[Samba] Multiple Page Print Jobs Wont Sort

[frame down under]

-- Forwarded message --
From: frame down under <[EMAIL PROTECTED]>
Date: 28-Sep-2005 00:41
Subject: Re: [Samba] Multiple Page Print Jobs Wont Sort
To: John Ward <[EMAIL PROTECTED]>


Is there any indication why a local printer sorts ok, but a networked
printer doesn't ?

Frank

On 27/09/05, John Ward <[EMAIL PROTECTED]> wrote:
>
> >
> > From: frame down under <[EMAIL PROTECTED]>
> > Date: 2005/09/27 Tue PM 12:52:36 PDT
> > To: samba@lists.samba.org
> > Subject: [Samba] Multiple Page Print Jobs Wont Sort
> >
> > Hello List,
> >
> > Im running samba 3 with cups. When I change the sort order in msword
> > when printing multiple pages the sort order is stuck to page 1,1 then
> > page 2,2 etc.
> >
> > So printing 2 copies of a multiple page ducument will not result in a
> > sort order of 1,2,3 .. per document.
> >
> > I'm running multiple HPjetdirect printers in a mixed windows
> > environment, using client printer driver = yes. However, using cups
> > drivers or raw queue'ing doesn't solve the issue.
> >
> > Any hints would be greatly appriciated.
> >
> > Frank
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> I have noticed this also, if you print to a 'local' printer then all is ok, 
> if you print to a Windows spooled printer, good luck.
>
> John.
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] FW: Need HELP in upgrading SAMBA 2.2.12 to 3.0.20

[Agda Maria Galli Cartolano]

  _  

From: Agda Maria Galli Cartolano 
Sent: Tuesday, September 27, 2005 5:08 PM
To: samba-technical@lists.samba.org
Subject: Need HELP in upgrading SAMBA 2.2.12 to 3.0.20

 

Good people,

 

I need some help...

I am trying to upgrade SAMBA 2.2.12 to 3.0.20 but I am very confused and
cannot find my way...

The SAMBA server is a SunFire V210, Solaris 9, 64 bit server.

I went to the samba web site and downloaded
samba-3.0.20-1-noads-sunos5.9-sparc.pkg.gz.

All the instructions I found were related to installation and not
upgrade.

Does it matter? Is the process the same? Will my old shares (filled up
with 2.2.12 files) be compatible with 3.0.20?

The instructions just tell to gunzip the file, verify the signatures and
pkgadd. 

Sorry but I have never used wget or gpg. How can I get them?

Please HEP !!!

 

Thanks,

 

amgc

 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Excel problem with samba 3.0.4 and 3.0.10

[xuan van]

Yes, you're right! I upgraded samba to 3.0.20 and the problem seems to 
go away.


Thanks,

Xuan

Jeremy Allison wrote:


On Mon, Sep 26, 2005 at 09:55:04AM -0700, xuan van wrote:
 


Problem Description
==
Open and close without saving EXCEL files causes time stamp updated
Problem occurs on both samba versions 3.0.4 and 3.0.10

I am looking for a solution to this problem.

I would appreciate any help.

Thanks in advance
   



This was fixed for 3.0.20 I believe...

Jeremy.

 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Excel problem with samba 3.0.4 and 3.0.10

[xuan van]

I applied the fix for my test system running SunOS 2.9 + samba 3.0.10 on 
a ufs file system.

I've done the following:

# umount /export/home
# mount -o noatime /dev/dsk/c0t0d0s7 /export/home
# ls -lu /export/home/TEST.xls -> record access time
# ls -l /export/home/TEST.xls  -> record modification time

From PC , I accessed and opened/closed the exel file TEST.xls.
modification time got updated ,not access time. So far I have
tried Exel 2000 and Exel 2003. I verified that "autosave" was
disabled but the file's timestamp still got updated. Any idea?!

Thanks,

Xuan

Kevin W. Gagel wrote:


Read up on atime here:
http://www.faqs.org/docs/securing/chap6sec73.html
Its what you're after.

- Original Message -
From: xuan van <[EMAIL PROTECTED]>
To: samba@lists.samba.org
Subject: [Samba] Excel problem with samba 3.0.4 and 3.0.10
Date: Mon, 26 Sep 2005 09:55:04 -0700

 


Problem Description
==
Open and close without saving EXCEL files causes time stamp
updated Problem occurs on both samba versions 3.0.4 and
3.0.10

I am looking for a solution to this problem.

I would appreciate any help.

Thanks in advance

Xuan



--
To unsubscribe from this list go to the following URL and
read the instructions: 
https://lists.samba.org/mailman/listinfo/samba
   



=
Kevin W. Gagel
Network Administrator
Information Technology Services
(250) 562-2131 local 448


---
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
Anti-spam information for CNC can be found at http://avas.cnc.bc.ca
---

 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Login to windows with samba running as domain master doesn't set HOMEPATH environment variable

[Carter, Derek]

I'm running samba as a domain master,
Have implemented roaming profiles (correctly I hope). However, have
discovered that if I use the client Windows 2K machine on the domain
"Local machine" the environment variable %HOMEPATH% is set correctly to
\Documents and Settings\myname however if I then login to my domain
implemented by samba %HOMEPATH% is simply not defined. HOMEDRIVE and the
rest seem OK, it's just HOMEPATH.

Now I have searched the archives for related questions but nothing
really applicable has come up therefore its going to be something wrong
with my configuration (either server or client) but I really am stuck to
what it could be.

Thanks

Derek

Information -

Server:
OS  SuSE Linux 9.1
Samba   Version 3.0.13-1.1-SUSE
Smb.conf -
# Global parameters
[global]
workgroup = ELMSCLOSE
map to guest = Bad User
unix password sync = Yes
passdb backend = smbpasswd:/etc/samba/smbpasswd
passwd program = /usr/bin/passwd %u
passwd chat = *password* %n\n *password* %n\n *changed*
passwd chat debug = Yes
printcap cache time = 750
printcap name = cups
add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
logon path = \\%L\profiles\.msprofile
logon drive = Y:
logon home = \\%L\%U\.9xprofile
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
admin users = root, derek
printer admin = @ntadmin, root, administrator
cups options = raw
include = /etc/samba/dhcp.conf
template homedir = /home/%D/%U

[homes]
path = /home/%U/
comment = Home Directories
valid users = %S
read only = No
inherit acls = Yes
browseable = No

[profiles]
comment = Network Profiles Service
path = %H
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes

[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root

[public]
comment = Public Shared Directory
path = /home/public
read only = No
inherit acls = Yes

Client:
OS Windows 2000 Pro
Have joined domain ELMSCLOSE without any problems
Have created a user with profiles being copied to LINUX box without
problems
No other changes made
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] file to large

[georgi sotirov]

Stephan Böni wrote:


Hi

I cannont copying files larger than 2 GB over samba share (monted with 
smbmount). Do you have a solution?

Stephan
 


tray this:
mount -t smbfs -o lfs,username=administrator //192.168.0.25/C$ 
/mnt/large_filesystem


options lfs - large filesystem support old ext2 filesystem to manage 
files up than 2GB

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Authentication confusion - may be LDAP related

[paul kölle]

Ric Tibbetts wrote:
> This is from the error log:
> 
>  attempting to make a user_info for u212442 (212442)
>  making strings for u212442's user_info struct
>  making blobs for u212442's user_info struct
>  made an encrypted user_info for u212442 (212442)
>  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
>  getsampwnam (smbpasswd): search by name: u212442
>  check_sam_security: Couldn't find user 'u212442' in passdb.
>  check_ntlm_password:  Authentication for user [212442] -> [u212442]
> FAILED with error NT_STATUS_NO_SUCH_USER
If you can increase the log level for the LDAP server you can see what
filter is used above and find out why the object is not found.
Have you added the sambaSamAccount objectClass and attributes to the
user? You can use smbldap-tools for that.

> 
> Yet, from that same AIX box if I check my id:
> 
> #> id u212442
> uid=1040(u212442) gid=1001(sysadmin)
> 
> So the OS knows the id exists, it's just not passing that info to Samba.
Sorry, I don't know AIX, but if all users and groups samba needs to know
about are in LDAP, you can probably set "ldapsam:trusted = yes" in
smb.conf bypassing the whole NSS story. Read the manpage of smb.conf
what this parameter does.

hth
 Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] When will be released samba 3.0.20a with latest patches ?

[Jeremy Allison]

On Tue, Sep 27, 2005 at 11:22:52PM +0200, Jancio Wodnik wrote:
> >
> >Those will definately be fixed in 3.0.20a.
> >
> >Jeremy.
> >
> > 
> >
> Ok Jeremy. I will keep my eyes on this.

If you want to make sure all your issues are fixed I suggest joining
the Samba Testers list and offering help to test against regressions
with DOS clients. We don't have anyone specifically testing with old
clients at the moment I think, as most people care about W2K/WNT/WXP
and above.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] When will be released samba 3.0.20a with latest patches ?

[Jancio Wodnik]

Jeremy Allison wrote:


On Tue, Sep 27, 2005 at 11:04:38PM +0200, Jancio Wodnik wrote:
 


Hi all.

When will be released samba 3.0.20a with latest patches from this: 
http://us4.samba.org/samba/patches/


There is statement:

*ATTENTION* A patch release, Samba 3.0.20a, is planned for late in the 
week of September 19, 2005. This release will incorporate all the 
patches for 3.0.20 listed on this page as well as a few possible other 
fixes.


We are all after Semptember 19 and there is no samba 3.0.20a :(
   



We're working on it... We're trying to ensure there are no outstanding
critical bugs for 3.0.20a, and I just fixed another DOS client one.

You'd rather it be correct than on time I hope ? :-).

 

P.S. I have upgrade my serwer with samba 3.0.20 but my dos apps hang 
with bug: BUG 3044  and 3060 
 DOS application interoperability 
issues
   



Those will definately be fixed in 3.0.20a.

Jeremy.

 


Ok Jeremy. I will keep my eyes on this.

Jancio Wodnik


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] When will be released samba 3.0.20a with latest patches ?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jeremy Allison wrote:

|
| We're working on it... We're trying to ensure there
| are no outstanding critical bugs for 3.0.20a, and
| I just fixed another DOS client one.
|
| You'd rather it be correct than on time I hope ? :-).

I just updated the patches page to list a notice of the delay.
I put down Oct 7 now as the target date.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDObYWIR7qMdg1EfYRAko7AJ9tqkOHWhRi70w3ifE1v1Tu/RveCACgqyTb
J9sy8p6H502zJkr3cFaXmOs=
=B1ck
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] When will be released samba 3.0.20a with latest patches ?

[Jeremy Allison]

On Tue, Sep 27, 2005 at 11:04:38PM +0200, Jancio Wodnik wrote:
> Hi all.
> 
> When will be released samba 3.0.20a with latest patches from this: 
> http://us4.samba.org/samba/patches/
> 
> There is statement:
> 
> *ATTENTION* A patch release, Samba 3.0.20a, is planned for late in the 
> week of September 19, 2005. This release will incorporate all the 
> patches for 3.0.20 listed on this page as well as a few possible other 
> fixes.
> 
> We are all after Semptember 19 and there is no samba 3.0.20a :(

We're working on it... We're trying to ensure there are no outstanding
critical bugs for 3.0.20a, and I just fixed another DOS client one.

You'd rather it be correct than on time I hope ? :-).

> P.S. I have upgrade my serwer with samba 3.0.20 but my dos apps hang 
> with bug: BUG 3044  and 3060 
>  DOS application interoperability 
> issues

Those will definately be fixed in 3.0.20a.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] When will be released samba 3.0.20a with latest patches ?

[Jancio Wodnik]

Hi all.

When will be released samba 3.0.20a with latest patches from this: 
http://us4.samba.org/samba/patches/


There is statement:

*ATTENTION* A patch release, Samba 3.0.20a, is planned for late in the 
week of September 19, 2005. This release will incorporate all the 
patches for 3.0.20 listed on this page as well as a few possible other 
fixes.


We are all after Semptember 19 and there is no samba 3.0.20a :(

P.S. I have upgrade my serwer with samba 3.0.20 but my dos apps hang 
with bug: BUG 3044  and 3060 
 DOS application interoperability 
issues


So i rolled back to samba 3.0.14a :(

Best regrads,

Jancio Wodnik

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PDC Configuration

[Gustavo Villaran Wiegering]

Hi i need to install samba as pdc of my network, please can anybody can send
me a smb.conf example? or
the steps that i must follow to do that?
 
im new in linux, i have to change from Windows 2003 to RHEL 4.
 
thanks for the help
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Authentication confusion - may be LDAP related

[Ric Tibbetts]

At 02:20 PM 9/27/2005, paul kölle wrote:

Ric Tibbetts wrote:
> dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata
> uid: 1040
> username: u123456
> 
>
> with u123456 being my *nix login.
>
> To me, this looks very wrong (not to mention that there's no dc=).
It looks wrong and the author surely has had no clue what cn means etc.
nevertheless it should work.


Suprisingly enough (maybe not...) this is the 
default configuration from IBM for thier LDAP server.





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Authentication confusion - may be LDAP related

[Ric Tibbetts]

At 02:20 PM 9/27/2005, paul kölle wrote:

Ric Tibbetts wrote:
> dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata
> uid: 1040
> username: u123456
> 
>
> with u123456 being my *nix login.
>
> To me, this looks very wrong (not to mention that there's no dc=).
It looks wrong and the author surely has had no clue what cn means etc.
nevertheless it should work.


> If I'm seeing this right, shouldn't the login be the "uid" not
> "username"? Is that what Samba is looking for?
You can set "ldap filter = (username=%u)" in smb.conf along with a
suitable value for "ldap suffix".

Check the users with "getent passwd" to test if they are visible to the
system.


This is from the error log:

 attempting to make a user_info for u212442 (212442)
 making strings for u212442's user_info struct
 making blobs for u212442's user_info struct
 made an encrypted user_info for u212442 (212442)
 check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
 getsampwnam (smbpasswd): search by name: u212442
 check_sam_security: Couldn't find user 'u212442' in passdb.
 check_ntlm_password:  Authentication for user 
[212442] -> [u212442] FAILED with error NT_STATUS_NO_SUCH_USER


Yet, from that same AIX box if I check my id:

#> id u212442
uid=1040(u212442) gid=1001(sysadmin)

So the OS knows the id exists, it's just not passing that info to Samba.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Authentication confusion - may be LDAP related

[Ric Tibbetts]

At 02:20 PM 9/27/2005, paul kölle wrote:

Ric Tibbetts wrote:
> dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata
> uid: 1040
> username: u123456
> 
>
> with u123456 being my *nix login.
>
> To me, this looks very wrong (not to mention that there's no dc=).
It looks wrong and the author surely has had no clue what cn means etc.
nevertheless it should work.


> If I'm seeing this right, shouldn't the login be the "uid" not
> "username"? Is that what Samba is looking for?
You can set "ldap filter = (username=%u)" in smb.conf along with a
suitable value for "ldap suffix".

Check the users with "getent passwd" to test if they are visible to the
system.


Okay, I tried this. Here's my smb.conf:

# Global parameters
[global]
workgroup = WIN
server string = RX01 %a-%v
security = user
password server = 
username map = /usr/local/samba/private/smbusers
log level = 100
log file = /var/log/samba/%m.log
max log size = 500
wins server = 
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
ldap filter = (username=%u)
ldap admin dn = cn=root
ldap suffix = cn=aixsecdb,cn=aixdata
ldap group suffix = ou=aixgroup
ldap user suffix = ou=aixuser
ldap machine suffix = cn=aixid,ou=system

[Homes]
comment = User Home Directories
valid users = %S
read only = No
guest ok = Yes

Still no good.
I have no "getent" installed.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba/Firewall issues?

[Paul Griffith]

Greetings,

I am running into *possible* Samba/Firewall issues. Our Samba v3.0.11
server is also running iptables. In our log.nmbd file we have
noticed the following:

[2005/09/27 15:43:41, 1] libsmb/cliconnect.c:cli_connect(1313)
  Error connecting to 130.xx.xx.xx (Connection refused)
[2005/09/27 15:50:21, 0] libsmb/nmblib.c:send_udp(790)
  Packet send failed to 130.xx.xx.xx(138) ERRNO=Operation not
  permitted

[2005/09/27 14:07:57, 1] libsmb/cliconnect.c:cli_connect(1313)
  Error connecting to 130.xx.xx.xx (No route to host)
[2005/09/27 14:12:51, 1] libsmb/cliconnect.c:cli_connect(1313)
  Error connecting to 130.xx.xx.xx (Connection refused)
[2005/09/27 14:23:04, 1] libsmb/cliconnect.c:cli_connect(1313)
 
A search turned up the following:
http://seclists.org/lists/bugtraq/2001/Mar/0285.html

Obviously, the netfilter nat code breaks nmap while using the -O flag
or using decoy options. The (sendto in send_tcp_raw: sendto) error is 
a symptom of this. It also breaks other packet shaping utilities such 
as hping, etc., so this does not appear to be an nmap problem. 


I don't believe the connection tracking portion of netfilter is to
blame in this case. In my tests the connection tracking code, whether it was 
loaded as a module or built statically into the kernel, didn't seem to 
get in the way. The cause of the 'sendto..' errors seems to be caused 
solely by the iptable_nat.o module(which is huge, of course). Once you 
load that one, or build it into the kernel, "nmap -O" no
worky. Without it, nmap/hping/everything works just peachy. 


Best Regards, 
Steve
-

Now I have removed iptable_nat with rmmod but I am still seeing
errors. For our end users the error shows up as  Domain not found.

Anyone see these errors before ??

Thanks
Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Authentication confusion - may be LDAP related

[paul kölle]

Ric Tibbetts wrote:
> dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata
> uid: 1040
> username: u123456
> 
> 
> with u123456 being my *nix login.
> 
> To me, this looks very wrong (not to mention that there's no dc=).
It looks wrong and the author surely has had no clue what cn means etc.
nevertheless it should work.


> If I'm seeing this right, shouldn't the login be the "uid" not
> "username"? Is that what Samba is looking for?
You can set "ldap filter = (username=%u)" in smb.conf along with a
suitable value for "ldap suffix".

Check the users with "getent passwd" to test if they are visible to the
system.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.14a-0.4-SUSE winbind -t error with NT4 domain

[bdehn]

I am trying to use winbind on SLES 9 (SP2) with Samba version 
3.0.14a-0.4-SUSE as a member server. Using "wbinfo -u" and "-g" work great 
(and getent passwd/group). When I try "wbinfo -t", I receive the following 
error:

checking the trust secret via RPC calls failed
error code was NT_STATUS_INVALID_COMPUTER_NAME (0xc122)
Could not check secret

With winbind running I can not view shares on system (net view \\xxx). 
>From Windows system I receive:

System error 1210 has occurred.

The format of the specified computer name is invalid.

If I stop winbind, the shares are visible.

I'm sure it is something I have mis-configured but can't find it. Any help 
would be greatly appreciated!!!


Bob Dehn
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple Page Print Jobs Wont Sort

[frame down under]

Hello List,

Im running samba 3 with cups. When I change the sort order in msword
when printing multiple pages the sort order is stuck to page 1,1 then
page 2,2 etc.

So printing 2 copies of a multiple page ducument will not result in a
sort order of 1,2,3 .. per document.

I'm running multiple HPjetdirect printers in a mixed windows
environment, using client printer driver = yes. However, using cups
drivers or raw queue'ing doesn't solve the issue.

Any hints would be greatly appriciated.

Frank
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] error NT_STATUS_ACCESS_DENIED

[Brown, Steve]

Hello

I'm running Samba version 3.0.2a on Solaris 9 and can not get access to
my defined shares.  My config is below.  I believe my configuration is
good and I can see the server in the Windows Network browser but can not
authenticate.  Any one have any ideas?

Thanks

Steve

 

[global]

 

  netbios name  = f2z32-07

  workgroup = LEVEL3

  server string = %h

 

  # do not change anything in the [global] section beyond this point.

 

  # Security settings to allow operation with Windows domain
credentials.

  # Misconfiguration will impact the availability of this system

  #   and is a severity 3 exposure.

  security  = domain

  password server   = *

  allow trusted domains = yes

  encrypt passwords = yes

  client use spnego = yes

 

  # We don't want Samba to become a master browser on the network, and

  # never act as the Primary Domain Controller.

  # Misconfiguration will impact the stability of the  production

  #   network and is a severity 4 exposure.

  local master  = no

  domain logons = no

  domain master = no

 

  # Set up to be a WINS client, but definitely not a WINS server.

  # Misconfiguration will impact the availability of this system

  #   and is a severity 3 exposure.

  wins support  = no

  wins server   = 10.1.7.10 10.1.7.11

 

  # Only allow access from internal clients

  # Misconfiguration could allow unauthorized access and is a

  #   severity 3 exposure.

  hosts allow = 10.0.0.0/8

  hosts deny  = ALL

  interfaces  = 127.0.0.1 10.0.0.0/8

  bind interfaces only = yes

 

 

  # Root is explicitly not allowed access.

  # Misconfiguration could allow connection with root privilege

  #   and is a severity 3 exposure.

  invalid users = root

 

  # Only users in the "ntusers" group are allowed access

  # Misconfiguration could contribute to allowing access

  #   to unauthorized users and is a severity 2 exposure.

  valid users = @ntusers

 

  # We need to map NT usernames to UNIX usernames

  # Misconfiguration could allow unauthorized access and is

  #   a severity 3 exposure.

  username map = /usr/local/samba/lib/usernames.map

 

  # don't allow older, weaker encryption spec to be used

  lanman auth = no

 

  # no OS/2 client support is needed

  lm announce = no

 

  # NT/2000/XP should all be able to cope, and the added strength is
necessary

  min protocol = NT1

 

  # We're on a Local Area Network, so these settings are appropriate

  socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY
SO_RCVBUF=8192 SO_SNDBUF=8192

 

  # Logging options, record Create / Delete / Rename / Perm Change /
Open / Close

  # Misconfiguration will impact monitoring and is a severity 2
exposure.

  vfs objects = extd_audit

  log level = 2

  ; log file = /var/log/samba.log

 

  # Set up umasks for object creation

  # Misconfiguration could allow files to be created with undesireable

  #   permissions and is a severity 2 exposure.

  inherit permissions = no

  create mask = 0644

  directory mask  = 0755

 

  # Authenticated access is required to all resources

  # Misconfiguration could allow unauthorized access to the resources
and

  #   is a severity 3 exposure.

  guest ok = no

 

  # As a further safety, shares are read only by default.

  read only = yes

 

[public]

  path = /home/public

  read only = no

 

#

 

[lecinv]

guest ok  = yes

path  = /lecinv

valid users   = wfarrell,sbrown

writeable = yes

bash-2.05#

 

Steve Brown

Unix Systems Administration

Level 3 Communications

1025 Eldorado Blvd

(720)888-3545

Pager Pin 8774636766

[EMAIL PROTECTED]

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Free space/capacity displayed as garbage...

[samba]

Dear,

I'm having some strange problems with Samba.
I have shared a linux folder on my samba and have mapped it to a drive letter 
in Windows XP (I also tried with Windows 2000).
When I right click my mapped drive and click on properties to view the free 
space and capacity, I get all garbage as can be seen
from the screenshot at:
http://www.nuonsoft.com/temp/samba_free_space.jpg
I'm running the latest version 3.0.20 and it is running on AlphaCore which is 
Fedora Core 3 for the Alpha (64 bit platform). It
compiled without problems with gcc 3.4.3. Because of this issue, I'm unable to 
use my samba network share from programs that check
the freespace before doing something, like for example creating a cd image.
Any help will be appreciated.

My smb.conf is as follows:
[global]
workgroup = GREGOIRE
server string = Alpha Server
printcap name = cups
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 
dns proxy = no
winbind uid = 16777216-33554431
winbind gid = 16777216-33554431
restrict anonymous = no
domain master = no
preferred master = no
max protocol = NT
ldap ssl = No
server signing = Auto
username map = /etc/samba/smbusers

[homes]
comment = Home Directories
browseable = no
read only = no

[printers]
comment = All Printers
path = /var/spool/samba
printable = yes
printer name = EPSPHOTO
guest ok = yes

[mydocs]
case sensitive = no
guest ok = yes
msdfs proxy = no
read only = no
path = /mydocs


Some more system info:
[EMAIL PROTECTED] ~]# smbd --version
Version 3.0.20
[EMAIL PROTECTED] ~]# nmbd --version
Version 3.0.20
[EMAIL PROTECTED] ~]# uname -a
Linux alpha 2.6.11-1.1180axp_FC3 #1 Mon Apr 18 11:34:15 EEST 2005 alpha alpha 
alpha GNU/Linux


If you need other system information, please ask.


Kind Regards,
Marc

--
Marc Gregoire
NuonSoft
Website: http://www.nuonsoft.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Need help with IDMAP storage in LDAP using Winbind

[paul kölle]

Kristof Bruyninckx wrote:
> Hi, I removed the entry for "cn=manager,dc=thales,dc=be" and checked
> with ldapmodigy if I could change the existing NIS users, which seems to
> still work.
> 
> Now I added a user called Admin , output from slapcat :
no, you have not. You authenticate with a DN and a password so a "user"
object in LDAP is identified with a DistinguishedName, not something
with a cn=whatever attribute.
> Any ideas off what I'm doing wrong?

Your accounts are still messed up. You create an entry with DN
uid=root,ou=Idmap,dc=thales,dc=be but your "admin dn" is
"cn=Admin,dc=thales,dc=be" how is that supposed to work?

given the admin should not be used for other stuff (think of least
privileges model;) it could look like:

dn: uid=samba,ou=services,dc=thales,dc=be
objectClass: top
objectClass: simpleSecurityObject
objectClass: account
uid: samba
userPassword: {CLEARTEXT}whatever
description: DN for samba

then you would do:
1. change the ou to your needs
2. change the password
3. fix your ACLs
3. put exactly that DN in your smb.conf
4. run: smbpasswd -w  -> type in password from
step 2.

Of course you can use whatever DN you like, it needs just a userPassword
attribute.

hth
 Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Authentication confusion - may be LDAP related

[Ric Tibbetts]

All;

I think I may have a clue about what's going wrong in my little 
environment here, but I could really use a more experienced eye on it.
I've been having some strange authentication problems on a new 
install. With some digging, I may have a "clue" about what's going wrong.


Some background: I'm only looking to use samba to share Unix 
directories to the Windows community. I'm not looking to build a full 
up login server. This is usually a VERY basic, and simple thing to 
to. You simply have to be sure that the windows users also have a 
matching account on the *nix side (doesn't need to be an smbpasswd 
account, just a very generic *nix account). I've done this several 
times, so when it blew up on me this time, it has caused me some 
sleepless nights trying to figure out.


Here goes:

In the last install I did ( at another company ), I did a very simple 
install, and it worked for what it was needed to do (simply provide 
the windows users with access to Unix directories, via shares). I 
didn't need a login controller, and I don't now.


In that case, there was an LDAP server that validated Unix logins, 
but I pretty much just ignored it, and all was well. The *nix OS 
handled the authentication just fine (a very basic setup. For this 
kind of setup, the user only has to exist. The OS could check that 
very easily).


So, I was trying to do the same here. When nothing would work right 
without making samba specific users (via smbpasswd), I started 
digging into the LDAP server. This environment is tortured. Here's 
what I found.


On the Windows ADS, user IDs are pure numeric.
So, for example, my Windows login is:  123456

Unix doesn't like that.So the unix logins are:  u123456

Handling the translation for samba is just a usermap entry   u123456 = 123456

Should be simple enough. But I'm getting No Such User errors. So I 
dug into the LDAP server.

The user identification is strange. the dn: here looks like:

dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata
uid: 1040
username: u123456


with u123456 being my *nix login.

To me, this looks very wrong (not to mention that there's no dc=).
My last LDAP server it looked like:

dn: uid=tibbetts,ou=People,dc=ldap-test,dc=com
uidNumber: 123456
uid: tibbetts


with "tibbetts" being my login.

If I'm seeing this right, shouldn't the login be the "uid" not 
"username"? Is that what Samba is looking for?
With the login being set to username, and uid being (what should be) 
the uidNumber, I believe that it's confusing Samba, and that's why 
I'm getting the user not found errors.

Is a way to work around this? Or am I just SOL?

Or am I all wet, and looking in the wrong place?
I'd really appreciate a fresh set of eyes on this.

Thanks in advance for any advice on this one!!!

-Ric


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SMB/LDAP: Confused...

[Sensei]

Hi.

I have an existing departmental network based on AFS, Kerberos 5 and  
LDAP. All unixes work nicely, logging in remotely. So, Samba acting  
as a PDC with OpenLDAP. Now I'd like to interoperate with all windows  
workstations. I chose the LDAP way, since it's the most flexible and  
secure way... or at least, it seems to me more flexible than using a  
single /etc/passwd file on a distributed environment.


LDAP contains a rootdc=dept   and we already have  
groups and persons just working, and experimental hosts:


# group example
dn: cn=deptafs,ou=info,dc=dept
objectClass: top
objectClass: posixGroup
cn: diaafs
gidNumber: 1
description: general afs group

# user example
dn: uid=doe,ou=info,dc=dept
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
cn: John
uid: Doe
uidNumber: 1
gidNumber: 1
description: info will be here
title: Mr.
sn: Doe
o: MyUniversity
ou: Dept
st: State
l: City
mail: [EMAIL PROTECTED]
gecos: ,,,
givenName: John
displayName: John Doe
homeDirectory: /afs/my.dept.org/users/d/doe
loginShell: /bin/bash

# host example
dn: cn=host.dept.org,ou=host,dc=dept
objectClass: locality
objectClass: ipHost
objectClass: ieee802Device
objectClass: bootableDevice
ipHostNumber: 123.123.123.11
cn: host.dept.org
macAddress: 00:00:00:00:00:00


My ldap admin is cn=sysadmin and there's just a rootdn entry in  
slapd.conf, the password is provided by kerberos via GSSAPI/SASL.



I've got many questions, but one important thing is not to mess with  
ldap database so much... I don't like to rewrite the db from scratch.  
Now my concerns :)


The smbldap-tools are of no use probably for us, since all the docs  
I've read start with smbldap-populate... but I have a db just  
working. So, I need to add the minimum required entries into ldap and  
modify the existing names in order to make all users use the remote  
profiling.


My UIDs are LDAP-only. I generate them from AFS, and so they are  
unmodifiable. Of course, this shouldn't be an issue... I hope.


As long as I've understood, I must add a dn for the domain. I have no  
idea how to generate a SID, and I have no idea how RidBase works with  
samba if we do not use smbldap-tools. This is my example:


# TESTING, dia
dn: sambaDomainName=TESTING,dc=dept
sambaDomainName: TESTING
sambaSID: S-1-1-21-3138413446-3899332943-2322914696
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain


All users must be modified using samba schema. Again. What I can do  
with SIDs (user and groups)? I mean, can I use *any* sid I want from  
the UID I have or I must make some kind of trick? What about LM  
password and NT password? I will use, if I understand, the  
userPassword field, not the other two. The profile can be put  
wherever I want, if I understand... so I'd like to store them under / 
afs/../username/windows, so username-dependent... this is difficult  
to understand for me: how to specity a UNC path for user profiling,  
given this unix pattern /afs/my.dept.org/users/d/doe, and putting  
profiles under windows/ on each home directory. That's my guess,  
wrong for sure:


dn: uid=doe,ou=info,dc=dept
uidNumber: 1
gidNumber: 1
homeDirectory: /afs/my.dept.org/users/d/doe
loginShell: /bin/bash
gecos: ,,,
description: info will be here
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: John Doe
sambaSID: S-1-5-21-4231626423-2410014848-2360679739-3000
sambaPrimaryGroupSID: S-1-5-21-4231626423-2410014848-2360679739-513
sambaLogonScript: common.bat
sambaProfilePath: \\TESTINGPDC\users\d\doe\windows
sambaHomePath: \\TESTINGPDC\users\d\doe
sambaHomeDrive: Z:
sambaLMPassword: 7584248B8D2C9F9EAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 186CB09181E2C2ECAAC768C47C729904
sambaPwdLastSet: 1081281346
sambaPwdMustChange: 1085169346
userPassword: {SSHA}jg1v0WaeBkymhWasjeiprxzHxdmTAHd+



[global]
workgroup=TESTING
netbios name=TESTINGPDC
enable privileges=yes
server string=Samba-LDAP
ldap passwd sync=yes
passdb backend=ldapsam:ldap://ldap.dept.org/
ldap admin dn=cn=sysadmin,dc=dept
ldap suffix=dc=dept
ldap group suffix=ou=info,dc=dept
ldap user suffix=ou=info,dc=dept
ldap machine suffix=ou=host,dc=dept
ldap ssl=no
logon script=scripts\logon.bat
domain logons=yes
os level=64
preferred master=yes
domain master=yes

#[profiles]
#path=/var/local/samba/profiles
#read only=no
#create mask=0600
#directory mask=0700
#browseable=no
#guest ok=yes
#profile acls=yes
#csc policy=disable
#force user=%U

[netlogon]
path=/var/local/samba/netlogon
browseable=no
read only=yes


--
Sensei <[EMAIL PROTECTED]>

The difference between stupidity and genius is that genius has its  
limits. (A. Einstein)




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Print$ share for athlon 64bit systems or xeon 64bit

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
| Does any one know if there is to be a seperate
| folder created under the  print$ share for any of the 64
| bit systems?  Thanks in advance.

yes.  You need an "x64" directory.  But you probably
also are interested in https://bugzilla.samba.org/bug/3057






cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDOWnBIR7qMdg1EfYRAqrVAJ992eD9I07XKUVgRm0BVgDSlVWWiwCfV0Wv
vZJnjhWaMBpoXdcXIGws2ck=
=CcLn
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Print$ share for athlon 64bit systems or xeon 64bit

[David . Grudek]

Does any one know if there is to be a seperate folder created under the 
print$ share for any of the 64 bit systems?  Thanks in advance.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Need help with IDMAP storage in LDAP using Winbind

[Kristof Bruyninckx]

Hi, I removed the entry for "cn=manager,dc=thales,dc=be" and checked
with ldapmodigy if I could change the existing NIS users, which seems to
still work.

Now I added a user called Admin , output from slapcat :

dn: ou=People,dc=thales,dc=be
ou: People
description: All Nis people
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 15579caa-c053-1029-82d3-9e2135f77083
creatorsName: cn=Manager,dc=thales,dc=be
createTimestamp: 20050923075459Z
entryCSN: 20050923075459Z#01#00#00
modifiersName: cn=Manager,dc=thales,dc=be
modifyTimestamp: 20050923075459Z

dn: uid=root,ou=Idmap,dc=thales,dc=be
structuralObjectClass: account
entryUUID: 1d5990e8-c053-1029-82d4-9e2135f77083
creatorsName: cn=Manager,dc=thales,dc=be
createTimestamp: 20050923075512Z
uid: root
cn: Admin
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: secret
shadowLastChange: 13041
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root
entryCSN: 20050927142003Z#01#00#00
modifiersName: cn=Manager,dc=thales,dc=be
modifyTimestamp: 20050927142003Z

And then added the access permissions inside slapd.conf.

access to attr=userPassword
by self write
by anonymous auth
by dn.base="cn=Admin,dc=thales,dc=be" write
by * none
access to *
by self write
by dn.base="cn=Admin,dc=thales,dc=be" write
by * read

and also changed the ldap admin in samba to :

ldap admin dn = cn=Admin,dc=thales,dc=be


Now when I restart the winbind daemons he is still complaining about the
dn entry: 
 
[2005/09/27 17:05:43, 1] lib/smbldap.c:another_ldap_try(951)
  Connection to LDAP server failed for the 15 try!
[2005/09/27 17:05:44, 2] lib/smbldap.c:smbldap_open_connection(630)
  smbldap_open_connection: connection opened
[2005/09/27 17:05:44, 2] lib/smbldap.c:smbldap_connect_system(790)
  failed to bind to server ldap://127.0.0.1 with
dn="cn=Admin,dc=thales,dc=be" Error: Invalid credentials

The ldif I used to add the Admin acount is identical ass that of the
Manager :

root.ldif 

dn: uid=root,ou=Idmap,dc=thales,dc=be
uid: root
cn: Admin
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$lB0twC9d$i542IIFLEH11VLUzdEUr91
shadowLastChange: 13041
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

Any ideas off what I'm doing wrong?

Thanks,

On Tue, 2005-09-27 at 15:02 +0200, paul kölle wrote: 

> Kristof Bruyninckx wrote:
> > # Use the OpenLDAP password change
> > # extended operation to update the password.
> > pam_password md5
> If you want it to do what the comment suggest this should read:
> pam_password exop
> 
> 
> > dn: cn=Manager,dc=thales,dc=be
> > objectClass: organizationalRole
> > cn: Manager
> > description: Directory Manager
> I think that may be your problem. The DN is the same as your rootdn in
> slapd.conf but does not have a userPassword attribute. It might "shadow"
> your rootdn making binds with that DN fail (see below). You don't have
> to add the "rootdn" from slapd.conf to your directory but it is
> generally discouraged to use it in daily operations as ACLs do not apply
> to "rootdn".
> 
> 
> > Sep 27 13:31:47 linux14 slapd: => access_allowed: auth access to
> > "cn=Manager,dc=thales,dc=be" "userPassword" requested
> > Sep 27 13:31:47 linux14 slapd: => access_allowed: backend default auth
> > access granted to "(anonymous)"
> > Sep 27 13:31:47 linux14 slapd: send_ldap_result: err=49 matched=""
> err=49 means "invalid credentials" most likely due to the missing
> "userPassword" attribute of cn=manager,dc=thales,dc=be.
> 
> 
> Try removing cn=Manager,dc=thales,dc=be from your ldif and see if you
> can bind with rootdn and rootpw from your slapd.conf. If that works
> create another entry in your DIT with a userPassword attribute, give it
> appropriate permissions in slapd.conf and use that for your "ldap admin
> dn" in smb.conf
> 
> hth
>  Paul


-- 
Kristof.Bruyninckx

We are Microsoft.  What you are experiencing is not a problem; it is an
undocumented feature.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3 as PDC with Debian Linux server and Windows XP clients

[Gary Dale]

I'm running Samba 3 on Debian/Sarge. The roaming profiles seems to come
by default if you follow the example/directions in the Official Samba 3
Howto & Reference Guide. There's also the newer Samba 3 by example. Both
are available at samba.org.

Make sure you have a samba folder with netlogon and profiles subfolders.
I keep mine in /home.

When you say "upgrading", do you have an existing Domain and controller
or are you starting up a domain?

If you are starting a new domain, make it easy on yourself and use SWAT.
You need to uncomment the swat line in /etc/inetd.conf and restart it.

If you are converting from a Windows domain controller, there is a
"vampire" mode that sucks the existing date from your domain controller.
Then you need to remove your old domain controller and promote your new
one. However, I've had problems after doing this. You may prefer just to
set up a new domain if you only have a limited number of clients.


Andrew Bevan wrote:


Dear list

I am relatively new to networking problems of this kind so apologies 
for the potentially simple question. I am trying to upgrade an 
existing network to one using Samba 3 to configure roaming XP profiles 
on a limited number of clients. I have re-written the smb.conf file to 
reflect what I think are the appropriate settings, and this passed 
testparm successfully, but I am unclear what to do next, despite the 
help offered in the usual howtos.


Additionally when i try to run smbclient -L  [hostname]

read_socket_with_timeout: timeout read. read error = Connection reset 
by peer.tree connect failed: Read error: Connection reset by peer



Can anyone let me know what I should be doing next? Part of my 
confusion is whether I need to move or otherwise re-set existing 
user-logins (for Unix, currently matched but not synchronised in the 
samba database) and passwords for them to act as individual profiles 
for XP.


Many thanks for any help
Andy


Dr Andrew Bevan
Lecturer
Institute of Archaeology
University College London
31-34 Gordon Square
London WC1H 0PY

tel: +44 (0)20 7679 7523 (internal 27523)
fax: +44 (0)20 7383 2572
email: [EMAIL PROTECTED]
info: www.ucl.ac.uk/archaeology/staff/profiles/bevan




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Slow shutdowns and tmp files?[VASCL:A1037FCE7F5]

[Richmond Dyes]

I am having problems with long shutdown periods. The machines are 
building  large tmp files, like prf2E6.tmp.  These files are over 1 
gig.  I am running Windows 2000 and Windows XP clients to a Redhat ES 
4.0 with Samba 3.0.14. I have a domain setup. In each of these machines 
there are large amounts of files in My Documents.  When I end up with 
these tmp files, the clients build temp profiles.  How can this be avoided.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Need help with IDMAP storage in LDAP using Winbind

[paul kölle]

Kristof Bruyninckx wrote:
> # Use the OpenLDAP password change
> # extended operation to update the password.
> pam_password md5
If you want it to do what the comment suggest this should read:
pam_password exop


> dn: cn=Manager,dc=thales,dc=be
> objectClass: organizationalRole
> cn: Manager
> description: Directory Manager
I think that may be your problem. The DN is the same as your rootdn in
slapd.conf but does not have a userPassword attribute. It might "shadow"
your rootdn making binds with that DN fail (see below). You don't have
to add the "rootdn" from slapd.conf to your directory but it is
generally discouraged to use it in daily operations as ACLs do not apply
to "rootdn".


> Sep 27 13:31:47 linux14 slapd: => access_allowed: auth access to
> "cn=Manager,dc=thales,dc=be" "userPassword" requested
> Sep 27 13:31:47 linux14 slapd: => access_allowed: backend default auth
> access granted to "(anonymous)"
> Sep 27 13:31:47 linux14 slapd: send_ldap_result: err=49 matched=""
err=49 means "invalid credentials" most likely due to the missing
"userPassword" attribute of cn=manager,dc=thales,dc=be.


Try removing cn=Manager,dc=thales,dc=be from your ldif and see if you
can bind with rootdn and rootpw from your slapd.conf. If that works
create another entry in your DIT with a userPassword attribute, give it
appropriate permissions in slapd.conf and use that for your "ldap admin
dn" in smb.conf

hth
 Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] net join between Solaris member and Linux Samba PDC

[Ralf K. Wiegand]

net rpc join member -S FRANKFURT -U rwiegand
Password:

Create of workstation account failed
Unable to join domain DOMAIN.


This is the message I'm getting when I try joining a Solaris 9/samba 
3.0.10 member server


./testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Can't find include file /var/samba/log.
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

# Global parameters
[global]
   workgroup = DOMAIN
   server string = Proxy Samba Server
   interfaces = 172.18.1.1/16
   security = DOMAIN
   password server = FRANKFURT
   log level = 3 passdb:5 auth:10 winbind:2
   log file = /usr/sfw/lib/smb.conf.%m
   max log size = 50
   dns proxy = No
   idmap uid = 1-2
   idmap gid = 1-2
   winbind use default domain = Yes
   include = /var/samba/log.

[homes]
   comment = Home Directories
   read only = No
   browseable = No

[printers]
   comment = All Printers
   path = /usr/spool/samba
   printable = Yes
   browseable = No



and a Linux FC3 samba PDC server:
[global]
   smb passwd file = /etc/samba/smbpasswd
   passwd program = /usr/bin/passwd %u
   printing = lprng
   dns proxy = no
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   printcap name = /etc/printcap
   preferred master = no
   debug level = 4
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*passwd:*all*authenticat

ion*tokens*updated*successfully*
   domain admin group = @admins
   admin users = @admins
   security = domain
   unix password sync = Yes
   server string = Samba Server
   workgroup = domain
   preferred master = yes
   log file = /var/log/samba/%m.log
   netbios name = Frankfurt
   load printers = yes
   domain logons = yes
   logon script = %G.bat
   domain master = yes

[netlogon]
   browsable = yes
   path = /home/netlogon
   public = yes
#   read only = yes
#   guest ok = yes
#   share modes = no
   writable = yes
# no
   comment = Network Login Service

[homes]
  comment = Home Directories
  browseable = no
  writable = yes
  valid users = %S
  create mode = 0664
  directory mode = 0775


[printers]
  comment = All Printers
  path = /var/spool/samba
  browseable = no
  guest ok = no
  writable = no
  printable = yes



[TML1]
   path = /data1
   writable = yes
   public = yes
   comment = Data share data1


Looks like I'm missing something here?  My goal is to have LAN users 
authenticate via a samba PDC when they pass through a Squid server to 
the internet. I'm trying to keep it simple for now.  So I'm not using 
AD, but I will have to set this up in the near future as well.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Need help with IDMAP storage in LDAP using Winbind

[Kristof Bruyninckx]

Hello @ll,

First a small sketch of my working environment. 
There is one PDC, W2000 server, which contains an Active directory, so
basically all the windows users are maintained there. And the Linux/Unix
accounts are stored on a NIS server.

My goal would be the following 2 things. 

Firstly currently all the Linux/Unix servers are setup with individual
winbind setups to make the windows users known, which work nicely. But
recently the ID's of all the users should be identical on all the
servers.
Therefore I'm trying to implement the IDMAP Storage in LDAP using
Winbind chapter.

And secondly migrating all the NIS users also to the same LDAP but under
a different OU.  

This is my setup thus far :

/etc/samba/smb.conf: I think the way I setup this configuration is so
that winbind points to the PDC to collect al the windows users
information, and uses the LDAP backend to store it. Please correct me if
I'm wrong.

# Global parameters
[global]
log level = 3
   workgroup = THALES-IS
#Is the windows domain name
   realm = THALES-IS.BE
#winbind needs this to point to the PDC
server string = Samba Server
security = ads
password server = 192.168.1.99
username map = /etc/opt/samba/smbusers
log file = /var/log/samba/smbd.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
ldap ssl = no
ldap admin dn = cn=Manager,dc=thales,dc=be#Is the new domain
I'm trying to setup "thales.be", just to avoid confusion with the
existing thales-is.be
ldap idmap suffix = ou=idmap
ldap suffix = dc=thales,dc=be
idmap backend = ldap:ldap://127.0.0.1
encrypt passwords = yes
   idmap uid = 1-2
   idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
   winbind separator = /
winbind cache time = 10
   winbind use default domain = yes

[homes]
comment = Home Directories
path = %H
read only = No
browseable = No

/etc/krb5.conf:  As far as I can figure this is needed to do the
kerberos authentication, this is only pointing to the windows domain,
and not the new "thales.be". But I'm not sure this is significant since
it is only needed by winbind to retrieve information from the PDC.

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = THALES-IS.BE   
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
THALES-IS.BE = {
  kdc = backup1.thales-is.be:88
  kdc = 192.168.1.99
  admin_server = backup1.thales-is.be:749
  kdc = 192.168.1.99
}

thales-is.be = {
  kdc = 192.168.1.99
}

[domain_realm]
.thales-is.be = THALES-IS.BE
thales-is.be = THALES-IS.BE

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
}


/etc/nsswitch.conf:

passwd: files winbind ldap
shadow: files winbind ldap
group:  files winbind ldap

hosts:  files dns


/etc/openldap/slapd.conf :

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral   ldap://root.openldap.org

pidfile /var/run/slapd.pid
argsfile/var/run/slapd.args


databaseldbm
##
suffix  "dc=thales,dc=be"
###
rootdn  "cn=Manager,dc=thales,dc=be"
###
rootpw  secret
###
directory   /var/lib/ldap/thales.be
###


# Indices to maintain for this database
index objectClass   eq,pres
index ou,cn,mail,surname,givenname  eq,pres,sub
index uidNumber,gidNumber,loginShelleq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntryeq,pres,sub

/etc/ldap.conf : Only shown changes, rest is default

# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each 

[Samba] Option deprecated.

[Meli Marco]

Hi,
I have noticed in my log files an error "the winbind enable local accounts"
option is deprecated.
Sometimes winbind crash, it is possible that I have remove this option?
But I have need the option to enable local accounts.
How can I replace this future?
RH9 + samba-3.0.14a-1.
Thanks.
Marco.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RES: RES: [Samba] Re: ACLs with Problem

[Paul Kölle]

Luis Henrique de Faria Guimarães wrote:
> [2005/09/26 17:11:53, 3] 
> smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2581)
>   convert_canon_ace_to_posix_perms: Too many ACE entries for file teste.txt 
> to convert to posix perms.
I wonder why convert_canon_ace_to_posix_perms is called with an
file_ace_list with more than three canon_ace elements. set_nt_acl should
never call convert_canon_ace_to_posix_perms that way. I guess it fails
because you have an ACL_USER_OBJ which makes the file_ace_list longer
than three entries but for some reason set_nt_acl thinks it cannot use
set_canon_ace_list.

I just start to read the code so maybe someone who really knows what's
going on could clear this up a bit.

hth
 Paul

BTW: check your samba binary for ACL support, could be that ./configure
failed to pick up some libs or headers and the whole feature is not
present. Use "strings $(which smbd) | grep HAVE_POSIX_ACLS". If you
don't get anything back your binary lacks ACL support.

PS: Try not to start a new thread with each response and please keep
your replies on the list.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP (How to Expires an Account on Specified date)

[Michael Gasch]

you must change sambakickofftime, e.g. by smbldap-usermod ... from idealx

greez

Arun Sharma wrote:

Hi Everybody,

Structure of my server environment :
Using Samba 3.0.20, Openldap V3

My requiremnt :
1) How to expire an user Account on a specified date.?


Thanks all






--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3 as PDC with Debian Linux server and Windows XP clients

[Andrew Bevan]

Dear list

I am relatively new to networking problems of this kind so apologies 
for the potentially simple question. I am trying to upgrade an existing 
network to one using Samba 3 to configure roaming XP profiles on a 
limited number of clients. I have re-written the smb.conf file to 
reflect what I think are the appropriate settings, and this passed 
testparm successfully, but I am unclear what to do next, despite the 
help offered in the usual howtos.


Additionally when i try to run smbclient -L  [hostname]

read_socket_with_timeout: timeout read. read error = Connection reset 
by peer.tree connect failed: Read error: Connection reset by peer


Can anyone let me know what I should be doing next? Part of my 
confusion is whether I need to move or otherwise re-set existing 
user-logins (for Unix, currently matched but not synchronised in the 
samba database) and passwords for them to act as individual profiles 
for XP.


Many thanks for any help
Andy


Dr Andrew Bevan
Lecturer
Institute of Archaeology
University College London
31-34 Gordon Square
London WC1H 0PY

tel: +44 (0)20 7679 7523 (internal 27523)
fax: +44 (0)20 7383 2572
email: [EMAIL PROTECTED]
info: www.ucl.ac.uk/archaeology/staff/profiles/bevan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] share disconnect timeout

[Carsten John]

Hello everybody,

is there a possibility in samba (3.0.14a) to prevent the server from
closing the connection to a client after a thirten time?

I played with the deadtime option without succes.

Background is an application,claiming the server to have disconnected
the share. The app. reconnects without problems but logs an annoying
warnig message.

Any suggestions?

Thanks in advance


Carsten John
-- 
Max Planck Institut fuer marine Mikrobiologie
- Network Administration -
Celsiustr. 1
D-28359 Bremen
Tel.: +49 421 2028568
Fax.: +49 421 2028565

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] file to large

[Stephan Böni]

Hi

I cannont copying files larger than 2 GB over samba share (monted with 
smbmount). Do you have a solution?

Stephan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File access rights on a NFS share: please help !

[Sabrina Lautier]

Jeremy, Tom,

First of all thanks a lot for your help.

Jeremy> Any way you can move to an NFS server that supports more groups ?
Actually, I set up 3 NFS servers for the tests: a Solaris 8, a Linux SuSe
E9 and an EMC NAS NS600 one but each time I came to the same conclusion...

Tom> Something I'd look at though is the actual gid of the iis directory by
simply using
Tom> ls -n and verify for sure that the gid of the iis directory is
16777328.
Tom> Possibly you have two gids both named NCEDOM\dev-iis and it isn't gid
16777328
Tom> that the iis directory belongs to.
I tested that also but I confirm that there is only one gid 16777328...

Any more idea ?

Rgds,
Sabrina


   
   
   
To 
  Sabrina Lautier  
  <[EMAIL PROTECTED]>   
cc 
  samba@lists.samba.org,   
  [EMAIL PROTECTED]  
Jeremy Allison 
<[EMAIL PROTECTED]>
   Subject 
  Re: [Samba] File access rights on a  
  NFS share: please help ! 
Please respond to Jeremy   
 Allison <[EMAIL PROTECTED]>   
19/09/2005 18:07   
   
   
   




On Mon, Sep 19, 2005 at 05:03:34PM +0200, Sabrina Lautier wrote:
>
> Hello,
>
> As I didn't get any answer, I'm posting my question again.
> Sorry to insist but I'm very embarrassed...
>
> I'm having troubles with access rights on files located on a NFS server
> (Solaris 8).
> The client  machine is a Linux SuSe E9.0 and the samba suite version is
> samba-3.0.20, directly installed from a Linux package.

Solaris 8 has a limit of 16 groups I believe. If your user
is in more than 16 groups the groups over 16 will be silently
truncated for NFS access.

Any way you can move to an NFS server that supports more
groups ?

Jeremy.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] vfs module problem with new samba version

[xavier]

Sorry,

I was using old testparm version (3.0.4), so wrong warnings...
And I needed to recompile the clamav module (3.0.6b with 2.0.20 of SAMBA)

Works great now!
thanks

Xavier
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] deny writing to share root

[Luca Ferrari]

Hi,
is it possible to deny writing to the share root, allowing writing to 
the subfolders of such root? In other words, I don't want the root to be 
changed (adding/removing) folders and files, while I want to allow users 
to change the content of the subfolders of the root. How to reach this?


Thanks,
Luca
--
Luca Ferrari
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba