[Samba] Dos clients on Samba 3.0.12
Hello there, I recently replaced a server running Samba 2.x with a brand new one running Samba 3.0.12. I had a couple DOS machines running the Microsoft Client which worked fine on the old server. On the new one, they can log in fine, and do a "dir" on the remote drive, but when I try to copy a file to or from the server, the DOS machine hangs, and on the server I get a "Connection reset by peer" in the log.smbd. Does anyone have any idea what this might be ? I snouted about a bit on the internet and it seems there might be a speed disparity, and the data is going to fast for the DOS machines I tried playing with the "sendfile" share parameter but with no noticeable difference. Thanks, Raphael Neve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Assigning Permissions on Domain Member Server
Dear all I have a samba PDC (3.0.21c) with openldap (2.3.19) with 2 domain Member Servers(samba 3.0.21c) with ACL support i use domain member servers as file servers . all my clients are windows 2000 professional. i have the following scenario at my I have created 3 groups, "prj1team", "prj1mgr", "prj1engg". i have created folder called "myproject" in a samba share called projects. myproject has a subdirectory called "alldepts". now, no one can create files/folder in myproject directory but they can create a files and folder in alldepts folder. but i don't want anybody to delete the folder alldepts. myproject(rx)prj1mgr,prj1engg | alldepts (rwx)prj1mgr,prj1engg | files/folders i have set like this setfacl -m g:prj1team:rx myproject setfacl -m g:prj1mgr:rx myproject setfacl -m g:prj1engg:rx myrproject setfacl -m g:prj1mgr:rwx myproject/alldepts setfacl -m g:prj1engg:rwx myrproject/alldeps in the above permissions, people in group "prj1mgr"and "prj1engg" are able to creat files/folders in alldepts. and when they are in "myproject" directory and try to delete folder "alldepts", it gives error access denied . so far so good, this is what i want. but when the user of group "prj1mgr" and "prj1engg" delete folder "alldepts", it says access denied but it deletes all the files and folder inside the "alldepts" directory . ie it denies the user to delete "alldepts" directory but it does not deny the user to delete all the files and folders inside the alldepts.. Actually what i need is the folder "alldepts" is used by both groups "prj1mgr" and "prj1engg" to create files and folder and both these groups can delete each other files. but i want them to delete file after changing to that directory (alldepts) , not from outside. since i have mentioned setfacl -m g:prj1mgr:rx myproject setfacl -m g:prj1engg:rx myrproject it does not allow to delete folder alldepts, but it deletes all files in alldepts, that i don't want to happen. Please guide me, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two PDC's conflict
Hi All, I am currently running two PDC's with different domain names on the same network. But after a day of smooth running I am starting to have problems with the users accessing the network resources with an error message. As far I understand there must not be such conflict with the Samba PDC's with different domain names on the same subnet. Can any one suggest what might be wrong in such case? thanks for the help, Pavan. -- Pavan Krishna L Linux Systems Administrator Diversity Arrays Technology Pty Ltd Ph: +61 2 6281 8512 Fax: +61 2 6281 8533 Mob: +61 423 411 281 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getlocalsid: adding domain info...failed
I am trying to integrate Fedora Directory Server (1.0.1) and Samba (3.0.10) on RHEL ES4. When I execute "net getlocalsid" I get the following: [2006/03/07 17:55:29, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for WORKGROUP failed with NT_STATUS_UNSUCCESSFUL SID for domain RHELES4RS1 is: S-1-5-21-807157010-1821471989-4121009367 My workgroup is currently set to workgroup and I can perform an ldapsearch. I saw one refernce on the web to ignore this, but I was skeptical. What could be causing this error? The output of my testparm is below. Thanks, -Mont Load smb config files from /etc/samba/smb.conf Processing section "[netlogon]" Processing section "[profiles]" Processing section "[homes]" Processing section "[printers]" Processing section "[repository]" Processing section "[root directory]" Loaded services file OK. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] server string = rheles4rs1 password server = None passdb backend = ldapsam:ldap://rheles4rs1.forayadams.foray.com:3911 username map = /etc/samba/smbusers log file = /var/log/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap logon path = \\%L\profiles\%u logon drive = H: logon home = \\%L\%u\profiles domain logons = Yes os level = 33 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Directory Manager ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap suffix = dc=forayadams,dc=foray,dc=com ldap user suffix = ou=People idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 cups options = raw [netlogon] path = /var/lib/samba/netlogon browseable = No [profiles] path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [repository] path = /repository valid users = testadmin, testuser read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] session setup
hi, in company i work for i often work on employees computers (to solve their issues mainly). they do not have sufficient rights to all shares, which i need, i used to just connect to share i need and when samba denies permission windows (xp) station asked me about password, so i typed my username and pass and get access to everything i want. recently i've changed main server in company (that is: hardware, linux distribution and samba version) and i'm not able to do this trick anymore. i see in samba's logs: "user '' (from session setup) not permitted to access this share ()", so it looks like samba do not allow me to change login during session. it's a bit uncomfortable for me. How can i back to my previous settings? Or even better - is there a way to keep authentication via session setup (so normal employees could not connect as other user even if they'll get his/her pass), which will allow me to login as another user with some trick (maybe closing session and starting new one or something like that?). -- . . Marcin Kryczek . . . . . . . . . . . .RLU: #316599 . . . . Gentoo Linux Developer. . . . . . .mail: [EMAIL PROTECTED] . . . . . . . . . . . . . . . . . . . .PGP: 0xD6CFCCF1 . . . Key Fingerprint: EE8F E832 54E4 2456 C582 5B32 E10F EEDC D6CF CCF1 . pgpY2rSLKjzCh.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] help! mount error 11 - can't find any info on this!!
When I try to mount a windows share, I am getting the following error message: mount error 11 = Resource temporarily unavailable Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) I am running this command: mount.cifs //192.168.1.2/Clinic /mnt/clinic/ -o username=administrator,password=x,rw In /var/log/messages, i get the following: kernel: CIFS VFS: cifs_mount failed w/return code = -11 I cannot find any documentation about this error, and no one else seems to be getting it. Does anyone know anything about this problem, and how I can resolve this issue. Any info would be great. Thankyou. Andrew. -- View this message in context: http://www.nabble.com/help%21-mount-error-11---can%27t-find-any-info-on-this%21%21-t1243401.html#a3292130 Sent from the Samba - General forum at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Client view update rate configurable?
I had our sysadmin set up samba on a unix host (sun os) with a subdirectory as a mount point. >From my Windows XP machine, I've set up the T:\ drive as the device connected to the unix node. The configuration is working well except for the following issue: If I create a file from the unix side: $ touch MY_FILE.TXT Unix creates the file in an instant but on my Windows machine it can take as long as 53 seconds for the new file to show up on the T:\ drive. Is there a way (configuration change perhaps) to reduce the latency? Thanks. Gary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP clients hang on accessing certain directories
Hi all. I'm trying to debug a strange Samba/WinXP problem, but I don't know much about Windows or CIFS, so any insight from anyone would be much appreciated. Here's the situation: The initial problem was that clicking on certain directories on an XP Pro SP2 client would cause the client to freeze for a few minutes and then complain that the directory is inaccessable. This problem was also reported with NT clients, but 98 seems to be happy. Changing the max protocol to LANMAN2 doesn't help. Disabling the web client service on the client doesn't help. I noted that the problem was also exhibited by NET USE'ing the share from a command prompt and then trying to DIR the "bad" directories. The client would hang for a while and then report no files in the directory. It's relatively consistent that certain directories will trigger the problem and other directories are fine. I don't notice anything too unusual about the "bad" directories. This problem was first observed with an early 3.0.x version of Samba on a Linux 2.4.x machine. I upgraded to 3.0.21b from the Debian package, no change. Strangely enough, tarring up the "bad" directory tree and dropping it on another Samba 3.0.21b server doesn't seem to reproduce the problem. tcpdump seems to indicate that Samba is sending a FINDFIRST response that the client is ignoring, but I may be misreading things. Here are some logs: relevant portion of log.smbd at debug level 10: http://www.eskimo.com/~adam/samba/noogie.log.smbd.trimmed binary libpcap capture of relevant packets, after setting samba to use port 139 so tcpdump recognizes them as smb: http://www.eskimo.com/~adam/samba/noogie.tcpdump textual version of tcpdump capture, at varying verbosity levels: http://www.eskimo.com/~adam/samba/noogie.tcpdump.text-r http://www.eskimo.com/~adam/samba/noogie.tcpdump.text-vr http://www.eskimo.com/~adam/samba/noogie.tcpdump.text-vvr timestamps of what i was doing, for correlation with above logs: http://www.eskimo.com/~adam/samba/noogie-tests Hopefully there is someone out there who this makes more sense to than it does to me... I will be looking forward to any suggestions as to where to go from here. -- Adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + cups = raw postscript output
> -Original Message- > From: Chris [mailto:[EMAIL PROTECTED] > Is it possible that you set up a raw printer in CUPS instead of > associating the proper PPD with it? No, it does have the right PPD file, but the filter doesn't get called as it being passed through as RAW. > It is a PS printer, right? Yep, well, sorta... Postscript level2. This is why I'm wanting to filter through the foomatic rip to a PCL output (or postscript level 2 will do). I've got the a PPD file from linuxprinting.org which has the correct filters for converting to PCL. > Did you use cupsaddsmb? If so, it would have needed to have > been patched > for the CUPS version 6 driver to properly set the printer up in Samba. No. That didn't appear to work too well... Perhaps I'm wanting the patch... I added it using the windows "install driver" method in the samba docs, then assigned it to each printer using the rpcclient method. Dave -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join to domain: The username could not be found.
@James Taylor, Yes I'm using idealX scripts which includes smbldap-useradd. I'll take your advice and look to script for it, if it's not doing that (I'm using ver 0.9.1 which is latest) I'll try to add this functionality and reply back it to here a.s.a.p, thX. @Schoenfeld I use root as username to register to domain. Unfortunately I can send a slapcat on friday since I don't go to the office everyday. I'll post it. thX. Hakan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21c Available for Download
Gerald (Jerry) Carter wrote: Can you send me your smb.conf? Thanks. Did you received my smb.conf? der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] utility of winbind on a pdc ?
On Tue, 2006-03-07 at 19:32 +0100, Stephane Durieux wrote: > Hi > > I can t see the utility of winbind on a PDC > if the ldap backend contains users accounts belongs to sambasamaccount, > posix and shadowaccount classes > > Can someone tell me more about this ? On a PDC, winbind would provide services for trusted domains, and to allow pam_winbind/ntlm_auth etc to function. A common situation is to join Samba as a DC to itself, so that winbindd and ntlm_auth can be used to support Squid NTLM authentication. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
On Tue, 2006-03-07 at 09:53 -0800, Raj Talwar wrote: > Hi, I am using winbindd to authenticate a computer. The computer > account exists in the W2K domain controller. The authentication > comes back with the error NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. > No session key is returned. > > Looking at the samba code it seems this error means that the account > is a workstation account (which is correct). In samba 4 code base > there is a flag (MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT) which if > set allows workstations to authenticate. This flag was merged into Samba 3.0 shortly after that. I think this is in 3.0.21, but ask Jeremy, as he did that side of the implementation. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba on active Directory domain issues
> Hi all, > I have rebuilt the gentoo linux samba server that I was having trouble with > and I'm trying to again add the samba server to a windows 2003 active > directory but I am still running into all of the same symptoms. > > I am able to see the machine in NetBeui/NetBios (My network Places on > 2000/XP) and I can navigate inside the server to the public folder thatI have > set up but I can not get into the home directory for the for my domain > profile (/home//). > > Looking at the log. log file from samba, I see this from trying > to connect to the public folder: > > init msg_type=0x81 msg_flags=0x0 > [2006/03/07 13:08:07, 0] lib/util_sock.c:write_data(557) > write_data: write failure in writing to client 10.11.7.56. Error Connection > reset by peer > [2006/03/07 13:08:07, 0] lib/util_sock.c:send_smb(765) > Error writing 4 bytes to client. -1. (Connection reset by peer) > [2006/03/07 13:08:07, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2006/03/07 13:08:07, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) > [2006/03/07 13:08:07, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups > [2006/03/07 13:08:07, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) > [2006/03/07 13:08:07, 2] smbd/server.c:exit_server(614) > Closing connections > [2006/03/07 13:08:07, 3] smbd/connection.c:yield_connection(69) > Yielding connection to > [2006/03/07 13:08:07, 3] smbd/connection.c:yield_connection(76) > yield_connection: tdb_delete for name failed with error Record does not > exist. > [2006/03/07 13:08:07, 3] smbd/server.c:exit_server(655) > Server exit (process_smb: send_smb failed.) > > I am using samba 3.0.21c on Gentoo Linux kernel 2.6.15-r1. I can send the > contents of my smb.conf or other config files if needed. > Please help, I am quickly getting to the end of my rope. > > TIA, > > Guillermo Gutierrez > Development Systems Engineer > Market Scan Information Systems > (818) 575-2000 x2427 > [EMAIL PROTECTED] > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Repost] Offline Files No Go
Hi Peter, i dont know any bugs with samba and offline files, sync is a complex stuff on native windows servers too, on the samba side there is only this parameter to controll them, so other stuff is client related which can be very fine controlled by adms or/and local machine policies. for sure you should have the latest samba version , and a brand new win client for testing with all patches installed. i recommend study tech net working with offline files. As i did synced homes for laptops last time i had no problem with it, but i was not very lucky about the gereral implementation of this feature in windows. so i did it with rsync wich works more nice. theres only one good stuff and this is the general controll of this behavior in a domain from NTconfig.pol which i like very much Best Regards [EMAIL PROTECTED] schrieb: Robert, I understand about the configuration options on the Windows side, but what my problem is that no matter what I setup on the windows side, the clients do not behave properly with offline files from my Samba server. If I set them offline from a windows server, there is no problem. I only have issues when I make a samba share available offline. I need to make every user's home directory available offline for laptop travel, but I can't get the system to work. I am really starting to think this is a bug in my version of Samba. Thanks! -Cheers, Peter. In specification, Murphy's Law supersedes Ohm's Law. --Unknown Robert Schetterer <[EMAIL PROTECTED] r.org> To [EMAIL PROTECTED] 03.03.2006 12:42 cc samba@lists.samba.org Subject Re: [Samba] [Repost] Offline Files No Go Hi Peter, there is only one parameter in smb.conf with offline files to a share from man smb.conf csc policy (S) This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable. These values correspond to those used on Windows servers. For example, shares containing roaming profiles can have offline caching disabled using csc policy = disable. Default: csc policy = manual Example: csc policy = programs but if you wanna fine tune i.e by users/groups/host etc you have to do this with NTconfig.pol in the netlogon share created by poledit.exe which is more flexible so would say use csc policy = manual in your conf so it depends to users entries when or what offline sync in a share, but i dont think this is a good idea at the profiles share ( as i saw it in your conf ,i use disable here ) Best Regards [EMAIL PROTECTED] schrieb: Robert, Ah, I now see what you are meaning... I have used the Active Directory policy manager to create the policies that I want and have successfully run offline files from a Windows server, my trouble is that when I move to a Samba server, the Windows PCs have improper behavior. (i.e. files can not be accessed even with proper permissions, applications report the files as non-existant, etc.)I am thinking that my problem is either related to my Samba configuration or my Samba version. How does my configuration file compare to your configuration? Thanks so much! -Cheers, Peter. In specification, Murphy's Law supersedes Ohm's Law. --Unknown Robert Schetterer <[EMAIL PROTECTED] r.org> To 03/02/2006 05:26 [EMAIL PROTECTED] PM cc samba@lists.samba.org Subject Re: [Samba] [Repost] Offline Files No Go hi, sorry that i wro
Re: [Samba] preexec and client timeout when script long to execute
Tomasz Chmielewski schrieb: Robert Schetterer wrote: Tomasz Chmielewski schrieb: I wrote a script which downloads user profile from a remote server if the profile doesn't exist on a local server - and executes it via preexec in [profiles] share. It works fine, however, there is a major glitch with it. After 3 minutes or so, the client times out, and says that that the server-side profile cannot be found, contact your administrator etc. The script is still running and downloads the profile from the remote server, which will take few more minutes. Is there a way to tell the client not to "time-out" during logon, when the script is being executed? Hi i also tested such stuff, and failed ,it maybe possible if you are increasing the time value with poldedit.exe Ntconfig.pol for profile logon waiting time to this user and/or machine If such a value exists. Anyone knows? for sure this value exists ( and many tuning stuff about logins and time ), its special made for low traffic conections,which are typical for vpn or modem cons , but it musnt solve your problem cause login is very complex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Repost] Offline Files No Go
Robert, I understand about the configuration options on the Windows side, but what my problem is that no matter what I setup on the windows side, the clients do not behave properly with offline files from my Samba server. If I set them offline from a windows server, there is no problem. I only have issues when I make a samba share available offline. I need to make every user's home directory available offline for laptop travel, but I can't get the system to work. I am really starting to think this is a bug in my version of Samba. Thanks! -Cheers, Peter. In specification, Murphy's Law supersedes Ohm's Law. --Unknown Robert Schetterer <[EMAIL PROTECTED] r.org> To [EMAIL PROTECTED] 03.03.2006 12:42 cc samba@lists.samba.org Subject Re: [Samba] [Repost] Offline Files No Go Hi Peter, there is only one parameter in smb.conf with offline files to a share from man smb.conf csc policy (S) This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable. These values correspond to those used on Windows servers. For example, shares containing roaming profiles can have offline caching disabled using csc policy = disable. Default: csc policy = manual Example: csc policy = programs but if you wanna fine tune i.e by users/groups/host etc you have to do this with NTconfig.pol in the netlogon share created by poledit.exe which is more flexible so would say use csc policy = manual in your conf so it depends to users entries when or what offline sync in a share, but i dont think this is a good idea at the profiles share ( as i saw it in your conf ,i use disable here ) Best Regards [EMAIL PROTECTED] schrieb: > Robert, >Ah, I now see what you are meaning... I have used the Active Directory > policy manager to create the policies that I want and have successfully run > offline files from a Windows server, my trouble is that when I move to a > Samba server, the Windows PCs have improper behavior. (i.e. files can not > be accessed even with proper permissions, applications report the files as > non-existant, etc.)I am thinking that my problem is either related to > my Samba configuration or my Samba version. How does my configuration file > compare to your configuration? > > Thanks so much! -Cheers, Peter. > > > > In specification, Murphy's > Law supersedes Ohm's Law. >--Unknown > > > > > Robert Schetterer > <[EMAIL PROTECTED] > r.org> To > > 03/02/2006 05:26 [EMAIL PROTECTED] > PM cc >samba@lists.samba.org > > > > > Subject >Re: [Samba] [Repost] Offline Files >No Go > > > > > > > > > > > hi, sorry that i wrote this like missunderstanding, > what i mean you can fully control offline file/directory behavior > with NTconfig.pol for user ,groups ,client machines > so this is the tool/function you need > i use it to disable offline files on workstations and have it possible > with laptop with different samba shares. > there are a lot of ohter features possible, so exclude filestypes etc.. > Regards > [EMAIL PROTECTED] schrieb: >> Robert, >>I don't want to disable this... I want to make it work. That is what > I >> am looking for help with. >> Thanks. -Cheers, Peter. >> >> >> >> In specification, Murphy's >> Law supersedes Ohm's Law. >>--Unknown >> >> >> >> > >> Robert Schetterer > >> <[EMAIL PROTECTED] > >> r.org> > To >>[EMAIL PROTECTED] > >> 02.03.2006 04:09 > cc >>samba@list
RE: [Samba] Unable to join to domain: The username could not be found.
Common issue I am seeing, are you using the smbldap-useradd script? If so you need to modify the script so that when the machine account is created in ldap that the sambaSAMAccount information is added to the machine account that you are joining to the Samba Domain. JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hakan BAYINDIR Sent: Monday, March 06, 2006 9:43 AM To: samba@lists.samba.org Subject: Re: [Samba] Unable to join to domain: The username could not be found. I'm using the root account, the "root". I think the accounts are enabled and I used smbpasswd to set the paswd. I also want to mention that I'm using idealx scripts to maintain smb and ldap at the same time. Mark Rutherford wrote: > You need to use the superuser account, root to join a domain. > Are you using 'root' or 'administrator' to do this? > > Also, is your root account enabled and has a password set using > smbpasswd? > > Hakan BAYINDIR wrote: >> Hi, >> >> This is my first post here, so if I make any mistakes, warnings are >> always welcome. I'm working in an organization and we are migrating are >> domain controllers from windows to linux. I'm trying to deploy a working >> configuration of samba. Using openSuSE 10.0. I was following the Keith >> Robertson's how-to from IBM-Developerworks but in the end; the finished >> installation fails to work as expected. >> >> I can see the shares, log in with correct id's which are saved in >> ldap, transfer files, share the same workgroup with supplying correct >> username and password which is saved in ldap again. But when I try to >> join the domain, windows system wants username and password. It refuses >> it if I give wrong creds and if I give the true ones, refuses again with >> "the user name could not be found" >> >> I've tried signorseal patch, configured local policy but no hopes. >> Also samba config test and slaptest returns OK. Any help will be highly >> appreciated. Thanks in advance. >> >> Hakan BAYINDIR >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getlocalsid error
Thanks for the slap upside the head, my ability to query via the command line is definitely broken. I'd gotten console access working and forgotten to check that. Also, just so you don't think I'm a complete fool, the root share was only in there because I'm testing (this is all in a VM). Off to figure out why ldapsearch isn't working. Thanks, -Mont On 3/6/06, Craig White <[EMAIL PROTECTED]> wrote: > > On Mon, 2006-03-06 at 17:13 -0800, Mont Rothstein wrote: > > I am trying to integrate Samba version is 3.0.10 with Fedora Directory > > Server (1.0.1) on RHEL 4. > > > > I am attempting to follow: > > http://directory.fedora.redhat.com/wiki/Howto:Samba > > > > but I am getting an error with net getlocalsid. The output is: > > > > [2006/03/06 10:00:21, 0] lib/smbldap.c:smbldap_connect_system(850) > > failed to bind to server with dn= cn=Directory Manager Error: Can't > > contact LDAP server > > (unknown) > > [2006/03/06 10:00:21, 0] lib/smbldap.c:smbldap_search_suffix(1155) > > smbldap_search_suffix: Problem during the LDAP search: (unknown) > (Timed > > out) > > SID for domain RHELES4RS1 is: S-1-5-21-807157010-1821471989-4121009367 > > > > While I get a SID I assume I should not proceed with these errors. > > > > I've gone over my config I can't find my error. I've searched online > and > > can't find anything. > > > > The full ouput of testparm is below. > > > > Any ideas as to what I've done wrong? > > > > We're sort of lacking confirmation that you can actually query the LDAP > server including binding as cn=Directory Manager from the command line. > There's no reason to believe at this point that the problem is Samba > > Craig > > ps - I would heavily recommend against sharing your /root directory via > samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] "load printers = Yes" produces working but invisible printers
Hi, I am running samba 3.0.21c (Sernet packages on Debian Sarge) and trying to automatically share cups printers via "load printers = Yes" - Printing seems to work if you install the printers on the client by calling con2prt.exe, but - the printers do not appear as shares when browsing the network neighbourhood or calling "net view \\servername" on the client. - They do appear, if I include an explicit section for each printer in smb.conf Bug or feature? My configuration options: [global] ... printcap name = cups cups server = localhost printing = CUPS load printers = Yes ... [printers] comment = SMB print spool path = /var/spool/samba guest ok = yes printable = yes browseable= yes use client driver = no Kind regards, Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Errors with 3.0.21b on AIX -- please help
I have been trying for 3 weeks to get 3.0.21b to work on AIX 5.2. I am currently running 3.0.4, which has no problems. I am getting very frustrated, and am about to give up entirely on Samba. Here are some of the errors I am getting: [ mcom4:/opt/Samba/3.0.21b/bin] > ./smbclient -L ccasemcom4 -d 3 -N -Ub06reg%Becky1208 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/opt/Samba/3.0.21 b/lib/smb.conf" Processing section "[global]" added interface ip=11.16.153.89 bcast=11.16.155.255 nmask=255.255.252.0 Client started (version 3.0.21b). Connecting to 11.16.153.89 at port 445 Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot Got challenge flags: Got NTLMSSP neg_flags=0x60890235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO After setting client schannel = no [ mcom4:/opt/Samba/3.0.21b/bin] > ./smbclient -L ccasemcom4 -d 3 -N -Ub06reg%Becky1208 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/opt/Samba/3.0.21 b/lib/smb.conf" Processing section "[global]" added interface ip=11.16.153.89 bcast=11.16.155.255 nmask=255.255.252.0 Client started (version 3.0.21b). resolve_lmhosts: Attempting lmhosts lookup for name ccasemcom4<0x20> resolve_wins: Attempting wins lookup for name ccasemcom4<0x20> resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name ccasemcom4<0x20> name_resolve_bcast: Attempting broadcast lookup for name ccasemcom4<0x20> Got a positive name query response from 11.16.153.89 ( 11.16.153.89 ) Connecting to 11.16.153.89 at port 445 Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot Got challenge flags: Got NTLMSSP neg_flags=0x60890235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO [ mcom4:/opt/Samba/3.0.21b/bin] > ./smbclient -L ccasemcom4 -d 3 -Ub06reg%Becky1208 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/opt/Samba/3.0.21 b/lib/smb.conf" Processing section "[global]" added interface ip=11.16.153.89 bcast=11.16.155.255 nmask=255.255.252.0 Client started (version 3.0.21b). Connecting to 11.16.153.89 at port 445 Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot Got challenge flags: Got NTLMSSP neg_flags=0x60890235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO testparm does not show any problems with smb.conf. Here is the Global section of smb.conf: workgroup = FEDERATED netbios name = CCASEMCOM4 server string = MCOM4 Samba Server security = DOMAIN update encrypted = Yes password server = fd000xsfed01 smb passwd file = /var/samba/private/smbpasswd passwd program = /usr/bin/passwd log file = /opt/Samba/30.0.21b/var/log.%m large readwrite = No max xmit = 65535 time server = Yes unix extensions = No deadtime = 30 max open files = 15000 dns proxy = No kernel oplocks = No ldap ssl = no create mask = 0775 directory mask = 0775 map archive = No oplocks = No level2 oplocks = No strict locking = No client schannel = no If I need to provide more info, please let me know. Ray Gebbie Federated Systems Group San Francisco, CA 94102 415-422-1662 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] profile and home share on a remote server
Hello Is it possible to configure profile and home share on a remote server in smb.conf of a PDC (a NAS server member of the domain for example) thanks for reply Stephane Durieux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] utility of winbind on a pdc ?
Hi I can t see the utility of winbind on a PDC if the ldap backend contains users accounts belongs to sambasamaccount, posix and shadowaccount classes Can someone tell me more about this ? Thanks Stephane Durieux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] preexec and client timeout when script long to execute
Robert Schetterer wrote: Tomasz Chmielewski schrieb: I wrote a script which downloads user profile from a remote server if the profile doesn't exist on a local server - and executes it via preexec in [profiles] share. It works fine, however, there is a major glitch with it. After 3 minutes or so, the client times out, and says that that the server-side profile cannot be found, contact your administrator etc. The script is still running and downloads the profile from the remote server, which will take few more minutes. Is there a way to tell the client not to "time-out" during logon, when the script is being executed? Hi i also tested such stuff, and failed ,it maybe possible if you are increasing the time value with poldedit.exe Ntconfig.pol for profile logon waiting time to this user and/or machine If such a value exists. Anyone knows? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
Hi, I am using winbindd to authenticate a computer. The computer account exists in the W2K domain controller. The authentication comes back with the error NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. No session key is returned. Looking at the samba code it seems this error means that the account is a workstation account (which is correct). In samba 4 code base there is a flag (MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT) which if set allows workstations to authenticate. My question is if there is any config change that can be done on W2K to allow workstation authentication. Any other way of getting this done are also welcome. Any help would be greatly appreciated. Thank you. Raj. - Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba port required
I know its a dirty word around here, and I apologise in advance, but I need a version of Samba later than the version 3.0.10 that Im currently running on a SCO UnixWare 7.1.4 box. Does anyone have a working port that I could purchase? Failing that, does anyone know what Id need to do to be able to compile and link the source for myself. Ive installed the SCO UDK and GNU tools. I downloaded the latest Samba source, and ran the configure script. However, the Make process failed I dont have a note of any error messages with me at present. Do you know if any modifications to the source are required for UnixWare, or if any special compiler switches are required. Ive never used a Unix compiler before, so Im pretty much in the dark. Id really appreciate some help with this. And please dont forget - Im only a SCO-user! David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] preexec and client timeout when script long to execute
Tomasz Chmielewski schrieb: I wrote a script which downloads user profile from a remote server if the profile doesn't exist on a local server - and executes it via preexec in [profiles] share. It works fine, however, there is a major glitch with it. After 3 minutes or so, the client times out, and says that that the server-side profile cannot be found, contact your administrator etc. The script is still running and downloads the profile from the remote server, which will take few more minutes. Is there a way to tell the client not to "time-out" during logon, when the script is being executed? Hi i also tested such stuff, and failed ,it maybe possible if you are increasing the time value with poldedit.exe Ntconfig.pol for profile logon waiting time to this user and/or machine Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dos client samba
I change the use sendfile=no, but I still obtain the same error And the log.smbd only says. As I tell in a previous mail, sometimes the connection was reset by the client, but more often it is only disconnect. I guess that there is a trouble in the client but I cannot guess what. [2006/03/07 13:45:44, 1] smbd/service.c:close_cnum(836) desc2 (192.168.0.18) closed connection to service datos I will try the same process to run in the DOS box over a win98 share, to see if it is a trouble with the client soft. Thank you Maurizio - Original Message - From: "Jeremy Allison" <[EMAIL PROTECTED]> To: "Maurizio Faccio" <[EMAIL PROTECTED]> Cc: "Jeremy Allison" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, March 06, 2006 6:51 PM Subject: Re: [Samba] Dos client samba > On Mon, Mar 06, 2006 at 07:06:55PM -0300, Maurizio Faccio wrote: > > I run an application made in Clipper. The program says Write error, or > > things like that. > > In the logs > > Here I post some of the log errors . Desc2 is the DOS client. > > [2006/03/06 15:52:10, 0] lib/util_sock.c:read_socket_data(384) > > read_socket_data: recv failure for 4. Error = Connection reset by peer > > [2006/03/06 15:52:10, 1] smbd/service.c:close_cnum(836) > > desc2 (192.168.0.18) closed connection to service datos > > That's the server noticing the client has closed the connection > on us ("Error = Connection reset by peer" - peer == client). > > We need to know why the client is doing this. Try setting sendfile > to "no", as DOS clients might not be able to cope with the data > rate from a modern kernel. > > Jeremy. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] preexec and client timeout when script long to execute
I wrote a script which downloads user profile from a remote server if the profile doesn't exist on a local server - and executes it via preexec in [profiles] share. It works fine, however, there is a major glitch with it. After 3 minutes or so, the client times out, and says that that the server-side profile cannot be found, contact your administrator etc. The script is still running and downloads the profile from the remote server, which will take few more minutes. Is there a way to tell the client not to "time-out" during logon, when the script is being executed? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Samba Version 3.0.20b-3.4-SUSE]: WinXP-Error writing to share
Hi, if it is a bug it is relate to winxp 64 versions, i had never such problems with suse/samba during all upgrades from first samba 3 release up to now on different servers 32/64 intel /amd with mutliple nics perhaps somthing is allready in bugzilla about win xp 64? Regards Beschorner Daniel schrieb: We have a similar or same problem with one of our servers after upgrade from 3.0.14 to 3.0.21x (incidentally??). The log shows things like: write_data: write failure in writing to client 192.168.17.249. Error Broken pipe [2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected [2006/03/06 20:46:47, 0] lib/access.c:check_access(328) [2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0) [2006/03/06 20:46:47, 1] smbd/process.c:process_smb(1187) [2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected Connection denied from 0.0.0.0 [2006/03/06 20:46:47, 0] lib/util_sock.c:write_data(557) write_data: write failure in writing to client 192.168.17.250. Error Connection reset by peer [2006/03/06 20:46:47, 0] lib/util_sock.c:send_smb(765) Error writing 5 bytes to client. -1. (Connection reset by peer) Clients are XP x64. When saving fails the Windows log reports "mrxsmb - delayed write failed". I still suspect the network hardware (switch? NICs?) to do something wrong, but can't Samba take out yet. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Samba Version 3.0.20b-3.4-SUSE]: WinXP-Error writing to share
On Tue, Mar 07, 2006 at 03:51:34PM +0100, Beschorner Daniel wrote: > We have a similar or same problem with one of our servers after upgrade from > 3.0.14 to 3.0.21x (incidentally??). > > The log shows things like: > > write_data: write failure in writing to client 192.168.17.249. Error Broken > pipe > Clients are XP x64. > > When saving fails the Windows log reports "mrxsmb - delayed write failed". > > I still suspect the network hardware (switch? NICs?) to do something wrong, > but can't Samba take out yet. My money is on the switch :-). This is a classic "my tcp connection went away and I don't know why" error message. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How can I prevent deleting of primary directory while allowing full privileges to subdirectories
Greetings - In general terms I would like to prevent users from deleting or moving a primary directory within a share, but allow users to create / delete / move subdirectories and files that reside under these directories. My reason for needing this type of setup is to prevent an accidental deletion of a common directory and to maintain a planned directory structure at the top level of the share. My system information is listed below. Linux RHES 3 Samba 3.0.9-1.3 File Server for 8 Windows boxes (2000 and XP) The share and directory structure that explains what I would like to do is listed below. We have a small open office where everyone works together on multiple projects and proposals. The permissions currently set for the ECOSYSTEM share are read/write/execute (0777) for the entire share, with all subdirectories inheriting permissions. I would like to be able to allow all users (or a specified group) to create/delete/move directories such as Project1, or any files under Project1, as they wish. I would like to prevent anyone but the administrator with root privileges from accidentally deleting or moving the Archive, Admin, Marketing, Projects, and Reference directories. The pertinent details of my smb.conf are also listed below. ECOSYSTEM |-Archive |-Admin |-Marketing |-Proposal1 |-Proposal2 |-Projects |-Project1 |-Project2 |-Reference smb.conf #== Global Settings [global] server string = Bison samba server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 unix password sync = yes pam password change = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 preferred master = yes password server = None guest ok = yes security = SHARE dns proxy = no # Share Definitions [homes] comment = Home Directories browseable = no writeable = yes hide dot files = yes [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes [ecosystem] path = /ecosystem writeable = yes create mask = 0777 directory mask = 0777 inherit permissions = yes I have searched through the list archives and found discussion of a similar issue at http://marc.theaimsgroup.com/?l=samba&m=110746845920890&w=2 , but the solution of the issue is not clearly identified. I have read and re-read the 'Definitive Guide to Samba 3' without success at understanding if this is possible or not. If anyone has implemented this type of permissions setup, can you provide some guidance and details. Thanks for your assistance. Jeff Boyce Meridian Environmental www.meridianenv.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Michael Weiss ist außer Haus.
Ich werde ab 07.03.2006 nicht im Büro sein. Ich kehre zurück am 12.03.2006. Bitte wenden Sie sich mit wichtigen Angelegenheiten an [EMAIL PROTECTED] Danke. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + cups = raw postscript output
On Tuesday 07 March 2006 05:58, David Smith wrote: > > -Original Message- > > From: Chris [mailto:[EMAIL PROTECTED] > > Is it possible that you set up a raw printer in CUPS instead of > > associating the proper PPD with it? > > No, it does have the right PPD file, but the filter doesn't get > called as it being passed through as RAW. > > > It is a PS printer, right? > > Yep, well, sorta... Postscript level2. This is why I'm wanting to > filter through the foomatic rip to a PCL output (or postscript level > 2 will do). I've got the a PPD file from linuxprinting.org which has > the correct filters for converting to PCL. You might try using the printers official PS PPD for NT4 when you set it up in CUPS, then update your Samba/Windows installations. > > Did you use cupsaddsmb? If so, it would have needed to have > > been patched > > for the CUPS version 6 driver to properly set the printer up in > > Samba. > > No. That didn't appear to work too well... Perhaps I'm wanting the > patch... I added it using the windows "install driver" method in the > samba docs, then assigned it to each printer using the rpcclient > method. Right, without the patch cupsaddsmb will not setup the version 6 drivers properly. It is the easiest way but the others should work. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
Natxo Asenjo wrote: On 3/4/06, John H Terpstra <[EMAIL PROTECTED]> wrote: I'd be delighted if someone steps forward with an offer to take over responsibility for maintenance and improvement of the documentation. Its about time for a more capable and more enthusiastic person to have a go. Please allow me rush to step aside. :-) for what it's worth: THANKS!!! for all your efforts with this documentation. I bought the book, I know of lots of people who have working samba domains thanks to your work. Will you write such a piece for the new samba version? I truly hope so, although if you do not I will certainly understand and respect your decision. And again: thanks a lot for your work. Agreed, I can't say thanks enough. I've purchased both editions of the How-To and By-Example to support your efforts. Both books match up with Samba for quality, and I'll continue to point people at both volumes for any Samba questions that come up. Eric -- Eric Feldhusen System Administrator http://www.remc1.org [EMAIL PROTECTED] PO Box 270 (906) 482-4520 x239 809 Hecla St(906) 482-5031 fax Hancock, MI 49930 (906) 370 6202 mobile -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Samba Version 3.0.20b-3.4-SUSE]: WinXP-Error writing to share
We have a similar or same problem with one of our servers after upgrade from 3.0.14 to 3.0.21x (incidentally??). The log shows things like: write_data: write failure in writing to client 192.168.17.249. Error Broken pipe [2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected [2006/03/06 20:46:47, 0] lib/access.c:check_access(328) [2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0) [2006/03/06 20:46:47, 1] smbd/process.c:process_smb(1187) [2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected Connection denied from 0.0.0.0 [2006/03/06 20:46:47, 0] lib/util_sock.c:write_data(557) write_data: write failure in writing to client 192.168.17.250. Error Connection reset by peer [2006/03/06 20:46:47, 0] lib/util_sock.c:send_smb(765) Error writing 5 bytes to client. -1. (Connection reset by peer) Clients are XP x64. When saving fails the Windows log reports "mrxsmb - delayed write failed". I still suspect the network hardware (switch? NICs?) to do something wrong, but can't Samba take out yet. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
On 3/4/06, John H Terpstra <[EMAIL PROTECTED]> wrote: > > > I'd be delighted if someone steps forward with an offer to take over > responsibility for maintenance and improvement of the documentation. Its > about time for a more capable and more enthusiastic person to have a go. > Please allow me rush to step aside. :-) > for what it's worth: THANKS!!! for all your efforts with this documentation. I bought the book, I know of lots of people who have working samba domains thanks to your work. Will you write such a piece for the new samba version? I truly hope so, although if you do not I will certainly understand and respect your decision. And again: thanks a lot for your work. -- Groeten, J.Asenjo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getting rid of lmhashes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett wrote: >> The only thing about the original patch that made me go >> ughh was the new parameter. Can we piggy back this off >> an existing setting somehow? Perhaps 'lanman auth = no'? > > That would be reasonable, and has pro's and cons: > > - The admin probably expects that 'lanman auth = no' > prevents any work (storage and authentication) with > the LM hash > > - But this prevents the admin from storing the hash > for the future, in case he has to back out of the > security upgrade (finds win9X machines back on > the network). Since it would only affect users who had changed their password, I think that's ok. Unless anyone has violent objections I'll make the smake change to Mark's patch and get it in for 3.0.22. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEDYQEIR7qMdg1EfYRAszqAJ97E6TmVbzxRXiftmp6xisYt8KApwCdHUPn KFsv+iCIvdHVnRdBxhN5xxA= =01Fo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Samba Version 3.0.20b-3.4-SUSE]: WinXP-Error writing to share
Hi Bjoern, in general there is no problem with suse samba etc ich have very large samba domains up and running, but dont forget samba 3 is acting like win nt 4 server ( pdc ) its not an active dir controller as win 2003 server if you need acitve dir for i.e exchange version higher than 5.5 you have to wait until samba 4 gets released, so think about that before your migration. at a look at your logs this seems a network problem have you any firewalls enabled on the suse or/and on the win client? -Transport endpoint is not connected for testing do not use this parameters use sendfile = large readwrite = max xmit = hosts allow = your conf does not look very logical to me why dont try edit the suse default conf create mask = 0777 directory mask = 0777 dont do this in global perhaps you should study more in the smb faqs which are online in german too, ther are easy examples in it for testing and migration examples. dont mess around with groups etc at starting with samba Best Regards Björn Mayer schrieb: Hello mailing-list, this is my first post and i hope that you enjoy my very bad but sometimes funny english. My Problem is the following: First of all, my server-config: Samba Version 3.0.20b-3.4-SUSE on a SUSE Linux Enterprise Server 9 with Kernel 2.6.5-7.252-smp Now the problem is, that samba generally works fine, but it doesn't work to work with a special application directly on a samba-share. This app is EPLAN, who is configured to save his project-data on the servershare, because of the fact that there everything will be backuped regularly. All this worked prior with a Windows Server 2003, which now should be replaced with the linux samba-server. Now when we switched to Samba for testing purposes the error occured, that Windows throws the following Error while working with EPLAN on the networkshare: --- Windows - Datenverlust beim schreiben Es konnten nicht alle Daten für die Datei \\UNC-Path-to-share\file.ext gespeichert werden. Die Daten gingen verloren. Mögliche Ursache könnten Computerhardware oder Netzwerkverbindung sein. Versuchen Sie, die Dateien... --- which in english means something like --- Windows - data loss at writing It was not possible to save all data for the file \\UNC-Path-to-share\file.ext. The data was lossed. Possible reasons can be the Hardware or networkconnection. ... --- Copying data on the share while using copy ans paste with the explorer seems to be working fine. I have no idea which reason this can have. Maybe some pro here outside has an idea. Of course there can be recognized something in the /var/log/messages: Mar 7 11:14:47 mve-server2 smbd[8195]: [2006/03/07 11:14:47, 0] lib/util_sock.c:write_data(554) Mar 7 11:14:47 mve-server2 smbd[8195]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Mar 7 11:14:47 mve-server2 smbd[8195]: [2006/03/07 11:14:47, 0] lib/util_sock.c:send_smb(762) Mar 7 11:14:47 mve-server2 smbd[8195]: Error writing 5 bytes to client. -1. (Connection reset by peer) Mar 7 11:18:55 mve-server2 smbd[8244]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8244]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/access.c:check_access(328) Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: Denied connection from (0.0.0.0) Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: Connection denied from 0.0.0.0 Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:write_data(554) Mar 7 11:18:55 mve-server2 smbd[8250]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 1
[Samba] [Samba Version 3.0.20b-3.4-SUSE]: WinXP-Error writing to share
Hello mailing-list, this is my first post and i hope that you enjoy my very bad but sometimes funny english. My Problem is the following: First of all, my server-config: Samba Version 3.0.20b-3.4-SUSE on a SUSE Linux Enterprise Server 9 with Kernel 2.6.5-7.252-smp Now the problem is, that samba generally works fine, but it doesn't work to work with a special application directly on a samba-share. This app is EPLAN, who is configured to save his project-data on the servershare, because of the fact that there everything will be backuped regularly. All this worked prior with a Windows Server 2003, which now should be replaced with the linux samba-server. Now when we switched to Samba for testing purposes the error occured, that Windows throws the following Error while working with EPLAN on the networkshare: --- Windows - Datenverlust beim schreiben Es konnten nicht alle Daten für die Datei \\UNC-Path-to-share\file.ext gespeichert werden. Die Daten gingen verloren. Mögliche Ursache könnten Computerhardware oder Netzwerkverbindung sein. Versuchen Sie, die Dateien... --- which in english means something like --- Windows - data loss at writing It was not possible to save all data for the file \\UNC-Path-to-share\file.ext. The data was lossed. Possible reasons can be the Hardware or networkconnection. ... --- Copying data on the share while using copy ans paste with the explorer seems to be working fine. I have no idea which reason this can have. Maybe some pro here outside has an idea. Of course there can be recognized something in the /var/log/messages: Mar 7 11:14:47 mve-server2 smbd[8195]: [2006/03/07 11:14:47, 0] lib/util_sock.c:write_data(554) Mar 7 11:14:47 mve-server2 smbd[8195]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Mar 7 11:14:47 mve-server2 smbd[8195]: [2006/03/07 11:14:47, 0] lib/util_sock.c:send_smb(762) Mar 7 11:14:47 mve-server2 smbd[8195]: Error writing 5 bytes to client. -1. (Connection reset by peer) Mar 7 11:18:55 mve-server2 smbd[8244]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8244]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/access.c:check_access(328) Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: Denied connection from (0.0.0.0) Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: Connection denied from 0.0.0.0 Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:write_data(554) Mar 7 11:18:55 mve-server2 smbd[8250]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:send_smb(762) Mar 7 11:18:55 mve-server2 smbd[8250]: Error writing 5 bytes to client. -1. (Connection reset by peer) After some search i put the following params into my smb.conf, but this didn't help: use sendfile = no large readwrite = no max xmit = 16644 Of course i will show you my complete smb.conf: [global] workgroup = mve socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY encrypt passwords = yes unix extensions = yes create mask = 0777 directory mask = 0777 username map = /etc/samba/smbusers wins server = 172.20.6.104 wins support = no domain logons = No domain master =
[Samba] winbind -r group enumeration
i've a strange problem with samba-3.0.10 (Redhat Enterprise 4 PPC Version) in an ActiveDirectory Environment. After setting up Kerberos and the winbindd configuration i was able to join a Windows 2003 Server ADS structure and enumerate groups with winbind -g and do different kind of ADS<->Unix mappings (winbind -G , wbinfo -n etc...). To make it short: it seems like the ADS connectivity is working. However wbinfo -r "domain\user" lists only _global_ ADS groups not local ones, although i'm able to map even local ADS groups from Windows SIDs to Unix-gids. The manual page for wbinfo -r tells me: "This only works for users defined on a Domain Controller." Actually i'm not sure if this statement relates to my problem, so i'd like to know if this behavior is a known bug and if yes, if that issue was adressed in a newer samba version TIA, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot join domain: "The user name could not be found"
Hello, which username do you use to join the Domain. ?? Please send a slapcat !! Ingo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] connecting to samba from 2003 sbs domain client runningxpprofi
Nobody any idea on where to start looking for this ?? Thanks -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Martijn Hazenberg Verzonden: maandag 6 maart 2006 14:57 Aan: samba@lists.samba.org Onderwerp: RE: [Samba] connecting to samba from 2003 sbs domain client runningxpprofi Hi, Addition to my message below.. Computers which doesnt login to the domain controller at startup like windows xp home ed. , dont seem to have this effect. It seems that you have to keep the connection up and running on the xp profi pc's to stop this problem from happening. ??? Regards, Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Martijn Hazenberg Verzonden: maandag 6 maart 2006 14:50 Aan: samba@lists.samba.org Onderwerp: [Samba] connecting to samba from 2003 sbs domain client running xpprofi Hi everybody, I have a network which consists of a linux data server, running Samba, a windows 2003 sbs, and a few xp professional clients which login to the domain server (2003 sbs). On the linux box, samba is running, this pc is always on. When i start the client pc (xp profi) and login to the domain, i can access the samba shares at full speed. Now the problem: When the xp profi client is left alone, for about 15 to 30 mins, something happens to the network. When i then try to access the shares, browsing is slow as H**L. Sometimes coming with screens like : enter user/passwd. The only remedy is to logout the user on the xp terminal, log back in, and everything is fine again. I have samba running in the most simple sharing system. This is the samba config file.. : DATASVR ~ # cat /etc/samba/smb.conf [global] netbios name = DATASVR server string = DATASVR socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 workgroup = GOVALOKAAL socket address = 10.0.0.200 max log size = 1000 log file = /var/log/samba/log.%m security = share guest ok = yes guest account = samba encrypt passwords = true [stuff] comment = All stuff path = /raid/stuff writable = yes browsable = yes read only = no guest ok = yes public = yes I once, tried to let the sbs figure out who could access the linux box, but that didnt seem handy to me. To do this i had to add the linux box to the sbs domain. The account for the linux box on the sbs is currently disabled. Ive also tested it with this account enabled and this didnt seem to make much of a difference. Does anyone have any idea on where to start looking, or what to do ? Best regards, Martijn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Assigning Permissions on Member Server
Dear all I have a samba PDC (3.0.21c) with openldap (2.3.19) with 2 domain Member Servers(samba 3.0.21c) with ACL support i use domain member servers as file servers . all my clients are windows 2000 professional. i have the following scenario at my I have created 3 groups, prj1team, prj1mgr, prj1engg. i have created folder called "myproject" in a samba share called projects. myproject has a subdirectory called "alldepts". now, no one can create files/folder in myproject directory but they can create a files and folder in alldepts folder. but i don't want anybody to delete the folder alldepts. myproject\alldepts i have set like this setfacl -m g:prj1team:rx myproject setfacl -m g:prj1mgr:rx myproject setfacl -m g:prj1engg:rx myrproject setfacl -m g:prj1mgr:rwx myproject/alldepts setfacl -m g:prj1engg:rwx myrproject/alldeps in the above permissions, people in group "prj1mgr"and "prj1engg" are able to creat files/folders in alldepts. and when they are in "myproject" directory and try to delete folder "alldepts", it gives error access denied . so far so good, this is what i want. but when the user of group "prj1mgr" and "prj1engg" delete folder "alldepts", it says access denied but it deletes all the files and folder inside the "alldepts" directory . ie it denies the user to delete "alldepts" directory but it does not deny the user to delete all the files and folders inside the alldepts.. Actually what i need is the folder "alldepts" is used by both groups "prj1mgr" and "prj1engg" to create files and folder and both these groups can delete each other files. but i want them to delete file after changing to that directory (alldepts) , not from outside. since i have mentioned setfacl -m g:prj1mgr:rx myproject setfacl -m g:prj1engg:rx myrproject it does not allow to delete folder alldepts, but it deletes all files in alldepts, that i don't want to happen. Please guide me, i have tried to express my scenario , in best possible way, hope every body understands. Regards Niranjan Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba