[Samba] Out Of office
Ik ben afwezig vanaf 29/07/2006 en ik ben niet eerder terug dan 23/08/2006. Ik ben met verlof van 31 juli tot en met 22 augustus. Voor dringende zaken kan je mailen naar [EMAIL PROTECTED] - DISCLAIMER : De personeelsleden van het agentschap doen hun best om in e-mails betrouwbare informatie te geven. Toch kan niemand rechten doen gelden op basis van deze inhoud. Als in de e-mail een stellingname voorkomt, is dat niet noodzakelijk het standpunt van het agentschap. Rechtsgeldige beslissingen of officiele standpunten worden alleen per brief toegestuurd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
hi again :) It's a variant of the same problem but has been exacerbated by the change from string comparisons to token based access checks for smb.conf parameters. stupid question: so why did you change to token based access check at all? what were/are samba-internal reasons to do this? First there are two new domains in 3.0.23: Unix User (S-1-22-1) and Unix Group (S-1-22-2). There's am implied order of precedence being applied for unqualified names in smb.conf. * lookup the name as a user in passdb * lookup the name as a group in passdb * lookup the name as a user in Unix User * lookup the name as a group in Unix Group First match wins. ok, but does this also apply on a member server running winbindd, because you say passdb and i always thought a domain member running winbindd has no own passdb (http://de.samba.org/samba/docs/man/Samba3-HOWTO/images/idmap-sid2uid.png). or is passdb here just a global word for user backends no matter if on a DC or a member? consider this case: valid users = DOMAIN\test DOMAIN\test DOMAIN\test is a user and a group (don´t ask why ;) ) members of the group DOMAIN\test would never be able to logon to this share, right? thx for clarifying things, again! micha cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2IfWIR7qMdg1EfYRAqtlAJ9PpSQ5MWinpY9ypzz6GZFCO44YywCgludf TmP3IRehGnRBAxYjC/NCHy8= =8d3j -END PGP SIGNATURE- -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23b Available for Download
hi jerrysamba team! Since Samba 3.0.8, it has been recommended that all domain accounts listed in smb.conf on a member server be fully qualified with the domain name. This is now a requirement. All unqualified names are assumed to be local to the Unix host, either as part of the server's local passdb or in the local system list of accounts (e.g. /etc/passwd or /etc/group). now means from version b on or 3.0.23 at all? * Added lookup_name_smbconf() to be called when looking up names from smb.conf. Unqualified names are assumed to be local. - seems for me from b on, right? i´m asking because there have been a lot of threads since the release of 3.0.23 and samba members always advised to use FQ-names. does this also imply that bug 3920 is fixed now if we have to use FQ-names?? If the member server is not running winbindd at all, domain accounts will be implicitly mapped to local accounts and their tokens will be modified appropriately to reflect the local SID and group membership. and if winbind is running with use default domain are users also mapped to local ones? many thx in advance! micha -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba share access error Fedora core 5
Hi, I have samba PDC running successfully on my server with 3 physical volumes running Fedora Core 5. Physical Volume 1 - OS installation Physical Volume 2 - All Company file shares Physical Volume 3 - Backup of files. I am facing a weird problem or may be somewhat unique to samba or Fedora, that I cannot access shares that are mounted and shared by samba from the client machines from the Physical volumes 2 3. I just receive an error as Network Path cannot be found including for the samba domain administrator i.e. root. All users can access the shares directly on the server. Can anyone help me to overcome this problem?? Thanks in advance, I really spent more than 4hrs troubleshooting this. Pavan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
On Wed, Aug 09, 2006 at 09:05:26AM +0200, Michael Gasch wrote: stupid question: so why did you change to token based access check at all? what were/are samba-internal reasons to do this? Lots :-) We had all sorts of access check variants all over the code, all working slightly differently. So none of the developers could immediately say which kind of access check is being done in what line of the code. For security related stuff this is a very bad thing, so we had to clean that up big way. And as in many places we have to deal with the user's token anyway and for example in the domain member case this is the *only* reliable authorization data available, doing all access checks based on the token is the logical way to go. ok, but does this also apply on a member server running winbindd, because you say passdb and i always thought a domain member running winbindd has no own passdb It does not have to, but it certainly can. Likewise with every Windows box, you can certainly have users, local and global groups on a Windows domain member. consider this case: valid users = DOMAIN\test DOMAIN\test DOMAIN\test is a user and a group (don´t ask why ;) ) members of the group DOMAIN\test would never be able to logon to this share, right? There's no way in Windows that I know to have DOMAIN\test to be a user and a group at the same time. How did you get Windows to do that? Volker pgpwMGgD80YZd.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23b Available for Download
hi jerrysamba team! Since Samba 3.0.8, it has been recommended that all domain accounts listed in smb.conf on a member server be fully qualified with the domain name. This is now a requirement. All unqualified names are assumed to be local to the Unix host, either as part of the server's local passdb or in the local system list of accounts (e.g. /etc/passwd or /etc/group). now means from version b on or 3.0.23 at all? * Added lookup_name_smbconf() to be called when looking up names from smb.conf. Unqualified names are assumed to be local. - seems for me from b on, right? i´m asking because there have been a lot of threads since the release of 3.0.23 and samba members always advised to use FQ-names. does this also imply that bug 3920 is fixed now if we have to use FQ-names?? If the member server is not running winbindd at all, domain accounts will be implicitly mapped to local accounts and their tokens will be modified appropriately to reflect the local SID and group membership. and if winbind is running with use default domain are users also mapped to local ones? many thx in advance! micha -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem connecting Windows Enterprise Server 2003 with Samba 3.0.23a
Hello, At the moment I'm trying to connect a Windows Enterprise Server 2003 with Service Pack2 to a Fedora Core 4 with Samba 3.0.23a. I'm able to login to the samba server without any problems. But, when I try to use a mapped volume in the Streaming Services it fails. I don't see the volume in the directory list in the Streaming Server and when I try the UNC path it fails with a invalid username and password. Does anybody have any idea of how to solve this? Arno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem connecting Windows Enterprise Server 2003 with Samba 3.0.23a
On Wed, Aug 09, 2006 at 09:36:16AM +0200, J.F.A. Bot wrote: At the moment I'm trying to connect a Windows Enterprise Server 2003 with Service Pack2 to a Fedora Core 4 with Samba 3.0.23a. I'm able to login to the samba server without any problems. But, when I try to use a mapped volume in the Streaming Services it fails. I don't see the volume in the directory list in the Streaming Server and when I try the UNC path it fails with a invalid username and password. Does anybody have any idea of how to solve this? Please open a bug report at https://bugzilla.samba.org and upload - your smb.conf - a debug level 10 log of smbd up to that failure. Please make sure that for this you have 'max log size = 0' so that there's no log file rotation - a sniff of the connection. Volker pgpJjRlbrWNO4.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problems with access to share after upgrading to 3.0.23(a)
Has there been any progress on this issue? It's a problem to not be able to access my shares! I'm about 80% confident this was fixed in 3.0.23b. Please let me know the outcome of your testing. It works for me! Thanks! -- Gentlemen, you can't fight in here, this is the War Room! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
first, thx volker! consider this case: valid users = DOMAIN\test DOMAIN\test DOMAIN\test is a user and a group (don´t ask why ;) ) members of the group DOMAIN\test would never be able to logon to this share, right? There's no way in Windows that I know to have DOMAIN\test to be a user and a group at the same time. How did you get Windows to do that? well, this was kind of mind game: i have a samba PDC with a group test and a user test. this works fine for the DC (tested). how would samba on a member solve this issue, if smbclient connects (no windows involved)? micha -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
On Wed, Aug 09, 2006 at 11:02:24AM +0200, Michael Gasch wrote: well, this was kind of mind game: i have a samba PDC with a group test and a user test. this works fine for the DC (tested). how would samba on a member solve this issue, if smbclient connects (no windows involved)? Sorry to say it, but if you definitely need this, then the Windows authentication protocol is not what you can use. You will need to find other mechanisms like ldap to authenticate/authorize your users. Volker pgpGb97ch736g.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
ok, understand :) i just wanted to find out the way samba would solve this issue if there´s a user and a group with the same name. if i´d ever face this problem, i would rename either of them. thx! micha Volker Lendecke wrote: On Wed, Aug 09, 2006 at 11:02:24AM +0200, Michael Gasch wrote: well, this was kind of mind game: i have a samba PDC with a group test and a user test. this works fine for the DC (tested). how would samba on a member solve this issue, if smbclient connects (no windows involved)? Sorry to say it, but if you definitely need this, then the Windows authentication protocol is not what you can use. You will need to find other mechanisms like ldap to authenticate/authorize your users. Volker -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FUTEX_WAIT 3.0.23a [Fwd: Re: amanda-2.5.0p2 hanging on smbclient with configure]
quote who=Volker Lendecke On Tue, Aug 08, 2006 at 04:52:36PM +0100, Gavin Henry wrote: Would anyone have any ideas with smbclient sits at FUTEX_WAIT in below message? Typing: strace smbclient -d 5 shows it sitting at: futex(0x2bdf2dc0, FUTEX_WAIT, 2, NU. We'd need a more complete strace and a sniff of smbclient. Understood. Will report back once Samba has been upgraded. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FUTEX_WAIT 3.0.23a [Fwd: Re: amanda-2.5.0p2 hanging on smbclient with configure]
quote who=Volker Lendecke On Tue, Aug 08, 2006 at 04:52:36PM +0100, Gavin Henry wrote: Would anyone have any ideas with smbclient sits at FUTEX_WAIT in below message? Typing: strace smbclient -d 5 shows it sitting at: futex(0x2bdf2dc0, FUTEX_WAIT, 2, NU. We'd need a more complete strace and a sniff of smbclient. 3.0.23b fixed it. Not sure was it was. Thanks. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba3, srvtools, and user account with no password
hello, i've just finished in setuping my simple samba pdc (no ldap, just tdbsam), everything work, i can create account from a xp client with srvtools, modify propoerties of a user/groupe, no problem. but but, i'm unable to let account with no password, i mean, when i'm creating/modify an account with srvtools, i've got the error access denied, but when i put one, even if it's an one letter password, it works. please, help me! i'm using debian 3.1, i put null passwords = yes, min password length = 0 in smb.conf in common-password in pam:password required pam_unix.so nullok min=0 max=8 md5 i'm lost -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OS/2 client crash on Find Close2
On 08.08.2006, at 11:19, Andreas Paulick wrote: Andreas Taegener schrieb: Hello, I have just migrated an old OS/2 file server to a Linux box with Samba 3.0.23a. Now the OS/2 clients crash from time to time. I found a way to reproduce/force the crash using PMMail and did some experiments. The popuplog.os2 on the clients (Warp4 and eComStation) always names a sys3175 in pmshell.exe / doscall1.dll. Using Ethereal and comparing the network traffic between a) a client and the Samba server and b) the same client and an OS/2 server (in this setup the client doesn't crash) I found at least one difference in the SMB protocol. It is the Find Close2 Response SMB message. [snip] The sys 3175 in pmshell at accesses sounds to me like broken EA-Support. Especially Pmmail and WPSWizard struggles at the loss of EAs. The only solution I have found so far is a downgrade to Samba 3.0.18? (I dont know the exact the last working version) where the EAs still works. I looked at the EA stuff and you might be right. There is a difference in the logs regarding the EAs of PMMAIL.INI (OS/2 ini format). I have sent Guenther some log files. Maybe he finds something. Are you successfully using Samba 3.0.18 or some other version? I will give it a try when no other solution comes up. Regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Gasch wrote: hi again :) It's a variant of the same problem but has been exacerbated by the change from string comparisons to token based access checks for smb.conf parameters. stupid question: so why did you change to token based access check at all? what were/are samba-internal reasons to do this? Consistency. We have to use the token for so many other access checks, it made little sense to have to convert back and forth between uids/gids, strings, and SIDs for handling smb.conf. There's am implied order of precedence being applied for unqualified names in smb.conf. * lookup the name as a user in passdb * lookup the name as a group in passdb * lookup the name as a user in Unix User * lookup the name as a group in Unix Group First match wins. ok, but does this also apply on a member server running winbindd, because you say passdb and i always thought a domain member running winbindd has no own passdb (http://de.samba.org/samba/docs/man/Samba3-HOWTO/images/idmap-sid2uid.png). or is passdb here just a global word for user backends no matter if on a DC or a member? Domain members can have a local SAM. It's always been like this. Think about loggnig onto a Windows client. The CTRL+ALT+DEL screen presents you with at least two domains. The Windows domain and the machine domain. consider this case: valid users = DOMAIN\test DOMAIN\test DOMAIN\test is a user and a group (don´t ask why ;) ) Won't work. Windows does not allow this. We've been recommending against this for a while. Certainly wouldn't work from the Windows object picker UI. members of the group DOMAIN\test woul never be able to logon to this share, right? Correct. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2cx0IR7qMdg1EfYRAqWnAKDwC8B3okLWwfCVyNfM5vnNMw1SGgCeIUkf wGvHVib7clkt9YB2Ovktz5M= =Ytpu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23b Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, Since Samba 3.0.8, it has been recommended that all domain accounts listed in smb.conf on a member server be fully qualified with the domain name. This is now a requirement. All unqualified names are assumed to be local to the Unix host, either as part of the server's local passdb or in the local system list of accounts (e.g. /etc/passwd or /etc/group). now means from version b on or 3.0.23 at all? Technically 3.0.23b since there was still some ambiguity in the previous 3.0.23 releases. * Added lookup_name_smbconf() to be called when looking up names from smb.conf. Unqualified names are assumed to be local. - - seems for me from b on, right? Yup. i´m asking because there have been a lot of threads since the release of 3.0.23 and samba members always advised to use FQ-names. does this also imply that bug 3920 is fixed now if we have to use FQ-names?? 3920 is fixed. But understand 'winbind use default domains' was never intended for anything except PAM NSS. Internally Samba must deal with qualified names in order to correctly resolve them to SIDs. So even an assumed domain name gets qualified. However, in smb.conf the responsibility is on the admin to remove ambiguity by fully qualifying the name. This has nothing to do with BUG 3920 really. If the member server is not running winbindd at all, domain accounts will be implicitly mapped to local accounts and their tokens will be modified appropriately to reflect the local SID and group membership. and if winbind is running with use default domain are users also mapped to local ones? No. 'winbind use default domain' is a convenience parameter for PAM and NSS applications. The domain user still exists and getpwnam(DOMAIN\user) still succeeds. We always try to look up the qualified version first. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2c89IR7qMdg1EfYRAmIoAKCtsWDeNfTqEb8d9zrsag0nyKzvYACeJi+J q98C98fXUoV2QG2c/OTALFc= =TRUq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] machine add error to samba PDC
Check the smb.conf and the add machine script parameter. With that parameter the smb creates the machine. Is sure that something is wrong there. Copy to the list, to have some solution there too. Pavan wrote: Hi, Thanks for that, it worked but why do I have to add the machine account manually?? As previous on SUSE box it did have created the machine accounts on the fly. Anyway thanks for the suggestion. Pavan. -Original Message- From: Guido Lorenzutti [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 09, 2006 2:22 PM To: Pavan Subject: Re: [Samba] machine add error to samba PDC All right, but pdbedit -Lv also must show you the machine account. Maybe the script isn't working. Why don't you try to make the machine manually? useradd -s /bin/false machine_name$ smbpasswd -am machine_name$ (i don't remember if the smbpasswd uses or not the $, maybe is without the $) pdbedit -Lv machine_name$ If know you see the machine account (remember the W flag) now you can go to the windows machine and try again. Pavan wrote: Thanks for the reply, I cannot add machine to the domain even creating the machine account manually on samba. I do have a add machine script in the configuration. Pdbedit -Lv shows me the root account which I am using as the administrator account to add the machines to the domain. Thanks, Pavan. -Original Message- From: Guido Lorenzutti [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 09, 2006 1:37 PM To: Pavan Cc: samba@lists.samba.org Subject: Re: [Samba] machine add error to samba PDC I don't fully understand your problem. You can't add the machine to the domain? Do you have a add machine script in the smb.conf? If not, do you add the machine manually? If so, what to the pdbedit -Lv machine_name$ tells you? Pavan wrote: Hi All, I have setup my samba as a PDC and testparm gives me the right result, but when I am trying to add my XP client to SAMBA I receive an error as Logon failure: bad username or password or Username could not be found. I am using root as the domain administrator and have added root account using smbpasswd and can see it using pdbedit -Lv. I can logon successfully from my windows client from run and typing \\servername file:///\\servername . Why do it complain when I am adding the machine that It cannot find the user??? Backend is simple smbpasswd file. Anyhelp is greatly appreciated. Thanks, Pavan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba pdc ldap without roaming profiles
Hi list At the momtent I use samba as a pdc with tdbsam as passwd backend. I plan to use ldap and I already tried it out. Unfortunately I didn't find a way to disable roaming profiles. I used the smbldap tools. First there is the question if I should use add user script = /usr/sbin/smbldap-useradd -m %u with the -a (is a Windows User) option. If I don't, then windows account specific information like last passwd change isn't stored in the ldap backend.. Where are they stored then ? Second, the main problem is that I can't remove entries like Home Directory HomeDir Drive Logon Script Profile Path from the users. Neither by using srvtools nor ldap directly nor pdbedit. Therefore I am forced to use all my accs as roaming profiles which I don't really want. I would appreciate any hints for solving this problem. Thank you, Alex Kretschmer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Regarding samba compilation
Hi, Am trying to add some Debug statement to smbd, for example in service.c. But problem is when I recomplile and make install, smbd doesnt get updated with that code. problem here is this smbd executable(usr/sbin/smbd) doesnt get updated with the latest install. please help.. Regards, Samid. ___ No banners. No pop-ups. No kidding. Make My Way your home on the Web - http://www.myway.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Regarding samba compilation
You may need to run configure with some options... otherwise the smbd built executable will go in /usr/local/samba/sbin (configure --help for more info) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of samid Sent: Wednesday, August 09, 2006 1:20 AM To: samba@lists.samba.org Subject: [Samba] Regarding samba compilation Hi, Am trying to add some Debug statement to smbd, for example in service.c. But problem is when I recomplile and make install, smbd doesnt get updated with that code. problem here is this smbd executable(usr/sbin/smbd) doesnt get updated with the latest install. please help.. Regards, Samid. ___ No banners. No pop-ups. No kidding. Make My Way your home on the Web - http://www.myway.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Regarding samba compilation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 samid wrote: Hi, Am trying to add some Debug statement to smbd, for example in service.c. But problem is when I recomplile and make install, smbd doesnt get updated with that code. problem here is this smbd executable(usr/sbin/smbd) doesnt get updated with the latest install. please help.. For development, I never use make install. Just run source/bin/smbd manually. It's quicker and easier. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2dW5IR7qMdg1EfYRAl+KAJ4yQAG+AR6xFKIgOMaBD3+QBT9YPQCfbJel IEE+aHczF6fOLVTNP/X5Vqs= =EDOt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba3, srvtools, and user account with no password
In smb.conf is a null passwords option it defaults to no. It's a security risk... but if you want it then set null passwords = yes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of bob_bipbip Sent: Wednesday, August 09, 2006 5:49 AM To: samba@lists.samba.org Subject: [Samba] samba3, srvtools, and user account with no password hello, i've just finished in setuping my simple samba pdc (no ldap, just tdbsam), everything work, i can create account from a xp client with srvtools, modify propoerties of a user/groupe, no problem. but but, i'm unable to let account with no password, i mean, when i'm creating/modify an account with srvtools, i've got the error access denied, but when i put one, even if it's an one letter password, it works. please, help me! i'm using debian 3.1, i put null passwords = yes, min password length = 0 in smb.conf in common-password in pam:password required pam_unix.so nullok min=0 max=8 md5 i'm lost -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: inherit acls not working
On 8/9/06, S. J. van Harmelen [EMAIL PROTECTED] wrote: Strange enough it seems the other way around?! When I mount with user_xattr support I get an 'store_inheritable_attributes : Error permission denied' in my samba.log, and see that the default acls aren't inherited. So let's look at it from the local fs. Can you locally getfattr/setfattr on a file where you get this message when using samba? Please try it as the same user who is trying to set from the samba side... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba pdc ldap without roaming profiles
to disable roaming profile for everybody, i'd use this un smb.conf: logon drive = logon home = yes, it's blank ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba3, srvtools, and user account with no password
i've already set the null passwords = yes it's quite strange. i've thought of a linux passwd problem, more than smb problem, but i'm not sure. how to find? On Wed, 09 Aug 2006 14:42:52 +0200, John Mason [EMAIL PROTECTED] wrote: In smb.conf is a null passwords option it defaults to no. It's a security risk... but if you want it then set null passwords = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba pdc ldap without roaming profiles
Theres a difference between whats in the smb.conf and whats stored with the user entries in the ldap backend. Thanks anyway. bob_bipbip schrieb: to disable roaming profile for everybody, i'd use this un smb.conf: logon drive = logon home = yes, it's blank ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, AIX and Winbind
Hi, I'm having some problems in the following situation: - a SLES9 PDC (Samba/OpenLDAP) - a IBM NAS500 Gateway, supposed to be a storage with SMB features, but Samba is far better than that I've got Samba 3.0.23 working, and i can see my LDAP users/groups (through aix native ldap client -- i mean, the id command returns every user found in the base). However, i'm not able to assign new permissions to my folders, since i get this error: create_canon_ace_lists: unable to map SID S-1-5-21-112207604-471413004-518595180-18138 to uid or gid. I was told that i needed to use winbindd, and that really worked (thanks Idra), BUT, that raises another problem: since i have to specify idmap ranges for uid/gid, i lost my unique uid stored in the LDAP base. I've tried to use idmap backend = ldap:ldap://myserver;, but, i still have to specify those ranges, otherwise i get this error: [2006/08/09 10:49:59, 0] nsswitch/winbindd_util.c:winbindd_param_init(787) winbindd: idmap uid range missing or invalid [2006/08/09 10:49:59, 0] nsswitch/winbindd_util.c:winbindd_param_init(788) winbindd: cannot continue, exiting. [2006/08/09 10:49:59, 1] nsswitch/winbindd.c:main(986) Could not init idmap -- netlogon proxy only Finally, Some questions: - Why do i have to still specify idmap ranges when using backend = ldap? - Does winbindd ldap support work with OpenLDAP? - Has anyone been able to do something like this? I mean, using a unique UID across multiple environments? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba ftp server
You accidentally asked the developer list this question... Yes, on at least Linux and BSD, you can use Samba, winbindd and pam to allow users with accounts on Windows to use those passwords to log on to Unix. This will work for normal user logins or for ftp. See chapters 20 and 24 of John Terpstra's book... --dave bijoy john wrote: Hi, I brought HD363N Network hard disc. i want to use as FTP Server. is there any way i can pass useridpwd from microsoft ASP to Samba Server. so i can use one userid both application and ftp. thanks, john -- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest [EMAIL PROTECTED] | -- Mark Twain (416) 223-5943 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SOS: removal of --with-ldapsam configuration option
Hi, when trying to upgrade my smb servers from older 3.x versions to samba 3.0.23, I discovered, that (already in 3.0.22), the --with-ldapsam option has been removed. According to the corresponding entry in the release notes, this was only used for backwards compatibility for 2.2 smb.conf files. As far as I can see however, not only the configuration file syntax has changed, but support for the formerly used LDAP schema (objectclass sambaAccount) has been completely dropped. Is this true? If yes, is there any easy way to get this back? I could not find a corresponding svn commit or something like that, which would allow to have a look at all the corresponding changes. Is there a single set of patches somewhere corresponding to that removal, that I could just reverse? Or even better: Is there any chance to convince the venerated samba developers to keep support for the old schema for the 3.0.x series? 4.0 will be a new major version where incompatible changes are expected, while between 3.0.21c and 3.0.22 is not a really good time for such a significant change. (At least for me and others in a similar situation this is a pretty serious change indeed - I would have to adjust loads of programs to the new schema. The worst part of it: should I run into any problems after the upgrade, there wouldn't be an easy way back to the last working state). Regards, Peter Daum -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Regarding samba compilation
On Wed, 9 Aug 2006, samid wrote: Am trying to add some Debug statement to smbd, for example in service.c. But problem is when I recomplile and make install, smbd doesnt get updated with that code. problem here is this smbd executable(usr/sbin/smbd) doesnt get updated with the latest install. please help.. I would try to isolate the problem. Is smbd getting built correctly and incorporating your changes? Run strings smbd and see if your debug message is in the version that's built after you do make. Also, check and see where smbd is being installed by make install. I would do this by doing make install make.install.log 21. Then run grep smbd make.install.log or look through it with less or your favorite text editor and see what path it really installs to. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: printing via samba and NOT point 'n' print
On Tuesday 08 August 2006 22:01, Guido Lorenzutti wrote: Hi people, I need to print via samba to a cups, but not with the point 'n' print feature. How about use client driver = yes ? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOS: removal of --with-ldapsam configuration option
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Daum wrote: Hi, when trying to upgrade my smb servers from older 3.x versions to samba 3.0.23, I discovered, that (already in 3.0.22), the --with-ldapsam option has been removed. According to the corresponding entry in the release notes, this was only used for backwards compatibility for 2.2 smb.conf files. As far as I can see however, not only the configuration file syntax has changed, but support for the formerly used LDAP schema (objectclass sambaAccount) has been completely dropped. Is this true? No. This should still work passdb backend = ldapsam_compat:ldap://ldap.example.com/ But you should really start migrating to the new schema. it will go away eventually. We even provided migration scripts. It's been almost 3 years now since 3.0.0 was released. And almost 2 since 2.2 was discontinued. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2gDAIR7qMdg1EfYRAh+uAKDHJjZntwQn5bfVcToKY6T14CIQmQCgtDe2 m6UR2pCnGcAZXZd5keZ6Dmo= =KI63 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23b Available for Download
Hi
I have updated a samba AD memeber server to 3.0.23b in an environment, where
all Usernames are available in the AD and in NIS.
With 3.0.21b if I create a file with windows on a samba share
and open the security dialog, samba shows the DOM\USERNAME
string as owner of the file.
With 3.0.23b only the SID+RID of the user is shown.
The SID is the SID of the Samba-server.
If I add the domain-user USERNAME2 with the security dialog, this user
ist shown as
DOM\USERNAME2 until I reopen the security dialog.
Then I see alos the SID-RID
If I stop winbind and do the same procedure I get
Unix User/USERNAME1 for the owner of the file in the dialog
If I give another user USERNAME2 access to this file
and reopen the security dialog, the entry is not shown.
To make it work with samba-3.0.21b
we had this setting in smb.conf (winbindd running)
With this settings in the Windows file-dialog all
users appear DOM\USERNAME
and in Unix teh ACL's show the correct NIS Unix Users
idmap uid = 1-1
idmap gid = 1-1
winbind use default domain = Yes
winbind trusted domains only = Yes
Is it possible to make this work again with 3.0.23b?
(I know that the zero uid and gid range might be brain damaged,
but with this settings it works fine on both sides)
Greetings
Hansjörg
Gerald (Jerry) Carter wrote:
==
Where does he get those wonders toys?
-- The Joker (Batman 1989)
==
Release Announcements
=
This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all current
bug-fixes. Please read the changes in this section and for the
original 3.0.23 release regarding new features and difference
in behavior from previous releases.
Common bugs fixed in 3.0.23b include:
o Ambiguity with unqualified names in smb.conf parameters
such as force user and valid users.
o Errors in 'net ads join' caused by bad IP address in the list
of domain controllers.
o SMB signing errors in the client and server code.
o Domain join failures when using smbpasswd on a Samba PDC.
Member servers, domain accounts, and smb.conf
=
Since Samba 3.0.8, it has been recommended that all domain
accounts listed in smb.conf on a member server be fully
qualified with the domain name. This is now a requirement.
All unqualified names are assumed to be local to the Unix
host, either as part of the server's local passdb or in the
local system list of accounts (e.g. /etc/passwd or /etc/group).
The reason for this change is that smbd has transitioned from
access checks based on string comparisons to token based
authorization. All names are resolved to a SID and then
verified against the logged on user's NT user token. Local
names will resolve to a local SID, while qualified domain
names will resolve to the appropriate domain SID.
If the member server is not running winbindd at all, domain
accounts will be implicitly mapped to local accounts and their
tokens will be modified appropriately to reflect the local
SID and group membership.
For example, the following share will restrict access to the
domain group Linux Admins and the local group srvadmin.
[restricted]
path = /data
valid users = +DOMAIN\Linux Admins +srvadmin
Note that to restrict the [homes] share on a member server to the
owner of that directory, it is necessary to prefix the %S value
to valid users.
[global]
security = {domain,ads}
workgroup = DOM
winbind separator = +
[homes]
valid users = DOM+%S
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba pdc and notebook in domain
hello, when my computer's client is not connected to network (and so cannot connect to pdc), they are not able to log in, they have a message telling us that the system can't log in because the domain is unavailable, how to permit people to log in even if they are not connected to network? -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SOS: removal of --with-ldapsam configuration option
i, Gerald (Jerry) Carter wrote: Peter Daum wrote: According to the corresponding entry in the release notes, this was only used for backwards compatibility for 2.2 smb.conf files. As far as I can see however, not only the configuration file syntax has changed, but support for the formerly used LDAP schema (objectclass sambaAccount) has been completely dropped. Is this true? No. This should still work passdb backend = ldapsam_compat:ldap://ldap.example.com/ ... that's good news! I had changed the configuration file to passdb backend = ldapsam ( ldapsam_compat is not mentioned in the man page) and tried samba 3.0.23a, which didn't work - when I saw the release note mentioning the removal of --with-ldapsam, I thought that this was the reason. But you should really start migrating to the new schema. ... I am planning to ;-) It's only that at the moment I plan to upgrade the samba and openldap installations and didn't want to combine this with other substantial changes so I'll know where to look in case of trouble. Does this mean my original assumption were right and the old schema will still be supported for following 3.0.x releases? Thanks a lot for your quick answer! Regards, Peter Daum -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba server print objects view in windows
I have an unusual problem and forgive my ignorance with Linux since I am a windows sys admin. This is my first taste with Linux and I have been really enjoying it. I recently setup a samba print server 3.0 (member server, not a PDC) to be used by Windows clients. Everything seems to be working good (joined to domain, uploaded printer drivers, objects appear in Printers and Faxes) The only thing that is happening now is when I view the printer objects in Windows after establishing a connection to my samba server, the Printers and Faxes applet view seems to constantly refresh every five seconds..and with a list of about 2500 printers, it is nearly impossible to scroll down to a specific printer and connect to it before the refresh. This is obviously not a viable solution for users. Is there a parameter in the smb.conf file that I am missing? See it below. I did a network capture to see exactly what is going at this interval and multiple DCERPC requests seems to be what is happening. Can someone explain this phenomenon to me? Also if someone has the time to explain how I can take the printer admin line out, since it gives a deprecation error. I know I can get rid of the printer admin parameter with a permission assigned to an AD group (or should it be a group defined on the Samba server?) called the SePrinterOperatorprivilege, right? I have been using net rpc rights (learning) to assign the perms but am having difficulty.it seems to take my grant command but when I list the users and their rights, there are, 0: users and 0:groups defined on the Samba server. Do I need to create this Admin group ON SAMBA versus AD and assign this privilege? I am a bit lost with this as you can tell. #=== Global Settings = [global] netbios name = smbprinttest # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = PSU local master = no change notify timeout = 600 # server string is the equivalent of the NT Description field server string = PSU UNIX File Server # Security mode. Most people will want user level security. See # security_level.txt for details. security = ADS realm = psu.ds.pdx.edu enable privileges = yes # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes # Using the following line enables you to customise your configuration # Set default directory and file permissions create mask = 0764 directory mask = 0775 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. bind interfaces only = YES interfaces = 127.0.0.1/24 131.252.120.34/24 # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ;hosts allow = all #commented to default to ALL hosts allow = 131.252. #hosts deny = 68.248.130.84, 68.4.59.176,68.72.142.161,68.90.163.155,162.83.168 .63,218.170.170.96 #hosts deny = all # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = lprng # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes show add printer wizard = yes #use client driver = yes use client driver = no # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system #printcap name = /usr/local/bin/lpstat # you may wish to override the location of the printcap file printcap name = /usr/local/etc/lprng/printcap printer admin = dfetter, bass, aevanoff # this tells Samba to use a separate log file for each machine # that connects log file = /usr/local/var/samba/logs/%m.log log level = all:0 # Put a capping on the size of the log files (in Kb). max log size = 2048 # the options below are what will implement the recycle bin. vfs object = recycle recycle:repository = /recyclebin recycle:touch = Yes recycle:keeptree = Yes recycle:versions = Yes recycle:noversions = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP recycle:exclude = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP recycle:excludedir = /recyclebin,/tmp,/temp,/TMP,/TEMP # Share Definitions == [printers] comment = PSU Campus Printers path = /usr/local/var/samba/spool writable = no guest ok = no
Re: [Samba] samba pdc and notebook in domain
bob_bipbip wrote: hello, when my computer's client is not connected to network (and so cannot connect to pdc), they are not able to log in, they have a message telling us that the system can't log in because the domain is unavailable, how to permit people to log in even if they are not connected to network? --Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ --To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Tell them to log in locally. The Windows login screen has a pulldown list that lets them select which domain to log into. One option is the local computer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23b Available for Download
Hi Is it possible to make this work again with 3.0.23b? (I know that the zero uid and gid range might be brain damaged, but with this settings it works fine on both sides) This should still work. Although you should be able to simply not define the idmap uid/gid range at all. But you will need to run winbindd. Not that you will need to fully qualify all domain users and groups in smb.conf still. I tried it again with winbind running and the idmap section commented out In the smb.conf file we have no reference for certain groups/users See below Did you update the libnss_winbind.so as part of your upgrade ? yes Just for clarification.. We have all users in both databases (nis and AD) with the same Username. The unix system with the samba server only uses NIS (no nss/pam winbind). as nameservice for users and groups. With 3.0.21b and the setting below, the owner of a file on the unix filesystem (USER1) shows up in the windows security automatically as DOM\USER1 Now with 3.0.23b is shown as the SID-RID String The SID ist the SID of the Samba Server, the RID is 2 * uid + 1000 which is not the sid of the domainuser but the mapped SID of winbind... Therfore the Security dialog cant resolve it. Why do I need libnss_winbind.so? Thank you Hansjerg [global] workgroup = DOM realm = REALM netbios name = ftpserver server string = RM-FTP-Server interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS password server = XXX username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/log.%m os level = 25 preferred master = No local master = No domain master = No dns proxy = No wins server = XXX utmp = Yes #idmap uid = 1-1 #idmap gid = 1-1 winbind use default domain = Yes winbind trusted domains only = Yes create mask = 0664 directory mask = 0775 hide dot files = No map archive = No dont descend = lost+found load printers= no printing = bsd printcap name = /dev/null [ftp] path = /home_local/ftp comment = FTP-Share browseable = yes writeable = yes force create mode = 0664 cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba, AIX and Winbind
[...] - Has anyone been able to do something like this? I mean, using a unique UID across multiple environments? More on this: $ ldapsearch -b ou=idmap,dc=domain -x # extended LDIF # # LDAPv3 # base ou=idmap,dc=domain with scope sub # filter: (objectclass=*) # requesting: ALL # # Idmap, DOMAIN dn: ou=Idmap,dc=DOMAIN objectClass: organizationalUnit objectClass: sambaUnixIdPool ou: Idmap gidNumber: 10010 uidNumber: 10001 # S-1-5-21-112207604-471413004-518595180-18138, Idmap, domain dn: sambaSID=S-1-5-21-112207604-471413004-518595180-18138,ou=Idmap,dc=domain objectClass: sambaIdmapEntry objectClass: sambaSidEntry uidNumber: 1 sambaSID: S-1-5-21-112207604-471413004-518595180-18138 As i see above, when using winbind to map SID to UID, and using LDAP as backend, it'll map every entry below ou=Idmap,dc=domain. But, why doesn't it use the same uid for my user? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23b Available for Download
On Wed, 2006-08-09 at 19:06 +0200, Hansjörg Maurer wrote: Just for clarification.. We have all users in both databases (nis and AD) with the same Username. The unix system with the samba server only uses NIS (no nss/pam winbind). as nameservice for users and groups. With 3.0.21b and the setting below, the owner of a file on the unix filesystem (USER1) shows up in the windows security automatically as DOM\USER1 Now with 3.0.23b is shown as the SID-RID String The SID ist the SID of the Samba Server, the RID is 2 * uid + 1000 which is not the sid of the domainuser but the mapped SID of winbind... Therfore the Security dialog cant resolve it. Hansjörg, I have been working recently around this kind of problems, can you send me a level 10 log file of a session where you just connect to the server and look up the users via the security tab? Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind
Hello~ I have a samba server 3.0.21b in a windows domain and would like to use it as a print server for windows clients. Question: since this is a domain member server, do I need the winbind service to set permissions (ACLs) on Win Server 2003 groups/users for print queues? Anni Marie Evanoff Windows System Administrator CST/OIT-Portland State University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED:Password change from win client doesn't work
Thx for the info. It really has to match the wright password chat for the system in use. I tried passwd at the console and modified the password chat in smb.conf to fit in my system. Josef Gary Dale schrieb: [EMAIL PROTECTED] wrote: Hi. If a domain user wants to change his domain password from the windows client, the client pc gets inaccessible for long time. After this time a popup appears with a message like this: Your password could not be changed. The DOMAIN is not available. In the samba logs I get this message: hg-k2 (192.168.0.15) couldn't find service USERNAME According to the example smb.conf on samba.org I have this lines in my smb.conf: passwd program = /usr/bin/passwd %u passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* Thx Josef Does the passwd chat match the password change dialogue on your server (* are any character(s))? This is also case sensitive. If the dialogue doesn't match what is expected, you get the problem you described. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED: w2k + xp clients password change freezes the client
password chat must fit exactly to the password chat which is produced by passwd on the system where samba is running. Josef Josef Schauer schrieb: Hi. I've a problem changing the password of the domain user directly from the windows client by using strg+alt+del. If I try to change the password, the client freezes for several minutes and after this amount of time a popup appears with this error: The DOMAIN isn't available. In the the samba logs I see this error: can't connect to service USERNAME this is the GLOBAL part of my smb.conf: [global] workgroup = ISARLBERG passdb backend = tdbsam passwd program = /usr/bin/passwd %u # passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers unix password sync = Yes log level = 2 time server = Yes printcap name = cups add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u logon script = scripts\%U.bat logon path = \\%L\%U\profile logon drive = Z: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes idmap uid = 15000-2 idmap gid = 15000-2 printing = cups print command = lpq command = %p lprm command = Thx Josef -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23b Available for Download
simo wrote: On Wed, 2006-08-09 at 19:06 +0200, Hansjörg Maurer wrote: Just for clarification.. We have all users in both databases (nis and AD) with the same Username. The unix system with the samba server only uses NIS (no nss/pam winbind). as nameservice for users and groups. With 3.0.21b and the setting below, the owner of a file on the unix filesystem (USER1) shows up in the windows security automatically as DOM\USER1 Now with 3.0.23b is shown as the SID-RID String The SID ist the SID of the Samba Server, the RID is 2 * uid + 1000 which is not the sid of the domainuser but the mapped SID of winbind... Therfore the Security dialog cant resolve it. Hansjörg, I have been working recently around this kind of problems, can you send me a level 10 log file of a session where you just connect to the server and look up the users via the security tab? Simo. Simo, I have been experiencing the exact same kind of symptoms with both 3.0.22 and 3.0.23a. I would be happy to use 3.0.23b and provide full debug output. Since I haven't collected alot of debug info from samba before, what settings to use and what particular log files you are interested in would be useful. Thanks, Neal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc ldap without roaming profiles
Greating Alexander, And you can disable roaming profile on Microsoft professional client (I don't have try local profile with 9x clients). Open /MMC /and add the snap-in /Group Policy/. Browse in /Local Computer Policy/ / /Computer Configuration/ / Administrative Template / /System // /Login and change //Only allow local user profiles/ value. For Windows 2000, you need SP3 and more install. And run /secedit /refreshpolicy machine_policy (W2K) or //gpupdate (XP)./ Robert Hi list At the momtent I use samba as a pdc with tdbsam as passwd backend. I plan to use ldap and I already tried it out. Unfortunately I didn't find a way to disable roaming profiles. I used the smbldap tools. First there is the question if I should use add user script = /usr/sbin/smbldap-useradd -m %u with the -a (is a Windows User) option. If I don't, then windows account specific information like last passwd change isn't stored in the ldap backend.. Where are they stored then ? Second, the main problem is that I can't remove entries like Home Directory HomeDir Drive Logon Script Profile Path from the users. Neither by using srvtools nor ldap directly nor pdbedit. Therefore I am forced to use all my accs as roaming profiles which I don't really want. I would appreciate any hints for solving this problem. Thank you, Alex Kretschmer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: FUTEX_WAIT 3.0.23a [Fwd: Re: amanda-2.5.0p2 hanging on smbclient with configure]
quote who=Gavin Henry Would anyone have any ideas with smbclient sits at FUTEX_WAIT in below message? Will try again with the just released 3.0.23b SUSE RPMS released today. Typing: strace smbclient -d 5 shows it sitting at: futex(0x2bdf2dc0, FUTEX_WAIT, 2, NU. SUSE 9.3 x86_64, Samba RPMS from main Samba site rpm -q samba-client samba-client-3.0.23a-0.1.34 -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Original Message Subject: Re: amanda-2.5.0p2 hanging on smbclient with configure From:Gavin Henry [EMAIL PROTECTED] Date:Tue, August 8, 2006 4:44 pm To: Paul Bijnens [EMAIL PROTECTED] Cc: amanda-users@amanda.org -- quote who=Gavin Henry quote who=Gavin Henry quote who=Paul Bijnens On 2006-08-08 16:17, Gavin Henry wrote: Currently trying to compile 2.5.0p2 with: ./configure --with-user=amanda --with-group=disk --with-ssh-security --with-config=Suretec --with-changer-device=/dev/sg2 --with-tape-device=/dev/nst0 But configure just sits there at: checking for smbclient... /usr/bin/smbclient Same when adding --with-smbclient=/usr/bin/smbclient If you do not need smbclient support, then you can configure with --without-smbclient and work around this problem. I have tried that, and with --with-smbclient=no. I've been going through configure.in to see what the probs are. If you do need it... then try to investigate what is blocking. It seems like configure is hanging in one of the next steps. Configure tries to find out what version of smbclient you have by running the command: smbclient '\\not.a.host.name\notashare' -U nosuchuser -N -Tx /dev/null Looks like it's this. It just hangs. Must be smbclient, as it is taking forever, even when I jsut run: smblcient with no options. Forget it, will debug smbclient. Nothing wrong with Amanda. Thanks all. strace smbclient -d 5 show it sitting at: futex(0x2bdf2dc0, FUTEX_WAIT, 2, NULL Hmm. I just setup 2 clients on Fedora Core 5 with 2.5.0p2, and they both are fine. The server is on a SUSE 9.3 x86_64 box, that has (Is a Samba PDC too): free -m total used free sharedbuffers cached Mem: 3961296 3665 0 48 154 -/+ buffers/cache: 93 3868 Swap: 2070 0 2070 uname -a Linux nas1 2.6.14.2-smp #2 SMP Thu Nov 17 15:31:40 GMT 2005 x86_64 x86_64 x86_64 GNU/Linux df -h FilesystemSize Used Avail Use% Mounted on /dev/sda1 73G 6.0G 67G 9% / tmpfs 2.0G 0 2.0G 0% /dev/shm /dev/sdb 6.9T 263G 6.6T 4% /storage lsscsi [0:0:0:0]diskATA HTS541080G9SA00 MB4O /dev/sda [4:0:1:0]tapeCERTANCE ULTRIUM 21775 /dev/st0 [4:0:1:1]mediumx QUANTUM UHDL 000E - [6:0:0:0]diskArecaARC-1160-VOL#00 R001 /dev/sdb What happens if you run that manually? Hangs The output of that step does not appear on screen however, so it could be that configure is actually hanging on the step after that. I think it's smbclient that is the problem. The next step is finding out where the gzip program lives. Is does that by looking in several directories. If one of those directories happens to be mounted on a non-responsive NFS-server, you hang here too. The list of directories is: /bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb:/usr/bsd:/etc:/usr/etc /usr/local/sbin:/usr/local/bin:/usr/ccs/bin and the value of $PATH from the user that runs configure. Anything strange when trying test -e /bin/gzip? (Try that for all the above dirs) Nope, looks fine. -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED] *** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * * F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, * * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, * * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, * * init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... * * ... Are you sure? ... YES ... Phew ... I'm out * *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc and notebook in domain
On Wed, 9 Aug 2006, bob_bipbip wrote: hello, when my computer's client is not connected to network (and so cannot connect to pdc), they are not able to log in, they have a message telling us that the system can't log in because the domain is unavailable, how to permit people to log in even if they are not connected to network? By default, Windows supports up to 10 (I think) cached logons. That means if you user abc logs on while the domain controller IS available, then they can log on later when the domain controller is NOT available, assuming there haven't been 10 people who have logged on since then. So, with a little planning (always be sure to logon before you disconnect, so that your identity is in the cache), you can use only the network user accounts without having to create separate local accounts. That makes things a lot cleaner and simpler, I think. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam_winbind fails with never expires password
I'm helping a school district set up Samba for staff/student shares. The PDC/BDCs are running NT4. Samba is v 3.0.23a on Fedora Core 5 boxes. winbind is mapping the users. Access to shares through Windows clients or smbclient works perfectly. There is a desire to have some faculty access the server using, e.g., an ssh client (mostly for remote file access). When I try to log in using an account that has an old password but with password never expires set, I get the message Your password has expired and I can't log in. If I reset the password (and presumably reset the expiration date), I can log in with no problem. So everything works except when an account with an old password tries to log in, even though never expires is set. I've tried a number of alternatives in the pam and samba config files to no avail. Any direction would be appreciated. Thanks! -- bill Bill Greene Rubicon Group Ltd Oak Brook Illinois USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pam_winbind fails with never expires password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Greene wrote: So everything works except when an account with an old password tries to log in, even though never expires is set. I've tried a number of alternatives in the pam and samba config files to no avail. It's our bug. We're working on a fix. The work around is to set a long (but not infinite) expiry period. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2mO0IR7qMdg1EfYRAuINAKCwVIy+wglT7kwoAqayW5xZnKF/iACfdGIP n96NqFJVD3vjmpR/gNfHbbw= =CF0j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba share access error Fedora core 5
Hi Tim, Thanks for that, It have solved my problem. Hope this will be useful for people on the list using FC 5. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 09, 2006 8:34 PM To: Pavan Subject: Re: [Samba] Samba share access error Fedora core 5 Pavan, I had this exact same problem with my Fedora Core 5. It's actually a well documented problem with the way Fedora Core 5 uses a system known as SELinux, which is on by default. Try issuing the command 'setenforce 0' and see if that makes a difference. Quoting Pavan [EMAIL PROTECTED]: Hi, SNIP Hi, I have samba PDC running successfully on my server with 3 physical volumes running Fedora Core 5. Physical Volume 1 - OS installation Physical Volume 2 - All Company file shares Physical Volume 3 - Backup of files. I am facing a weird problem or may be somewhat unique to samba or Fedora, that I cannot access shares that are mounted and shared by samba from the client machines from the Physical volumes 2 3. I just receive an error as Network Path cannot be found including for the samba domain administrator i.e. root. All users can access the shares directly on the server. Can anyone help me to overcome this problem?? Thanks in advance, I really spent more than 4hrs troubleshooting this. Pavan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Test
How long does it take to see ones own post? 19:43 EDT -- Jack Gates http://www.morningstarcom.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] make -j
So, I'm building 3.0.23b for Slackware (since they don't have it out yet[1]), and I've noticed these two lines in the script that Slackware uses to build Samba 3.0.23 from source (which I'm modifying to build 3.0.23b): # -j options don't seem to work... make Anyone know why that comment might be there? Is it true that Samba can't be built with -j2 or similar arguments to make? Maybe just on Slackware? The reason I'm asking is that I happen to have this server with Dual 1.0 GHz PIII Xeons, and it takes forever to build on this machine. It sure would be nice if it could 0.5*forever instead. [whine] Especially since I discovered a minor error in the build I was going to put on the server 15 minutes ago, and now have to build again twice: once to find the error in the build script, and another time to build it cleanly from scratch, thus delaying me from going home by at least 30 minutes. ;-) [/whine] - Logan [1] And no, you don't want my version once I'm done building it, since I'm building it against the OpenLDAP that I have installed, and by default Slackware has no LDAP. But I would be willing to share the 3.0.23 SlackBuild script that I modified for 3.0.23b if anyone wants it... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Setup Windows XP to print to CUPS printer on FC5
I am quite sure this question has been asked before but I can't find anything in the archive and Google does not turn up anything useful. I have Fedora Core 5 with an HP LaserJet 5L printer connected to the LPT port. I also have the CUPS printer queue shared. I am trying to setup up a Windows XP laptop with wlan on my home network to be able to print to that printer. I have little understanding of how to make samba work. I have found a lot of information but most of it does not help me or make sense to me. I only want the win xp box to have access to the printer and nothing else. Do I have to setup a user account between FC5 and XP to make this work? I no basically nothing about XP. I don't know if I have FC5 configured to allow XP to see the printer. I have spent 9 hours trying to figure out how to setup two different OS and samba and one printer to work on both OS. I have made no progress in completing my objective. I don't know which way is up right now. Can some one help me? Thanks, -- Jack Gates http://www.morningstarcom.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] biometrics in samba 4
On Tue, 2006-08-08 at 15:54 +1000, adrian sender wrote: Hello Lads, I am not a programmer in any shape or form, so bare with me. Windows AD can support biometric devices, such as fingerprint logins, it actually stores the fingerprint in the database. Will it be possible to store this information in a Samba4 AD enviroment? Who knows? I'll work on smart-cards first, as I have one of those (and my group at RedHat is really keen on them :-), but if we ever get information on how the login is communicated to the KDC, then it may well be made to work. This is all by the power of Kerberos. Only the first 'get TGT' step needs to be modified, rather than the whole system. If the fingerprint isn't stored in AD, but compared locally to something on a smartcard, which then unlocks a PKINIT certificate, then perhaps it will 'just work' once I get smartcards in. Who knows? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] make -j
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Logan Shaw wrote: So, I'm building 3.0.23b for Slackware (since they don't have it out yet[1]), and I've noticed these two lines in the script that Slackware uses to build Samba 3.0.23 from source (which I'm modifying to build 3.0.23b): # -j options don't seem to work... make Anyone know why that comment might be there? Is it true that Samba can't be built with -j2 or similar arguments to make? Maybe just on Slackware? First run `make proto` if you have gcc 3.4 or later, run `make pch` then run make -j2 jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2n8zIR7qMdg1EfYRAnOxAJsEL6FAJ0/+CT5ysAFODT507HKveACgwDTS AYGkLmii4yKDk2xfV0njin8= =D0VY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help: smbd nmbd normal states
I have just installed Fedora Core 5 with the Samba server. However only the nmbd daemon is running. I thought both smbd and nmbd should be running. On trying to start smbd with: /sbin/service smb start the result is starting smbd [FAILED] Stopping smbd of course has no effect, and starting or restarting nmbd works just fine. I'm stumped! I turned SELinux and the firewall off. I stopped sendmail. I configured a share, and set up a user for it. I can't think of what else might be a problem. This worked before on a previous life of the system under FC4. -- View this message in context: http://www.nabble.com/Help%3A-smbd---nmbd-normal-states-tf2082053.html#a5736427 Sent from the Samba - General forum at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Setup Windows XP to print to CUPS printer on FC5
I am quite sure this question has been asked before but I can't find anything in the archive and Google does not turn up anything useful. I have Fedora Core 5 with an HP LaserJet 5L printer connected to the LPT port. I also have the CUPS printer queue shared. I am trying to setup up a Windows XP laptop with wlan on my home network to be able to print to that printer. I have little understanding of how to make samba work. I have found a lot of information but most of it does not help me or make sense to me. I only want the win xp box to have access to the printer and nothing else. Do I have to setup a user account between FC5 and XP to make this work? I no basically nothing about XP. I don't know if I have FC5 configured to allow XP to see the printer. I have spent 9 hours trying to figure out how to setup two different OS and samba and one printer to work on both OS. I have made no progress in completing my objective. I don't know which way is up right now. Can some one help me? Thanks, -- Jack Gates http://www.morningstarcom.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Setup Windows XP to print to CUPS printer on FC5
On Wed, 2006-08-09 at 19:03 -0400, Jack Gates wrote: I am quite sure this question has been asked before but I can't find anything in the archive and Google does not turn up anything useful. I have Fedora Core 5 with an HP LaserJet 5L printer connected to the LPT port. I also have the CUPS printer queue shared. I am trying to setup up a Windows XP laptop with wlan on my home network to be able to print to that printer. I have little understanding of how to make samba work. I have found a lot of information but most of it does not help me or make sense to me. I only want the win xp box to have access to the printer and nothing else. Do I have to setup a user account between FC5 and XP to make this work? I no basically nothing about XP. I don't know if I have FC5 configured to allow XP to see the printer. I have spent 9 hours trying to figure out how to setup two different OS and samba and one printer to work on both OS. I have made no progress in completing my objective. I don't know which way is up right now. Can some one help me? http://www.owlfish.com/thoughts/winipp-cups-2003-07-20.html The above link was already given to you on the Fedora list several hours ago and that seemed to be as concise instructions as possible. If you want to use samba to share the printer, then you really need to see the 'Official How-To' http://www.samba.org/samba/docs (see the howto link on the left) but recognize that using samba to share a printer requires a working samba configuration compatible with your Windows XP setup and that is likely more reading, more work than the link that was suggested to you earlier on the fedora-list Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Setup Windows XP to print to CUPS printer on FC5
If all you want to do is make your printer available to XP, you do not need Samba. CUPS printers are available to XP computers through IPP. Connect to your printer from XP as http://servername:631/printers/printername. Other than that, the printer setup in XP is normal. For example, I have a Samsung ML-1210 printer connected to my Linux server named semper. In XP, the connection is http://semper:631/printers/ML-1210. Samba is not used at all to make this connection. Jack Gates wrote: I am quite sure this question has been asked before but I can't find anything in the archive and Google does not turn up anything useful. I have Fedora Core 5 with an HP LaserJet 5L printer connected to the LPT port. I also have the CUPS printer queue shared. I am trying to setup up a Windows XP laptop with wlan on my home network to be able to print to that printer. I have little understanding of how to make samba work. I have found a lot of information but most of it does not help me or make sense to me. I only want the win xp box to have access to the printer and nothing else. Do I have to setup a user account between FC5 and XP to make this work? I no basically nothing about XP. I don't know if I have FC5 configured to allow XP to see the printer. I have spent 9 hours trying to figure out how to setup two different OS and samba and one printer to work on both OS. I have made no progress in completing my objective. I don't know which way is up right now. Can some one help me? Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] connection disconnects
Hello, I would really appreciate any help since I am not able to debug this problem. We have a windows 2003 machine talking to a samba share exposed by Fedora Core 2. If I transfer a 5 GB file, it starts the transmission and then stops, sometimes at 1GB sometimes further around 3-4GB. The smbd.log file from the server show the following errors. Aug 4 13:34:35 Server nmbd[26773]: Samba name server Server has stopped being a local master browser for workgroup WORKGROUP on subnet 10.140.18.178 Aug 4 13:34:35 Server nmbd[26773]: Aug 4 13:34:35 Server nmbd[26773]: * Aug 4 13:34:52 Server nmbd[26773]: [2006/08/04 13:34:52, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) Aug 4 13:34:52 Server nmbd[26773]: * Aug 4 13:34:52 Server nmbd[26773]: Aug 4 13:34:52 Server nmbd[26773]: Samba name server Server is now a local master browser for workgroup WORKGROUP on subnet 10.140.18.178 Aug 4 13:34:52 Server nmbd[26773]: Aug 4 13:34:52 Server nmbd[26773]: * Aug 4 13:41:35 Server nmbd[26773]: [2006/08/04 13:41:35, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(311) Aug 4 13:41:35 Server nmbd[26773]: process_local_master_announce: Server Dell1 at IP 10.140.19.48 is announcing itself as a local master browser for workgroup WORKGROUP and we think we are master. Forcing election. Aug 4 13:41:35 Server nmbd[26773]: [2006/08/04 13:41:35, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149) Aug 4 13:41:35 Server nmbd[26773]: * Aug 4 13:41:35 Server nmbd[26773]: Aug 4 13:41:35 Server nmbd[26773]: Samba name server Server has stopped being a local master browser for workgroup WORKGROUP on subnet 10.140.18.178 Aug 4 13:41:35 Server nmbd[26773]: Aug 4 13:41:35 Server nmbd[26773]: * Aug 4 13:41:53 Server nmbd[26773]: [2006/08/04 13:41:53, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) Aug 4 13:41:53 Server nmbd[26773]: * Aug 4 13:41:53 Server nmbd[26773]: Aug 4 13:41:53 Server nmbd[26773]: Samba name server Server is now a local master browser for workgroup WORKGROUP on subnet 10.140.18.178 Aug 4 13:41:53 Server nmbd[26773]: Aug 4 13:41:53 Server nmbd[26773]: * Aug 4 14:04:38 Server gdm[1881]: Maximum number of open XDMCP sessions from host :::127.0.0.1 reached Aug 4 14:33:09 Server smbd[31523]: [2006/08/04 14:33:09, 0] lib/util_sock.c:write_socket_data(430) Aug 4 14:33:09 Server smbd[31523]: write_socket_data: write failure. Error = Connection reset by peer Aug 4 14:33:09 Server smbd[31523]: [2006/08/04 14:33:09, 0] lib/util_sock.c:write_socket(455) Aug 4 14:33:09 Server smbd[31523]: write_socket: Error writing 51 bytes to socket 22: ERRNO = Connection reset by peer Aug 4 14:33:09 Server smbd[31523]: [2006/08/04 14:33:09, 0] lib/util_sock.c:send_smb(647) Aug 4 14:33:09 Server smbd[31523]: Error writing 51 bytes to client. -1. (Connection reset by peer) This is the smb.conf file : [global] smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u pam password change = yes obey pam restrictions = yes encrypt passwords = yes unix password sync = no security = share socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = no server string = Samba Server load printers = no username map = /etc/samba/user.map log file = /var/log/samba/%m.log name resolve order = host smb ports = 139 [samba] path = /samba writable = yes guest ok = yes guest account = root Please advise. Thanks, Sameer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling and Configuring Samba for Mandrival
Mates, Since nobody is building binaries for mandriva, I thought I would share a quick cheat sheet for those who want to compile from source to update 10.2 from 3.20 to 3.23. Here goes: 1.Download samba-3.0.23b.tar.gz to your local machine (a given...) 2.Unzip it: tar xzvf samba-3.0.23b.tar.gz 3.Change to the source directory: cd samba-3.0.23b/source/ 4.Make sure you are root: su root (enter root password) 5.run: ./autogen.sh see (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html) 6.Now you need to configure the makefile. This is simple, the only pain in the butt is making sure you have the right configure parameters for Mandriva to keep the various pieces of samba from being scattered all over your disto. (i.e. smb.conf in /usr/lib ???) simply run: ./configure --prefix=/usr --infodir=/usr/share --mandir=/usr/share --with-co nfigdir=/etc/samba and the pieces will get placed in the right places. 7.run: make 8.run: make install (this completes the install) 9.now restart samba: /etc/rc.d/init.d/smb restart 10. You should be up and running with the new samba release! If samba fails to start and you are in a panic, simply issue: make revert and then /etc/rc.d/init.d/smb restart and your old version of samba will be restored! (it really works) That's it, hope it helps some other poor Mandrival user. If I missed a step, it is only because it is late. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 www.rankinlawfirm.com -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.8/415 - Release Date: 8/9/06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r17467 - in branches/SAMBA_3_0_23/source: .
Author: jerry Date: 2006-08-09 12:22:20 + (Wed, 09 Aug 2006) New Revision: 17467 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17467 Log: setting 3.0.23c Modified: branches/SAMBA_3_0_23/source/VERSION Changeset: Modified: branches/SAMBA_3_0_23/source/VERSION === --- branches/SAMBA_3_0_23/source/VERSION2006-08-09 02:21:04 UTC (rev 17466) +++ branches/SAMBA_3_0_23/source/VERSION2006-08-09 12:22:20 UTC (rev 17467) @@ -28,8 +28,7 @@ SAMBA_VERSION_RELEASE=23 -# If a official release has a serious bug # -# a security release will have 'a' sufffix # +# Bug fix releases use a letter for the patch revision # # # # so SAMBA's version will be # # MAJOR.MINOR.RELEASEREVISION # @@ -37,7 +36,7 @@ # e.g. SAMBA_VERSION_REVISION=a# # - 2.2.8a# -SAMBA_VERSION_REVISION=b +SAMBA_VERSION_REVISION=c # For 'pre' releases the version will be #
svn commit: samba r17468 - in branches/SAMBA_3_0/source: groupdb passdb rpc_server torture utils
Author: vlendec Date: 2006-08-09 15:25:26 + (Wed, 09 Aug 2006) New Revision: 17468 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17468 Log: To minimize the diff later on, pre-commit some changes independently: Change internal mapping.c functions to return NTSTATUS instead of BOOL. Volker Modified: branches/SAMBA_3_0/source/groupdb/mapping.c branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/torture/local-groupmap.c branches/SAMBA_3_0/source/utils/net_groupmap.c branches/SAMBA_3_0/source/utils/net_rpc_samsync.c Changeset: Sorry, the patch is too large (672 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17468
svn commit: samba r17469 - in branches/SAMBA_3_0/source/nsswitch: .
Author: idra
Date: 2006-08-09 15:36:57 + (Wed, 09 Aug 2006)
New Revision: 17469
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17469
Log:
remove unused variable
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c 2006-08-09 15:25:26 UTC
(rev 17468)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c 2006-08-09 15:36:57 UTC
(rev 17469)
@@ -447,7 +447,6 @@
{
DOM_SID sid;
NTSTATUS status;
- struct gid2sid_state *gid2sid_state;
DEBUG(3, ([%5lu]: gid to sid %lu\n, (unsigned long)state-pid,
(unsigned long)state-request.data.gid));
svn commit: samba r17470 - in branches/SAMBA_3_0/source: groupdb torture
Author: vlendec Date: 2006-08-09 20:25:13 + (Wed, 09 Aug 2006) New Revision: 17470 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17470 Log: This is the group mapping rewrite announced a few days ago. I'm afraid it's more than 1000 lines of patch, but doing it in smaller pieces is hardly possible. Anybody interested please look over this. The patch is not really interesting, just look at the new groupdb/mapping.c file. Jerry, one entry for the 3.0.24 release notes: smbd will refuse to start if we have overlapping mappings in group_mapping.tdb. With the old db a unix gid can be mapped to two different SIDs. This will be refused with the new code. Volker Modified: branches/SAMBA_3_0/source/groupdb/mapping.c branches/SAMBA_3_0/source/torture/local-groupmap.c Changeset: Sorry, the patch is too large (1106 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17470
svn commit: samba r17471 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: mimir
Date: 2006-08-09 22:09:47 + (Wed, 09 Aug 2006)
New Revision: 17471
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17471
Log:
Add a function generating pseudorandom set of changes to test
user modify routines.
rafal
Modified:
branches/SAMBA_4_0/source/torture/libnet/libnet_user.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_user.c
===
--- branches/SAMBA_4_0/source/torture/libnet/libnet_user.c 2006-08-09
20:25:13 UTC (rev 17470)
+++ branches/SAMBA_4_0/source/torture/libnet/libnet_user.c 2006-08-09
22:09:47 UTC (rev 17471)
@@ -20,6 +20,7 @@
*/
#include includes.h
+#include system/time.h
#include lib/cmdline/popt_common.h
#include libnet/libnet.h
#include librpc/gen_ndr/ndr_samr_c.h
@@ -28,9 +29,7 @@
#define TEST_USERNAMElibnetusertest
-#define TEST_CHANGEDUSERNAME newlibnetusertest
-
static BOOL test_cleanup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle, const char
*username)
{
@@ -292,6 +291,125 @@
}
+/*
+ Generate testing set of random changes
+*/
+
+#define TEST_CHG_ACCOUNTNAME newlibnetusertest%02d
+#define TEST_CHG_DESCRIPTION Sample description %ld
+#define TEST_CHG_FULLNAME First%04x Last%04x
+#define TEST_CHG_COMMENT Comment[%04lu%04lu]
+#define TEST_CHG_PROFILEPATH srv%04ld\\profile%02u\\prof
+
+void set_test_changes(TALLOC_CTX *mem_ctx, struct libnet_ModifyUser *r, int
num_changes)
+{
+ const char* logon_scripts[] = { start_login.cmd, login.bat,
start.cmd };
+ const char* home_dirs[] = { srv\\home, homesrv\\home\\user,
pdcsrv\\domain };
+ const char* home_drives[] = { H:, z:, I:, J:, n: };
+ struct timeval now;
+
+ srandom((unsigned)time(NULL));
+
+ if (num_changes
+ (num_changes 13 || ((random() % 10) 4))) {
+ r-in.account_name = talloc_asprintf(mem_ctx,
TEST_CHG_ACCOUNTNAME,
+ (int)random());
+ num_changes--;
+ }
+
+ if (num_changes
+ (num_changes 12 || ((random() % 10) 4))) {
+ r-in.full_name = talloc_asprintf(mem_ctx,
TEST_CHG_FULLNAME,
+ (unsigned int)random(),
(unsigned int)random());
+ num_changes--;
+ }
+
+ if (num_changes
+ (num_changes 11 || ((random() % 10) 4))) {
+ r-in.description= talloc_asprintf(mem_ctx,
TEST_CHG_DESCRIPTION,
+ (long)random());
+ num_changes--;
+ }
+
+ if (num_changes
+ (num_changes 10 || ((random() % 10) 4))) {
+ const char *home_dir = home_dirs[random() %
(sizeof(home_dirs)/sizeof(char*))];
+ r-in.home_directory = talloc_strdup(mem_ctx, home_dir);
+ num_changes--;
+ }
+
+ if (num_changes
+ (num_changes 9 || ((random() % 10) 4))) {
+ const char *home_drive = home_drives[random() %
(sizeof(home_drives)/sizeof(char*))];
+ r-in.home_drive = talloc_strdup(mem_ctx, home_drive);
+ num_changes--;
+ }
+
+ if (num_changes
+ (num_changes 8 || ((random() % 10) 4))) {
+ r-in.comment = talloc_asprintf(mem_ctx, TEST_CHG_COMMENT,
+ (unsigned long)random(),
(unsigned long)random());
+ num_changes--;
+ }
+
+ if (num_changes
+ (num_changes 7 || ((random() % 10) 4))) {
+ const char *logon_script = logon_scripts[random() %
(sizeof(logon_scripts)/sizeof(char*))];
+ r-in.logon_script = talloc_strdup(mem_ctx, logon_script);
+ num_changes--;
+ }
+
+ if (num_changes
+ (num_changes 6 || ((random() % 10) 4))) {
+ r-in.profile_path = talloc_asprintf(mem_ctx,
TEST_CHG_PROFILEPATH,
+(unsigned long)random(),
(unsigned int)random());
+ num_changes--;
+ }
+
+ if (num_changes
+ (num_changes 5 || ((random() % 10) 4))) {
+ gettimeofday(now, NULL);
+ now = timeval_add(now, (random() % (31*24*60*60)), 0);
+ r-in.acct_expiry = talloc_memdup(mem_ctx, now, sizeof(now));
+ }
+
+ if (num_changes
+ (num_changes 4 || ((random() % 10) 4))) {
+ gettimeofday(now, NULL);
+ now = timeval_add(now, (random() % (31*24*60*60)), 0);
+ r-in.allow_password_change = talloc_memdup(mem_ctx, now,
sizeof(now));
+ }
+
+ if (num_changes
+ (num_changes 3 || ((random() % 10) 4))) {
+ gettimeofday(now, NULL);
+
svn commit: samba r17472 - in branches/SAMBA_4_0/source/libnet: .
Author: mimir
Date: 2006-08-09 22:10:26 + (Wed, 09 Aug 2006)
New Revision: 17472
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17472
Log:
Remove unused variable.
rafal
Modified:
branches/SAMBA_4_0/source/libnet/libnet_rpc.c
Changeset:
Modified: branches/SAMBA_4_0/source/libnet/libnet_rpc.c
===
--- branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2006-08-09 22:09:47 UTC
(rev 17471)
+++ branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2006-08-09 22:10:26 UTC
(rev 17472)
@@ -107,7 +107,6 @@
{
struct composite_context *c;
struct rpc_connect_srv_state *s;
- struct composite_context *pipe_connect_req;
c = talloc_get_type(ctx-async.private_data, struct composite_context);
s = talloc_get_type(c-private_data, struct rpc_connect_srv_state);
Build status as of Thu Aug 10 00:00:01 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-08-09 00:00:08.0 + +++ /home/build/master/cache/broken_results.txt 2006-08-10 00:00:20.0 + @@ -1,18 +1,18 @@ -Build status as of Wed Aug 9 00:00:01 2006 +Build status as of Thu Aug 10 00:00:01 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 -ccache 24 4 0 -distcc 25 2 0 +ccache 23 4 0 +distcc 24 2 0 lorikeet-heimdal 0 0 0 -ppp 14 0 0 +ppp 13 0 0 rsync24 0 0 samba0 0 0 samba-docs 0 0 0 -samba4 36 24 2 -samba_3_034 10 0 -smb-build22 22 0 -talloc 27 11 0 -tdb 18 6 0 +samba4 36 23 2 +samba_3_032 9 0 +smb-build20 20 0 +talloc 17 6 0 +tdb 17 8 0
svn commit: samba r17473 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet
Date: 2006-08-10 00:52:56 + (Thu, 10 Aug 2006)
New Revision: 17473
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17473
Log:
Split loading a list of modules and initialising them into a seperate
function.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c
===
--- branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c 2006-08-09
22:10:26 UTC (rev 17472)
+++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c 2006-08-10
00:52:56 UTC (rev 17473)
@@ -236,11 +236,63 @@
#endif
}
+static int ldb_load_modules_list(struct ldb_context *ldb, const char
**module_list, struct ldb_module *backend, struct ldb_module **out)
+{
+ struct ldb_module *module;
+ int i, ret;
+
+ module = backend;
+
+ for (i = 0; module_list[i] != NULL; i++) {
+ struct ldb_module *current;
+ const struct ldb_module_ops *ops;
+
+ ops = ldb_find_module_ops(module_list[i]);
+ if (ops == NULL) {
+ if (ldb_try_load_dso(ldb, module_list[i]) == 0) {
+ ops = ldb_find_module_ops(module_list[i]);
+ }
+ }
+
+ if (ops == NULL) {
+ ldb_debug(ldb, LDB_DEBUG_WARNING, WARNING: Module [%s]
not found\n,
+ module_list[i]);
+ continue;
+ }
+
+ current = talloc_zero(ldb, struct ldb_module);
+ if (current == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ current-ldb = ldb;
+ current-ops = ops;
+
+ DLIST_ADD(module, current);
+ }
+ *out = module;
+ return LDB_SUCCESS;
+}
+
+static int ldb_init_module_chain(struct ldb_context *ldb, struct ldb_module
*module)
+{
+ while (module module-ops-init_context == NULL)
+ module = module-next;
+
+ if (module module-ops-init_context
+ module-ops-init_context(module) != LDB_SUCCESS) {
+ ldb_debug(ldb, LDB_DEBUG_FATAL, module initialization
failed\n);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ return LDB_SUCCESS;
+}
+
int ldb_load_modules(struct ldb_context *ldb, const char *options[])
{
const char **modules = NULL;
- struct ldb_module *module;
int i;
+ int ret;
TALLOC_CTX *mem_ctx = talloc_new(ldb);
if (!mem_ctx) {
return LDB_ERR_OPERATIONS_ERROR;
@@ -259,7 +311,6 @@
/* if not overloaded by options and the backend is not ldap try to load
the modules list from ldb */
if ((modules == NULL) (strcmp(ldap, ldb-modules-ops-name) !=
0)) {
- int ret;
const char * const attrs[] = { @LIST , NULL};
struct ldb_result *res = NULL;
struct ldb_dn *mods_dn;
@@ -295,51 +346,16 @@
}
if (modules != NULL) {
- for (i = 0; modules[i] != NULL; i++) {
- struct ldb_module *current;
- const struct ldb_module_ops *ops;
-
- ops = ldb_find_module_ops(modules[i]);
- if (ops == NULL) {
- if (ldb_try_load_dso(ldb, modules[i]) == 0) {
- ops = ldb_find_module_ops(modules[i]);
- }
- }
-
- if (ops == NULL) {
- ldb_debug(ldb, LDB_DEBUG_WARNING, WARNING:
Module [%s] not found\n,
- modules[i]);
- continue;
- }
-
- current = talloc_zero(ldb, struct ldb_module);
- if (current == NULL) {
- return -1;
- }
-
- current-ldb = ldb;
- current-ops = ops;
-
- DLIST_ADD(ldb-modules, current);
+ ret = ldb_load_modules_list(ldb, modules, ldb-modules,
ldb-modules);
+ talloc_free(modules);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
-
- talloc_free(modules);
} else {
ldb_debug(ldb, LDB_DEBUG_TRACE, No modules specified for this
database\n);
}
- module = ldb-modules;
-
- while (module module-ops-init_context == NULL)
- module = module-next;
-
- if (module
svn commit: samba r17474 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules lib/ldb/common lib/ldb/include
Author: abartlet
Date: 2006-08-10 01:51:27 + (Thu, 10 Aug 2006)
New Revision: 17474
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17474
Log:
Allow the partitions module to load modules for specific backends.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/partition.c
branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c
branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/partition.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/partition.c
2006-08-10 00:52:56 UTC (rev 17473)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/partition.c
2006-08-10 01:51:27 UTC (rev 17474)
@@ -502,11 +502,12 @@
{
int ret, i;
TALLOC_CTX *mem_ctx = talloc_new(module);
- static const char *attrs[] = { partition, replicateEntries, NULL };
+ static const char *attrs[] = { partition, replicateEntries,
modules, NULL };
struct ldb_result *res;
struct ldb_message *msg;
struct ldb_message_element *partition_attributes;
struct ldb_message_element *replicate_attributes;
+ struct ldb_message_element *modules_attributes;
struct partition_private_data *data;
@@ -545,6 +546,7 @@
ldb_set_errstring(module-ldb,
talloc_asprintf(module, partition_init:
no partitions specified));
+ talloc_free(mem_ctx);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
data-partitions = talloc_array(data, struct partition *,
partition_attributes-num_values + 1);
@@ -559,6 +561,7 @@
ldb_set_errstring(module-ldb,
talloc_asprintf(module,
partition_init:
invalid form for
partition record (missing ':'): %s, base));
+ talloc_free(mem_ctx);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
p[0] = '\0';
@@ -567,6 +570,7 @@
ldb_set_errstring(module-ldb,
talloc_asprintf(module,
partition_init:
invalid form for
partition record (missing backend database): %s, base));
+ talloc_free(mem_ctx);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
data-partitions[i] = talloc(data-partitions, struct
partition);
@@ -580,12 +584,14 @@
ldb_set_errstring(module-ldb,
talloc_asprintf(module,
partition_init:
invalid DN in
partition record: %s, base));
+ talloc_free(mem_ctx);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
data-partitions[i]-backend =
private_path(data-partitions[i], p);
ret = ldb_connect_backend(module-ldb,
data-partitions[i]-backend, NULL, data-partitions[i]-module);
if (ret != LDB_SUCCESS) {
+ talloc_free(mem_ctx);
return ret;
}
}
@@ -600,6 +606,7 @@
req = talloc_zero(mem_ctx, struct ldb_request);
if (req == NULL) {
ldb_debug(module-ldb, LDB_DEBUG_ERROR, partition: Out
of memory!\n);
+ talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -609,6 +616,7 @@
ret = ldb_request(module-ldb, req);
if (ret != LDB_SUCCESS) {
ldb_debug(module-ldb, LDB_DEBUG_ERROR, partition:
Unable to register partition with rootdse!\n);
+ talloc_free(mem_ctx);
return LDB_ERR_OTHER;
}
talloc_free(req);
@@ -616,9 +624,6 @@
replicate_attributes = ldb_msg_find_element(msg, replicateEntries);
if (!replicate_attributes) {
- ldb_set_errstring(module-ldb,
- talloc_asprintf(module, partition_init:
- no entries to replicate
specified));
data-replicate = NULL;
} else {
data-replicate = talloc_array(data, struct ldb_dn *,
replicate_attributes-num_values + 1);
@@ -634,12 +639,78 @@
talloc_asprintf(module,
partition_init:
invalid DN
in partition replicate record: %s,
