[Samba] smbclient
When trying to use the smbclient with kerberos the smbclient asks for cifs/[EMAIL PROTECTED] when it should be asking for cifs/[EMAIL PROTECTED] Is there a way I can fix that? Thanks Mark -- Mark Campbell Systems Analyst, Advanced Information Technologies Information Technology Services The Pennsylvania State University [EMAIL PROTECTED], 814-865-4774 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] kerberized smb mounts
Is there kerberos support for mounting smb shares in the samba client code? I know you can use smbclient -k but is there a way to actually mount the file system using kerberos? Thanks Mark -- Mark Campbell Systems Analyst, Advanced Information Technologies Information Technology Services The Pennsylvania State University [EMAIL PROTECTED], 814-865-4774 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] When re-joining domain.
Dear All: Samba will assign uid according to the range of idmap uid destined in smb.conf when join domain. The question is: Does samba force to reassign the uid each time joining domain? For example: idmap uid =1-5 Join first time, the domain users uid will start from 1 according to alphabetical order. Join the same domain second time, the domain users uid will still start from 1 according to alphabetical order. What if after joining domain, some user deleted and thus the alphabetical order is not the same as first join? The users after the deleted user will shift up by 1 when joining the second time. Is there anyway to work around the problem? Thanks for your reply. Latrell. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users can't pause or cancel print jobs
> When my windows user try to pause print jobs it does not work and > gives them an error "Error Processing Command" in Windows. If they > try to cancel a print job it doesn't give any error. It just > disappears from the print queue and print anyway. I think this means the users don't have the necessary permissions in Samba. Have a look at the Samba manual in the section about permissions to see how to allow users to pause/cancel print jobs. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] allowing users to install printers
> What is the easiest way to allow normal users to install printers This isn't really a Samba issue, but a quick Google brought this up: http://www.tech-geeks.org/geeklog/article.php?story=20040123025824412 Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connecting from XP to samba shares
> However, from XP (Pro), I get the window with greyed out username, > which doesn't really matter, but the password doesn't work, the window > just keeps coming again and again and I get no access to the files. If you run smbd with debug info turned on, what username/password is the XP box connecting as? That might narrow things down a bit. > I have tried lots of different configuration options. If I set "guest > ok = yes", I can connect from XP, but with no password, and that's not > what I want, but this shows the network connections are ok, I guess. Is there a reason why you can't use security=user? You could still use 'force user' to make all file accesses appear as though they come from 'someuser', and you could make a local account called anything you want and list that as the only valid user for the share. Then you'd have to put in a username as well as a password when you connected, but provided they matched the valid user you'd be allowed in. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about Logon hours....auto logoff feature?
> Can enforcing logon hours (which works great for me here to *prevent* > logging in past your hours) also force a logoff? Not in itself, no. > Can this at least be scripted somehow? You should be able to shut down PCs remotely by using the 'net rpc shutdown' command (see man net and search for 'shutdown' for more info.) You'd need a script to check which users were on which PC and if they're outside their allowed hours though. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba]3.0.20b Keep windows local sid when xcopy files to samba server
> Hi all, > > I came into a problem with the following situation. > One Windows 2k3 server which joined into a AD, and when I > tried to copy some files the owner ship of which contails > both domain user/group sid and local user/group sid > information, to samba server, only domain sid > information could be kept, and the windows local > user/group sid info was dropped. I verifyed this by using > "xcopy /O /K". When I traced the samba log, it complained > unknown sid, which was the local sid. And since I > configured samba to lookup user and group by the order > of passwd and winbind, AD could not retrieve the non-domain > sid info which is only available in the member client.This > seems to be reasonable. > > However, I still wish there is some hacks that could help > to keep the local sid info when files are copied to samba > server. Any clue is welcome. We have a 'force unknown acl user' option. But it is currently impossible to keep an arbitrary SID that has not been mapped to an uid/gid. Thanks for your reply. Yes, 'force unknow acl user' option helps to bypass the unknown acl info when we need to copy acl with files. But it just simply dropped the unknown acl user/group. So is there any workround available? Something like add unknow sid to samba db by using pdbedit or switch backend to openldap? Best Regards Nelson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: CIFS + NFS'ing a single filesystem w/ locking
On Fri, Jan 06, 2006 at 06:24:22PM -0800, Adam D. Morley wrote: > Hi, > > I have a Solaris 10 server exporting UFS directories using built-in NFS. > I've built Samba 3.0.20b from OpenPKG (www.openpkg.org). I have a > Solaris 10 (x86) client mounting the NFS share and opening OpenDocument > files using StarOffice 8 (SO8, aka OO2.0). I also have a Windows 2003 > Terminal Server mounting the Samba share and opening documents with SO8. > This is a temporary development environment, so I can screw around with > it. I have a similar, production environment using RHEL3 (clients) and > Solaris 9 (server), with no Samba. Ie: I would like to export NFS > shares as CIFS shares using Samba. But: I want file locking. [snip] I did some further testing. If a file is opened with StarOffice 8 on the console of a Linux machine (from an ext3 filesystem), thereby write-locking the file, Samba cannot read the file anymore, even though other clients logged into the machine can, albeit seeing the write lock properally. Here is smb.conf: [global] workgroup = test security = share [shared2] path = /shared2 read only = No guest ok = yes kernel oplocks = Yes locking = Yes oplocks = Yes level2 oplocks = No In what context does locking actually work with Samba? Is it only for clients reading through the CIFS filesystem, or is there some magic trick to make Samba see write locks from the UNIX side on the Windows side? I thought I read that one could export a directory with Samba and have it honor UNIX-side locks? What am I doing wrong? Thanks! -- adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] double segfault in smbd 3.0.21a
After regenerating my keytab (net ads keytab flush && net ads keytab create) the two crash are gone. Emmanuel Le Mardi 10 Janvier 2006 01:06, Blindauer Emmanuel a écrit : > Hi > I'm able to reproduce a segfault in smbd, with security=ads , using normal > login or kerberos. > samba 3.0.21a compiled from source, on debian stable. > > here are the backtrace: > > > For the kerberos part, using "smbclient //server/share -k" > > Using host libthread_db library "/lib/tls/libthread_db.so.1". > `system-supplied DSO at 0xe000' has disappeared; keeping its symbols. > [Thread debugging using libthread_db enabled] > [New Thread 1077522240 (LWP 26945)] > 0x4020f3ae in waitpid () from /lib/tls/libc.so.6 > #0 0x4020f3ae in waitpid () from /lib/tls/libc.so.6 > #1 0x401a4d12 in system () from /lib/tls/libc.so.6 > #2 0x081fc648 in smb_panic2 () > #3 0x081fc5bb in smb_panic () > #4 0x081e9cf3 in fault_report () > #5 0x081e9d68 in sig_fault () > #6 > #7 0x401ce487 in fseek () from /lib/tls/libc.so.6 > #8 0x400ae2cc in krb5_ktfile_get_next () from /usr/lib/libkrb5.so.3 > #9 0x400add4c in krb5_kt_next_entry () from /usr/lib/libkrb5.so.3 > #10 0x08275daf in ads_keytab_verify_ticket () > #11 0x08276828 in ads_verify_ticket () > #12 0x080b4802 in reply_spnego_kerberos () > #13 0x080b5738 in reply_spnego_negotiate () > #14 0x080b5db0 in reply_sesssetup_and_X_spnego () > #15 0x080b62c6 in reply_sesssetup_and_X () > #16 0x080dda92 in switch_message () > #17 0x080ddb42 in construct_reply () > #18 0x080dde8e in process_smb () > #19 0x080debe9 in smbd_process () > #20 0x0828850b in main () > > For the normal login, i.e. "smbclient //server/share -U username" > > Using host libthread_db library "/lib/tls/libthread_db.so.1". > `system-supplied DSO at 0xe000' has disappeared; keeping its symbols. > [Thread debugging using libthread_db enabled] > [New Thread 1077522240 (LWP 26935)] > 0x4020f3ae in waitpid () from /lib/tls/libc.so.6 > #0 0x4020f3ae in waitpid () from /lib/tls/libc.so.6 > #1 0x401a4d12 in system () from /lib/tls/libc.so.6 > #2 0x081fc648 in smb_panic2 () > #3 0x081fc5bb in smb_panic () > #4 0x081e9cf3 in fault_report () > #5 0x081e9d68 in sig_fault () > #6 > #7 0x4000770a in _dl_unload_cache () from /lib/ld-linux.so.2 > #8 0x40007edf in _dl_lookup_symbol () from /lib/ld-linux.so.2 > #9 0x4026fdb9 in __libc_dlclose () from /lib/tls/libc.so.6 > #10 0x4000c016 in _dl_catch_error () from /lib/ld-linux.so.2 > #11 0x4026fc68 in __libc_dlsym () from /lib/tls/libc.so.6 > #12 0x4024db81 in __nss_lookup_function () from /lib/tls/libc.so.6 > #13 0x4024d8c3 in __nss_next () from /lib/tls/libc.so.6 > #14 0x4020eb49 in getpwnam_r () from /lib/tls/libc.so.6 > #15 0x4020e441 in getpwnam () from /lib/tls/libc.so.6 > #16 0x081ec962 in sys_getpwnam () > #17 0x081f0a7f in getpwnam_alloc () > #18 0x081eefbb in Get_Pwnam_internals () > #19 0x081ef29c in Get_Pwnam_alloc () > #20 0x082385ca in smb_getpwnam () > #21 0x08238489 in fill_sam_account () > #22 0x08238854 in make_server_info_info3 () > #23 0x08233f98 in check_winbind_security () > #24 0x08230f88 in check_ntlm_password () > #25 0x0823a036 in auth_ntlmssp_check_password () > #26 0x08115054 in ntlmssp_server_auth () > #27 0x08114480 in ntlmssp_update () > #28 0x0823a36e in auth_ntlmssp_update () > #29 0x080b592a in reply_spnego_auth () > #30 0x080b5e0d in reply_sesssetup_and_X_spnego () > #31 0x080b62c6 in reply_sesssetup_and_X () > #32 0x080dda92 in switch_message () > #33 0x080ddb42 in construct_reply () > #34 0x080dde8e in process_smb () > #35 0x080debe9 in smbd_process () > #36 0x0828850b in main () > > > and here my smb.conf: > > # ./testparm > Load smb config files from /usr/local/samba/lib/smb.conf > Processing section "[web$]" > Loaded services file OK. > WARNING: passdb expand explicit = yes is deprecated > 'winbind separator = +' might cause problems with group membership. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > > [global] > workgroup = DPTINFO > realm = DPTINFO.URS.LOCAL > server string = %h server (Extranet, Samba %v) > security = ADS > allow trusted domains = No > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > use kerberos keytab = Yes > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = No > ldap admin dn = cn=admin,dc=iutinfo,dc=local > ldap idmap suffix = ou=Idmap > ldap suffix = dc=iutinfo,dc=local > panic action = /usr/share/samba/panic-action %d > idmap backend = ldap:ldap://ldap.urs.fr > idmap uid = 1-2 > idmap gid = 1-2 > template homedir = /home/%U > template shell = /bin/bash > winbind separator = + > winbind cache time = 0 > winbind use default dom
[Samba] double segfault in smbd 3.0.21a
Hi I'm able to reproduce a segfault in smbd, with security=ads , using normal login or kerberos. samba 3.0.21a compiled from source, on debian stable. here are the backtrace: For the kerberos part, using "smbclient //server/share -k" Using host libthread_db library "/lib/tls/libthread_db.so.1". `system-supplied DSO at 0xe000' has disappeared; keeping its symbols. [Thread debugging using libthread_db enabled] [New Thread 1077522240 (LWP 26945)] 0x4020f3ae in waitpid () from /lib/tls/libc.so.6 #0 0x4020f3ae in waitpid () from /lib/tls/libc.so.6 #1 0x401a4d12 in system () from /lib/tls/libc.so.6 #2 0x081fc648 in smb_panic2 () #3 0x081fc5bb in smb_panic () #4 0x081e9cf3 in fault_report () #5 0x081e9d68 in sig_fault () #6 #7 0x401ce487 in fseek () from /lib/tls/libc.so.6 #8 0x400ae2cc in krb5_ktfile_get_next () from /usr/lib/libkrb5.so.3 #9 0x400add4c in krb5_kt_next_entry () from /usr/lib/libkrb5.so.3 #10 0x08275daf in ads_keytab_verify_ticket () #11 0x08276828 in ads_verify_ticket () #12 0x080b4802 in reply_spnego_kerberos () #13 0x080b5738 in reply_spnego_negotiate () #14 0x080b5db0 in reply_sesssetup_and_X_spnego () #15 0x080b62c6 in reply_sesssetup_and_X () #16 0x080dda92 in switch_message () #17 0x080ddb42 in construct_reply () #18 0x080dde8e in process_smb () #19 0x080debe9 in smbd_process () #20 0x0828850b in main () For the normal login, i.e. "smbclient //server/share -U username" Using host libthread_db library "/lib/tls/libthread_db.so.1". `system-supplied DSO at 0xe000' has disappeared; keeping its symbols. [Thread debugging using libthread_db enabled] [New Thread 1077522240 (LWP 26935)] 0x4020f3ae in waitpid () from /lib/tls/libc.so.6 #0 0x4020f3ae in waitpid () from /lib/tls/libc.so.6 #1 0x401a4d12 in system () from /lib/tls/libc.so.6 #2 0x081fc648 in smb_panic2 () #3 0x081fc5bb in smb_panic () #4 0x081e9cf3 in fault_report () #5 0x081e9d68 in sig_fault () #6 #7 0x4000770a in _dl_unload_cache () from /lib/ld-linux.so.2 #8 0x40007edf in _dl_lookup_symbol () from /lib/ld-linux.so.2 #9 0x4026fdb9 in __libc_dlclose () from /lib/tls/libc.so.6 #10 0x4000c016 in _dl_catch_error () from /lib/ld-linux.so.2 #11 0x4026fc68 in __libc_dlsym () from /lib/tls/libc.so.6 #12 0x4024db81 in __nss_lookup_function () from /lib/tls/libc.so.6 #13 0x4024d8c3 in __nss_next () from /lib/tls/libc.so.6 #14 0x4020eb49 in getpwnam_r () from /lib/tls/libc.so.6 #15 0x4020e441 in getpwnam () from /lib/tls/libc.so.6 #16 0x081ec962 in sys_getpwnam () #17 0x081f0a7f in getpwnam_alloc () #18 0x081eefbb in Get_Pwnam_internals () #19 0x081ef29c in Get_Pwnam_alloc () #20 0x082385ca in smb_getpwnam () #21 0x08238489 in fill_sam_account () #22 0x08238854 in make_server_info_info3 () #23 0x08233f98 in check_winbind_security () #24 0x08230f88 in check_ntlm_password () #25 0x0823a036 in auth_ntlmssp_check_password () #26 0x08115054 in ntlmssp_server_auth () #27 0x08114480 in ntlmssp_update () #28 0x0823a36e in auth_ntlmssp_update () #29 0x080b592a in reply_spnego_auth () #30 0x080b5e0d in reply_sesssetup_and_X_spnego () #31 0x080b62c6 in reply_sesssetup_and_X () #32 0x080dda92 in switch_message () #33 0x080ddb42 in construct_reply () #34 0x080dde8e in process_smb () #35 0x080debe9 in smbd_process () #36 0x0828850b in main () and here my smb.conf: # ./testparm Load smb config files from /usr/local/samba/lib/smb.conf Processing section "[web$]" Loaded services file OK. WARNING: passdb expand explicit = yes is deprecated 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = DPTINFO realm = DPTINFO.URS.LOCAL server string = %h server (Extranet, Samba %v) security = ADS allow trusted domains = No passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . use kerberos keytab = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No ldap admin dn = cn=admin,dc=iutinfo,dc=local ldap idmap suffix = ou=Idmap ldap suffix = dc=iutinfo,dc=local panic action = /usr/share/samba/panic-action %d idmap backend = ldap:ldap://ldap.urs.fr idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind cache time = 0 winbind use default domain = Yes invalid users = root -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient write error
Can anyone help with the problem I am currently having with using smbclient to copy from a Solaris box to Windows. My current version of Samba is 2.2.2. The file is about 800MB, and on different attempts I get different amounts written but never the full file. The error message returned by smbclient is "Error writing file: code 0". I have tried to search for information on this but to no avail. Can anyone help? Thanks Matt Noble -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba with ADS on Sun Solaris System
Adam wrote of Jerry's remark: > > > > The idea will be to package a statically linked version of > > smbd that includes the appropriate Kerb5 and OpenLDAP libs. > > Wow. Does this mean a new version would be released whenever > there is a vulnerability in the kerb libs, openldap libs, or > Samba? Or only for Samba? > > That seems like a lot of work for you/the rest of the Samba team. . . > Sssshhh! They work for us, remember? And for free!! Just kidding. Could any of us pitch in something to help? Not that I have much to offer (besides my proofer's eye -- ask John), but could we make this easier for you somehow? -wde -- Will Enestvedt UNIX System Administrator Johnson & Wales University -- Providence, RI -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] secrets failed
Well, i have a serious problem, all of an sudden samba rejects all my workstations and servers! my samba PDC reports back to me, secrets_fetch failed! nothing has changed, or altered.. it comes out of the blue! i did upgrade samba from 3.0.11 to 3.0.21, but that was 2 weeks ago, and the upgrade worked. (until now that is) going back to 3.0.11 didn't work, I'm kinda lost here.. suggestions might really help... thx Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and ADS
Hi Bruno, if I understand you right, you want to setup multiple Samba Domain Member Server on virtual machines. May I ask you why? This makes no sense for me. If you want to use the AD for your linux clients as the user and password server, you just have to start winbind on your (virtual) clients. That's it. If I am wrong and you really want to setup more than one Domain Member Server, be sure to use another idmap backend (ldap or rid). In this case you have to do a "net ads join" for every of these machines. Or you let create a user with administrator privileges you can use. -markus Bruno Gola wrote: Hello guys :-) Last week I was configuring a samba server here in my linux box to act as a AD Domain member. Using Samba, kerberos5 and winbind i finally did it. Now, i have another problem, for each machine that i wanna do this, i need to add this machine in the Win2k AD Server (with the command net ads join -UAdmin etc) but, the problem is that i dont have the permission (or the admin account) to do this, so everytime i create a new machine in vmware i need to call the infra structure guys, and i dont want this, so the solution was, to create a new samba server that will be a domain controller, and my Virtual Machines would auth against this serverm and this server would auth each user against the AD. Example: $USER auth check the $USER and passwd @ AD VM -> Samba -- ---> AD Resuming, the AD will be just a passwd server for samba. Does anyone knows if it is possible? Is there a way ? Thanks! Bruno Gola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and ADS
Hello guys :-) Last week I was configuring a samba server here in my linux box to act as a AD Domain member. Using Samba, kerberos5 and winbind i finally did it. Now, i have another problem, for each machine that i wanna do this, i need to add this machine in the Win2k AD Server (with the command net ads join -UAdmin etc) but, the problem is that i dont have the permission (or the admin account) to do this, so everytime i create a new machine in vmware i need to call the infra structure guys, and i dont want this, so the solution was, to create a new samba server that will be a domain controller, and my Virtual Machines would auth against this serverm and this server would auth each user against the AD. Example: $USER auth check the $USER and passwd @ AD VM -> Samba -- ---> AD Resuming, the AD will be just a passwd server for samba. Does anyone knows if it is possible? Is there a way ? Thanks! Bruno Gola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Active directory
Hello guys :-) Last week I was configuring a samba server here in my linux box to act as a AD Domain member. Using Samba, kerberos5 and winbind i finally did it. Now, i have another problem, for each machine that i wanna do this, i need to add this machine in the Win2k AD Server (with the command net ads join -UAdmin etc) but, the problem is that i dont have the permission (or the admin account) to do this, so everytime i create a new machine in vmware i need to call the infra structure guys, and i dont want this, so the solution was, to create a new samba server that will be a domain controller, and my Virtual Machines would auth against this serverm and this server would auth each user against the AD. Example: $USER auth check the $USER and passwd @ AD VM -> Samba -> AD Resuming, the AD will be just a passwd server for samba. Does anyone knows if it is possible? Is there a way ? Thanks! Bruno Gola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] creating homedir
Hi Guillaume, at first the entry seems to be o.k.. The module will only work on a local system, i.e. on your SuSE Enterprise Server 8. The module is in the default installation of the pam package, so it is for sure installed. Check again your log files, there _must_ be an error message for a non working and/or missing PAM. Check inside /lib/security whether pam_mkhomedir is inside. Look at other configs of pam's if you have to edit the full path to the module. I don't know what you are planning, but it sounds some kind of confusing using pam_mkhomedir on a server because no user should have access to it via pam (e.g. console, maybe ssh, kde, telnet etc.) If you are setting up a Samba Server and wanting to create a not yet existing home directory for a user which tries to map it, then you have to edit your smb.conf and append something like root preexec = /usr/sbin/mkhome %u %g to your home section. -markus Guillaume wrote: hello, I'm configuring on a linux suse enterprise server 8 a samba server. I have problem with the pam_mkhomedir.so module. i add this line : session requiredpam_mkhomedir.soskel=/etc/skel/ umask=0022 in the other & login files, but when user connect, it don"t create the homedir. does i made a mistake? What is the pam module file i have to edit for an automatic creation? thanks, Guillaume -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba]3.0.20b Keep windows local sid when xcopy files to samba server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 scot eckel wrote: > Hi all, > > I came into a problem with the following situation. > One Windows 2k3 server which joined into a AD, and when I > tried to copy some files the owner ship of which contails > both domain user/group sid and local user/group sid > information, to samba server, only domain sid > information could be kept, and the windows local > user/group sid info was dropped. I verifyed this by using > "xcopy /O /K". When I traced the samba log, it complained > unknown sid, which was the local sid. And since I > configured samba to lookup user and group by the order > of passwd and winbind, AD could not retrieve the non-domain > sid info which is only available in the member client.This > seems to be reasonable. > > However, I still wish there is some hacks that could help > to keep the local sid info when files are copied to samba > server. Any clue is welcome. We have a 'force unknown acl user' option. But it is currently impossible to keep an arbitrary SID that has not been mapped to an uid/gid. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDwqWXIR7qMdg1EfYRArQuAKCjpdDEpKVJrPabwmbyusMQLs6g6wCffy33 rdHhQM8boefLZYElCaPUDNo= =tTTs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with ADS on Sun Solaris System
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam D. Morley wrote: > Wow. Does this mean a new version would be released > whenever there is a vulnerability in the kerb libs, > openldap libs, or Samba? Or only for Samba? If I can ever get the time to get things in place, the build is scripted. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDwqRpIR7qMdg1EfYRAik3AJ0Rn8NoQvqHFTrQQq2h8aSGMs5eTACgpCGS UredT8GzHu/q65Bqj7jD0cw= =F0qz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with ADS on Sun Solaris System
On Mon, Jan 09, 2006 at 11:10:07AM -0600, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Adam D. Morley wrote: > > I would be surprised to see it, for a number of reasons: > > > > - Solaris doesn't have MIT/Heimdal Kerberos. It has SEAM, aka Sun > > Kerberos. I don't know if this matters, but ... > > - Solaris doesn't have OpenLDAP. It has Sun LDAP. I don't know if this > > matters, but ... > > > The idea will be to package a statically linked version of > smbd that includes the appropriate Kerb5 and OpenLDAP libs. Wow. Does this mean a new version would be released whenever there is a vulnerability in the kerb libs, openldap libs, or Samba? Or only for Samba? That seems like a lot of work for you/the rest of the Samba team. . . -- adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] creating homedir
hello, I'm configuring on a linux suse enterprise server 8 a samba server. I have problem with the pam_mkhomedir.so module. i add this line : session requiredpam_mkhomedir.soskel=/etc/skel/ umask=0022 in the other & login files, but when user connect, it don"t create the homedir. does i made a mistake? What is the pam module file i have to edit for an automatic creation? thanks, Guillaume -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with ADS on Sun Solaris System
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam D. Morley wrote: > I would be surprised to see it, for a number of reasons: > > - Solaris doesn't have MIT/Heimdal Kerberos. It has SEAM, aka Sun > Kerberos. I don't know if this matters, but ... > - Solaris doesn't have OpenLDAP. It has Sun LDAP. I don't know if this > matters, but ... The idea will be to package a statically linked version of smbd that includes the appropriate Kerb5 and OpenLDAP libs. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDwpjuIR7qMdg1EfYRAvNhAJ4lgQ5KuIoHpORpcX2NEMVeNpb/twCg5je3 YybuR40HN/mD1lgbc4PNUpE= =RDuG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users can't pause or cancel print jobs
I have checked the logs and don't see any errors. Also I read that if I am using Printing=cups that any of the custom command like (lppause= or lpc=) would be ignored. Is that true. On 1/9/06, Fabio <[EMAIL PROTECTED]> wrote: > > hello > first of all I suggest you to upgrade samba (latest is 3.0.21a). > > In the last version some bugs about jobs (remote downlevel document) are > fixed. > > However check your samba and cups logs. > > bye, > fabio > > Hello all, > > > > I am running Samba 3.0.9 with CUPS 1.1.17. When my windows user try > to > > pause print jobs it does not work and gives them an error "Error > > Processing > > Command" in Windows. If they try to cancel a print job it doesn't give > > any > > error. It just disappears from the print queue and print anyway. > > > > Could someone point me in the right direction? > > > > > > Thanks all > > > > Dominic Iadicicco > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] suspend/start printer problem
Hi to all, I upgrade my pdc (samba+ldap+cups) from samba 3.0.20b to 3.0.21a and I can't suspend/restart printer from windows client. I discover (using tcpdump) that client sends packets to server and this reply to it, so I think the problem is in server side. Logs (samba, cups, syslog) don't contain errors. I would indicate this problem in bugzilla but: - I'm not sure it's a real samba bug - I have no error to show How can I do a more detailed debug? Thanks in advance, Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: printing = bsd broke smbd? [was Re: [Samba] samba 3.0.21a without printig
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beast wrote: > When setting "printing=bsd" on my samba, client wont > able to resolve the server. > > In windows client, it says "The specified network name is no longer > available". > > Using smbclient: > > [samba]# smbclient -L svr4 -Uuser > Password: > Anonymous login successful > Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.20b] > > Sharename Type Comment > - --- > netlogonDisk Network Logon Service > Pub Disk Public Share > > session setup failed: Call returned zero bytes (EOF) > NetBIOS over TCP disabled -- no workgroup available > > [samba]# smbclient -L svr4 -Uuser > Password: > session setup failed: Call returned zero bytes (EOF) > > I can attach debug3 if you wish, but I found no clue in there ;-p That makes no sense to me. Could you get me a level 10 debug log from smbd? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDwpJ6IR7qMdg1EfYRAoyCAJ4nPI7/hGW/O1cUfLpRhc62FCwDEwCg7YzR YwvXuUaS4GqSI02VnBslKLs= =W8kE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: printing = bsd broke smbd? [was Re: [Samba] samba 3.0.21a wit hout printing]
Try adding these to your smb.conf after the 'set printing = bsd' and restart your daemons load printers = No disable spoolss = Yes show add printer wizard = No btw, be sure to remove the quotes from the lines (i.e. set "printing=bsd" should read: set printing = bsd not set "printing=bsd" (you probably knew that already) Are your Windows clients trying to print to a Local Printer, using the Samba share as the port name? You'll need to delete those printers/ports. Jim > -Original Message- > From: Beast [mailto:[EMAIL PROTECTED] > Sent: Friday, January 06, 2006 3:44 AM > To: Gerald (Jerry) Carter > Cc: Samba List > Subject: printing = bsd broke smbd? [was Re: [Samba] samba 3.0.21a > without printig > > > Gerald (Jerry) Carter wrote: > >>- > >>how can i disable it totaly? > > > > > > Set 'printing = bsd' > > > > When setting "printing=bsd" on my samba, client wont able to > resolve the > server. > > In windows client, it says "The specified network name is no longer > available". > > Using smbclient: > > [samba]# smbclient -L svr4 -Uuser > Password: > Anonymous login successful > Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.20b] > > Sharename Type Comment > - --- > netlogonDisk Network Logon Service > Pub Disk Public Share > > session setup failed: Call returned zero bytes (EOF) > NetBIOS over TCP disabled -- no workgroup available > > [samba]# smbclient -L svr4 -Uuser > Password: > session setup failed: Call returned zero bytes (EOF) > > I can attach debug3 if you wish, but I found no clue in there ;-p > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain logon problem
hey i am trying to set up a server to act as a domain controller, but am having a bit of difficulty actually logging on. i have created UNIX accounts, samba passwords and a machine trust account for the relevant machine. when i try to join the domain on a windows 2000 machine i get the error message: "incorrect user name or password". Tha sambe log shows: [2006/01/09 15:12:45, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [rworkman] -> [rworkman] -> [rworkman] succeeded [2006/01/09 15:12:45, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain SUBDOM -> S-1-5-21-343446102-3839099577-2790099203 [2006/01/09 15:12:45, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain SUBDOM -> S-1-5-21-343446102-3839099577-2790099203 [2006/01/09 15:12:45, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195) Unable to open/create TDB passwd [2006/01/09 15:12:45, 0] passdb/pdb_tdb.c:tdb_update_sam(604) tdb_update_sam: Unable to open TDB passwd (/var/lib/samba/passdb.tdb)! [2006/01/09 15:12:45, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350) could not add user/computer three$ to passdb. Check permissions? [2006/01/09 15:12:45, 2] smbd/server.c:exit_server(609) Closing connections [2006/01/09 15:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/01/09 15:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/01/09 15:12:46, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [rworkman] -> [rworkman] -> [rworkman] succeeded [2006/01/09 15:12:46, 2] smbd/server.c:exit_server(609) Closing connections i am consfused. why can the machine acocunt not be added to passdb? why does it then claim that the authentication succeeded? can anyone help? Thanks. below is smb.conf i was using at the time: [global] workgroup = SUBDOM server string = Contract Server obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passdb backend = tdbsam encrypt passwords = yes os level = 33 log level = 2 log file = /var/log/samba/log.%m max log size = 1000 preferred master = auto domain master = yes local master = yes security = user domain logons = yes logon path = \\%N\profiles\%U logon script = logon.cmd add machine script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -m %u add user script = /usr/sbin/useradd -d /dev/null -g smbusers -s /bin/false -m %u panic action = /usr/share/samba/panic-action %d invalid users = root valid users = nobody, @smbusers read list = nobody, @smbusers [netlogon] path = /home/samba/netlogon guest ok = Yes browseable = No [profiles] path = /home/samba/profiles read only = no create mask = 0600 directory mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem after upgrade from 3.0.14a to 3.0.21a
We have 2 Samba Domain Controllers and 1 Samba Domain Member Server, running on Solaris 9. The Solaris servers are native LDAP clients to two OpenLDAP servers. All user-info is available on these servers (getent passwd). Before upgrading to Samba 3.0.21a, we were running Samba 3.0.14a. On the Domain Member Server, when selecting the security-tab of a file or folder, the users were listed as users of the domain. Settings ACL's worked very well. After the upgrade to Samba 3.0.21a, suddenly the users listed in the security-tab are users of the local machine and not the domain. Settings ACL's fails without an error message. This happens with Samba 3.0.20b as well. Apparently, something is changed between 3.0.14a and 3.0.20b. However I do not have a clue... The configuration of all servers did not change. Installing 3.0.14a again and it all works again. Does anybody have a clue what is going on here? Thanks, -Remy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users can't pause or cancel print jobs
Hi, reading smb.conf, I found lprm command (S) This parameter specifies the command to be executed on the server host in order to delete a print job. This command should be a program or script which takes a printer name and job number, and deletes the print job. If a %p is given then the printer name is put in its place. A %j is replaced with the job number (an integer). Note that it is good practice to include the absolute path in the lprm command as the PATH may not be available to the server. Default: lprm command = # depends on the setting of printing Example: lprm command = /usr/bin/lprm -P%p %j Example: lprm command = /usr/bin/cancel %p-%j Maybe this will help you. There is also a lpq command directive Kind regards Juergen Hoffmann Am Montag, den 09.01.2006, 10:26 -0500 schrieb Dominic Iadicicco: > Hello all, > > I am running Samba 3.0.9 with CUPS 1.1.17. When my windows user try to > pause print jobs it does not work and gives them an error "Error Processing > Command" in Windows. If they try to cancel a print job it doesn't give any > error. It just disappears from the print queue and print anyway. > > Could someone point me in the right direction? > > > Thanks all > > Dominic Iadicicco signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Users can't pause or cancel print jobs
Hello all, I am running Samba 3.0.9 with CUPS 1.1.17. When my windows user try to pause print jobs it does not work and gives them an error "Error Processing Command" in Windows. If they try to cancel a print job it doesn't give any error. It just disappears from the print queue and print anyway. Could someone point me in the right direction? Thanks all Dominic Iadicicco -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] samba from RedHat 3 doesn't work in RedHat 4
Verify the SeLinux conf! --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 09/01/2006 15:21:07 : > I recently upgraded my server from a RedHat 3 on a Dell Precision 410 to >RedHat 4 on a Dell Optiplex GX 620 > I moved all the samba configuration files from one system to the other. > >The old system worked as a domain master across several subnets with > the use of local samba masters on each of the outlying subnets. > >The new system cannot be seen as a master on the outlying subnets. > When I try to look at the workgroup on an outlying subnet, I get that > the workgroup "is not accessible." > >I have iptables set up on the new server to allow access from the 137, > 138 and 139 ports on the new server. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba from RedHat 3 doesn't work in RedHat 4
Margaret_Doll wrote: I recently upgraded my server from a RedHat 3 on a Dell Precision 410 to RedHat 4 on a Dell Optiplex GX 620 I moved all the samba configuration files from one system to the other. The old system worked as a domain master across several subnets with the use of local samba masters on each of the outlying subnets. ... I have iptables set up on the new server to allow access from the 137, 138 and 139 ports on the new server. You probably want to allow 445 as well. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Account Unknown for users with Samba 3.0.11/14
- Original Message - From: <[EMAIL PROTECTED]> To: "William Jojo" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; Sent: Monday, January 09, 2006 9:24 AM Subject: Re: [Samba] Account Unknown for users with Samba 3.0.11/14 > Quoting William Jojo <[EMAIL PROTECTED]>: > > > From: James Cort > >> All the documentation I can find online seems to be geared towards > >> getting the system up and running properly in the first place with > >> minimal requirement of understanding of how it all hangs together - if > >> someone did that in the past and made a mistake, it seems particularly > >> tough to figure out what they did wrong and, more importantly, how to > >> fix it without causing downtime. > >> > >> Can anyone point me in the right direction? > >> > > > > Well, since this system doesn't have local files can you use secldapclntd? > > This will solve your local user problem (which is what I was driving at > > :-) ) by pointing to LDAP and making the users appear local. > > I've already got Unix user logons working through LDAP and all the > relevant configuration in nsswitch: > > cronus james # touch test_JAMES > cronus james # chown james:u4ea test_JAMES > cronus james # ls -ail > total 16 > 166146660 drwxrwxr-x 2 james u4ea 23 Jan 9 08:23 . > 128 drwxr-xr-x 39 root root 4096 Jan 9 05:46 .. > 166146661 -rw-rw-r-- 1 james u4ea0 Jan 9 08:23 test_JAMES > cronus james # grep james: /etc/passwd > cronus james # > > > Isn't secldapclntd AIX-specific? Everything I can find suggests it is. > This is Gentoo Linux. > ApologiesI've been working on several other AIX specific issues and mistakenly thought your's was AIX too... :-| > > There's also > > the possbility of WINBIND depending on how you want to approach the users. > > Ah - now there's a possibility. On the server that works, I can see > winbind is running. The absence of entries in the LDAP database > suggests that it's using local files - but I can't find which local > files it uses. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Account Unknown for users with Samba 3.0.11/14
Quoting William Jojo <[EMAIL PROTECTED]>: From: James Cort All the documentation I can find online seems to be geared towards getting the system up and running properly in the first place with minimal requirement of understanding of how it all hangs together - if someone did that in the past and made a mistake, it seems particularly tough to figure out what they did wrong and, more importantly, how to fix it without causing downtime. Can anyone point me in the right direction? Well, since this system doesn't have local files can you use secldapclntd? This will solve your local user problem (which is what I was driving at :-) ) by pointing to LDAP and making the users appear local. I've already got Unix user logons working through LDAP and all the relevant configuration in nsswitch: cronus james # touch test_JAMES cronus james # chown james:u4ea test_JAMES cronus james # ls -ail total 16 166146660 drwxrwxr-x 2 james u4ea 23 Jan 9 08:23 . 128 drwxr-xr-x 39 root root 4096 Jan 9 05:46 .. 166146661 -rw-rw-r-- 1 james u4ea0 Jan 9 08:23 test_JAMES cronus james # grep james: /etc/passwd cronus james # Isn't secldapclntd AIX-specific? Everything I can find suggests it is. This is Gentoo Linux. There's also the possbility of WINBIND depending on how you want to approach the users. Ah - now there's a possibility. On the server that works, I can see winbind is running. The absence of entries in the LDAP database suggests that it's using local files - but I can't find which local files it uses. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba from RedHat 3 doesn't work in RedHat 4
I recently upgraded my server from a RedHat 3 on a Dell Precision 410 to RedHat 4 on a Dell Optiplex GX 620 I moved all the samba configuration files from one system to the other. The old system worked as a domain master across several subnets with the use of local samba masters on each of the outlying subnets. The new system cannot be seen as a master on the outlying subnets. When I try to look at the workgroup on an outlying subnet, I get that the workgroup "is not accessible." I have iptables set up on the new server to allow access from the 137, 138 and 139 ports on the new server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] allowing users to install printers
Hi, I think that if the printer driver is provided with windows or has already been downloaded, there is no need for the user to be local admin. Which means, that you must load the drivers by installing the printer either as local or domain admin, so that when you loggof and another not_local_admin user logs on, the drivers have already been added. I'm afraid that if you update the server drivers, the client won't be able to update them unless you login again as local admin. Hope this helps, Bruno Guerreiro > -Original Message- > From: Tomasz Chmielewski [mailto:[EMAIL PROTECTED] > Sent: segunda-feira, 9 de Janeiro de 2006 14:12 > To: Fabio; samba > Subject: Re: [Samba] allowing users to install printers > > Fabio schrieb: > > Users must have SePrintOperatorPrivilege domain right and must be > > local machine administrator, I think. > > Thats the point of my question - how to allow them to install > printers without them being administrators. > > > -- > Tomasz Chmielewski > http://wpkg.org > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] allowing users to install printers
Fabio schrieb: Users must have SePrintOperatorPrivilege domain right and must be local machine administrator, I think. Thats the point of my question - how to allow them to install printers without them being administrators. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba - Cups - WinXP SP2 Client
Hi All, I have a samba Server 3.0.14 installed on Ubuntu. I also have cups 1.1.23 installed. I have migrated an existing nt4 domain using this howto: http://de.samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2570211 Samba is my PDC now, and no more windows servers are on the net. I have a network Printer Kyocera 1800+ Mita which is correctly configured via cups. I have preconfigured 3 Printers on for each paper feed, so Users just have to connect to the printer and then be able to print to the correct paper feed. I have then added the Printers to samba using this howto: http://de.samba.org/samba/docs/man/Samba-Guide/happy.html#id2550472 I have 2 problems. 1. Although Printing a Test Page with Cups prints from the right Paper Feed, printing a Test Page from the Windows Client prints it from the default feeder. BUT with a very good response time and speed. IF I change the Client Side Drivers to use tray2 for this printer, The Response Time of PrintJobs is 4 times higher than before. Although Printing is possible, the time to print a document is so high, that users can go and grab a cup of coffee in between. Another Problem is that we have different user profiles accessing the server. The One side uses an Accounting Software, which keeps its database in flat files on the server. Every user opens the files and keeps them open. The Other users are using AutoDesk Inventor 10 which is used for AutoCad. This keeps the information for large Drawings in thousands of small files which are stored inside a directory. These Users are complaining about very long response times of the server. So my question is, is it possible to file access to one share in favor of other shares, something like QOS? Any Help is highly appreciated. I Have attached my smb.conf, so you can see how this is configured: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2005/11/22 17:14:43 # Global parameters [global] # aenderungen 28.12.05 os level = 33 security = user interfaces = 192.168.11.253 127.0.0.1 bind interfaces only = no unix charset = LOCALE workgroup = HELLER-DOMÄNE netbios name = ITCHY passdb backend = ldapsam:ldap://localhost log level = 2 syslog = 0 log file = /var/log/samba/%m max log size = 5 smb ports = 135 445 name resolve order = hosts wins bcast socket address = 192.168.11.253 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 addprinter command = /usr/bin/addprinter deleteprinter command = /usr/bin/removeprinter add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '% g' delete user from group script = /usr/sbin/smbldap-groupmod -x '% u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = HELLER1.cmd logon path = \\%L\profiles\%U logon drive = U: logon home = \\%L\%U domain logons = Yes domain master = Yes local master = Yes wins support = Yes ldap suffix = dc=heller,dc=de ldap admin dn = cn=Manager,dc=heller,dc=de ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=People ldap passwd sync = Yes ldap ssl = no ldap timeout = 20 ldap user suffix = ou=People,dc=heller,dc=de #ldapsam:trusted=yes idmap backend = ldap:ldap://localhost idmap uid = 1000-2 idmap gid = 1000-2 winbind nested groups = Yes printer admin = root, kudlek.c, maurer.k, maurer.g, meinzinger.u, frank.h, bruecks.m, trumpfheller.s, moser.m directory mask = 0777 ea support = Yes map acl inherit = Yes printing = cups printcap = cups strict locking = No profile acls = Yes time server = Yes # Add for fixing Bug 20051124 NM use sendfile = No [technik] comment = Alle Dokumente der Technik path = /samba/technik read only = No create mask = 0777 force create mode = 0777 force security mode = 0 [sekretariat] comment = Alle Dokumente des Sekretariats path = /samba/sekretariat read only = No create mask = 0777 force create mode = 0777 [konstruktion] comment = Alle Dokumente der Konstruktionsabteilung path = /samba/konstruktion read only = No create mask = 0777 force create mode = 0777 [cd-images] comment = Abgelegte Images von Installations CDs p
Re: [Samba] Account Unknown for users with Samba 3.0.11/14
- Original Message - From: <[EMAIL PROTECTED]> To: Sent: Monday, January 09, 2006 8:17 AM Subject: Re: [Samba] Account Unknown for users with Samba 3.0.11/14 > Quoting William Jojo <[EMAIL PROTECTED]> > > > And the obvious...do you have config and system information? How are uid > > values gathered by the system? Same LDAP database? That's important to find > > out... > > And, indeed, the cause of much grief. > > Since writing previous emails I have discovered: > > * The issue doesn't exist on another server. > * Though the other server has identical Samba configuration, much > else is very different. Most importantly, users exist locally on the > other server. > > To cut a long story short, it seems unlikely that in its current > configuration, this has ever worked properly. > > The sambaIdmapEntry and sambaGroupMapping objects don't exist in LDAP. > I've added objectClass sambaIdmapEntry to myself in the LDAP database, > so my LDAP entry now reads: > > # jamesc, People, u4eatech.com > dn: uid=jamesc,ou=People,dc=u4eatech,dc=com > uid: jamesc > sambaSID: S-1-5-21-4012146134-3166284455-2856603714-3038 > sambaPrimaryGroupSID: S-1-5-21-4012146134-3166284455-2856603714-3001 > displayName: James Cort,,, > sambaPwdMustChange: 2147483647 > sambaPasswordHistory: > > sambaAcctFlags: [U ] > uidNumber: 1019 > loginShell: /bin/bash > gidNumber: 1000 > homeDirectory: /home/jamesc > gecos: James Cort > cn: James Cort > mail: [EMAIL PROTECTED] > sambaPwdCanChange: 1136795375 > sambaLMPassword: 1E5F582F4574BA7802A22108CDA2230E > sambaNTPassword: 8224FF98E3965F5DF2C3CB3D32205650 > sambaPwdLastSet: 1136795375 > userPassword:: e01ENX1mNnpCM2xiOU1EdEx1QVUyeGQxUDNBPT0= > objectClass: account > objectClass: sambaSamAccount > objectClass: posixAccount > objectClass: top > objectClass: u4eaPerson > objectClass: sambaIdmapEntry > > > While this knocks one error on the head, I still have a number of > issues as none of the gidNumber-based entries exist. However, I would > expect that users in the "Security" tab would now resolve - this is not > the case. > > I'm at a loss how to continue. Presumably I need to populate the > various bits necessary for id mapping in LDAP, though I don't know the > various options or their pros and cons. > > All the documentation I can find online seems to be geared towards > getting the system up and running properly in the first place with > minimal requirement of understanding of how it all hangs together - if > someone did that in the past and made a mistake, it seems particularly > tough to figure out what they did wrong and, more importantly, how to > fix it without causing downtime. > > Can anyone point me in the right direction? > Well, since this system doesn't have local files can you use secldapclntd? This will solve your local user problem (which is what I was driving at :-) ) by pointing to LDAP and making the users appear local. There's also the possbility of WINBIND depending on how you want to approach the users. secldapclntd can be implemented in a few minutes. As long as your smb.conf points to the same containers, you should see that you're looking for. I'm working on a paper for AIX people on how to approach user/group since there are several options available. Cheers, Bill > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] This item has been released from quarantine.
This file, which was attached to the message titled "[Samba] entering multiple user accounts" by "[EMAIL PROTECTED]" and was quarantined on 1/6/2006 6:45 PM, has been released. NOTE: If AutoProtect is enabled, then this restored attachment will be rescanned during the restore. If the attachment is still infected, the current virus detection policy will apply to this attachment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Account Unknown for users with Samba 3.0.11/14
Quoting William Jojo <[EMAIL PROTECTED]> And the obvious...do you have config and system information? How are uid values gathered by the system? Same LDAP database? That's important to find out... And, indeed, the cause of much grief. Since writing previous emails I have discovered: * The issue doesn't exist on another server. * Though the other server has identical Samba configuration, much else is very different. Most importantly, users exist locally on the other server. To cut a long story short, it seems unlikely that in its current configuration, this has ever worked properly. The sambaIdmapEntry and sambaGroupMapping objects don't exist in LDAP. I've added objectClass sambaIdmapEntry to myself in the LDAP database, so my LDAP entry now reads: # jamesc, People, u4eatech.com dn: uid=jamesc,ou=People,dc=u4eatech,dc=com uid: jamesc sambaSID: S-1-5-21-4012146134-3166284455-2856603714-3038 sambaPrimaryGroupSID: S-1-5-21-4012146134-3166284455-2856603714-3001 displayName: James Cort,,, sambaPwdMustChange: 2147483647 sambaPasswordHistory: sambaAcctFlags: [U ] uidNumber: 1019 loginShell: /bin/bash gidNumber: 1000 homeDirectory: /home/jamesc gecos: James Cort cn: James Cort mail: [EMAIL PROTECTED] sambaPwdCanChange: 1136795375 sambaLMPassword: 1E5F582F4574BA7802A22108CDA2230E sambaNTPassword: 8224FF98E3965F5DF2C3CB3D32205650 sambaPwdLastSet: 1136795375 userPassword:: e01ENX1mNnpCM2xiOU1EdEx1QVUyeGQxUDNBPT0= objectClass: account objectClass: sambaSamAccount objectClass: posixAccount objectClass: top objectClass: u4eaPerson objectClass: sambaIdmapEntry While this knocks one error on the head, I still have a number of issues as none of the gidNumber-based entries exist. However, I would expect that users in the "Security" tab would now resolve - this is not the case. I'm at a loss how to continue. Presumably I need to populate the various bits necessary for id mapping in LDAP, though I don't know the various options or their pros and cons. All the documentation I can find online seems to be geared towards getting the system up and running properly in the first place with minimal requirement of understanding of how it all hangs together - if someone did that in the past and made a mistake, it seems particularly tough to figure out what they did wrong and, more importantly, how to fix it without causing downtime. Can anyone point me in the right direction? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] allowing users to install printers
What is the easiest way to allow normal users to install printers (which are available through a Samba server)? Normally, Windows 2000 and XP need to have a printer installed by the admin first on a given workstation - only the it can be used by the user. I want to allow the user to install own printers. Now, when one trises to right click on a printer on a server and "connect", he is refused to use it (not sufficient privileges). How can I allow non-admin users to install printers? -- Tomek http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] manage printer problem
hi! I'm using a pdc samba+ldap+cups (on sarge) with samba 3.0.21a. My problem is that I can't set in pause my shared printer (print and manage jobs are ok). In samba logs and syslog aren't errors (log level 10) except: find_printer_index_by_hnd: Printer handle not found: find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OTHER:4940:4965) this error doesn't appear every time I try to manage printer. anyone can help me? thanks in advance, Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Connecting from XP to samba shares
Hi all,
This question has probably been asked and solved/dismissed several
times before, but I didn't find any clear solution googling about.
The problem is I have a samba server (in Mandriva LE2005) with
"security=share" (this is the setting I want). There I have a shared
directory I'd like to be available to anyone, provided they give the
correct password (win98 style).
When I connect from another linux box, it works. I get a window asking
for username and password, and I can write whatever username I want: if
the password is the correct one I get access to the files.
However, from XP (Pro), I get the window with greyed out username,
which doesn't really matter, but the password doesn't work, the window
just keeps coming again and again and I get no access to the files.
I have tried lots of different configuration options. If I set "guest
ok = yes", I can connect from XP, but with no password, and that's not
what I want, but this shows the network connections are ok, I guess.
I suspect the problem is in the XP box, but I have no further clue
about what the problem could be. I'd be grateful for any help.
Thanks
P.S. Another annoyance is that, from the linux box (with Konqueror), I
see the comments of the machines in the network with the last letter
missing. For example, I see "Machine (My nam)" instead of "Machine (My
name)". I don't know whose fault is this either.
This is a summary of my smb.conf file:
("someuser" is a real username in the linux box and in the smbusers,
it's the username whose password I want to use when connecting)
[global]
workgroup = MY WORKGROUP
server string = My name
security = SHARE
map to guest = Bad User
username map = /etc/samba/smbusers
encrypt passwords = yes
log file = /var/log/samba/log.%m
log level = 3
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap cache time = 60
printcap name = cups
preferred master = Yes
domain master = Yes
dns proxy = No
ldap ssl = No
message command = /usr/bin/linpopup
printer admin = @adm
[SharedDir]
comment = Shared directory
path = /home/users/Shared
username = someuser
invalid users = root
force user = someuser
force group = users
___
NEW Yahoo! Cars - sell your car and browse thousands of new and used cars
online! http://uk.cars.yahoo.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Configuring Print Queue on Samba 3 with LDAP
Hi all I have a samba 3.0.21 with OpenLDAP, i am unable to configure the print queue i have a network printer (model sharp, AR 641) configure through lpadmin -p myprinter -v soceket://printerip:9100 -E i have checked with nmap on printer ip, and port 9100 is enabled. edited the /etc/cups/mime.types and /etc/cups/mime.convs for uncommenting the application/octet-stream then configured the windows clients by first adding as local printer and gave port as \\servername\myprinter and gave the drivers of the sharp printers, in lpq status, it shows the print jobs are completed but still unable to print pls. guide me Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Slow file transfers and lock ups.
Hi Folks I posted a question about a week ago regarding slow file transfers and lock ups, but I haven't had any response. Was my question to complicated, is everybody at a loss like me, or is it being ignored because it is a stupid question? Hope you don't mind, I'll quote it again below, just in case somebody with advice has come back from holiday and can help out. Regards Jannetta > Hi All > > I hope someone can point me in the right direction here. I have just > upgraded a client's machine from running a 4 year old version of Slackware > and and a Samba just as old to Fedora Core 4 and the latest Samba in the > Fedora mirrors - seems to be 3.0.14a-2. After the installation, the client > complained that data transfer was extremely slow. It took 70 seconds to > save a 3.8Mb file and a backup that used to take 5 minutes took almost 30 > minutes. > > I changed the config file to exactly what it was on the old server and > restarted Samba. The config now is: > [global] >workgroup = WORKGROUP >netbios name = ServerName >server string = ServerName %v >encrypt passwords = Yes >socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 >log file = /var/log/samba/%m.log >max log size = 50 >os level = 33 >hosts allow = 192.168.0 ># preferred master = yes ># local master = no ># security = user ># idmap uid = 16777216-33554431 ># idmap gid = 16777216-33554431 ># template shell = /bin/false ># winbind use default domain = no ># fake oplocks=NO ># oplocks=NO ># level 2 oplocks=NO > [fileserver] > comment = Fileserver > path = /fileserver > read only = No > browsable = yes > writable = yes > > > The commented lines are what used to be in the file. After the restart > though the client still didn't see any improvement, but at some stage the > server disappeared off the network. He then restarted the server and then > found that the 30 minute backup now took 15 minutes. > > However, this is still too slow. Normal saving of files still seem to be > slow and the backup still needs to come down to at least 5 minutes to be > the same as before. > > I did read the documentation that suggests that in some cases oplocks be > set to NO, as well as level 2 oplocks. It does however need to be done on > the server and the workstations. As you can see however, after commenting > out the oplocks there was an improvement - I remember from 3 or 4 years > ago doing that when we had similar problems. So before venturing in > setting oplocks to no on both the server and workstations, could anybody > perhaps suggest something else? > > The documentation specifically mentions Act! as needing to have oplocks > set to no. Can some of you perhaps list some other applications that also > definitely need this to be done? > > Another mystery to me is why the restart of the service didn't have any > effect? Why did the server need a restart? > > Well all help would be welcome and appreciated. > > Kind Regards > Jannetta -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] hanging smbd(s).....
Hi Jerry,
as i promised here is the current status information about my problem.
seems that you're right after setting "machine password timeout = 0"
the problem never arised again.
thanks for your help,
christian
p.s.: if i can do anything to help you in diagnosing the problem, please send
me instructions :-)))
> -Original Message-
> From:
> [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> ba.org] On Behalf Of Masopust Christian
> Sent: Thursday, December 15, 2005 4:45 PM
> To: Gerald (Jerry) Carter
> Cc: samba@lists.samba.org
> Subject: RE: [Samba] hanging smbd(s).
>
> > > the following problem occurs periodically (appr. once a
> week) here:
> > >
> > > the number of smbd(s) will dramatically rise (up to 500
> > > and more...) when having a look what the proccesses are doing
> > > i only see that they are waiting for getting a lock:
> > >
> > > fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=240,
> > >len=1}, 0xbfefa5c0) = 0
> > >
> > > filedescriptor 4 is bound to my secrets.tdb !
> >
> > This sounds like a deadlock in the machine password changing code.
> > I'll look for the deadlock. Can you give me some more details
> > about you environment?
> >
> > In the meantime, you can set 'machine password timeout = 0'
> to confirm
> > my theory and avoid the deadlock.
>
> Hi Jerry,
>
> i've this samba running on a redhat enterprise 4 system with
> all updates
> applied. samba version is that one that is shipping with
> redhat (Version 3.0.10-1.4E.2)
>
> i have now added "machine password..." to my smb.conf and
> wait what happens,
> but as said it will need some time
>
> thanks for your help!!
> christian
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] secrets failed
Well, i have a serious problem, all of an sudden samba rejects all my workstations and servers! my samba PDC reports back to me, secrets_fetch failed! nothing has changed, or altered.. it comes out of the blue! i did upgrade samba from 3.0.11 to 3.0.21, but that was 2 weeks ago, and the upgrade worked. (until now that is) going back to 3.0.11 didn't work, I'm kinda lost here.. suggestions might really help... thx Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2TB Limit for Windows Shares?
On Sun, Jan 08, 2006 at 09:50:11PM -0500, andy liebman wrote: > I have noticed recently that Windows XP seems to stop writing into > Linux/Samba shares once there is 2 TB of data in the share. Windows > Explorer is happy to report that a share has 4.8 or 8 or 10 TB of space > available, but Windows seems to cease writing into the share once there > are 2 TB in it. > > Is this a known limitation of a) Windows or b) Samba or c) both? It > certainly isn't a limitation of the filesystem I'm using. Good question ! What does 2TB look like as a hex number ? I don't think it's a Samba problem, we don't care how much data is on a filesystem until we get a "disk full" error :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc vampire segfault
On Sun, Jan 08, 2006 at 10:53:14PM +1100, taso wrote: > Been trying to run this on FC3 pulling stuff off a NT4 PDC - it just > segfaults on 3.0.21 & 3.0.21a > I'm building the RPMS from the tar ball on the host using the makerpms.sh > script > > Reverted to the 3.0.10 issued by Fedora and no segfault. > > From what I can see (with strace) it segfaults while reading from the > socket connecting the PDC - > not the first read, but after quite a few gettimeofday()/read() operations. > > Will post more info if anyone is interested. Can you send in a gdb backtrace - run it under gdb and when it segfaults type "bt" and post the output. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] credentials check failed - Samba 3.0.21
On Tue, Jan 03, 2006 at 10:12:59PM +0100, Hans Otto Lunde wrote: > I'm getting some strange entries in my logs after upgrading to samba version > 3.0.21-1. Also in 3.0.21a-1. > > The machines connection to my samba pdc are WinXP SP2 and also a > 2003 server. > > For example: > > [2006/01/03 21:57:28, 0] libsmb/credentials.c:creds_server_check(159) > creds_server_check: credentials check failed. > [2006/01/03 21:57:28, 0] rpc_server/srv_netlog_nt.c:_net_sam_logon(667) > _net_sam_logon: creds_server_step failed. Rejecting auth request from > client TERMINATOR machine account TERMINATOR$ > > But the logon succeeds I'm investigating this (but I'm on the road at the moment so won't be able to do anything until I'm back in the office on Wed). It's harmless in that the user can always log in (compared to the bug this code change fixed, in which the user sometimes couldn't log in :-) but the error messages are bugging me. If I decide it's a Windows bug I'll just raise the debug log leve, if it's an smbd bug I'll just fix it :-). Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to setup file server
Dear All, Iam using Red Hat Enterprise Linux 3 ES, i have installed sucessfully, in have configured NFS & SMB service also, i have created 5 users in both File server and smb user. Now how i can configure it with windows machine. So that based on windows user login it should connect to smb user. For example in windows machine a user name KAMAL is entering, for the same user there is login under SMB and Linux NFS also so all the corsponding profile to be taken and KAML home folder /home/usr/kamal should be maped as f:\ for him, same way if KUMAR logged in /home/usr/kumar folder should get mapeped as f:\. They can login from any computer in the network. Pls help me this is top urgent. Converting Novell user to Linux so iam testing once i can do this in Linux i have to go for subscription. Waiting for your feedbacks. Saravanan. -- M.Saravanan CCAT LTD, 4204 Hong Kong Plaza, 188,Connaught Road West,Hong Kong. Phone : 2851 6318. Mobile: 6100 0856 email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
