Re: [Samba] Canot view any file
did you check the directory flags (execution rights must be set, rw is not enought) maybe you can give more information? Jean-Phils Louis schrieb: Hi there, I am testing Samba on FC4 with LVM. I use share and allow guest. All samba clients include Windows machine and smbclient on Linux box can list shared folders but not the files in them. I tried google but no answer. Can you help me? Thanks, Jean -- -- greetings, kurt, austria. (http://www.kwnet.at) === this is a posting from a samba *user* - not a samba developer. the posting is created on the base of experiences an may be faulty. so, if contains any mistakes, please feel free to correct it === -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getting userlist and logon sometimes slow
Hello, I run Samba 3.0.20a with Windows XP Professional SP2 client. Sometimes, the logon is a bit slot, i.e. it takes some seconds until the Loading profile... dialog box comes up. The same effect happens when I start a program with the Run as command in the context menu. I enter my domain user and select run, and it takes about 5 seconds until the program is invoked. I guess it has something to do with getting/verifying user data. I run the pdb_mysql backend. Might it be related to that, or is that behaviour quite normal? If that helps: I have not cached my profiles, nor have I cached credentials (both prohibited via policy) Thanks Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] prevent normal users from getting userlist
Hello, I run Samba 3.0.20a with Windows XP Professional SP2 client. I found out that when a normal (i.e. not domain administrator) user runs the old Windows NT 4 user client, it can retrieve the whole list of usernames and fullnames. Can that be prohibited in any way? Thanks Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] hide files but do not prevent accessing them
Hello, is there an option to hide files for the Windows clients, but do not prevent accessing or writing to them? I want to hide some folders for my users. With the appropriate Samba option, I can hide the files, but if Windows is configured to show hidden files, they are shown nontheless. Is there an option to force Samba not to show the files to Windows at all, but still letting read and write to them? Thanks Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20a on AIX 5.2
On Fri, 30 Sep 2005, Ric Tibbetts wrote: While I was between other things, I thought I'd try to build this. The build failed with: What options are you compiling with on AIX? I can't recreate this. also what is the output of oslevel -r and lslpp -l bos.adt.include ? I think that fileset is very downlevel. Cheers, Bill Compiling dynconfig.c In file included from include/includes.h:507, from dynconfig.c:21: /usr/include/aio.h:76: field `aio_sigevent' has incomplete type /usr/include/aio.h:127: field `aio_sigevent' has incomplete type In file included from dynconfig.c:21: include/includes.h:811: redefinition of `struct timespec' make: 1254-004 The error code from the last command is 1. Same problem as 3.0.20 -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ntlm_auth with freeradius doesn't work when windows is automatically using the current username+password
Hi all,
I've configured FreeRADIUS for PEAP and I'm forwarding the NTLM authentication
to our Windows Active Directory.
I'm using the following script to proxy the MSCHAPv2 NTLM credentials:
/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 /tmp/log @EOF
Username: ${1/NTDOMAIN01}
Full-Username: ${1}
LANMAN-Challenge: ${2}
NT-Response: ${3}
.
@EOF
(This doesn't work for FreeRADIUS yet, but I'm doing this for the logging data)
When I'm instructing the Windows supplicant to use the current credentials I
get the following error:
NTDOMAIN01\\eeto003 0c21e86b0baca9ea
7d7fe615f7d0d1a942e9c0ffb9a619b1be78ebf508e089d2
Authenticated: No
Authentication-Error: Wrong Password
.
When I tell windows to ask for my credentials and enter the username + password
+ domain it works:
Authenticated: Yes
.
Could someone please tell me what I might be doing wrong?
Is it 'normal' that I can't omit the Username (when the Full-Username is
supplied)?
TIA
Dick
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ntlm_auth and PEAP machine authentication
I am trying to use ntlm_auth for machine authentication requests against a Win2003/AD from my RADIUS server. Normal, user authentication works fine, but not machine authentication. The username passed from RADIUS to ntlm-auth looks like host/pcname123. I'm wondering if the / is killing it? The ntlm_auth man page says that it expects only Samba's unix charset. Does anyone have any ideas about how I can accomplish this? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP SP2 connecting to 3.0.10-1.4E
I have been running our companies XP Pro systems on our Samba domain controller (version: 3.0.10-1.4E) with local administrative rights up to this point. Everything has worked fine. We are getting larger now and I'd like to make the logins locally restricted (I want them to have XP's Users rights and Remote Desktop Users only). When I restrict the accounts to anything below administrative rights on XP SP2 however nothing in the profile gets saved. I have tried this with XP SP1 and everything works as I expect. I have tried: *Turning off the XP SP2 firewall. No difference *Running a sniffer on it. Don't know what I'm looking for but nothing seemed out of the ordinary. *Giving the user administrative rights, logging in and making changes. Then I logged out and logged in as the Administrator and dropped the rights to Users and logged back in. The first time I log in I see the profile the user left when it had administrative rights, but when I logout and log back in it resets the profile again. *Had profile acls on and off. No difference Here is my smb.conf for global and profiles: [global] workgroup = MYCO netbios name = MYCOPDC interfaces = 192.168.0.5 time server = Yes unix extensions = No add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = logon.bat logon path = \\%L\profiles\%u\%m # logon path = logon drive = H: logon home = \\%L\%u\.win_profile\%m domain logons = Yes os level = 70 preferred master = Yes domain master = Yes wins support = Yes hosts allow = 192.168.1.0/255.255.255.0, 192.168.3.0/255.255.255.0, 192.168.254.0/24, 192.168.0.90, 192.168.0.91, 127.0.0.1, 192.168.6.0/24, 192.168.7.0/24, 192.168.8.0/24 [netlogon] path = /etc/samba/ valid users = root, @users admin users = root browseable = No [profiles] path = /home/samba-ntprof read only = No create mask = 0600 directory mask = 0700 browseable = No # profile acls = yes -- Christopher Robinson [EMAIL PROTECTED] VoIPSupply.com -- a division of B2 Technologies, LLC 454 Sonwil Drive Buffalo, NY 14225 (716) 250-3411 (716) 630-1548 fax (800) 398-VOIP VoIPSupply.com is a leading reseller of VoIP hardware, software and services. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP2 connecting to 3.0.10-1.4E
On Sun, 2005-10-02 at 16:24 -0400, Chris Robinson wrote: I have been running our companies XP Pro systems on our Samba domain controller (version: 3.0.10-1.4E) with local administrative rights up to this point. Everything has worked fine. We are getting larger now and I'd like to make the logins locally restricted (I want them to have XP's Users rights and Remote Desktop Users only). When I restrict the accounts to anything below administrative rights on XP SP2 however nothing in the profile gets saved. I have tried this with XP SP1 and everything works as I expect. I have tried: *Turning off the XP SP2 firewall. No difference *Running a sniffer on it. Don't know what I'm looking for but nothing seemed out of the ordinary. *Giving the user administrative rights, logging in and making changes. Then I logged out and logged in as the Administrator and dropped the rights to Users and logged back in. The first time I log in I see the profile the user left when it had administrative rights, but when I logout and log back in it resets the profile again. *Had profile acls on and off. No difference Here is my smb.conf for global and profiles: [global] workgroup = MYCO netbios name = MYCOPDC interfaces = 192.168.0.5 time server = Yes unix extensions = No add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = logon.bat logon path = \\%L\profiles\%u\%m # logon path = logon drive = H: logon home = \\%L\%u\.win_profile\%m domain logons = Yes os level = 70 preferred master = Yes domain master = Yes wins support = Yes hosts allow = 192.168.1.0/255.255.255.0, 192.168.3.0/255.255.255.0, 192.168.254.0/24, 192.168.0.90, 192.168.0.91, 127.0.0.1, 192.168.6.0/24, 192.168.7.0/24, 192.168.8.0/24 [netlogon] path = /etc/samba/ valid users = root, @users admin users = root browseable = No [profiles] path = /home/samba-ntprof read only = No create mask = 0600 directory mask = 0700 browseable = No # profile acls = yes Presuming that when you say that nothing in the profile gets saved when their privileges are reduced, I am presuming that you mean that the profiles aren't saved on the server. think that you need to have profile acls = yes NOT commented out firewall settings have no impact whatsoever on whether profiles are saved. you probably want to add... csc policy = disable to the profile share definition as well. As far as your specific problem, what is the permissions of /home/samba-ntprof on mine... # ls -ld /home/samba/profiles/ drwxrwx--- 6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/ where all users are members of 'dom_users' group and thus can write to the directory Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP2 connecting to 3.0.10-1.4E
The reason acls are commented out is because I tried them and it made no difference. As I understand it csc policy = disable would be for roaming profiles which generally I don't use but leave the ability for special circumstances. Didn't know if the XP firewall settings would make a difference here or not, but I figured the more info the better. My permissions on /home/samba-ntprof are almost identical to yours except I use a different group. Just to reiterate...XP SP1 does work exactly as I want it to. It's only XP SP2 that is causing problems. Craig White wrote: On Sun, 2005-10-02 at 16:24 -0400, Chris Robinson wrote: I have been running our companies XP Pro systems on our Samba domain controller (version: 3.0.10-1.4E) with local administrative rights up to this point. Everything has worked fine. We are getting larger now and I'd like to make the logins locally restricted (I want them to have XP's Users rights and Remote Desktop Users only). When I restrict the accounts to anything below administrative rights on XP SP2 however nothing in the profile gets saved. I have tried this with XP SP1 and everything works as I expect. I have tried: *Turning off the XP SP2 firewall. No difference *Running a sniffer on it. Don't know what I'm looking for but nothing seemed out of the ordinary. *Giving the user administrative rights, logging in and making changes. Then I logged out and logged in as the Administrator and dropped the rights to Users and logged back in. The first time I log in I see the profile the user left when it had administrative rights, but when I logout and log back in it resets the profile again. *Had profile acls on and off. No difference Here is my smb.conf for global and profiles: [global] workgroup = MYCO netbios name = MYCOPDC interfaces = 192.168.0.5 time server = Yes unix extensions = No add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = logon.bat logon path = \\%L\profiles\%u\%m # logon path = logon drive = H: logon home = \\%L\%u\.win_profile\%m domain logons = Yes os level = 70 preferred master = Yes domain master = Yes wins support = Yes hosts allow = 192.168.1.0/255.255.255.0, 192.168.3.0/255.255.255.0, 192.168.254.0/24, 192.168.0.90, 192.168.0.91, 127.0.0.1, 192.168.6.0/24, 192.168.7.0/24, 192.168.8.0/24 [netlogon] path = /etc/samba/ valid users = root, @users admin users = root browseable = No [profiles] path = /home/samba-ntprof read only = No create mask = 0600 directory mask = 0700 browseable = No # profile acls = yes Presuming that when you say that nothing in the profile gets saved when their privileges are reduced, I am presuming that you mean that the profiles aren't saved on the server. think that you need to have profile acls = yes NOT commented out firewall settings have no impact whatsoever on whether profiles are saved. you probably want to add... csc policy = disable to the profile share definition as well. As far as your specific problem, what is the permissions of /home/samba-ntprof on mine... # ls -ld /home/samba/profiles/ drwxrwx--- 6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/ where all users are members of 'dom_users' group and thus can write to the directory Craig -- Christopher Robinson [EMAIL PROTECTED] VoIPSupply.com -- a division of B2 Technologies, LLC 454 Sonwil Drive Buffalo, NY 14225 (716) 250-3411 (716) 630-1548 fax (800) 398-VOIP VoIPSupply.com is a leading reseller of VoIP hardware, software and services. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntlm_auth with freeradius doesn't work when windows is automatically using the current username+password
On Sun, 2005-10-02 at 13:37 +, Dick wrote: Hi all, I've configured FreeRADIUS for PEAP and I'm forwarding the NTLM authentication to our Windows Active Directory. Is it 'normal' that I can't omit the Username (when the Full-Username is supplied)? You should have either 'Domain:' and 'Username:' or 'Full-Username', but not both. That's how it was intended to work, but frankly I'm not surprised if I left bugs in there, and am happy to work on fixing this up. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntlm_auth and PEAP machine authentication
On Sun, 2005-10-02 at 11:25 -0400, Matthew Alexander wrote: I am trying to use ntlm_auth for machine authentication requests against a Win2003/AD from my RADIUS server. Normal, user authentication works fine, but not machine authentication. The username passed from RADIUS to ntlm-auth looks like host/pcname123. I'm wondering if the / is killing it? The ntlm_auth man page says that it expects only Samba's unix charset. Does anyone have any ideas about how I can accomplish this? Thanks. Machine accounts are a problem because historically, they were not permitted to login with NTLMSSP. This appears to have changed, but there must be some flag that windows domain members set, to change this behaviour. I don't know what this is at this stage, so I either need to see this done to a windows DC, by a windows VPN server (with a system policy of 'secure channel: sign'), or try random things till it works... Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Reliability of samba
On Fri, 2005-09-30 at 18:03 -0700, Kevin Dalley wrote: When I mount samba partitions using smbmount on a Linux box I strongly suggest moving to the CIFS VFS for talking to Samba CIFS servers, as the unix extensions are correctly handled for maximum transparency. It is also a far better implementation. How does smbclient handle the type of errors which produce these results? It has a different CIFS client implementation entirely, so has different properties. I have seen a few explanations, but I can't find a really good answer. Perhaps a timeout on the Windows side. Oh, you mean a windows sever... I still suggest the CIFS VFS. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble with ntlm_auth
On Fri, 2005-09-30 at 09:28 -0700, Michael St. Laurent wrote: Hi all, I'm having trouble getting ntlm_auth working with the --require-membership-of= option. I did rebuild the Samba RPM so that it had the --enable-auth=ntlm,basic and --enable-external-acl-helpers=wbinfo_group settings. The command line test for the squid-2.5-basic protocol returns an OK. The one using the squid-2.5-ntlmssp protocol returns what looks like a line that should be going to a log file and then a BH. Any time that I add the --require-membership parameter to the ntlm_auth line in my squid.conf file it fails every time. Below are the config lines I'm using: # Experimental Domain Authentication auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=MERCURY\WebAccess My gut feeling is to look at the \, and see if is being interpreted as an escape. That could make the group name fail to resolve. The safer way (no nasty \ characters, and some safer startup semantics) is to resolve the group to a SID first, and have --require-membership-of=S-1-2 This avoids doing the name-sid call at startup. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net join between Solaris member and Linux Samba PDC
On Tue, 2005-09-27 at 09:01 -0400, Ralf K. Wiegand wrote: net rpc join member -S FRANKFURT -U rwiegand Password: Create of workstation account failed Unable to join domain DOMAIN. Looks like I'm missing something here? My goal is to have LAN users authenticate via a samba PDC when they pass through a Squid server to the internet. I'm trying to keep it simple for now. So I'm not using AD, but I will have to set this up in the near future as well. It looks like you have not added the machine account to the domain on the server side first. (You need to do this because you don't have an add machine script). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo joined the domain but -t is in error
On Fri, 2005-09-30 at 09:35 +0200, arno wrote: Hello, Still having some problem about the joined domain of wbinfo. bash-3.00# net join -w d-ci3 -U d-bi1\\admin Password: Joined domain D-CI3. bash-3.00# wbinfo -t checking the trust secret via RPC calls failed error code was (0x0) Could not check secret it's running on samba 3.0.20 and Solaris 8 any clue ? why here is the config: [global] workgroup = D-CI3 server string = squid proxy %v security = DOMAIN password server = 10.17.12.56 10.17.12.57 log level = 1 wins server = 10.17.12.9, 10.17.17.8 idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = Yes Don't set this unless you really need it. thanks for any help On the more general questions: Is winbindd running? Is there anything in the winbindd logs? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating Samba against Active Directory
On Fri, 2005-09-30 at 16:58 +0100, Daniel Catz wrote: I trying to authenticate samba 3.0.13 against active directory using my SLES 9 linux box. I have istalled OpenLDAP, Samba, Kerberos (Heimdal) and PAM. I can join my domain, and I can see using wbinfo -u the domain users from active directory, but I cannot see them with the getent passwd command. Is 'winbind' set in your nsswtich.conf? This controls what 'getent passwd' sees. I expect the YAST would have set all this up correctly: did you use the suse tools, or handle this manually? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + virtual users +mysql
On Wed, 2005-09-28 at 09:25 -0400, Chip Mefford wrote: Perhaps I'm all alone out here, but I don't think so. I have an environment wherein all my users are virtual and live in a chroot jail, and have no shell access at all. The users are authenticated for email against a mysql database. I should like to give them access to a virtual home directory and file server tree via samba using the same model. Digging through the archives and stw, I've seen some echos of this approach, but nothing firm. I *strongly* suggest upgrading your users to real users in an LDAP directory, with real UIDs and a shell of /bin/false. While it isn't as cute as virtual users, it is a situation shared with a far larger user-base, and therefore is much more likely both to work, and to continue to work. The pdb_mysql module, which would be a cornerstone of this approach, is currently being revived by new maintainers, but I would not start a new network on this basis. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd_create_user: Refusing to create user that already exists
On Fri, 2005-09-30 at 09:55 +1200, Scouser wrote: Thanks Jerry Unfortunately that is no help ;-( If I create the user on the host then they can map the drive no problem without having to authenicate (provided they are logged in to the trusted domain) However if they do not have an account on the box they can't map the drive and the logs show this 'Refusing to create user' message. This is driving me crazy! I am using samba v3.0.4 and the trusted domain is an NT4 domain. That's a very old version of Samba. $ cat nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind hosts: files wins is libnss_winbind correctly in place? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd exceeding 200 client connections
On Fri, 2005-09-23 at 12:04 -0400, Rusty Shackleford wrote: OS: RHE 3, kernal 2.4.21-32.0.1EL Samba version: samba-3.0.20 Removed RHE version of samba and compiled/installed samba-3.0.20. After running about 30-60 minutes, I get the following syslog msg: winbindd: Exceeding 200 client connections, no idle connection found Eventually this grinds the whole system to a halt, and remote console logins become impossible while samba is running. I don't believe this is a case of too many users trying to connect, as only 2 workstations have been using the samba connectivity, so upping the connection limit in local.h doesn't sound like it would really fix the problem (a solution discovered via google). Appreciate any help here - more info (like the smb.conf) availabe if needed. Can you try Samba 3.0.20a? A possible (but not verified) explanation is that connections are not being marked as idle in winbindd, when perhaps they should be. Otherwise, make sure to file this on bugzilla.samba.org. (Winbindd had a major rewrite in 3.0.20, and the a release cleans up a number of issues found in the field). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] prevent normal users from getting userlist
On Sun, 2005-10-02 at 13:09 +0200, Florian Effenberger wrote: Hello, I run Samba 3.0.20a with Windows XP Professional SP2 client. I found out that when a normal (i.e. not domain administrator) user runs the old Windows NT 4 user client, it can retrieve the whole list of usernames and fullnames. Can that be prohibited in any way? Not without breaking functionality. See, any user should be able to run the ACL editor, and assign rights to users and groups. You could modify code to lock this down, but I would be worried about the consequences, as well as what other mean (direct LDAP query, for example) you would also need to lock down. I know this is difficult in strict privacy environments. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP2 connecting to 3.0.10-1.4E
On Sun, 2005-10-02 at 21:38 -0400, Chris Robinson wrote: The reason acls are commented out is because I tried them and it made no difference. As I understand it csc policy = disable would be for roaming profiles which generally I don't use but leave the ability for special circumstances. Didn't know if the XP firewall settings would make a difference here or not, but I figured the more info the better. My permissions on /home/samba-ntprof are almost identical to yours except I use a different group. Just to reiterate...XP SP1 does work exactly as I want it to. It's only XP SP2 that is causing problems. there was an issue with SP1 which sounds almost identical to what you are experiencing...I thought that this was fixed though. yes, the csc policy is for roaming profiles (I thought that this was the intended use). http://lists.samba.org/archive/samba/2002-November/056182.html I may not be a help here though it seems odd that you should be having difficulties with this. Perhaps your group mapping is wrong or the SID isn't correct for the users... you might want to check... net groupmap list (it should be similar - obviously different SID base codes but the -513 for Domain Users is significant) # net groupmap list Domain Computers (S-1-5-21-1423820788-2381578139-3432021425-553) - Domain Computers Domain Admins (S-1-5-21-1423820788-2381578139-3432021425-512) - root Domain Users (S-1-5-21-1423820788-2381578139-3432021425-513) - dom_users Domain Guests (S-1-5-21-1423820788-2381578139-3432021425-514) - Domain Guests Administrators (S-1-5-21-1423820788-2381578139-3432021425-544) - Administrators Guests (S-1-5-21-1423820788-2381578139-3432021425-546) - Guests Power Users (S-1-5-21-1423820788-2381578139-3432021425-547) - Power Users Account Operators (S-1-5-21-1423820788-2381578139-3432021425-548) - Account Operators Server Operators (S-1-5-21-1423820788-2381578139-3432021425-549) - Server Operators Print Operators (S-1-5-21-1423820788-2381578139-3432021425-550) - Print Operators Backup Operators (S-1-5-21-1423820788-2381578139-3432021425-551) - Backup Operators Replicator (S-1-5-21-1423820788-2381578139-3432021425-552) - Replicator Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] chown on smbfs doesn't work ??
Hi, I have a Network Storage Device mounted as smbfs. When I transfer data using rsync, the permission of files transferred changes automatically to 502.501. I couldn't even issue a command chown. The error message said that changing ownership of `thisfile': Operation not permitted Can someone please advise me to get around with this problem? -- Best Regards and Thanks, Ong, Loeng Seng Extranet Service Delivery Team Scouts Australia Victorian Branch Phone : 03 8543 9817 Facsimile : 03 8543 9840 E-mail: [EMAIL PROTECTED] Website : http://www.vicscouts.asn.au/supportteam/#loeng.ong The Extranet Service Delivery Team consists of volunteer IT students and Team Leaders who appreciate the opportunity to learn and are delighted to provide you with seven days a week service. *** This email (including all attachments) contains confidential information, which may be privileged. It is intended solely for the identified recipient(s) to whom it is addressed. If you are not an intended recipient, please notify Scouts Extranet Service Team immediately and delete this message from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. You may not copy or use it for any purpose, or otherwise disclose its contents to any person. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] chown on smbfs doesn't work ??
On Mon, 2005-10-03 at 14:52 +1000, Ong, Loeng Seng wrote: Hi, I have a Network Storage Device mounted as smbfs. When I transfer data using rsync, the permission of files transferred changes automatically to 502.501. I couldn't even issue a command chown. The error message said that changing ownership of `thisfile': Operation not permitted Can someone please advise me to get around with this problem? --- 1. smbfs isn't part of samba 2. smbfs doesn't support unix permissions so changing ownership is irrelevant as the owner/group is the owner/group specified when the remote filesystem was mounted. 3. perhaps smbfs mount isn't what you really want Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r10677 - in branches/SAMBA_4_0/source: include libcli libcli/smb_composite ntvfs/cifs winbind
Author: vlendec Date: 2005-10-02 10:02:35 + (Sun, 02 Oct 2005) New Revision: 10677 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10677 Log: Add smb_composite_connectmulti: Send out multiple SYN packets at once, use the first one that replies correctly. Add a talloc context to smb_composite_connect() Volker Added: branches/SAMBA_4_0/source/libcli/smb_composite/connect_multi.c Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/libcli/config.mk branches/SAMBA_4_0/source/libcli/smb_composite/connect.c branches/SAMBA_4_0/source/libcli/smb_composite/fetchfile.c branches/SAMBA_4_0/source/libcli/smb_composite/fsinfo.c branches/SAMBA_4_0/source/libcli/smb_composite/smb_composite.h branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c Changeset: Sorry, the patch is too large (414 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10677
svn commit: samba r10678 - in branches/SAMBA_4_0/source/lib/tdr: .
Author: jelmer
Date: 2005-10-02 14:29:08 + (Sun, 02 Oct 2005)
New Revision: 10678
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10678
Log:
Add debug helper
Fix push for non-fixed length strings
Modified:
branches/SAMBA_4_0/source/lib/tdr/tdr.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/tdr/tdr.c
===
--- branches/SAMBA_4_0/source/lib/tdr/tdr.c 2005-10-02 10:02:35 UTC (rev
10677)
+++ branches/SAMBA_4_0/source/lib/tdr/tdr.c 2005-10-02 14:29:08 UTC (rev
10678)
@@ -170,6 +170,10 @@
{
ssize_t ret, required;
+ if (length == -1) {
+ length = strlen(*v) + 1; /* Extra element for null character */
+ }
+
required = el_size * length;
TDR_PUSH_NEED_BYTES(tdr, required);
@@ -392,3 +396,21 @@
return NT_STATUS_OK;
}
+
+void tdr_print_debug_helper(struct tdr_print *tdr, const char *format, ...)
_PRINTF_ATTRIBUTE(2,3)
+{
+ va_list ap;
+ char *s = NULL;
+ int i;
+
+ va_start(ap, format);
+ vasprintf(s, format, ap);
+ va_end(ap);
+
+ for (i=0;itdr-level;i++) {
+ DEBUG(0,());
+ }
+
+ DEBUG(0,(%s\n, s));
+ free(s);
+}
svn commit: samba r10679 - in branches/SAMBA_4_0/source/libnet: .
Author: mimir
Date: 2005-10-02 19:59:24 + (Sun, 02 Oct 2005)
New Revision: 10679
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10679
Log:
Monitor messages should be issued from usermod functions.
Also a bit of formatting.
rafal
Modified:
branches/SAMBA_4_0/source/libnet/composite.h
branches/SAMBA_4_0/source/libnet/userman.c
Changeset:
Modified: branches/SAMBA_4_0/source/libnet/composite.h
===
--- branches/SAMBA_4_0/source/libnet/composite.h2005-10-02 14:29:08 UTC
(rev 10678)
+++ branches/SAMBA_4_0/source/libnet/composite.h2005-10-02 19:59:24 UTC
(rev 10679)
@@ -37,6 +37,7 @@
#define rpc_close_user (0x0004)/* userinfo.h */
#define rpc_lookup_name(0x0005)/* userman.h */
#define rpc_delete_user(0x0006)/* userman.h */
+#define rpc_set_user (0x0007)/* userman.h */
struct monitor_msg {
uint32_t type;
Modified: branches/SAMBA_4_0/source/libnet/userman.c
===
--- branches/SAMBA_4_0/source/libnet/userman.c 2005-10-02 14:29:08 UTC (rev
10678)
+++ branches/SAMBA_4_0/source/libnet/userman.c 2005-10-02 19:59:24 UTC (rev
10679)
@@ -30,7 +30,7 @@
#include libnet/userinfo.h
/*
- * Composite user add function
+ * Composite USER ADD functionality
*/
static void useradd_handler(struct rpc_request*);
@@ -45,6 +45,7 @@
struct samr_CreateUser createuser;
struct policy_handle user_handle;
uint32_t user_rid;
+
/* information about the progress */
void (*monitor_fn)(struct monitor_msg *);
};
@@ -201,8 +202,9 @@
}
+
/*
- * Composite user delete function
+ * Composite USER DELETE functionality
*/
static void userdel_handler(struct rpc_request*);
@@ -218,6 +220,7 @@
struct samr_LookupNames lookupname;
struct samr_OpenUser openuser;
struct samr_DeleteUserdeleteuser;
+
/* information about the progress */
void (*monitor_fn)(struct monitor_msg *);
};
@@ -315,7 +318,8 @@
msg.type = rpc_lookup_name;
msg_lookup = talloc(s, struct msg_rpc_lookup_name);
- msg_lookup-rid = s-lookupname.out.rids.ids;
+
+ msg_lookup-rid = s-lookupname.out.rids.ids;
msg_lookup-count = s-lookupname.out.rids.count;
msg.data = (void*)msg_lookup;
msg.data_size = sizeof(*msg_lookup);
@@ -326,7 +330,8 @@
msg.type = rpc_open_user;
msg_open = talloc(s, struct msg_rpc_open_user);
- msg_open-rid = s-openuser.in.rid;
+
+ msg_open-rid = s-openuser.in.rid;
msg_open-access_mask = s-openuser.in.rid;
msg.data = (void*)msg_open;
msg.data_size = sizeof(*msg_open);
@@ -375,9 +380,9 @@
s = talloc_zero(c, struct userdel_state);
if (s == NULL) goto failure;
- c-state = COMPOSITE_STATE_IN_PROGRESS;
- c-private_data= s;
- c-event_ctx = dcerpc_event_context(p);
+ c-state = COMPOSITE_STATE_IN_PROGRESS;
+ c-private_data = s;
+ c-event_ctx = dcerpc_event_context(p);
s-pipe = p;
s-domain_handle = io-in.domain_handle;
@@ -405,7 +410,7 @@
/**
-1 * Waits for and receives results of asynchronous userdel call
+ * Waits for and receives results of asynchronous userdel call
*
* @param c composite context returned by asynchronous userdel call
* @param mem_ctx memory context of the call
@@ -449,6 +454,10 @@
}
+/*
+ * USER MODIFY functionality
+ */
+
static void usermod_handler(struct rpc_request*);
enum usermod_stage { USERMOD_LOOKUP, USERMOD_OPEN, USERMOD_QUERY,
USERMOD_MODIFY };
@@ -465,6 +474,9 @@
struct samr_OpenUser openuser;
struct samr_SetUserInfosetuser;
struct samr_QueryUserInfo queryuser;
+
+ /* information about the progress */
+ void (*monitor_fn)(struct monitor_msg *);
};
@@ -691,22 +703,49 @@
{
struct composite_context *c = req-async.private;
struct usermod_state *s = talloc_get_type(c-private_data, struct
usermod_state);
+ struct monitor_msg msg;
+ struct msg_rpc_lookup_name *msg_lookup;
+ struct msg_rpc_open_user *msg_open;
switch (s-stage) {
case USERMOD_LOOKUP:
c-status = usermod_lookup(c, s);
+
+ msg.type = rpc_lookup_name;
+ msg_lookup = talloc(s, struct msg_rpc_lookup_name);
+
+ msg_lookup-rid = s-lookupname.out.rids.ids;
+ msg_lookup-count = s-lookupname.out.rids.count;
+ msg.data = (void*)msg_lookup;
+ msg.data_size = sizeof(*msg_lookup);
break;
case USERMOD_OPEN:
svn commit: samba r10680 - in branches/SAMBA_4_0/source/include: .
Author: mimir Date: 2005-10-02 23:01:25 + (Sun, 02 Oct 2005) New Revision: 10680 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10680 Log: Fix a warning. rafal Modified: branches/SAMBA_4_0/source/include/structs.h Changeset: Modified: branches/SAMBA_4_0/source/include/structs.h === --- branches/SAMBA_4_0/source/include/structs.h 2005-10-02 19:59:24 UTC (rev 10679) +++ branches/SAMBA_4_0/source/include/structs.h 2005-10-02 23:01:25 UTC (rev 10680) @@ -239,6 +239,7 @@ struct nbt_name_register_bcast; struct nbt_name_refresh_wins; struct nbt_name_register_wins; +struct nbt_name_request; struct nbt_dgram_packet; struct nbt_dgram_socket;
Build status as of Mon Oct 3 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-10-02 00:00:10.0 + +++ /home/build/master/cache/broken_results.txt 2005-10-03 00:00:13.0 + @@ -1,17 +1,17 @@ -Build status as of Sun Oct 2 00:00:02 2005 +Build status as of Mon Oct 3 00:00:02 2005 Build counts: Tree Total Broken Panic ccache 38 5 0 distcc 38 4 0 -lorikeet-heimdal 37 17 0 -ppp 22 0 0 +lorikeet-heimdal 37 19 0 +ppp 21 0 0 rsync40 3 0 samba2 0 0 samba-docs 0 0 0 -samba4 40 19 5 -samba_3_039 8 0 +samba4 40 18 4 +samba_3_040 9 0 smb-build32 5 0 -talloc 38 14 0 -tdb 38 4 0 +talloc 36 12 0 +tdb 36 4 0
