
underlying problem you need to provide more details.

1. Which user is logged on the the windows workstation trying to modify
a file on the samba share?

2. What are the ACLs on that file before you try to change them and what
are they after the operation failed?

3. What is the output of the samba log when you try to change ACLs on
the file?

hth
 Paul



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind joins with domain name , not netbios name

[Andrew Reilly]

Same issue, same behaviour.  Very similar config.  windbind log level:

[2005/09/23 13:00:53, 6] nsswitch/winbindd.c:new_connection(596)
  accepted socket 17
[2005/09/23 13:00:53, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn INTERFACE_VERSION
[2005/09/23 13:00:53, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
  [0]: request interface version
[2005/09/23 13:00:53, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/09/23 13:00:53, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
  [0]: request location of privileged pipe
[2005/09/23 13:00:53, 6] nsswitch/winbindd.c:new_connection(596)
  accepted socket 18
[2005/09/23 13:00:53, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn CHECK_MACHACC
[2005/09/23 13:00:53, 3]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(35)
  [0]: check machine account


> When I run wbingo -t (to check secret), smbd logs :
>  ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0
> [2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
> get_md4pw: Workstation TESTDOM$: no account in domain
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] auth problem

[Greg Folkert]

On Fri, 2005-09-23 at 09:43 -0600, Ric Tibbetts wrote:
[...]
> 
> Greg;
> Well, what was working yesterday, has stopped today. This is getting 
> frustrating.

I have been seeing spotty workings as well, usually though it is the ADS
integration, with the ADS side being 99.99% of the trouble. Being mostly
un-known and blindly following M$ advice Admins.

> In short: I'm trying to use Samba in it's most basic form. I don't 
> need a windows login server, nor a domain controller, none of that.
> I just, very simply, need it serve out shares to already logged in 
> windows users. I've done this many times, in other places. I can't 
> possibly imagine why it's not working now. I don't need a passwd 
> database. I don't even need passwords.

That is a bugger.

> The process is:
> 
> 1) users are at a PC (which is already logged in via the Windows ADS.
> 2) Users need a share from Unix server "X"
> 3) uinx server "X" should only need to validate that the request is 
> coming from a valid subnet, from a valid user. They don't need 
> anything else. Just the share.
> 
> That's it. This is Samba at it's simplest.
> The only wrinkle in this whole thing is that the user names between 
> the windows side, and the Unix side, don't match. So I have a 
> smbusers file to translate that. Other than that, it's all pretty basic.
> 
> I'm getting crazy errors in the logs. Everything from unknown user, 
> to no domain controller, to no password server, etc... It's almost random.
> What was working yesterday, is dead today, and I didn't change 
> anything while I was at home last night.
> 
> I'll strip it all down "again" today, and piece it back together, and 
> hope I can make it work again.
> This is just nuts.

Yep, sometimes I have found SWAT to be the best bet against spelling
errors and or erroneous settings.

Good luck.

-- 
greg, [EMAIL PROTECTED]

The technology that is 
Stronger, Better, Faster: Linux

Use Debian GNU/Linux, its a bazaar thing.



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbindd exceeding 200 client connections

[Rusty Shackleford]

OS:  RHE 3, kernal 2.4.21-32.0.1EL
Samba version:  samba-3.0.20

Removed RHE version of samba and compiled/installed samba-3.0.20.  After 
running about 30-60 minutes, I get the following syslog msg:


"winbindd:  Exceeding 200 client connections, no idle connection found"

Eventually this grinds the whole system to a halt, and remote & console 
logins become impossible while samba is running.


I don't believe this is a case of too many users trying to connect, as only 
2 workstations have been using the samba connectivity, so upping the 
connection limit in local.h doesn't sound like it would really fix the 
problem (a solution discovered via google).


Appreciate any help here - more info (like the smb.conf) availabe if needed.

_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] auth problem

[Ric Tibbetts]

At 08:54 AM 9/23/2005, Greg Folkert wrote:

On Thu, 2005-09-22 at 14:48 -0600, Ric Tibbetts wrote:
> >
> >There is a terribly good howto:
> >
> >http://www.idealx.org/prj/samba/smbldap-howto.en.html
>
>
> Thank you!
> That helped, I'm closer.
> I left out one line from my smb.conf
> I found it from digging through that how-to.
>
> password server = 
>
> With that in, it now picks up the users from LDAP, which is exactly
> what I was after!
> Now I just need to work out a performance issue. getting the IDs from
> LDAP is SLOW
> It works, just as I wanted it to. It's just slow.

Well, it depends. How *slow* is slow?

And also, have you cranked up the logging on the auth part?

log level = passdb:10 auth:10

Also have you set:

passdb backend = ldapsam ldap://auth.yourhost.com

I am also assuming you have all the LDAP stuff setup properly, of 
course as needed/if needed.


ldap admin dn
ldap delete dn
ldap filter
ldap group suffix
ldap idmap suffix
ldap machine suffix
ldap passwd sync
ldap replication sleep
ldap suffix
ldap timeout
ldap user suffix

Hopefully, if you have good throughput, its all in these settings. If
you don't have good throughput... well time to check the networking
tweaks for samba.

Also, if the delay turns out to be a lookup delay, try hard coding the
name and ipaddr in the /etc/hosts file on the AIX box. This sometimes is
a good work around for DNS queries gone bad.


Greg;
Well, what was working yesterday, has stopped today. This is getting 
frustrating.


In short: I'm trying to use Samba in it's most basic form. I don't 
need a windows login server, nor a domain controller, none of that.
I just, very simply, need it serve out shares to already logged in 
windows users. I've done this many times, in other places. I can't 
possibly imagine why it's not working now. I don't need a passwd 
database. I don't even need passwords.


The process is:

1) users are at a PC (which is already logged in via the Windows ADS.
2) Users need a share from Unix server "X"
3) uinx server "X" should only need to validate that the request is 
coming from a valid subnet, from a valid user. They don't need 
anything else. Just the share.


That's it. This is Samba at it's simplest.
The only wrinkle in this whole thing is that the user names between 
the windows side, and the Unix side, don't match. So I have a 
smbusers file to translate that. Other than that, it's all pretty basic.


I'm getting crazy errors in the logs. Everything from unknown user, 
to no domain controller, to no password server, etc... It's almost random.
What was working yesterday, is dead today, and I didn't change 
anything while I was at home last night.


I'll strip it all down "again" today, and piece it back together, and 
hope I can make it work again.

This is just nuts.








--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Permissions not recursive on win2K?

[Shawn Wright]

On 20 Sep 2005 at 16:15, Shawn Wright wrote:

> On 20 Sep 2005 at 17:02, Larry McElderry wrote:
> 
> > There are probably other (better) methods,  but one is:
> > 
> > Pick a file on the file system in question and try the command
> > attr -g aa FileName
> > 
> > If EA's are support you'll get a message saying "No data found" (unless you 
> > actually have an attribute named aa),  otherwise it will
> > report "Operation not supported".
> > 
> > You could also try xfsdump.   For further reading: man -k xattr
> > 
> > For samba to use them I believe you also have to have "ea support = Yes" in 
> > your smb.conf.
> 
> I have confirmed EA support in the FS, and presumably the kernel, since I 
> get this when setting and getting an attr:
> 
> [EMAIL PROTECTED] console]# attr -s test -V blah samba-3.0.14a.tar.gz
> Attribute "test" set to a 4 byte value for samba-3.0.14a.tar.gz:
> blah
> [EMAIL PROTECTED] console]# attr -g test samba-3.0.14a.tar.gz
> Attribute "test" had a 4 byte value for samba-3.0.14a.tar.gz:
> blah
> 
> I have added 'ea support=yes' to smb.conf, restarted samba, but still no 
> luck on either a Redhat SGI/XFS 7.2 system, or a Mandrake 10.1 XFS 
> system. The samba docs refer to a 'user_xattr' mount option, which 
> doesn't exist for XFS, but EAs are working with 'attr'. 
> 
> Can I narrow down the smb log searching with a specific debug class?

I believe this problem has been tracked down to my using "inherit 
permissions" and "inherit ACLS" in a global setting, rather than a share 
setting where they are intended to be. After moving them to a share 
setting, things seem to be working as expected. Thanks.



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, I.T. Manager
Shawnigan Lake School
http://www.sls.bc.ca
[EMAIL PROTECTED]


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] unsolvable?

[Jason Gerfen]

I am having a problem with ADS as a security type:

%> net ads join -U 
Joined domain DOMAIN

%> kinit  wbinfo -u
lists users, however I attempted to point authentication requests at an 
OU below the primary DOMAIN.COM container.


ex.
OU=test_users,DC=domain,dc=com

Is there a way to remove this?  I have already attempted the following:

1. Uninstalled Samba, winbind packages
2. Removed contents of temporary files
3. Removed /etc/samba files
4. Cleared sambas cache (net cache flush)
5. Reinstalled samba, winbind packages, rejoined domain

And I am still only able to view the OU below the CN=users,DC=domain,DC=com

Any help?

--
Jason Gerfen

"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] UTMP duplicated entries

[Fabiano Caixeta Duarte]

On Fri, 23 Sep 2005, Andrew Bartlett wrote:


Yeah! Sorry! I am talking about login sessions. Does samba logs on utmp
all kind of sessions or just login sessions?


It logs file-share connections, as it doesn't really have the info for
client-side login sessions.

Andrew Bartlett


But I still think that we have a problem.

When a domain user logs on my domain, the workstation makes a connection 
to the logon path / logon drive. As you said, this connection is logged on 
utmp.


When the user logs out, the connection to that share is closed. Shouldn't 
it have been logged as well on utmp?


Sometimes it logs... but sometimes don't.

Take a look:

liana   smb/2192.168.0.207  Fri Sep  2 18:43 - 00:52  (06:08)
rodrigobaso smb/25   192.168.0.207  Fri Sep  2 17:11 - 18:11  (00:59)
josianealomino  smb/28   192.168.0.207  Fri Sep  2 15:54 - 16:58  (01:03)
liana   smb/73   192.168.0.207  Fri Sep  2 14:56 - 15:54  (00:58)
rodrigobaso smb/57   192.168.0.207  Fri Sep  2 14:09 - 01:00  (10:50)
rodrigobaso smb/57   192.168.0.207  Fri Sep  2 14:09 - 14:09  (00:00)
mcicognasmb/29   192.168.0.207  Fri Sep  2 13:05 - 13:56  (00:51)
andersongalismb/29   192.168.0.207  Fri Sep  2 09:12 - 13:04  (03:51)
cunha   smb/2192.168.0.207  Fri Sep  2 08:53 - 08:55  (00:02)
marcelomb   smb/15   192.168.0.207  Fri Sep  2 08:14 - 08:21  (00:07)
tesia   smb/8192.168.0.207  Fri Sep  2 07:48 - 01:00  (17:11)
tesia   smb/8192.168.0.207  Fri Sep  2 07:48 - 07:48  (00:00)

tesia logs on (access to her homedir) at 07:48 from 192.168.0.207 and 
before she ends the share-session (Sep 3, 01:00) marcelomb, from the same 
machine (locally) logs on.


What can I do to have this working everytime? Some smb.conf option?

Thanks a lot!

Fabiano
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba with Mysql, compilation problem.

[(C)ollen]

pdb_sql.c is the new mysql backend name
(was pdb_mysql) so it does get compiled...
but this output shows that you still use 3.0.20.
and that's not the best version for mysql backends...!

i must note that i have made a small mistake regarding the
--enable-static=pdb_mysql.

it's --with-static-modules=pdb_mysql .!!

Greets.

Collen Blijenberg


Pierre MARTIN wrote:

Rectification, the address you gave me have the 3.0.11 :)
Thank you alot!
Pierre

On 9/23/05, *Pierre MARTIN* <[EMAIL PROTECTED] 
> wrote:


Hello Collen!

I am actually making serious searchs in the configure script. Here
is WHATEVER i give as mysql input args, the compilation output:

Compiling passdb/secrets.c
Compiling passdb/machine_sid.c
Compiling locking/locking.c
Compiling locking/brlock.c
Compiling locking/posix.c
Compiling passdb/pdb_get_set.c
Compiling passdb/passdb.c
Compiling passdb/pdb_interface.c
Compiling passdb/util_sam_sid.c
Compiling passdb/pdb_compat.c
Compiling passdb/lookup_sid.c
Compiling passdb/login_cache.c
Compiling passdb/pdb_ldap.c
Compiling passdb/pdb_nds.c
Compiling passdb/pdb_smbpasswd.c
Compiling passdb/pdb_tdb.c
Compiling passdb/pdb_guest.c
Compiling passdb/pdb_sql.c
Compiling lib/system_smbd.c

As you can see here, nevermind if i ask for static, shared or
magic-cookied mysql plugin, it NEVER gets to compile it!
So there should be a misstake in some Makefile or rule file, the
problem is at compilation-time!

I will try to get the 3.0.11 from somewhere (I did not find it at
the link you gave me that is why i took 3.0.09).

Please, if you know somebody who can make the change in the makefile
scripts, tell me, or if i can get a way to compile pdb_mysql.c
alone, i'm interested too. I think now it is pointless to play
arround with configure script parametters, because it doesn't
propagate correctly directives to the compilation makefiles.

N.B.: The path to be given to the configure script seems to be the
path to mysql_config BINARY, in the configure script is made a call
to it with parametters to get the include path... So don't tell
anymore people to symlink if they have compiled from source, just
tell the configure script to ask the binary program "mysql_config"
(in configure script get the lines with $MYSQL_CONFIG
$mysqlconf_args --cflags | sed -e "s/'//g") ...

Anyway, thanks a lot for your help, i am a bit closer to find a
solution now!
I'll try tonight to get the v.11 and your advices in action :)

And, when you say if samba complains about not finding the plugin,
it does since the begining :O What chmod right 755 are you talking
about, i mean on what file?

Thanks!
Pierre

On 9/23/05, *(C)ollen* < [EMAIL PROTECTED]
> wrote:

ftp://ftp.samba.org/pub/samba/old-versions/
--

--enable-static=pdb_mysql -> compiles the mysql backend within
samba, so
no pdb_mysql.so module will be found!

--with-shared-modules=pdb_mysql -> compiles mysql backend
sepperate, you
will find a pdb_mysql.so module..

external is a little slower..
after this, you have to make sure to have set the parameters within
smb.conf!

also, make the mysql database with the samba layout (example is
included
with in the source!)
be sure samba can access the db.

if samba say's can't find plugin or somthing, just ignore it
(but besure
the chmod rights are ok 0755)

Goodluck.

Collen


MARTIN Pierre wrote:

 Hello again Collen and everybody.

 I just tryed to make 3.0.09 compile pdb_mysql with no success.
 Can somebody please can tell me where to find the 3.0.11

version so i

 can make it as Collen has it (Because i was not able to make

it with

 3.0.14 default debian version, neither 3.0.09 neither 3.0.20

.. . doh!) ?


 Thanks a lot.
 Pierre

 (C)ollen wrote:

> it is know that the mysql passwd backend is buggy/not working

with

> samba 3.0.20. (maybe it's fixed in the new release ??)
> the fact that you have a mysql.so, tells me that you build

the module

> as shared library.
> here are some thoughts:
>
> 1) try renaming the module to pdb_mysql.so
> 2) build it as static (./configure --with-expsam=mysql
> --enable-static=mysql)
> 3) use a samba version prior to 3.0.20 ( <- 3.0.14 )
>
> i couldn't make the mysql module work either, so we're still

running

> the 11 version...
>
> Greetz..
>
> Collen Blijenberg (C=)
>
> MARTIN Pierre wrote:
>
>> Hello everybody,
>> For those who have followed the mysql plugin compilation

problem,

>> here are some new information:
>> I have tryed everything to make it work from the debian

 

Re: [Samba] auth problem

[Greg Folkert]

On Thu, 2005-09-22 at 14:48 -0600, Ric Tibbetts wrote:
> >
> >There is a terribly good howto:
> >
> >http://www.idealx.org/prj/samba/smbldap-howto.en.html
> 
> 
> Thank you!
> That helped, I'm closer.
> I left out one line from my smb.conf
> I found it from digging through that how-to.
> 
> password server = 
> 
> With that in, it now picks up the users from LDAP, which is exactly 
> what I was after!
> Now I just need to work out a performance issue. getting the IDs from 
> LDAP is SLOW
> It works, just as I wanted it to. It's just slow.

Well, it depends. How *slow* is slow?

And also, have you cranked up the logging on the auth part?

log level = passdb:10 auth:10

Also have you set: 

passdb backend = ldapsam ldap://auth.yourhost.com

I am also assuming you have all the LDAP stuff setup properly, of course as 
needed/if needed.

ldap admin dn
ldap delete dn
ldap filter
ldap group suffix
ldap idmap suffix
ldap machine suffix
ldap passwd sync
ldap replication sleep
ldap suffix
ldap timeout
ldap user suffix

Hopefully, if you have good throughput, its all in these settings. If
you don't have good throughput... well time to check the networking
tweaks for samba.

Also, if the delay turns out to be a lookup delay, try hard coding the
name and ipaddr in the /etc/hosts file on the AIX box. This sometimes is
a good work around for DNS queries gone bad.
-- 
greg, [EMAIL PROTECTED]

The technology that is 
Stronger, Better, Faster: Linux

Use Debian GNU/Linux, its a bazaar thing.



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RES: [Samba] LDAP howto

[Gary Dale]

Congratulations! If you need help with your howto, please count on me! I 
will be more than happy to take whatever you can write down, try it 
here, and tweak your howto based on my results. I can also help clean up 
the language (sorry, but your english is a little confusing in places :) ).




Sérgio A P Ferreira wrote:


Hello Gary,

about 2 mouths ago I have started a challenge, put Debian Sarge, Openldap
and Samba to work together. Yesterday I got It. Honestly, It took me a hell!
I almost gave up. Now I am  happy for didn´t done It. I sketched up my steps
through It. I started already to write my Howto´s to describe what I did to
get It. Up to finish It, in a properly way, if you need some help count with
me. Now, I am making some tweaks and configuring my shares. After all I have
passed, this is a peace of cake. 


I would like to thank Tom Crummey that threw I light when I was blind and
without motivation. 



Cheers,

Sergio Ferreira
CGINF - Ministério da Cultura


-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome
de Gary Dale
Enviada em: quinta-feira, 22 de setembro de 2005 15:17
Para: samba@lists.samba.org
Assunto: [Samba] LDAP howto

Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems? 
I probably don't need it for my home network, but I'd like to learn how 
to do it anyway. My previous attempts to get it working have failed. :(



 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] strange error 1937

[Mario Gzuk]

Am Freitag, den 23.09.2005, 16:05 +0300 schrieb Denis Vlasenko:

> Try to isolate it first to failing invocation of smldap-useradd 
> 
> add user script = debug_script "%u"
> 
> wher debug_script is something like this:
> 
> #!/bin/sh
> env >/tmp/useradd.env
> strace -o /tmp/useradd.strace smbldap-useradd "%u" 1>/tmp/useradd.1 
> 2>/tmp/useradd.2
> 
> Then you will be adle to experiment with failing command
> without need to do full "net vampire" run.
> --
> vda

Thanks for the answer! But thats not the problem. The smbldap-useradd
work as expected if I run it from command line.

If I do a net vampire I have to use smbldap-useradd without the "-a"
flag. The samba account will be created by the net vampire command. So
the problem comes from net vampire and not from smbldap-useradd (IMHO).


PS: better will be:

#!/bin/sh
env >/tmp/useradd.env
strace -o /tmp/useradd.strace smbldap-useradd "$1" 1>/tmp/useradd.$1.log
2>/tmp/useradd.$1.err

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] strange error 1937

[Denis Vlasenko]

On Thursday 22 September 2005 11:44, Mario Gzuk wrote:
> Hi,
> After configuring and populating I try to add the accounts from a NT4
> domain.
> The "net rpc samdump -S SERVERNAME" works as expected.
> I can see the Password hashes and all computers and users.
> After that I try to NET VAMPIRE.
> The groups were added fine but for each computer and user account I get
> this error:
> 
> ...passdb/pdb_ldap.c:ldapsam_add_sam_account(1937)
> ldapsam_add_sam_account: failed to modify/add user with uid = .
> 
> the normal smbldap-useradd works also as expected. I try all findable
> documentation and searched for this error but found nothing. I try it
> with samba 3.0.13 and 3.0.14 / smbldap-tools 0.9.0 and 0.9.1 with the
> same result
> 
> 
> ---SNIP-
> The ldap log tell me:
>  conn=2 op=94 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=user2))"
>  conn=2 op=94 SRCH attr=uid userPassword uidNumber gidNumber cn
> homeDirectory loginShell gecos description objectClass
>  conn=2 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text=
>  conn=1 op=186 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
>  conn=1 op=186 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
>  conn=1 op=186 SEARCH RESULT tag=101 err=0 nentries=0 text=
>  conn=1 op=187 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(&(objectClass=sambaSamAccount)(uid=user2))(objectClass=sambaSamAccount))"
>  conn=1 op=187 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
>  conn=1 op=187 SEARCH RESULT tag=101 err=0 nentries=0 text=
>  conn=1 op=188 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
>  conn=1 op=188 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
>  conn=1 op=188 SEARCH RESULT tag=101 err=0 nentries=0 text=
>  conn=1 op=189 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=sambaSamAccount)(uid=user2))"
>  conn=1 op=189 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
>  conn=1 op=189 SEARCH RESULT tag=101 err=0 nentries=0 text=
>  conn=1 op=190 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))"
>  conn=1 op=190 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
>  conn=1 op=190 SEARCH RESULT tag=101 err=0 nentries=0 text=
>  conn=1 op=191 ADD dn="uid=user2,dc=example,dc=com"
>  conn=1 op=191 RESULT tag

Re: [Samba] net rpc rights problem with groups

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:

| net rpc rights grant "TOPTEST\toptest.r" \
|   SeMachineAccountPrivilege -U domainadmin
|
| net rpc rights shows:
| hgest3201:~ # net rpc rights list accounts -Udomainadmin
| Password:
| TOPTEST\toptest.r
| SeMachineAccountPrivilege
|
| The user can join workstations to TOPTEST.
| But when I create a group named wksadd and grant
| SeMachineAccountPrivilege to the group the users
| of this group cant join workstations.
|
| net help rpc rights grant "TOPTEST\wksadd" \
|   SeMachineAccountPrivilege -U domainadmin
|
| hgest3201:~ # net rpc rights list accounts -Udomainadmin
| Password:
| TOPTEST\wksadd
| SeMachineAccountPrivilege
|
| Is this a bug ??

Works fine here.  What group mapping do  have setup
for TOPTEST\wksadd?






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDM/07IR7qMdg1EfYRAoQLAJ99Dn7FilutE7/M7dmnbcznvuXDbACgiya3
tjlCiMVQ0OWJgVThsPLNBeI=
=DQYM
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba with Mysql, compilation problem.

[Pierre MARTIN]

Rectification, the address you gave me have the 3.0.11 :)
Thank you alot!
Pierre

On 9/23/05, Pierre MARTIN <[EMAIL PROTECTED]> wrote:
>
> Hello Collen!
>
> I am actually making serious searchs in the configure script. Here is
> WHATEVER i give as mysql input args, the compilation output:
>
> Compiling passdb/secrets.c
> Compiling passdb/machine_sid.c
> Compiling locking/locking.c
> Compiling locking/brlock.c
> Compiling locking/posix.c
> Compiling passdb/pdb_get_set.c
> Compiling passdb/passdb.c
> Compiling passdb/pdb_interface.c
> Compiling passdb/util_sam_sid.c
> Compiling passdb/pdb_compat.c
> Compiling passdb/lookup_sid.c
> Compiling passdb/login_cache.c
> Compiling passdb/pdb_ldap.c
> Compiling passdb/pdb_nds.c
> Compiling passdb/pdb_smbpasswd.c
> Compiling passdb/pdb_tdb.c
> Compiling passdb/pdb_guest.c
> Compiling passdb/pdb_sql.c
> Compiling lib/system_smbd.c
>
> As you can see here, nevermind if i ask for static, shared or
> magic-cookied mysql plugin, it NEVER gets to compile it!
> So there should be a misstake in some Makefile or rule file, the problem
> is at compilation-time!
>
> I will try to get the 3.0.11 from somewhere (I did not find it at the link
> you gave me that is why i took 3.0.09).
>
> Please, if you know somebody who can make the change in the makefile
> scripts, tell me, or if i can get a way to compile pdb_mysql.c alone, i'm
> interested too. I think now it is pointless to play arround with configure
> script parametters, because it doesn't propagate correctly directives to the
> compilation makefiles.
>
> N.B.: The path to be given to the configure script seems to be the path to
> mysql_config BINARY, in the configure script is made a call to it with
> parametters to get the include path... So don't tell anymore people to
> symlink if they have compiled from source, just tell the configure script to
> ask the binary program "mysql_config" (in configure script get the lines
> with $MYSQL_CONFIG $mysqlconf_args --cflags | sed -e "s/'//g") ...
>
> Anyway, thanks a lot for your help, i am a bit closer to find a solution
> now!
> I'll try tonight to get the v.11 and your advices in action :)
>
> And, when you say if samba complains about not finding the plugin, it does
> since the begining :O What chmod right 755 are you talking about, i mean on
> what file?
>
> Thanks!
> Pierre
>
> On 9/23/05, (C)ollen <[EMAIL PROTECTED]> wrote:
> >
> > ftp://ftp.samba.org/pub/samba/old-versions/
> > --
> >
> > --enable-static=pdb_mysql -> compiles the mysql backend within samba, so
> >
> > no pdb_mysql.so module will be found!
> >
> > --with-shared-modules=pdb_mysql -> compiles mysql backend sepperate, you
> > will find a pdb_mysql.so module..
> >
> > external is a little slower..
> > after this, you have to make sure to have set the parameters within
> > smb.conf!
> >
> > also, make the mysql database with the samba layout (example is included
> > with in the source!)
> > be sure samba can access the db.
> >
> > if samba say's can't find plugin or somthing, just ignore it (but besure
> >
> > the chmod rights are ok 0755)
> >
> > Goodluck.
> >
> > Collen
> >
> >
> > MARTIN Pierre wrote:
> > > Hello again Collen and everybody.
> > >
> > > I just tryed to make 3.0.09 compile pdb_mysql with no success.
> > > Can somebody please can tell me where to find the 3.0.11 version so i
> > > can make it as Collen has it (Because i was not able to make it with
> > > 3.0.14 default debian version, neither 3.0.09 neither 3.0.20.. . doh!)
> > ?
> > >
> > > Thanks a lot.
> > > Pierre
> > >
> > > (C)ollen wrote:
> > >
> > >> it is know that the mysql passwd backend is buggy/not working with
> > >> samba 3.0.20. (maybe it's fixed in the new release ??)
> > >> the fact that you have a mysql.so, tells me that you build the module
> > >> as shared library.
> > >> here are some thoughts:
> > >>
> > >> 1) try renaming the module to pdb_mysql.so
> > >> 2) build it as static (./configure --with-expsam=mysql
> > >> --enable-static=mysql)
> > >> 3) use a samba version prior to 3.0.20 ( <- 3.0.14 )
> > >>
> > >> i couldn't make the mysql module work either, so we're still running
> > >> the 11 version...
> > >>
> > >> Greetz..
> > >>
> > >> Collen Blijenberg (C=)
> > >>
> > >> MARTIN Pierre wrote:
> > >>
> > >>> Hello everybody,
> > >>> For those who have followed the mysql plugin compilation problem,
> > >>> here are some new information:
> > >>> I have tryed everything to make it work from the debian sources, not
> > >>> successfully.
> > >>> So i have downloaded the TGZ sources from 
> > >>> samba.org(version is
> > >>> 3.0.20). I have started the basic ./configure
> > >>> script with params --with-expsam=xml,mysql
> > >>> --with-mysql-prefix=/usr/include/mysql/
> > >>> It worked so i started to make the compilation. It also have
> > compiled
> > >>> successfully. But as usual with the debian source version, it did
> > not
> > >>> compile any pdb_mysql

Re: [Samba] Samba with Mysql, compilation problem.

[Pierre MARTIN]

Hello Collen!

I am actually making serious searchs in the configure script. Here is
WHATEVER i give as mysql input args, the compilation output:

Compiling passdb/secrets.c
Compiling passdb/machine_sid.c
Compiling locking/locking.c
Compiling locking/brlock.c
Compiling locking/posix.c
Compiling passdb/pdb_get_set.c
Compiling passdb/passdb.c
Compiling passdb/pdb_interface.c
Compiling passdb/util_sam_sid.c
Compiling passdb/pdb_compat.c
Compiling passdb/lookup_sid.c
Compiling passdb/login_cache.c
Compiling passdb/pdb_ldap.c
Compiling passdb/pdb_nds.c
Compiling passdb/pdb_smbpasswd.c
Compiling passdb/pdb_tdb.c
Compiling passdb/pdb_guest.c
Compiling passdb/pdb_sql.c
Compiling lib/system_smbd.c

As you can see here, nevermind if i ask for static, shared or magic-cookied
mysql plugin, it NEVER gets to compile it!
So there should be a misstake in some Makefile or rule file, the problem is
at compilation-time!

I will try to get the 3.0.11 from somewhere (I did not find it at the link
you gave me that is why i took 3.0.09).

Please, if you know somebody who can make the change in the makefile
scripts, tell me, or if i can get a way to compile pdb_mysql.c alone, i'm
interested too. I think now it is pointless to play arround with configure
script parametters, because it doesn't propagate correctly directives to the
compilation makefiles.

N.B.: The path to be given to the configure script seems to be the path to
mysql_config BINARY, in the configure script is made a call to it with
parametters to get the include path... So don't tell anymore people to
symlink if they have compiled from source, just tell the configure script to
ask the binary program "mysql_config" (in configure script get the lines
with $MYSQL_CONFIG $mysqlconf_args --cflags | sed -e "s/'//g") ...

Anyway, thanks a lot for your help, i am a bit closer to find a solution
now!
I'll try tonight to get the v.11 and your advices in action :)

And, when you say if samba complains about not finding the plugin, it does
since the begining :O What chmod right 755 are you talking about, i mean on
what file?

Thanks!
Pierre

On 9/23/05, (C)ollen <[EMAIL PROTECTED]> wrote:
>
> ftp://ftp.samba.org/pub/samba/old-versions/
> --
>
> --enable-static=pdb_mysql -> compiles the mysql backend within samba, so
> no pdb_mysql.so module will be found!
>
> --with-shared-modules=pdb_mysql -> compiles mysql backend sepperate, you
> will find a pdb_mysql.so module..
>
> external is a little slower..
> after this, you have to make sure to have set the parameters within
> smb.conf!
>
> also, make the mysql database with the samba layout (example is included
> with in the source!)
> be sure samba can access the db.
>
> if samba say's can't find plugin or somthing, just ignore it (but besure
> the chmod rights are ok 0755)
>
> Goodluck.
>
> Collen
>
>
> MARTIN Pierre wrote:
> > Hello again Collen and everybody.
> >
> > I just tryed to make 3.0.09 compile pdb_mysql with no success.
> > Can somebody please can tell me where to find the 3.0.11 version so i
> > can make it as Collen has it (Because i was not able to make it with
> > 3.0.14 default debian version, neither 3.0.09 neither 3.0.20... doh!) ?
> >
> > Thanks a lot.
> > Pierre
> >
> > (C)ollen wrote:
> >
> >> it is know that the mysql passwd backend is buggy/not working with
> >> samba 3.0.20. (maybe it's fixed in the new release ??)
> >> the fact that you have a mysql.so, tells me that you build the module
> >> as shared library.
> >> here are some thoughts:
> >>
> >> 1) try renaming the module to pdb_mysql.so
> >> 2) build it as static (./configure --with-expsam=mysql
> >> --enable-static=mysql)
> >> 3) use a samba version prior to 3.0.20 ( <- 3.0.14 )
> >>
> >> i couldn't make the mysql module work either, so we're still running
> >> the 11 version...
> >>
> >> Greetz..
> >>
> >> Collen Blijenberg (C=)
> >>
> >> MARTIN Pierre wrote:
> >>
> >>> Hello everybody,
> >>> For those who have followed the mysql plugin compilation problem,
> >>> here are some new information:
> >>> I have tryed everything to make it work from the debian sources, not
> >>> successfully.
> >>> So i have downloaded the TGZ sources from samba.org 
> >>> (version is
> >>> 3.0.20). I have started the basic ./configure
> >>> script with params --with-expsam=xml,mysql
> >>> --with-mysql-prefix=/usr/include/mysql/
> >>> It worked so i started to make the compilation. It also have compiled
> >>> successfully. But as usual with the debian source version, it did not
> >>> compile any pdb_mysql.so. The only thing i get is a mysql.so lib, but
> >>> it cant be loaded as a plugin...
> >>>
> >>> Any idea is really welcome, since i begin to lose the faith :)
> >>> Bye bye and thank you all!
> >>> Pierre
> >>>
> >>> P.S.: Here is the end of the compilation process:
> >>> Compiling modules/vfs_recycle.c with -fPIC
> >>> Building plugin bin/recycle.so
> >>> Compiling modules/vfs_audit.c with -fPIC
> >

RE RES: [Samba] ACLs with Problem

[stephane . purnelle]

Hi,

- With which user use try to change ACL ?
- is the admin users ?
- winbind work correctly ?
-wbinfo ???




---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
23/09/2005 14:39:10 :

> Hi Greg,
> Really, the first step to install filesystem it with support ACL. 
> It looks at my archive:
> LABEL=/ /   ext3defaults,acl 1 1
> LABEL=/boot /boot   ext3defaults 1 2
> LABEL=/data /data   ext3defaults,acl 1 2
> none/dev/ptsdevpts  gid=5,mode=620 0 
0
> none/proc   procdefaults 0 0
> none/dev/shmtmpfs   defaults 0 0
> /dev/cciss/c0d0p2   swapswapdefaults 0 0
> /dev/cdrom  /mnt/cdrom  udf,iso9660 noauto,
> owner,kudzu,ro 0 0
> /dev/fd0/mnt/floppy auto noauto,owner,kudzu 
0 0
> 
> My server samba is integrated with the server windows 2003 (PDC). 
> The server samba is using the users of windows 2003, catching using 
> the way winbind.
> When I try to change the permissions of an file of the server samba,
> in my workstation I appear a message "Denied Access". I perceived 
> that windows also does not obtain to catch the extendidas 
> permissions when I modified for the server linux.
> It looks at some parameters of my smb.conf:
> nt acl support = Yes
> acl compatibility = win2k
> acl map full control = yes
> acl check permissions = no
> acl group control = yes
> inherit acls = Yes
> profile acls = Yes
> map acl inherit = Yes
> force unknown acl user = Yes
> 
> You can help me?
> -Mensagem original-
> De: Greg Folkert [mailto:[EMAIL PROTECTED]
> Enviada em: quinta-feira, 22 de setembro de 2005 13:35
> Para: samba@lists.samba.org
> Assunto: Re: [Samba] ACLs with Problem
> 
> 
> On Thu, 2005-09-22 at 11:43 -0300, Luis Henrique de Faria Guimarães
> wrote:
> > Hi All,
> > 
> > I am with problem with the permissions of windows.
> > The samba is not getting the ACLs permissions.  I compiled version
> > 3.0.20, with the following options:
> > 
> [...]
> 
> Well the first thin we need to know, is the filesystem that you are
> sharing via samba mounted with the acl option in the /etc/fstab?
> 
> Here is what mine looks like and I get the ACLs just fine:
> 
> /dev/datavg/examplelv   /lf/db   ext3   rw,suid,nodev,exec,auto,
> nouser,async,acl,errors=remount-ro   1 1
> 
> I guess, I could have done "defaults,acl,nodev" and be-equivalent... but
> hey I guess I am a bit retentive.
> 
> > # file: teste.txt
> > # owner: root
> > # group: Domain Users
> > user::rwx
> > user:henrique:rw-
> > group::r--
> > mask::rw-
> > other::r--
> > 
> > The user henrique appears in linux, but he does not appear in windows.
> > When I try to add permissions through windows appears a message of
> > "denied access".
> > Somebody can help me
> 
> Well, as long as you have the filesystem mounted (assuming it is ext3
> with acl support compiled in) with the ACLs turned on... then things
> should work.
> -- 
> greg, [EMAIL PROTECTED]
> 
> The technology that is 
> Stronger, Better, Faster: Linux
> 
> Use Debian GNU/Linux, its a bazaar thing.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: [Samba] ACLs with Problem

[Luis Henrique de Faria Guimarães]

Hi Greg,
Really, the first step to install filesystem it with support ACL.  It looks at 
my archive:
LABEL=/ /   ext3defaults,acl1 1
LABEL=/boot /boot   ext3defaults1 2
LABEL=/data /data   ext3defaults,acl1 2
none/dev/ptsdevpts  gid=5,mode=620  0 0
none/proc   procdefaults0 0
none/dev/shmtmpfs   defaults0 0
/dev/cciss/c0d0p2   swapswapdefaults0 0
/dev/cdrom  /mnt/cdrom  udf,iso9660 
noauto,owner,kudzu,ro 0 0
/dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0

My server samba is integrated with the server windows 2003 (PDC). The server 
samba is using the users of windows 2003, catching using the way winbind.
When I try to change the permissions of an file of the server samba, in my 
workstation I appear a message "Denied Access". I perceived that windows also 
does not obtain to catch the extendidas permissions when I modified for the 
server linux.
It looks at some parameters of my smb.conf:
nt acl support = Yes
acl compatibility = win2k
acl map full control = yes
acl check permissions = no
acl group control = yes
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes
force unknown acl user = Yes

You can help me?
-Mensagem original-
De: Greg Folkert [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 22 de setembro de 2005 13:35
Para: samba@lists.samba.org
Assunto: Re: [Samba] ACLs with Problem


On Thu, 2005-09-22 at 11:43 -0300, Luis Henrique de Faria Guimarães
wrote:
> Hi All,
> 
> I am with problem with the permissions of windows.
> The samba is not getting the ACLs permissions.  I compiled version
> 3.0.20, with the following options:
> 
[...]

Well the first thin we need to know, is the filesystem that you are
sharing via samba mounted with the acl option in the /etc/fstab?

Here is what mine looks like and I get the ACLs just fine:

/dev/datavg/examplelv   /lf/db  ext3
rw,suid,nodev,exec,auto,nouser,async,acl,errors=remount-ro  1 1

I guess, I could have done "defaults,acl,nodev" and be-equivalent... but
hey I guess I am a bit retentive.

> # file: teste.txt
> # owner: root
> # group: Domain Users
> user::rwx
> user:henrique:rw-
> group::r--
> mask::rw-
> other::r--
> 
> The user henrique appears in linux, but he does not appear in windows.
> When I try to add permissions through windows appears a message of
> "denied access".
> Somebody can help me

Well, as long as you have the filesystem mounted (assuming it is ext3
with acl support compiled in) with the ACLs turned on... then things
should work.
-- 
greg, [EMAIL PROTECTED]

The technology that is 
Stronger, Better, Faster: Linux

Use Debian GNU/Linux, its a bazaar thing.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: [Samba] LDAP howto

[Sérgio A P Ferreira]

Hello Gary,

about 2 mouths ago I have started a challenge, put Debian Sarge, Openldap
and Samba to work together. Yesterday I got It. Honestly, It took me a hell!
I almost gave up. Now I am  happy for didn´t done It. I sketched up my steps
through It. I started already to write my Howto´s to describe what I did to
get It. Up to finish It, in a properly way, if you need some help count with
me. Now, I am making some tweaks and configuring my shares. After all I have
passed, this is a peace of cake. 

I would like to thank Tom Crummey that threw I light when I was blind and
without motivation. 


Cheers,

Sergio Ferreira
CGINF - Ministério da Cultura


-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome
de Gary Dale
Enviada em: quinta-feira, 22 de setembro de 2005 15:17
Para: samba@lists.samba.org
Assunto: [Samba] LDAP howto

Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems? 
I probably don't need it for my home network, but I'd like to learn how 
to do it anyway. My previous attempts to get it working have failed. :(


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Cannot join domain from WinXP

[Martin Konicek]

===INFO===
Server: Fedora Core 2, Samba 2
Client: Windows XP, all TCP incoming ports firewalled, outgoing TCP
permited
Problem: Cannot join to domain

===SHORT-LOG===
write_socket: Error writing 5 bytes to socket 23: ERRNO = Connection
reset by peer

===FULL-LOG===
[2005/09/21 17:56:44, 0] lib/util_sock.c:write_socket(455)
[2005/09/21 17:56:44, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.1.23)
  write_socket: Error writing 5 bytes to socket 23: ERRNO = Connection
reset by peer
[2005/09/21 17:56:44, 0] lib/util_sock.c:send_smb(647)
  Error writing 5 bytes to client. -1. (Connection reset by peer)
[2005/09/21 17:56:44, 2] smbd/server.c:exit_server(571)
  Closing connections
[2005/09/21 17:56:51, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2005/09/21 17:56:51, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.1.23)
[2005/09/21 17:56:51, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] ->
[root] succeeded
[2005/09/21 17:56:51, 2] lib/module.c:do_smb_load_module(63)
  Module '/usr/lib/samba/vfs/vscan-clamav.so' loaded
[2005/09/21 17:56:51, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain DB ->
S-1-5-21-1539302983-2614652946-1652283448
[2005/09/21 17:56:52, 2] smbd/server.c:exit_server(571)
===smb.conf===
[global]
...
# scripts
  add user script = /usr/sbin/useradd -m %u
  delete user script = /usr/sbin/userdel -r %u
  add group script = /usr/sbin/groupadd %g
  delete group script = /usr/sbin/groupdel %g
  add user to group script = /usr/sbin/usermod -G %g %u
  add machine script =  /usr/sbin/useradd -s /bin/false -d /dev/null -g
machines %u
...
[Profiles]
  path = /home/profiles
  browseable = no
  guest ok = yes
  writable = yes
[netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no



--
=
Martin Koníček
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind joins with domain name , not netbios name

[Jason Gerfen]

Turki Al-Ibrahim wrote:


Hi,

I am having a problem with Winbind:

First, some information ..
Domain name :TESTDOM
PDC's Netbios name : ubuntu
Samba version : 3.0.20 (lateset patches installed) with LDAP backend.
Linux : Ubuntu 2.6.10

Samba is running smoothly, with no problems.

I wanted to use Winbind, so I followed Samba HowTo - chapter 23
http://us5.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634776

I wanted to configure winbind to use the domain installed in the same
server, so I joined using this command :
net join -U administrator

It says Joined Domain TESTDOM , and a machine account is created in LDAP
with the following attributes :

dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com
objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
cn: ubuntu$
sn: ubuntu$
uid: ubuntu$
uidNumber: 1006
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012
sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031
displayName: Computer
sambaPwdCanChange: 1127424362
sambaPwdMustChange: 2147483647
sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E
sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955
sambaPwdLastSet: 1127424362
sambaAcctFlags: [S ] (S should be for server trust account , is this normal
?)

Then , I start Winbind.

Here is the output of wbinfo -u , -g & -t

[EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -u
Error looking up domain users

[EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -g
BUILTIN\Print Operators
BUILTIN\Backup Operators
BUILTIN\Replicators

[EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc022)
Could not check secret

When performing the command wbingo -t (to check secret), smbd logs :

ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0
[2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation TESTDOM$: no account in domain

The machine account it is searching is TESTDOM$ , which is the domain name ,
not the netbios name.

Can any body help me with this one ?

Thanks & Regards.

Here's smb.conf :
[global]
workgroup = TESTDOM
netbios name = ubuntu
syslog = 0
log level = 4
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No

add user script = /usr/sbin/smbldap-useradd -a -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'

domain logons = Yes
domain master = yes
wins support = yes
printing = CUPS

ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=testdom,dc=com
passdb backend = ldapsam:"ldap://127.0.0.1/";
ldap delete dn = yes
ldap suffix = dc=testdom,dc=com
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://localhost

time server = yes
logon path =
logon home =
idmap uid = 15000-2
idmap gid = 15000-2
template shell = /bin/bash
security = user
 


%> net ads leave #need to leave domain if applicable
set:
security = ads
then rejoin domain
%> net ads join -U Administrator
%> wbinfo --sequence
%> getent passwd
That last command should list the users you are attempting to 
authentication using the NTLM auth. mechanism



winbind use default domain = yes

[homes]
comment = Home Directories
valid users = %S
writeable = yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /samba/netlogon
browseable = no
guest ok = yes
 




--
Jason Gerfen
Student Computing Labs, University Of Utah
[EMAIL PROTECTED]

J. Willard Marriott Library
295 S 1500 E, Salt Lake City, UT 84112-0860
801-585-9810

"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Re: ACLs with Problem

[Luis Henrique de Faria Guimarães]

I believe that you it did not understand my explanation.  I have a Linux server 
executing samba intergrated with a server windows 2003 (PDC).  Linux is using 
the users of windows 2003 saw winbind.  But, the permissions for these of 
archive do not function.  When I try to change the permissions of an archive in 
the sharing of the samba, it I do not function.  The part of ACL of the samba 
is not functioning, you understood me.
The command getfacl sample that support ACL is functioning in the server linux. 
 It sees my /etc/fstab:
LABEL=/ /   ext3defaults,acl1 1
LABEL=/boot /boot   ext3defaults1 2
LABEL=/data /data   ext3defaults,acl1 2
none/dev/ptsdevpts  gid=5,mode=620  0 0
none/proc   procdefaults0 0
none/dev/shmtmpfs   defaults0 0
/dev/cciss/c0d0p2   swapswapdefaults0 0
/dev/cdrom  /mnt/cdrom  udf,iso9660 
noauto,owner,kudzu,ro 0 0
/dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0

You can help this problem me?

Luís Henrique
-Mensagem original-
De: paul kölle [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 22 de setembro de 2005 13:15
Para: samba@lists.samba.org
Assunto: [Samba] Re: ACLs with Problem


Luis Henrique de Faria Guimarães wrote:
> With this configuration the users of the PDC (windows 2003) are 
> authenticantion way telnet 
> without problem.  However, the ACL do not function.  They see the exit with 
> command getfacl teste.txt:
> 
> [EMAIL PROTECTED] teste]# getfacl teste.txt
> # file: teste.txt
> # owner: root
> # group: Domain Users
> user::rwx
> user:henrique:rw-
> group::r--
> mask::rw-
> other::r--
Can you please describe what you expected to see here and why?

> 
> The user henrique appears in linux, but he does not appear in windows.
Then I'd say he's a linux user and not from AD via winbind right?

> When I try to add permissions through windows appears a message of "denied 
> access".
If that is a "correct" result largely depends which user is logged in to
the windows workstation. It would be helpful if you set samba to a
moderate debug level, and provide the relevant logs generated when the
desired operation(s) fail.


hth
 Paul


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbind joins with domain name , not netbios name

[Turki Al-Ibrahim]

Hi,

I am having a problem with Winbind:

First, some information ..
Domain name :TESTDOM
PDC's Netbios name : ubuntu
Samba version : 3.0.20 (lateset patches installed) with LDAP backend.
Linux : Ubuntu 2.6.10

Samba is running smoothly, with no problems.

I wanted to use Winbind, so I followed Samba HowTo - chapter 23
http://us5.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634776

I wanted to configure winbind to use the domain installed in the same
server, so I joined using this command :
net join -U administrator

It says Joined Domain TESTDOM , and a machine account is created in LDAP
with the following attributes :

dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com
objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
cn: ubuntu$
sn: ubuntu$
uid: ubuntu$
uidNumber: 1006
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012
sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031
displayName: Computer
sambaPwdCanChange: 1127424362
sambaPwdMustChange: 2147483647
sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E
sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955
sambaPwdLastSet: 1127424362
sambaAcctFlags: [S ] (S should be for server trust account , is this normal
?)

Then , I start Winbind.

Here is the output of wbinfo -u , -g & -t

[EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -u
Error looking up domain users

[EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -g
BUILTIN\Print Operators
BUILTIN\Backup Operators
BUILTIN\Replicators

[EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc022)
Could not check secret

When performing the command wbingo -t (to check secret), smbd logs :

ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0
[2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
 get_md4pw: Workstation TESTDOM$: no account in domain

The machine account it is searching is TESTDOM$ , which is the domain name ,
not the netbios name.

Can any body help me with this one ?

Thanks & Regards.

Here's smb.conf :
[global]
workgroup = TESTDOM
netbios name = ubuntu
syslog = 0
log level = 4
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No

add user script = /usr/sbin/smbldap-useradd -a -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'

domain logons = Yes
domain master = yes
wins support = yes
printing = CUPS

ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=testdom,dc=com
passdb backend = ldapsam:"ldap://127.0.0.1/";
ldap delete dn = yes
ldap suffix = dc=testdom,dc=com
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://localhost

time server = yes
logon path =
logon home =
idmap uid = 15000-2
idmap gid = 15000-2
template shell = /bin/bash
security = user
winbind use default domain = yes

[homes]
comment = Home Directories
valid users = %S
writeable = yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /samba/netlogon
browseable = no
guest ok = yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Not the same folder size on a Linux workstation and on a Windows workstation

[Jean Lee]

Birger Wathne a écrit :


Could it simply be that the folders have different size?
You could check the files within a folder and then the folder to look 
for differences.

Perhaps also look at an empty folder.



Hi,

Thank you for your answer.
Well, I found where is my problem :

My mail storage folder is a subdirectory of the local folder (which is 
copied to the linux workstation). As I am subscribed in a lot of mailing 
lists, this folder is updated very quickly.
If I do a copy of the local folder to the Linux workstation, the local 
folder and the remote folder are not very long the same and the local 
folder is always greater than the remote folder. The difference in the 
'Size' property comes always from the mail storage folder. All other 
folders have the same size.


It was so easy  :)

Bye,

Jean

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] strange error 1937

[Mario Gzuk]

Hi again,
Nobody can help me on this mailing list or are there some missing
informations? Maybe there is an other mailing list for such problems?

thank you 

greetings mario

> Hi,
> After configuring and populating I try to add the accounts from a NT4
> domain.
> The "net rpc samdump -S SERVERNAME" works as expected.
> I can see the Password hashes and all computers and users.
> After that I try to NET VAMPIRE.
> The groups were added fine but for each computer and user account I get
> this error:
> 
> ...passdb/pdb_ldap.c:ldapsam_add_sam_account(1937)
> ldapsam_add_sam_account: failed to modify/add user with uid = .
> 
> the normal smbldap-useradd works also as expected. I try all findable
> documentation and searched for this error but found nothing. I try it
> with samba 3.0.13 and 3.0.14 / smbldap-tools 0.9.0 and 0.9.1 with the
> same result
> 
> 
> ---SNIP-
> The ldap log tell me:
>  conn=2 op=94 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=user2))"
>  conn=2 op=94 SRCH attr=uid userPassword uidNumber gidNumber cn
> homeDirectory loginShell gecos description objectClass
>  conn=2 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text=
>  conn=1 op=186 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
>  conn=1 op=186 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
>  conn=1 op=186 SEARCH RESULT tag=101 err=0 nentries=0 text=
>  conn=1 op=187 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(&(objectClass=sambaSamAccount)(uid=user2))(objectClass=sambaSamAccount))"
>  conn=1 op=187 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
>  conn=1 op=187 SEARCH RESULT tag=101 err=0 nentries=0 text=
>  conn=1 op=188 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
>  conn=1 op=188 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
>  conn=1 op=188 SEARCH RESULT tag=101 err=0 nentries=0 text=
>  conn=1 op=189 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=sambaSamAccount)(uid=user2))"
>  conn=1 op=189 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
>  conn=1 op=189 SEARCH RESULT tag=101 err=0 nentries=0 text=
>  conn=1 op=190 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))"
>  conn=1 op=190 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
>  conn=1 op=190 SEARCH RESULT

[Samba] sambaSID generation for machine accounts...

[Roger Eisenecher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi List

We are using Samba 3.0.13 with LDAP as our backend. We are using WinXP
in our environement where we reload the machines from time to time with
some imaging technology. During this process the machines joins
automatically the (samba-) domain. In most cases this works without
problems. But some machines could not join the domain due some error
while joinig the domain. After some investigation I found in the log
file of samba that the machine which tried to join the domain generated
a sambaSID which was already used for another machine. So my question
how could this happen? Any ideas?

kindly regards
rOger
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDM+K6pF3l9rYt4bARAisDAKCfGhjDh9pfikhMIcbFcf8Qfq/lgQCfXTiA
nV0+vYfEugHm3A3o+fzsXLg=
=eSFX
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Not the same folder size on a Linux workstation and on a Windows workstation

[Jean Lee]

Hi all,

I made a copy of a folder from a WINXP SP2 to a Linux workstation shared 
folder. After the copy and from the WINXP SP2 workstation, i look the 
properties of the remote folder (the copied folder on the Linux 
workstation) and of the local folder (the original folder on the WINXP 
workstation)


For the remote folder, I have :
   - 29764 files
   - 2427 folders
   - Size : 6868067,965 bytes
   - Size on disk : 6884156,416 bytes

and for the local folder, I have :
   - 29764 files
   - 2427 folders
   - Size : 6865812,159 bytes
   - Size on disk : 6938199,838 bytes

I think that the differences on the 'Size on disk' properties comes from 
the files fragmentation on the disks


But I don't understand why the 'Size' properties are not the same.
Can anybody explain it to me ?

Thank you for your answer,

Jean LEE

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] locked file

[stefanke]

Hi all,

I have a strange locking file problem. I cannot open (read only) a file 
(alais.dbf) from my windows box but form the linux box it is possible to read 
the file. I has something to do with samba.


loglevel 10 output nt-client:
-
[2005/09/23 11:20:24, 10] locking/locking.c:is_locked(109)
  is_locked: brl start=0 len=512 unlocked for file database.aww.sav/alais.dbf
[2005/09/23 11:20:24, 10] locking/posix.c:is_posix_locked(706)
  is_posix_locked: File database.aww.sav/alais.dbf, offset = 0, count = 512, 
type = READ
[2005/09/23 11:20:24, 10] locking/posix.c:posix_lock_in_range(642)
  posix_lock_in_range: offset_out = 0, count_out = 512
[2005/09/23 11:20:24, 8] locking/posix.c:posix_fcntl_lock(659)
  posix_fcntl_lock 24 12 0 512 0
[2005/09/23 11:20:24, 8] lib/util.c:fcntl_lock(1815)
  fcntl_lock 24 12 0 512 0
[2005/09/23 11:20:24, 3] lib/util.c:fcntl_lock(1834)
  fcntl_lock: fd 24 is locked by pid 16961
[2005/09/23 11:20:24, 8] locking/posix.c:posix_fcntl_lock(689)
  posix_fcntl_lock: Lock call successful
[2005/09/23 11:20:24, 10] locking/locking.c:is_locked(121)
  is_locked: posix start=0 len=512 locked for file database.aww.sav/alais.dbf
[2005/09/23 11:20:24, 3] smbd/error.c:error_packet(147)
  error packet at smbd/reply.c(2658) cmd=46 (SMBreadX) 
NT_STATUS_FILE_LOCK_CONFLICT


Any suggestions ?


cheers
Stefan


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problems logging in as guest from a windows2k system

[gnamasiv]

Hi,
 
I had been using samba 3.0.14 and the DC is a Windows2K3 server. I
have setup guest printing.(please see the smb.conf) and am able to view
the printer shares from another Windows2k3 server in another domain.
However, I am not able to access the same shares from Windows 2000
server in another domain. Please let me know if I am doing anything
wrong.
 
[global]
idmap uid = 7-20
idmap gid = 7-20
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind use default domain = yes
printcap name = cups
load printers = yes
printing = cups
cups options = "raw"
force printername = yes
lpq cache time = 0
log file = /local/local1/errorlog/samba.log
max log size = 5
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
smb ports = 50139
local master = no
domain master = no
preferred master = no
dns proxy = no
template homedir = /local/local1/
template shell = /admin-shell
client schannel = no
printer admin = @printeradmin
addprinter command = /usr/bin/addprinter1.pl
map to guest = bad password
guest account = guestuser
deleteprinter command = /usr/bin/removeprinter
log level = 10
workgroup = LAB2003DOMAIN
netbios name = coolpc
wins server = 11.12.10.124
password server = 11.12.10.124
security = domain
 

[print$]
path = /state/samba/printers
guest ok = yes
browseable = yes
read only = yes
write list = @printeradmin
force user = root
force group = root
 

[printers]
comment = All Printers
path = /local/local1/spool/samba
browseable = no
guest ok = yes
writable = no
printable = yes

I think it is because of this error. Not sure. Also, Should I be setting
any other parameter in smb.conf to make it work.
 
logs:
 
[2005/09/23 06:03:26, 10] lib/util.c:dump_data(1995)
  [000] 6F 64 69 2D 6D 67 74 2D  63 65 32 00 00 00 00 00  odi-mgt-
ce2.
  [010] 60 28 06 06 2B 06 01 05  05 02 A0 1E 30 1C A0 0E  `(..+...
0...
  [020] 30 0C 06 0A 2B 06 01 04  01 82 37 02 02 0A A3 0A  0...+...
..7.
  [030] 30 08 A0 06 1B 04 4E 4F  4E 450.NO NE
[2005/09/23 06:03:26, 6] lib/util_sock.c:write_socket(449)
  write_socket(25,131)
[2005/09/23 06:03:26, 6] lib/util_sock.c:write_socket(452)
  write_socket(25,131) wrote 131
[2005/09/23 06:03:26, 10] lib/util_sock.c:read_socket_data(378)
  read_socket_data: recv of 4 returned 0. Error = Success
[2005/09/23 06:03:26, 10] lib/util_sock.c:receive_smb_raw(556)
  receive_smb_raw: length < 0!
[2005/09/23 06:03:26, 3] smbd/process.c:timeout_processing(1334)
  timeout_processing: End of file from client (client has disconnected).
[2005/09/23 06:03:26, 5] lib/gencache.c:gencache_shutdown(88)
  Closing cache file
[2005/09/23 06:03:26, 5] libsmb/namecache.c:namecache_shutdown(79)
  namecache_shutdown: netbios namecache closed successfully.
[2005/09/23 06:03:26, 3] smbd/sec_ctx.c:set_sec_ctx(287)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/09/23 06:03:26, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/09/23 06:03:26, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0

Thanks,
Guru.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with starting smbd and nmbd

[Patrick Steiner]

What do you want to do? please give some more infos...

Victor Rauls wrote:
> I need to change the server and master name on the node.  How is that done.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba with Mysql, compilation problem.

[Pierre MARTIN]

Hello Collen,

Thanks for your help again!
I have tryed already to rename mysql.so to the expected plugin name, it just
cant be loaded. These have been done with version 3.0.14 AND 3.0.20, it has
the same effect = nothing.

I will probably follow your advices and try to find a minor version before
3.0.14. But before i want to try with what you say here
--enable-static=mysql can you explain me what it does and what i have to
expect?

Thanks a lot Collen!
Pierre

On 9/23/05, (C)ollen <[EMAIL PROTECTED]> wrote:
>
> it is know that the mysql passwd backend is buggy/not working with samba
> 3.0.20. (maybe it's fixed in the new release ??)
> the fact that you have a mysql.so, tells me that you build the module as
> shared library.
> here are some thoughts:
>
> 1) try renaming the module to pdb_mysql.so
> 2) build it as static (./configure --with-expsam=mysql
> --enable-static=mysql)
> 3) use a samba version prior to 3.0.20 ( <- 3.0.14 )
>
> i couldn't make the mysql module work either, so we're still running the
> 11 version...
>
> Greetz..
>
> Collen Blijenberg (C=)
>
> MARTIN Pierre wrote:
> > Hello everybody,
> > For those who have followed the mysql plugin compilation problem, here
> > are some new information:
> > I have tryed everything to make it work from the debian sources, not
> > successfully.
> > So i have downloaded the TGZ sources from samba.org 
> > (version is
> 3.0.20).
> > I have started the basic ./configure
> > script with params --with-expsam=xml,mysql
> > --with-mysql-prefix=/usr/include/mysql/
> > It worked so i started to make the compilation. It also have compiled
> > successfully. But as usual with the debian source version, it did not
> > compile any pdb_mysql.so. The only thing i get is a mysql.so lib, but it
> > cant be loaded as a plugin...
> >
> > Any idea is really welcome, since i begin to lose the faith :)
> > Bye bye and thank you all!
> > Pierre
> >
> > P.S.: Here is the end of the compilation process:
> > Compiling modules/vfs_recycle.c with -fPIC
> > Building plugin bin/recycle.so
> > Compiling modules/vfs_audit.c with -fPIC
> > Building plugin bin/audit.so
> > Compiling modules/vfs_extd_audit.c with -fPIC
> > Building plugin bin/extd_audit.so
> > Compiling modules/vfs_full_audit.c with -fPIC
> > Building plugin bin/full_audit.so
> > Compiling modules/vfs_netatalk.c with -fPIC
> > Building plugin bin/netatalk.so
> > Compiling modules/vfs_fake_perms.c with -fPIC
> > Building plugin bin/fake_perms.so
> > Compiling modules/vfs_default_quota.c with -fPIC
> > Building plugin bin/default_quota.so
> > Compiling modules/vfs_readonly.c with -fPIC
> > Compiling modules/getdate.c with -fPIC
> > Building plugin bin/readonly.so
> > Compiling modules/vfs_cap.c with -fPIC
> > Building plugin bin/cap.so
> > Compiling modules/vfs_expand_msdfs.c with -fPIC
> > Building plugin bin/expand_msdfs.so
> > Compiling modules/vfs_shadow_copy.c with -fPIC
> > Building plugin bin/shadow_copy.so
> > Compiling passdb/pdb_xml.c with -fPIC
> > Building plugin bin/xml.so
> > Compiling passdb/pdb_mysql.c with -fPIC
> > Building plugin bin/mysql.so
> > Compiling modules/CP850.c with -fPIC
> > Building plugin bin/CP850.so
> > Compiling modules/CP437.c with -fPIC
> > Building plugin bin/CP437.so
> >
> >
> > (C)ollen wrote:
> >
> >> hmm.. try
> >>
> >> ./configure --with-expsam=mysql --with-shared-modules=pdb_mysql
> >>
> >> mysql lib's in the: /usr/lib/mysql (symlink will do)
> >> mysql headers in the: /usr/include/mysql (symlink will do)
> >>
> >> you can compile the mysql_backend into samba so there isn't an
> >> external module !
> >>
> >> your problem is that samba can't find the header files from mysql (.h)
> >> I think that the guy's from debian left the mysql backend out,
> >> coz' it's somewhat experimental, and lackes support..
> >> never the less, it works, and we have it up and running for almost
> >> 2years now!!
> >>
> >> have fun
> >>
> >> Collen Blijenberg (MLHJ)
> >>
> >> MARTIN Pierre wrote:
> >>
> >>> First i would like to say hello to everybody here, because i am new
> >>> to this ML.
> >>>
> >>> So here is the description of my problem:
> >>> I began with a clean samba installation from the stable branch few
> >>> monthes ago, everything was just fine, i have a linux box which was
> >>> sharing files for another linux workstation and two WinXP laptops.
> >>> The sharing linux box is a debian stable branch O/S, which is my
> >>> choice for a long time now.
> >>>
> >>> Few weeks ago, i decided to make my sparkling samba installation
> >>> virtual-users aware, and i began to crawl on various websites, all
> >>> explaining the smb.conf parametters to give. I figured out that i was
> >>> just not able to make it run because of a main problem, the apt-get
> >>> samba gave me a non mysql-powered-samba version :(
> >>>
> >>> So i removed the samba package from the computer, and dowloaded the
> >>> debian source of it. Basic source, untared, and had a look to the
> >>> debian/rule fi

[Samba] Building 3.0.20 for ubuntu

[Leen Toelen]

Hi,

I am trying to build samba 3.0.20 on an ubuntu amd64 machine.
Compiling works, but if I try to build the packages, I get this error:

...
include/proto.h:7483: warning: data definition has no type or storage class
include/proto.h:7484: error: syntax error before 'DIR'
include/proto.h:7485: error: syntax error before 'DIR'
include/proto.h:7486: error: syntax error before 'DIR'
include/proto.h:7487: error: syntax error before 'DIR'
include/proto.h:7490: error: syntax error before 'DIR'
include/proto.h:7514: warning: 'struct utimbuf' declared inside parameter list
In file included from dynconfig.c:21:
include/includes.h:1090: warning: conflicting types for built-in
function 'memmove'
include/includes.h:1114: error: 'ftruncate' redeclared as different
kind of symbol
include/vfs.h:259: error: previous declaration of 'ftruncate' was here
dynconfig.c:60: error: 'CODEPAGEDIR' undeclared here (not in a function)
make[1]: *** [dynconfig.o] Error 1
make[1]: Leaving directory `/home/user/samba/samba-3.0.20/source'
make: *** [build-stamp] Error 2

Has anyone seen this before?

Regards,
Leen Toelen
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] net rpc vampire / Question or Problem?

[Dirk.Laurenz]

Hi,

i'm thinking about some overflows or something like that.
What do you think about that. 

Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland 
Professional Service Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/services/index.html
***
  

-|  -Original Message-
-|  From: Michael Gasch [mailto:[EMAIL PROTECTED] 
-|  Sent: Friday, September 23, 2005 8:39 AM
-|  To: Laurenz, Dirk
-|  Cc: samba@lists.samba.org
-|  Subject: Re: [Samba] net rpc vampire / Question or Problem?
-|  
-|  [EMAIL PROTECTED] wrote:
-|  > how big is your domain?
-|  > here're over 4000 users and 2000 groups...
-|  not that big :)
-|  1500 ldap users, 300 of them with sambaaccounts
-|  ~50 groups
-|  
-|  but that doesn't matter. does it?
-|  
-|  
-|  
-|  -- 
-|  Michael Gasch
-|  Max Planck Institute for Evolutionary Anthropology
-|  Department of Human Evolution (IT)
-|  Deutscher Platz 6
-|  D-04103 Leipzig
-|  Germany
-|  
-|  Phone: 49 (0)341 - 3550 137
-|  
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba samba cross subnet browsing

[2male / Jonathan Salomon]

Hi!

I am having some trouble with a samba domain distributed over 2 subnets 
 (192.168.0.0/23 (supernetted) & 192.168.4.0/24). These subnets are 
linked over the internet through a IPSec gateway to gateway (network to 
network) connection (i.e. all machines can reach/ping each other on both 
subnets). The samba PDC (with LDAP backend) has IP 192.168.0.4 and there 
is a BDC (LDAP slave) in the other subnet at IP 192.168.4.2.


The problem is that login of the WinXP clients on the 192.168.4.0/24 
subnet is really slow and I suspect this is caused by data getting sent 
through the (relatively slow) IPSec connection while this is not 
necessary because the BDC should offer all services (like authentication 
and profiles/homedirs).


Until recently I had these settings on the PDC in the smb.conf:

  domain logons = Yes
  os level = 65
  preferred master = Yes
  domain master = Yes
  wins support = Yes

and this on the BDC:

  domain logons = Yes
  os level = 65
  preferred master = Yes
  domain master = No
  wins support = No
  wins server = 192.168.0.4

All machines in both subnets would get 192.168.0.4 (PDC) as WINS server 
by the dhcp server. However like stated before this works very slow. 
Does anyone know if this is actually is a good approach and the slowness 
is cuased by something else?


Anyway I read on a previous posting to this list (and the manual) that 
it's possible to use remote browse sync to sync the browse lists. So I 
decided to change the strategy and configure the PDC as below:


  domain logons = Yes
  os level = 65
  preferred master = Yes
  domain master = Yes
  wins support = Yes
  remote browse sync = 192.168.4.2

and the BDC as below:

  domain logons = Yes
  os level = 65
  preferred master = Yes
  domain master = No
  wins support = Yes
  remote browse sync = 192.168.0.4

And with this setup the machines in the 192.168.0.0/23 subnet are 
getting 192.168.0.4 as WINS server and the machines in the 
192.168.4.0/24 subnet 192.168.4.2.


After restarting samba the PDC shows this in the log.nmbd:

[2005/09/22 16:51:38, 0] 
nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488)

  get_domain_master_name_node_status_fail:
  Doing a node status request to the domain master browser at IP 
10.0.1.10 failed.

  Cannot get workgroup name.

I don't really understand where the 10.0.1.10 comes from as that 
machines has no routing/interface configured to such subnet.


At the BDC side the log.nmbd shows:

[2005/09/22 15:55:47, 0] 
nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)

  find_domain_master_name_query_fail:
  Unable to find the Domain Master Browser name DOMAIN<1b> for the 
workgroup DOMAIN.

  Unable to sync browse lists in this workgroup.

And indeed the browselists on both subnets do not show each other's 
machines. Does anyone know what I am doing wrong here? And I would 
really appreciate if someone could comment om which of both strategies 
is best.


Thanks!
Jonathan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba with Mysql, compilation problem.

[(C)ollen]

it is know that the mysql passwd backend is buggy/not working with samba 
3.0.20. (maybe it's fixed in the new release ??)
the fact that you have a mysql.so, tells me that you build the module as 
shared library.

here are some thoughts:

1) try renaming the module to pdb_mysql.so
2) build it as static (./configure --with-expsam=mysql 
--enable-static=mysql)

3) use a samba version prior to 3.0.20 ( <- 3.0.14 )

i couldn't make the mysql module work either, so we're still running the 
11 version...


Greetz..

Collen Blijenberg (C=)

MARTIN Pierre wrote:

Hello everybody,
For those who have followed the mysql plugin compilation problem, here 
are some new information:
I have tryed everything to make it work from the debian sources, not 
successfully.
So i have downloaded the TGZ sources from samba.org (version is 3.0.20). 
I have started the basic ./configure
script with params --with-expsam=xml,mysql 
--with-mysql-prefix=/usr/include/mysql/
It worked so i started to make the compilation. It also have compiled 
successfully. But as usual with the debian source version, it did not 
compile any pdb_mysql.so. The only thing i get is a mysql.so lib, but it 
cant be loaded as a plugin...


Any idea is really welcome, since i begin to lose the faith :)
Bye bye and thank you all!
Pierre

P.S.: Here is the end of the compilation process:
Compiling modules/vfs_recycle.c with -fPIC
Building plugin bin/recycle.so
Compiling modules/vfs_audit.c with -fPIC
Building plugin bin/audit.so
Compiling modules/vfs_extd_audit.c with -fPIC
Building plugin bin/extd_audit.so
Compiling modules/vfs_full_audit.c with -fPIC
Building plugin bin/full_audit.so
Compiling modules/vfs_netatalk.c with -fPIC
Building plugin bin/netatalk.so
Compiling modules/vfs_fake_perms.c with -fPIC
Building plugin bin/fake_perms.so
Compiling modules/vfs_default_quota.c with -fPIC
Building plugin bin/default_quota.so
Compiling modules/vfs_readonly.c with -fPIC
Compiling modules/getdate.c with -fPIC
Building plugin bin/readonly.so
Compiling modules/vfs_cap.c with -fPIC
Building plugin bin/cap.so
Compiling modules/vfs_expand_msdfs.c with -fPIC
Building plugin bin/expand_msdfs.so
Compiling modules/vfs_shadow_copy.c with -fPIC
Building plugin bin/shadow_copy.so
Compiling passdb/pdb_xml.c with -fPIC
Building plugin bin/xml.so
Compiling passdb/pdb_mysql.c with -fPIC
Building plugin bin/mysql.so
Compiling modules/CP850.c with -fPIC
Building plugin bin/CP850.so
Compiling modules/CP437.c with -fPIC
Building plugin bin/CP437.so


(C)ollen wrote:


hmm.. try

./configure --with-expsam=mysql --with-shared-modules=pdb_mysql

mysql lib's in the: /usr/lib/mysql (symlink will do)
mysql headers in the: /usr/include/mysql (symlink will do)

you can compile the mysql_backend into samba so there isn't an 
external module !


your problem is that samba can't find the header files from mysql (.h)
I think that the guy's from debian left the mysql backend out,
coz' it's somewhat experimental, and lackes support..
never the less, it works, and we have it up and running for almost 
2years now!!


have fun

Collen Blijenberg (MLHJ)

MARTIN Pierre wrote:

First i would like to say hello to everybody here, because i am new 
to this ML.


So here is the description of my problem:
I began with a clean samba installation from the stable branch few 
monthes ago, everything was just fine, i have a linux box which was 
sharing files for another linux workstation and two WinXP laptops. 
The sharing linux box is a debian stable branch O/S, which is my 
choice for a long time now.


Few weeks ago, i decided to make my sparkling samba installation 
virtual-users aware, and i began to crawl on various websites, all 
explaining the smb.conf parametters to give. I figured out that i was 
just not able to make it run because of a main problem, the apt-get 
samba gave me a non mysql-powered-samba version :(


So i removed the samba package from the computer, and dowloaded the 
debian source of it. Basic source, untared, and had a look to the 
debian/rule file. I saw there was any parametters given about mysql 
building, so i also had a look at the configure script's options. It 
always compiles the brand new warm .deb packages (after i fixed some 
lacky dependencies, i had to make a fake mysql-common package by 
myselve, because i already had mysql installed from sources and did 
not want to install the deb package, etc...). I'm now totally lost, i 
have try everything and i can't get this pdb_mysql.so "plugin" ready :(


So maybe i have miss something, maybe there is another way to make it 
as i wish to be, maybe there is a simple way to indirectly link samba 
to mysql with pam (I don't know PAM rules at all, i neither don't 
know how it works).


It has been 4 days i'm looking for a solution, mailing random people 
i find on websites, no answers from them.


Please if somebody has any clue, let me know a link, a sound, a 
color, anything to find a way to make it work...

Anything to make it work fro