Re: [Samba] Samba and Printing
Yes unless the Windows driver requires a hard direct connection to the printer. Lexmark is the actual manufacturer of your printer. (Sorry to be the one to tell you that.) However, if you setup up Windows to look at the port as if its a direct connection you may be able to cheat a bit. I had a HP inkjet that I could set up to share with Linux systems but Windows clients balked because they required that the USB connection was in place at the computer you were printing from. So while the Linux clients could all send print jobs to the CUPS server for that printer none of the Windows clients could. The Windows driver would balk immediately if the USB cable wasn't directly plugged in to the computer you wanted to print from. BTW because it is a Lexmark printer don't expect a Linux driver anytime soon. --Shaun In short it is not possible to print to Windows printer if native driver is not available for Linux. Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Printing
On Wednesday 30 August 2006 01:15, Komal Shah wrote: > > Thanks Shaun for quick reply. > > I am having trouble with Dell Photo 964.Can I setup raw queue so that > Windows drive will do the processing ? > > Komal Yes unless the Windows driver requires a hard direct connection to the printer. Lexmark is the actual manufacturer of your printer. (Sorry to be the one to tell you that.) However, if you setup up Windows to look at the port as if its a direct connection you may be able to cheat a bit. I had a HP inkjet that I could set up to share with Linux systems but Windows clients balked because they required that the USB connection was in place at the computer you were printing from. So while the Linux clients could all send print jobs to the CUPS server for that printer none of the Windows clients could. The Windows driver would balk immediately if the USB cable wasn't directly plugged in to the computer you wanted to print from. BTW because it is a Lexmark printer don't expect a Linux driver anytime soon. --Shaun -- It isn't about it being free. Rather its about the freedom it brings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Printing
Shaun Marolf wrote: It is much easier to have Windows print to a Samba server than it is to print to Windows from any Unix. I have successfully setup shared printers on a Samba Server that I had no Linux driver for. Though the server could not print to the attached printer all my Windows clients could as Samba Print queue just sent raw data straight through so all the printer got was the file that Windows created before it sent it to the Samba print share. Now as far as printing to your printer from Linux, if the post script driver does not work then you may not be able to do so. Have you used Google to see if a driver is available? Since you didn't state what brand it was all I can add is if its a Brother I bet you will find a driver at their web site. --Shaun Thanks Shaun for quick reply. I am having trouble with Dell Photo 964.Can I setup raw queue so that Windows drive will do the processing ? Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Printing
On Wednesday 30 August 2006 00:18, Komal Shah wrote: > Hello, > > I have quick question about Printing with Samba.I want to print to > printer connected to Windows machine.I do not have drive for Linux of > the printer.Should I create raw queue in Linux to print to Windows printer? > > If i do not have suitable driver for Linux for printer is it still > possible to print to windows printer ? > > I tired postscript printer but it is not working. > > Thanks > > Regards, > > Komal It is much easier to have Windows print to a Samba server than it is to print to Windows from any Unix. I have successfully setup shared printers on a Samba Server that I had no Linux driver for. Though the server could not print to the attached printer all my Windows clients could as Samba Print queue just sent raw data straight through so all the printer got was the file that Windows created before it sent it to the Samba print share. Now as far as printing to your printer from Linux, if the post script driver does not work then you may not be able to do so. Have you used Google to see if a driver is available? Since you didn't state what brand it was all I can add is if its a Brother I bet you will find a driver at their web site. --Shaun -- It isn't about it being free. Rather its about the freedom it brings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Printing
Hello, I have quick question about Printing with Samba.I want to print to printer connected to Windows machine.I do not have drive for Linux of the printer.Should I create raw queue in Linux to print to Windows printer? If i do not have suitable driver for Linux for printer is it still possible to print to windows printer ? I tired postscript printer but it is not working. Thanks Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Basic Printer Share
Still No Go. Printer isn't being seen. Going to mess with Firewall and see if that's the issue. Don't think so since I don't remember enabling it ever but who knows. Some distros pull stunts behind your back. BTW its 3.0.023b on FC5 --Shaun On Tuesday 29 August 2006 16:49, Dale Schroeder wrote: > Try it without the "valid users" parameter. You don't list the version of > Samba you are using, but starting with 3.0.23, there are numerous issues > with "valid users =". It is getting better with 3.0.23a and 3.0.23b, but > not completely resolved. I am hoping all will be resolved in 3.0.23c so > that I can upgrade. > > Dale > > Shaun Marolf wrote: > > I can't seem to get a Windows XP Media Center Edition system to see a > > very simple print share. > > > > [global] > > workgroup = HOME > > realm = SHAUN > > server string = Samba Server > > security = SHARE > > encrypt passwords = No > > log file = /var/log/samba/%m.log > > max log size = 50 > > dns proxy = No > > wins support = Yes > > valid users = shaun > > admin users = shaun > > read list = shaun > > write list = shaun > > printer admin = shaun > > cups options = raw > > > > [printers] > > comment = All Printers > > path = /usr/spool/samba > > printable = Yes > > browseable = No > > > > [LaserJet_4] > > comment = HP LaserJet 4/4M > > path = /usr/spool/samba > > read only = No > > guest ok = Yes > > printable = Yes > > printer name = LaserJet_4 > > oplocks = No > > share modes = No > > > > Anyone have any clues here? Only thing I can think of is possibly my > > valid user list, but I have guest ok = Yes in the print share. -- It isn't about it being free. Rather its about the freedom it brings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configure Options while build Samba and OpenLDAP?
i mean the configure options.. while building samba and open-ldap from SRC rpm thank a lot... regards jerrynikky. On 8/29/06, Logan Shaw <[EMAIL PROTECTED]> wrote: >> On 08/28/2006 05:30 AM, updatemyself . escreveu: >> > can anyone help me to know >> > what all are the compailing option to use.. while build my samba and >> > open-ldap rpm from sourse. On Tue, 29 Aug 2006, updatemyself . wrote: > what about.. ldap options..? > > any one can help? I rebuilt Samba for Slackware and added LDAP in the build since Slackware doesn't have LDAP by default (at all). All I had to do was set these environment variables: CFLAGS="-I/usr/local/pkg/openldap/include" LDAP_LDFLAGS="-L/usr/local/pkg/openldap/lib -Wl,-rpath,/usr/local/pkg/openldap/lib" and add this "./configure" option: --with-ldap=yes The two environmen variables were only needed because I have my OpenLDAP libraries installed in a non-standard place. (There isn't a Slackware package for OpenLDAP that I know of, and I didn't feel like making one, so I just put all the OpenLDAP stuff in its own directory to keep it separate.) If you have your OpenLDAP includes in /usr/include and your OpenLDAP libraries in /usr/lib, you wouldn't need those two environment variables. All that applies to Slackware, but it should be fairly similar for Debian, I would think. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] member server can't authenticate users?
Hey List- I've got 2 samba servers. PDC: FreeBSD 5.4; samba: 3.0.23 name: bugs member server: FreeBSD 6-stable; samba: 3.0.23 name: daffy note: config files are at the bottom of the email The PDC was running an older version, but I just upgraded and it didn't fix the below issue. The member server was running fine with the old smb.conf file, but I rebuilt the server and now it doesn't work. Here is the problem: the member server is dual-homed and firewalled. note: I did try totally disabling the firewall and this didn't help or change the error. Using Konqueror and smb://daffy/ I can see the share I want to connect to, but it nevers lets me authenticate. I did also do a net join back into the domain and that worked fine. on the member server I can do the following: pw group show ecwusers -> works fine wbinfo -u -> works fine smbclient -L bugs -U username -> works fine smbclient -L daffy -U username -> get an error error = session setup failed: NT_STATUS_NO_LOGON_SERVERS smbclient -d 3 -L daffy -U username shows: Client started (version 3.0.23b). Connecting to 127.0.0.1 at port 445 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: No logon servers session setup failed: NT_STATUS_NO_LOGON_SERVERS The only error which repeats when I try and make a connection is in the log.wb-ECW file on daffyand it shows: [2006/08/29 17:30:47, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine bugs.int.ecreativeworks.com pipe \lsarpc fnum 0x74eb! PDC smb.conf: # Global parameters [global] workgroup = ECW netbios name = ECWSERVER passdb backend = tdbsam:/usr/local/etc/samba/private/passwd.tdb os level = 65 preferred master = yes domain master = yes local master = yes domain logons = yes wins support = yes #server string = Samba %v on %L server string = security = USER encrypt passwords = yes disable spoolss = Yes guest ok = no follow symlinks = no case sensitive = no idmap uid = 15000-2 idmap gid = 15000-2 username map = //usr/local/etc/samba/smbusers name resolve order = wins bcast hosts time server = Yes #printing options printing = cups printcap name = cups load printers = yes show add printer wizard = Yes printer admin = @ecwadmins,@wheel #user scripts add user script = /usr/sbin/pw useradd -n %u -g ecwusers -s /usr/sbin/nologin -c "" delete user script = /usr/sbin/pw userdel -n %u add group script = /usr/sbin/pw groupadd -n %g delete group script = /usr/sbin/pw groupdel -n %g add user to group script = /usr/sbin/pw usermod -n %u -g %g #add machine script = /usr/sbin/pw useradd -n %u -g 100 -s /usr/sbin/nologin -d /dev/null #user directories logon home = \\%N\%U\ logon drive = H: #roaming profiles logon path = #SHARES BELOW ###END PDC CONF member server smb.conf: # Global parameters [global] workgroup = ECW netbios name = ECWTEST #server string = Samba %v on %L server string = security = domain password server = bugs.int.domainname.com encrypt passwords = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = yes guest ok = no follow symlinks = no case sensitive = no preferred master = no domain master = no bind interfaces only = yes interfaces = fxp0 lo0 Henrik -- Henrik Hudson [EMAIL PROTECTED] -- "God, root, what is difference?" Pitr; UF (http://www.userfriendly.org/) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] release_posix_lock: unable to find entry to delete with Samba3.0.23b on Redhat ES4
On Tue, Aug 29, 2006 at 01:47:52PM -0700, Jeremy Allison wrote: > > No it shouldn't - it's a bug. But I think it's something I've > fixed in current SAMBA_3_0 svn. I'll look at the SAMBA_3_0_23 > svn (still using the older locking code, about to be shipped > as 3.0.23c). Ok, took a quick look at the 3.0.23c code and I don't see how that condition can happen, so I think we've fixed it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] release_posix_lock: unable to find entry to delete with Samba3.0.23b on Redhat ES4
On Tue, Aug 29, 2006 at 09:41:15PM +0100, Andrew Wilson wrote: > Jeremy, > > I have located the source of this error in our config' - we had "posix > locking=no" in force on the share we are using to host the NT/XP > profiles (See the definition below). When we remove this (to allow the > default posix locking) the errors go away - they were occuring during > log on and log off from Windows XP clients. I probably should have > spotted this one - so sorry about that. However I do remember having to > put this setting in place with a much older version of Samba, running > under Solaris, in order to get the profiles to work reliably. In any > case I am not sure whether you think this setting should be causing a > panic in smbd under these circumstances ? No it shouldn't - it's a bug. But I think it's something I've fixed in current SAMBA_3_0 svn. I'll look at the SAMBA_3_0_23 svn (still using the older locking code, about to be shipped as 3.0.23c). Thanks for the info ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] release_posix_lock: unable to find entry to delete with Samba3.0.23b on Redhat ES4
Jeremy, I have located the source of this error in our config' - we had "posix locking=no" in force on the share we are using to host the NT/XP profiles (See the definition below). When we remove this (to allow the default posix locking) the errors go away - they were occuring during log on and log off from Windows XP clients. I probably should have spotted this one - so sorry about that. However I do remember having to put this setting in place with a much older version of Samba, running under Solaris, in order to get the profiles to work reliably. In any case I am not sure whether you think this setting should be causing a panic in smbd under these circumstances ? Best Regards Andrew [profile] comment = My Profile Data path = %H/.ntprofile profile acls = yes read only = no browseable = no create mask = 0600 directory mask = 0700 oplocks = no level2 oplocks = no posix locking = no Jeremy Allison wrote: On Fri, Aug 18, 2006 at 08:19:16AM +0100, Andrew Wilson wrote: We are running Samba3.0.23b on Redhat ES4 and find that we are getting quite a few of the release_posix_lock errors appearing in the SAMBA log (See base of this note). There is no obvious impact on the operation of the system, but I was wondering if anyone else is experiencing the same and whether we need to worry about this. We have the default "posix locking=yes" in operation and I note in the man entry that we "should never need to disable this parameter". However if we do turn it off, the errors appear to go away. I suspect though that this means that there is not full lock integrity on our files? We are using exactly the same settings with Samba3.0.23b on both Solaris 8 and Solaris 10 and we do not see this problem. Our Redhat system is fully patched up to date and so is the gcc we are compiling samba with. Strange. You're hitting a deliberate panic due to what smbd believes is a logic error in the lock counts. Can you find out more about how you reproduce this problem ? Is there anything specific you're doing when it happens ? Jeremy. This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba File Problem
Hi, I am experiencing difficulty with a Program that resides on my Linux Server and is accessed from Win XP stations. The program is a tutoring program that uses flash files (swf) on the server that are displayed on the clients. When doing an update recently I got several strange errors that the software vendor recons are Linux Specific. When copying my new swf files onto the server I get the following errors: application error (Value must be between 1 and 2147483647) Exception class: EInvalidOperation Exception address: 004F123E Are there any values that should be changed when using these types of files? Any suggestions would be appreciated. Daryl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Basic Printer Share
I can't seem to get a Windows XP Media Center Edition system to see a very simple print share. [global] workgroup = HOME realm = SHAUN server string = Samba Server security = SHARE encrypt passwords = No log file = /var/log/samba/%m.log max log size = 50 dns proxy = No wins support = Yes valid users = shaun admin users = shaun read list = shaun write list = shaun printer admin = shaun cups options = raw [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [LaserJet_4] comment = HP LaserJet 4/4M path = /usr/spool/samba read only = No guest ok = Yes printable = Yes printer name = LaserJet_4 oplocks = No share modes = No Anyone have any clues here? Only thing I can think of is possibly my valid user list, but I have guest ok = Yes in the print share. -- It isn't about it being free. Rather its about the freedom it brings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem adding machine or user accounts to a large group in the group file
Hello, We are currently experiencing an issue when trying to add members to a group on a server running Samba 3.0.20b-3.4-SUSE(SLES9). It appears that we have reached the size limit for the specified group in the group file. This group is the only one that is large in size within the group file. When we add the user to the group in Linux using useradd, it seems to be added, but when we check the group file, there is no entry for the most recent addition. Further, when we try to add the user with pdbedit to the large group, the entry does not appear to be added to the tdbsam backend in Samba. I have ran a wc group and it has output the following: 62- lines 62- characters 3617- byte size The error that is appearing on screen in relation to pdbedit is: tdb_update_sam: Failing to store a SAM_ACCOUNT for [user] without a primary group RID Further, we have tried to manually remove some unused entries from the large group, in order to decrease the size of the group file, but this has not produced any positive results. I have also thought about increasing the logging level in Samba to get some more detailed feedback from the server. Any ideas or suggestions would be greatly appreciated. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Storing privilege info in ldap
On Tue, 29 Aug 2006, David Williams wrote: I have a Samba server 3.0.22 pdc on Gentoo Linux with a ldap backend all working fine. I am now going to add a bdc to the setup. It seems that the privilege info is stored locally rather than in ldap. I suspect that it's in account_policy.tdb but I'm not sure. I can see the accounts on the bdc and logon fine but the rights are missing when i run "net rpc rights list". I can add the info in manually but that creates a future admin job. Is there any way to store the rights in LDAP? Isn't this the exact same question that was answered under the subject "Question regarding Samba rights" about 3 hours ago? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Storing privilege info in ldap
Hello I have a Samba server 3.0.22 pdc on Gentoo Linux with a ldap backend all working fine. I am now going to add a bdc to the setup. It seems that the privilege info is stored locally rather than in ldap. I suspect that it's in account_policy.tdb but I'm not sure. I can see the accounts on the bdc and logon fine but the rights are missing when i run "net rpc rights list". I can add the info in manually but that creates a future admin job. Is there any way to store the rights in LDAP? thanks David Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mod_ntlm_winbind / Apache2
On Wed, 2006-08-30 at 00:57 +0930, Kevin Shanahan wrote: > On Tue, 2006-08-29 at 12:09 -0300, Felipe Augusto van de Wiel wrote: > > Run it in a terminal, check for manpages of your > > distribution, try to increase debug/log level. > > Wierd, it seems to work from the command line (I just pasted in the YR > line from the previous log): > > # /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --debuglevel=10 Sorry for replying to myself too much; just wanted to point out that the failing ntlm_auth call in Apache was the gss-spnego helper, so this example doesn't make sense. It fails from the command line equally as it does from Apache... > Regards, > Kevin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] profile-portability doesn't work
Anybody with a similar problem? Or profile-portability would be so easy and only for me doesn't work? :( Imre Bolya Imre wrote: Hello! I'm using Samba as PDC in a small company (~40 computers), the environment is the following: Gentoo linux 2.6.14-hardened-r5, Samba 3.0.22-r2, OpenLDAP 2.3.24-r1, nss_ldap 2.49, Windows XP clients The problem is that profile-portability doesn't work. A user first logs into a machine, then he can't use his profile on another one. The samba log says: [2006/08/27 20:20:37, 1] smbd/service.c:make_connection_snum(693) mgrtpc211 (192.168.2.211) connect to service profiles initially as user csap.geza (uid=1125, gid=513) (pid 23613) [2006/08/27 20:20:37, 1] smbd/service.c:make_connection_snum(693) mgrtpc211 (192.168.2.211) connect to service profiles initially as user csap.geza (uid=1125, gid=513) (pid 23613) [2006/08/27 20:26:38, 1] smbd/service.c:close_cnum(885) mgrtpc211 (192.168.2.211) closed connection to service profiles [2006/08/27 20:26:38, 1] smbd/service.c:close_cnum(885) mgrtpc211 (192.168.2.211) closed connection to service profiles [2006/08/27 20:26:38, 1] smbd/service.c:make_connection_snum(693) mgrtpc211 (192.168.2.211) connect to service netlogon initially as user csap.geza (uid=1125, gid=513) (pid 23639) [2006/08/27 20:26:39, 1] smbd/service.c:make_connection_snum(693) mgrtpc211 (192.168.2.211) connect to service csap.geza initially as user csap.geza (uid=1125, gid=513) (pid 23639) It takes 6 minutes to connect to profiles share but finally fails. Although it mounts the netlogon and home shares. Did anybody meet a problem like this? Thx, Imre PS: My smb.conf: [global] workgroup = JASZAPATIMGZRT netbios name = MIERDA server string = Domain Controller hosts allow = 192.168.2.0/24 127.0.0.0/8 security = user # some tuning options socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth1 192.168.2.0/24 lo bind interfaces only = yes dos charset = cp852 unix charset = utf8 display charset = utf8 # to make your Samba server act as a PDC, you need these lines: os level = 65 local master = yes domain master = yes preferred master = yes # security null passwords = no hide unreadable = yes hide dot files = yes # domain settings domain logons = yes logon script = %U.cmd logon path = \\MIERDA\profiles\%U logon drive = H: logon home = \\MIERDA\%U wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no time server = yes log file = /var/log/samba/%m.log log level = 2 idmap uid = 1000-2 idmap gid = 512-560 # scripts add user script = /usr/sbin/smbldap-useradd -m "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" # ldap settings ldap delete dn = yes ldap ssl = no passdb backend = ldapsam:ldap://mierda ldap suffix = dc=jaszapatimgzrt,dc=hu ldap admin dn = cn=Manager,dc=jaszapatimgzrt,dc=hu ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap idmap suffix = ou=People ldap password sync = yes # printing section printing = cups printcap name = cups load printers = yes [netlogon] path = /home/samba/netlogon guest ok = yes browseable = no #write list = root [profiles] path = /home/samba/profiles writable = yes profile acls = yes browseable = no create mask = 0600 directory mask = 0700 guest ok = yes csc policy = disable force user = %U valid users = @"Domain Users" @"Domain Admins" [homes] comment = Home directories path = /home/%U browseable = no valid users = %U read only = no create mask = 0664 directory mask = 0775 hide dot files = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange Usermapping problem with 3.0.23b
On Tuesday 29 August 2006 12:21, Gerald (Jerry) Carter wrote: > I've attached the patch that is included for 3.0.23c. Are you planning to update your patch-3.0.23b-3.0.23c-gwc-1.diffs.gz to include this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mod_ntlm_winbind / Apache2
On Wed, 2006-08-30 at 00:57 +0930, Kevin Shanahan wrote: > On Tue, 2006-08-29 at 12:09 -0300, Felipe Augusto van de Wiel wrote: > > That's the reason of my question. BH is really bad. The > > helper probably is missing something. Try to strace the command > > and see what files it is trying to open. I don't know a easy way > > to test it (didn't had big problems with NTLM auth, and there is > > quite a while that I did not setup it again). > > I think the "file not found" message is coming from mod_ntlm_winbind, so > I'd need to strace apache for that. Here is the interesting stuff: 3039 read(12, "GET /auth-test HTTP/1.1\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\nAccept-Language: en-au\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\nHost: intranet.ucwb.org.au\r\nConnection: Keep-Alive\r\nAuthorization: Negotiate TlRMTVNTUAABB4IIogAFASgKDw==\r\n\r\n", 8000) = 461 3039 gettimeofday({1156866947, 939362}, NULL) = 0 3039 stat64("/var/www/auth-test", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 3039 open("/var/www/auth-test/.htaccess", O_RDONLY) = -1 ENOENT (No such file or directory) 3039 pipe([14, 15])= 0 3039 pipe([16, 17])= 0 3039 access("/usr/bin/ntlm_auth", R_OK|X_OK) = 0 3039 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7a2f0c8) = 3050 3039 close(14) = 0 3039 close(17) = 0 3039 gettimeofday({1156866947, 940817}, NULL) = 0 3039 write(7, "[Wed Aug 30 01:25:47 2006] [debug] mod_ntlm_winbind.c(529): [client 192.168.0.53] Launched ntlm_helper, pid 3050\n", 113) = 113 3039 gettimeofday({1156866947, 940972}, NULL) = 0 3039 write(7, "[Wed Aug 30 01:25:47 2006] [debug] mod_ntlm_winbind.c(699): [client 192.168.0.53] creating auth user\n", 101) = 101 3039 write(15, "YR TlRMTVNTUAABB4IIogAFASgKDw==\n", 60) = 60 3039 gettimeofday({1156866947, 941175}, NULL) = 0 3039 write(7, "[Wed Aug 30 01:25:47 2006] [debug] mod_ntlm_winbind.c(750): [client 192.168.0.53] parsing reply from helper to YR TlRMTVNTUAABB4IIogAFASgKDw==\\n\n", 173) = 173 3039 read(16, "B", 1) = 1 3039 read(16, "H", 1) = 1 3039 read(16, "\n", 1) = 1 3039 gettimeofday({1156866947, 988012}, NULL) = 0 3039 write(7, "[Wed Aug 30 01:25:47 2006] [debug] mod_ntlm_winbind.c(788): [client 192.168.0.53] got response: BH\n", 99) = 99 3039 gettimeofday({1156866947, 988131}, NULL) = 0 3039 write(7, "[Wed Aug 30 01:25:47 2006] [error] [client 192.168.0.53] (2)No such file or directory: failed to parse response from helper\n", 124) = 124 3039 close(16) = 0 3039 close(15) = 0 And ntlm_auth is now a zombie: # ps ax | grep ntlm 3050 ?Z 0:00 [ntlm_auth] Okay, I did another strace with -f to see what ntlm_auth is doing: - pid 3724 is ntlm_auth - pid 3707 is the apache process waiting for the response 3724 open("/usr/share/samba/valid.dat", O_RDONLY|O_LARGEFILE) = 3 3724 mmap2(NULL, 65536, PROT_READ, MAP_SHARED, 3, 0) = 0xb7b54000 3724 close(3) = 0 3724 fstat64(0, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 3724 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f1d000 3724 read(0, "YR TlRMTVNTUAABB4IIogAFASgKD2==\n", 4096) = 60 3724 time(NULL)= 1156868276 3724 geteuid32() = 33 3724 write(2, "[2006/08/30 01:47:56, 1] utils/ntlm_auth.c:manage_gss_spnego_request(859)\n", 74) = 74 3724 write(1, "BH\n", 3 3707 <... read resumed> "B", 1)= 1 3707 read(16, "H", 1) = 1 3707 read(16, "\n", 1) = 1 So, is there something wrong with the YR request or is ntlm_auth unhappy with what it found in valid.dat? I can't really see anything else... Regards, Kevin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Installing Samba4
We have trouble installing samba4 and we can´t found documentation about setup, join domains, etc... We use rsync command to download samba rsync -avz samba.org::ftp/unpacked/samba4 . and when run ./autogen.sh to generate configure files return the following error: ./autogen.sh: running script7mkversion.sh ./script/mkversion.sh: version.h created for Samba("4.0.0tp3-svn-build-UNKNOWN) ./autogen.sh: running autoheader configure.ac:108: error: m4defn: undefined macro: _AC_SUBST_VARS configure.ac:108: the top level autoheader: autom4te failed with exit status: 1 at /usr/local/bin/autoheader line 163 Cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange Usermapping problem with 3.0.23b
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthias Schuendehuette wrote: > My Samba-Server is member of a large ADS-Domain. > After the upgrade, file based Usermapping didn't > work anymore... better: it worked TWICE. (I > once opened a PR for that a few years ago :-). > So, with LogLevel 3: > > \ is mapped to > \ is mapped to > > (I have a line " = *" in my 'smbusers.map'-file) I just fixed this for 3.0.23c. > If I use its IP-Address, usermapping happens ONCE > (i.e. correctly). It's dependent on whether the session setup used Krb5 or NTLM. > Any Ideas anybody? Some other test to narrow he error > down? I'm willing to cooperate as much as possible, the > Samba-Server has >100 productive users... I've attached the patch that is included for 3.0.23c. cheer,s jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9Gl9IR7qMdg1EfYRAoeNAJ95UShk2wK0BoIYxHF+aCEUNZA35wCeNcvJ uThSW6mb+DJ6eE0iapYf3iE= =hQJ8 -END PGP SIGNATURE- Index: smbd/sesssetup.c === --- smbd/sesssetup.c(revision 17908) +++ smbd/sesssetup.c(working copy) @@ -320,10 +320,14 @@ sub_set_smb_name( real_username ); reload_services(True); + if ( map_domainuser_to_guest ) { make_server_info_guest(&server_info); } else if (logon_info) { - ret = make_server_info_info3(mem_ctx, real_username, domain, + /* pass the unmapped username here since map_username() + will be called again from inside make_server_info_info3() */ + + ret = make_server_info_info3(mem_ctx, user, domain, &server_info, &logon_info->info3); if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(1,("make_server_info_info3 failed: %s!\n", -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-root accounts cannot join the Samba PDC:s domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dale Schroeder wrote: >> >> It's the same as saying 'admin users = +users'. >> > I understand that "@" refers to groups, but what > is the significance of "+" in a declaration? I see > it used in this list all the time, but without > explanation. @ => Lookup the name as a netgroup and fall back to getgrnam() + => Lookup trhe name as a Unix group (i.e. getgrnam() ). jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9GleIR7qMdg1EfYRAmjFAJ4pSQJHeevoC5RtXKnSpE+vIVFIGgCfR1Wu EoGkrfeIGUyckS5ijN5BDEQ= =4QWN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba schema
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 azzouz wrote: > hi, > > could i update my samba schema without changing > anything under ldap entry ? Please read the WHATSNEW.txt cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9GfYIR7qMdg1EfYRAoy7AKCu2MkI8Yyb9BAB8KKe7/UXUEBtxwCgtcLP vR8+tCNuwzBGRhuQhaDuCEY= =GRyQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-root accounts cannot join the Samba PDC:s domain
It's the same as saying 'admin users = +users'. I understand that "@" refers to groups, but what is the significance of "+" in a declaration? I see it used in this list all the time, but without explanation. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configure Options while build Samba and OpenLDAP?
On 08/28/2006 05:30 AM, updatemyself . escreveu: > can anyone help me to know > what all are the compailing option to use.. while build my samba and > open-ldap rpm from sourse. On Tue, 29 Aug 2006, updatemyself . wrote: what about.. ldap options..? any one can help? I rebuilt Samba for Slackware and added LDAP in the build since Slackware doesn't have LDAP by default (at all). All I had to do was set these environment variables: CFLAGS="-I/usr/local/pkg/openldap/include" LDAP_LDFLAGS="-L/usr/local/pkg/openldap/lib -Wl,-rpath,/usr/local/pkg/openldap/lib" and add this "./configure" option: --with-ldap=yes The two environmen variables were only needed because I have my OpenLDAP libraries installed in a non-standard place. (There isn't a Slackware package for OpenLDAP that I know of, and I didn't feel like making one, so I just put all the OpenLDAP stuff in its own directory to keep it separate.) If you have your OpenLDAP includes in /usr/include and your OpenLDAP libraries in /usr/lib, you wouldn't need those two environment variables. All that applies to Slackware, but it should be fairly similar for Debian, I would think. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mod_ntlm_winbind / Apache2
On Tue, 2006-08-29 at 12:09 -0300, Felipe Augusto van de Wiel wrote: > Run it in a terminal, check for manpages of your > distribution, try to increase debug/log level. Wierd, it seems to work from the command line (I just pasted in the YR line from the previous log): # /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --debuglevel=10 [2006/08/30 00:52:32, 5] lib/debug.c:debug_dump_status(368) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 YR TlRMTVNTUAABB4IIogAFASgKDw== [2006/08/30 00:52:37, 10] utils/ntlm_auth.c:manage_squid_request(1616) Got 'YR TlRMTVNTUAABB4IIogAFASgKDw==' from squid (length: 59). [2006/08/30 00:52:37, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(590) got NTLMSSP packet: [2006/08/30 00:52:37, 10] lib/util.c:dump_data(2058) [000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 08 A2 NTLMSSP. [010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [020] 05 01 28 0A 00 00 00 0F ..(. [2006/08/30 00:52:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088207 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 TT TlRMTVNTUAACCAAIADA1gokgSIGC95pLarAAAGIAYgA4VwBVAE0AMwACAAgAVwBVAE0AMwABAAwASABFAFIATQBFAFMABAAWAHUAYwB3AGIALgBvAHIAZwAuAGEAdQADACQAaABlAHIAbQBlAHMALgB1AGMAdwBiAC4AbwByAGcALgBhAHUAAA== [2006/08/30 00:52:37, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(600) NTLMSSP challenge > > Looking at http://devel.squid-cache.org/ntlm/squid_helper_protocol.html, > > it seems that the helper should be returning TT , but is > > returning BH instead. How can I get more information from the helper > > about what the problem is? > > That's the reason of my question. BH is really bad. The > helper probably is missing something. Try to strace the command > and see what files it is trying to open. I don't know a easy way > to test it (didn't had big problems with NTLM auth, and there is > quite a while that I did not setup it again). I think the "file not found" message is coming from mod_ntlm_winbind, so I'd need to strace apache for that. Does it mean anything that I get a BH if I try: # /usr/bin/ntlm_auth --helper-protocol=gss-spnego --debuglevel=10 [2006/08/30 00:50:23, 5] lib/debug.c:debug_dump_status(368) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 YR TlRMTVNTUAABB4IIogAFASgKDw== [2006/08/30 00:51:03, 10] utils/ntlm_auth.c:manage_squid_request(1616) Got 'YR TlRMTVNTUAABB4IIogAFASgKDw==' from squid (length: 59). [2006/08/30 00:51:03, 1] utils/ntlm_auth.c:manage_gss_spnego_request(859) BH Unlikely, but is it possible that mod_ntlm_winbind is mixing up the helper command lines? Regards, Kevin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba schema
hi, could i update my samba schema without changing anything under ldap entry ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba schema
hi, could i use the tow samba schemas : the last one and the new one, all under samba 3 PDC server. thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ftp 8x faster than samba
I've seen this problem mentioned many times in the various FAQs and How-Tos on the Internet, but none of the solutions presented therein have worked for me. [global] workgroup = UNIX server string = OPTIMUS interfaces = eth0 log level = 1 log file = /var/log/samba/%m.log max log size = 0 # socket options = TCP_NODELAY SO_RCVBUF=4096 SO_SNDBUF=4096 # socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 # socket options = TCP_NODELAY SO_RCVBUF=262144 SO_SNDBUF=262144 socket options = TCP_NODELAY SO_RCVBUF=524288 SO_SNDBUF=524288 # socket options = TCP_NODELAY SO_RCVBUF=1048576 SO_SNDBUF=1048576 domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap ssl = no admin users = root hosts allow = 192.168.1. getwd cache = yes lpq cache = 30 use sendfile = yes dnsproxy = no netbios name = xxx oplocks = yes I started out with the default configuration and tried all the commented out socket options. The 512k buffer about doubled my speed but my test file transfer (700Mb file) is still much faster under ftp than samba. I transfer my test file in 24 seconds under ftp and 2-4 minutes under samba. Both interfaces are on both computers are fine and the duplex settings are correct and error free. I tried removing the *.tdb files, no help. This gigabit connection should always be performing as it does under ftp, any advice? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba root probleme !!
hi, I have installed the samba 3 release. but i don't update my ldap server. to use previous ldap release using the old samba shema we can put ldapsam_compat under smb.conf. all seem to work fine but my samba root couldn't connect from windows and so can't integrate windows wrokstation in the domaine. are there someone who get the same probleme and how to resolve it. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mod_ntlm_winbind / Apache2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/29/2006 11:17 AM, Kevin Shanahan escreveu: > On Tue, 2006-08-29 at 10:56 -0300, Felipe Augusto van de Wiel wrote: > >>On 08/29/2006 10:47 AM, Kevin Shanahan escreveu: >>[...] >> >>>Internet Explorer still fails, but I see something in the logs now >>>(upped the LogLevel to debug, was at info before): >>> >>>[Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(529): [client >>>192.168.0.53] Launched ntlm_helper, pid 1849 >>>[Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(699): [client >>>192.168.0.53] creating auth user >>>[Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(750): [client >>>192.168.0.53] parsing reply from helper to YR >>>TlRMTVNTUAABB4IIogAFASgKDw==\n >>>[2006/08/29 23:02:37, 1] utils/ntlm_auth.c:manage_gss_spnego_request(859) >>>[Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(788): [client >>>192.168.0.53] got response: BH >>>[Tue Aug 29 23:02:37 2006] [error] [client 192.168.0.53] (2)No such file or >>>directory: failed to parse response from helper >>> >>>Where is the "No such file" error coming from? >> >> The helper is really working? Did you hand-tested it? > > > Can you describe how to do that? Run it in a terminal, check for manpages of your distribution, try to increase debug/log level. > Looking at http://devel.squid-cache.org/ntlm/squid_helper_protocol.html, > it seems that the helper should be returning TT , but is > returning BH instead. How can I get more information from the helper > about what the problem is? That's the reason of my question. BH is really bad. The helper probably is missing something. Try to strace the command and see what files it is trying to open. I don't know a easy way to test it (didn't had big problems with NTLM auth, and there is quite a while that I did not setup it again). > Regards, > Kevin. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9FjDCj65ZxU4gPQRAgWlAKDAaQrOubtp/CN6dprx+FO9kSN9AwCgiiOW qztXQSkuT1vHslX+gYRBVgY= =Ll/F -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Synchronize /etc/passwd (for examle in a RedHat) with smbpasswd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/29/2006 11:19 AM, [EMAIL PROTECTED] escreveu: > Hello, > > I'm looking for a way, to synchronize the linux/unix passwd file with > the smbpasswd file. The best would be if passwd triggers also smbpasswd, > or something like a daemon who synchronize them periodical. I've > allready checked around the whole net, but there seems nothing to be > there, that helps? > > Did anywone of you have a good tip for me? A good tip? Yes. :) unix passwd sync Check smb.conf manpage. But I'm afraid it will not solve the entire problem and AFAIK, there is no way of sync from UNIX to SAMBA (I remember some webmails using different tools to do the job, but I don't know if there is a PAM module to do that or something in that sense). > tnx > dude Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9FdjCj65ZxU4gPQRAgqmAJ0Sx16ddDoEuFvKkJzbwNnDsUWgmgCdEF8V 9Gv7w698K5jEpcoMcQ4Ixiw= =xZju -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change password on 1st signon
On Tuesday 29 August 2006 00:56, fname lname wrote: > oh, last thing is there a way to make this setting default so > everything I create an user it auto flags the person to change > password on signon? Just make it part of your script that adds users. I use this script which allows me to add as many users as I need to at one time: - #!/bin/sh cat newusers | while read x z do useradd -c "$z" -g "users" -m -k "/etc/skelnul" -p $x -s /bin/false $x echo -e "$x\n$x" | smbpasswd -a -s $x pdbedit -u $x --pwd-must-change-time 0 &>/dev/null done - The file newusers is space delimited with the followed by the 'User's Name', ex: twoods Tiger Woods worst George W. Bush bgates Billy Gates etc. Edit the script for your own needs. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Synchronize /etc/passwd (for examle in a RedHat) with smbpasswd
Hello, I'm looking for a way, to synchronize the linux/unix passwd file with the smbpasswd file. The best would be if passwd triggers also smbpasswd, or something like a daemon who synchronize them periodical. I've allready checked around the whole net, but there seems nothing to be there, that helps? Did anywone of you have a good tip for me? tnx dude -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] glibc detected - invalid next size
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 werner maes wrote: > > hello > > does anybody know what this error means > > glibc detected *** (free): invalid next size (normal) : 0x08486b78 *** > Looks the program is trying to double free memory or perhaps trying to free an invalid pointer. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9FG6IR7qMdg1EfYRAjQSAKDhZkmRxSvkFA1bIg4QxuzmyAt4NACePT7K KCVWWA+GuLs+YAo986VZHjs= =P6xC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-root accounts cannot join the Samba PDC:s domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 BJörn Lindqvist wrote: >> > to turn permissions on in samba.conf, then >> > the net rpc rights grant syntax seem to be >> > "unstable." This doesn't work: >> > >> > net rpc rights grant username SeMachineAccountPrivilege >> >> You have to fully qualify names. That's not an unstable >> syntax > > It is inconsistent with other "net" commands. I.e: > > net rpc user info someuser > > where the name does not have to be fully qualified The net command is a kitchen sink that needs to be broken into multiple commands. You don't have to qualify the name in your example because it is implicitly qualified by the domain of the server you are connecting to. >> > Instead of username you are supposed to use >> > some DOMAIN/username syntax I haven't figured out. >> > Howerver, I was able to allow everyone >> > to join the domain with: >> > >> > net rpc rights grant Everybody SeMachineAccountPrivilege >> >> This is a security hole. I really would recommend >> against this. It's about the same as 'guest account = root'. > > Why? If it is, then how else do enable computers to > join your domain? It's the same as saying 'admin users = +users'. I suggest creating a group mapping (let's call it "Unix Admins") and then running net rpc rights grant "DOMAIN\Unix Admins" SeMachineAccountPrivilege \ -U root cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9FFRIR7qMdg1EfYRApc8AJ4/KiN540spTNaWQxV9DOQwCMHI3gCg8ybs At0IC/wSXZEDF+04rDzoV9o= =iJ7A -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question regarding Samba rights
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 beast wrote: > Since account policy is unique to every user, why there is an > account_policy.tdb file, why not just added to to ldap just like > sambaLogonHours? account_policy.tdb is just the database I used for storing privilege assignments. Also account policy is not unique to every user. It is a global group of settings applied to all users. And yes privileges should be shared between DCs. it's been on the TODO list for a while now. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9E//IR7qMdg1EfYRAvIrAJ4uQaa7oZxcouEibEBstU7ZPohDFwCg4tla LKPP+b89GM5x/wwxNh5O448= =OYlq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mod_ntlm_winbind / Apache2
On Tue, 2006-08-29 at 10:56 -0300, Felipe Augusto van de Wiel wrote: > On 08/29/2006 10:47 AM, Kevin Shanahan escreveu: > [...] > > Internet Explorer still fails, but I see something in the logs now > > (upped the LogLevel to debug, was at info before): > > > > [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(529): [client > > 192.168.0.53] Launched ntlm_helper, pid 1849 > > [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(699): [client > > 192.168.0.53] creating auth user > > [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(750): [client > > 192.168.0.53] parsing reply from helper to YR > > TlRMTVNTUAABB4IIogAFASgKDw==\n > > [2006/08/29 23:02:37, 1] utils/ntlm_auth.c:manage_gss_spnego_request(859) > > [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(788): [client > > 192.168.0.53] got response: BH > > [Tue Aug 29 23:02:37 2006] [error] [client 192.168.0.53] (2)No such file or > > directory: failed to parse response from helper > > > > Where is the "No such file" error coming from? > > The helper is really working? Did you hand-tested it? Can you describe how to do that? Looking at http://devel.squid-cache.org/ntlm/squid_helper_protocol.html, it seems that the helper should be returning TT , but is returning BH instead. How can I get more information from the helper about what the problem is? Regards, Kevin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mod_ntlm_winbind / Apache2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/29/2006 10:47 AM, Kevin Shanahan escreveu: [...] > Internet Explorer still fails, but I see something in the logs now > (upped the LogLevel to debug, was at info before): > > [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(529): [client > 192.168.0.53] Launched ntlm_helper, pid 1849 > [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(699): [client > 192.168.0.53] creating auth user > [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(750): [client > 192.168.0.53] parsing reply from helper to YR > TlRMTVNTUAABB4IIogAFASgKDw==\n > [2006/08/29 23:02:37, 1] utils/ntlm_auth.c:manage_gss_spnego_request(859) > [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(788): [client > 192.168.0.53] got response: BH > [Tue Aug 29 23:02:37 2006] [error] [client 192.168.0.53] (2)No such file or > directory: failed to parse response from helper > > Where is the "No such file" error coming from? The helper is really working? Did you hand-tested it? Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9EeFCj65ZxU4gPQRAjIwAJ9FePaK0SVLLman3NISmRkdSHfaaQCgxWIb /8yoVpJGyPkJPmX9EJ+NS20= =+bsJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mod_ntlm_winbind / Apache2
On Tue, 2006-08-29 at 09:16 -0300, Felipe Augusto van de Wiel wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 08/29/2006 08:03 AM, Kevin Shanahan escreveu: > > Hi, > > > > I'm trying to set up Apache2 with mod_ntlm_winbind so our Windows users > > can log onto our Intranet automatically without having to type in their > > username / password. > > Just a suggestion, kerberos could be a good way to achieve > Single Sign On. Do you need mod_ntlm_winbind? Not necessarily, it just looked to be preferred option from what I've been reading. It sounded like mod_ntlm is not maintained anymore... > And there is a nice document about NTLM Authentication that > just happen to be updated these days. > > http://davenport.sourceforge.net/ntlm.html This is interesting. Since the clients are all Win2000 or WinXP, perhaps I should be using the Negotiate mechanism. I changed the apache config to the following: AuthName "NTLM SPNEGO Authentication Test" NTLMAuth on NegotiateAuth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego" NTLMBasicAuthoritative on AuthType NTLM AuthType Negotiate require valid-user Internet Explorer still fails, but I see something in the logs now (upped the LogLevel to debug, was at info before): [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(529): [client 192.168.0.53] Launched ntlm_helper, pid 1849 [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(699): [client 192.168.0.53] creating auth user [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(750): [client 192.168.0.53] parsing reply from helper to YR TlRMTVNTUAABB4IIogAFASgKDw==\n [2006/08/29 23:02:37, 1] utils/ntlm_auth.c:manage_gss_spnego_request(859) [Tue Aug 29 23:02:37 2006] [debug] mod_ntlm_winbind.c(788): [client 192.168.0.53] got response: BH [Tue Aug 29 23:02:37 2006] [error] [client 192.168.0.53] (2)No such file or directory: failed to parse response from helper Where is the "No such file" error coming from? Firefox still behaves the same (need to specify DOMAIN\username), but here's the log: [Tue Aug 29 23:13:06 2006] [debug] mod_ntlm_winbind.c(1065): [client 192.168.0.53] doing ntlm auth dance [Tue Aug 29 23:13:06 2006] [debug] mod_ntlm_winbind.c(531): [client 192.168.0.53] Using existing auth helper 1882 [Tue Aug 29 23:13:06 2006] [debug] mod_ntlm_winbind.c(750): [client 192.168.0.53] parsing reply from helper to KK TlRMTVNTUAADGAAYAGIYABgAeggACABAEAAQAEgKAAoAWAAABYIIAFcAVQBNADMAawBtAHMAaABhAG4AYQBoAGkAdAAtADAAMADpnn4qP2ZWmgDKLcOjZ3fA8rytTY1MLpDw3MCBkqgnBos=\n [2006/08/29 23:13:06, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) Got user=[kmshanah] domain=[WUM3] workstation=[it-00] len1=24 len2=24 [2006/08/29 23:13:06, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/08/29 23:13:06, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x00088235 [Tue Aug 29 23:13:06 2006] [debug] mod_ntlm_winbind.c(788): [client 192.168.0.53] got response: AF WUM3\\kmshanah [Tue Aug 29 23:13:06 2006] [debug] mod_ntlm_winbind.c(834): [client 192.168.0.53] authenticated WUM3\\kmshanah Not sure if that tells me anything new... Regards, Kevin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] glibc detected - invalid next size
hello does anybody know what this error means glibc detected *** (free): invalid next size (normal) : 0x08486b78 *** it occurs when I copy a whole list of files to a client werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configure Options while build Samba and OpenLDAP?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/29/2006 04:27 AM, updatemyself . escreveu: > what about.. ldap options..? What LDAP options? The ones used to compile? I have a strong feeling that RPMs have that options, and that you can also check the documentation for the needed options according to your setup. [...] Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9DHWCj65ZxU4gPQRAsDKAJ9tP0y8M0dAnU2dVOb40Pg6yAEtdQCaAwPE kGeSAjLxqLCk579vxTXwws4= =Npkd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mod_ntlm_winbind / Apache2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/29/2006 08:03 AM, Kevin Shanahan escreveu: > Hi, > > I'm trying to set up Apache2 with mod_ntlm_winbind so our Windows users > can log onto our Intranet automatically without having to type in their > username / password. Just a suggestion, kerberos could be a good way to achieve Single Sign On. Do you need mod_ntlm_winbind? I have good references of mod_ntlm. http://twiki.org/cgi-bin/view/Codev/TransparentAuthentication#Using_NTLM And there is a nice document about NTLM Authentication that just happen to be updated these days. http://davenport.sourceforge.net/ntlm.html [...] Anyway, I hope this helps. - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9DA4Cj65ZxU4gPQRAlbTAJ9zuthZMDY1fgddgc5RjtBUdD8TPACcCF/d 4nC04CuxD0VeDo2IrQmC4TA= =tN3e -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems changing password in outlook 2003
hello all, my clients log on with a samba 3 PDC. They are using outlook 2003 against a exchange 2003 sp1 installed on a w2k3 machine. they are able to change their password via owa, but not via outlook client. The owa access is not enabled for all the users... How do I eventually implement the M$ solution below 9relative to NT or 200 instead of samba) inside my samba pdc? http://support.microsoft.com/?scid=kb%3Ben-us%3B236111&x=10&y=7 Thaks in advance for your help. Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mod_ntlm_winbind / Apache2
Hi, I'm trying to set up Apache2 with mod_ntlm_winbind so our Windows users can log onto our Intranet automatically without having to type in their username / password. I've gotten part of the way there, but things aren't behaving the way I'd like/expect. So far, I've been able to log on using Firefox but only with the password dialog popping up, and then only if I enter my username as DOMAIN\username. For a successful authentication with Firefox (using DOMAIN\username) I can see in the apache log file: [2006/08/29 20:19:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x00088207 [2006/08/29 20:19:04, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) Got user=[kmshanah] domain=[WUM3] workstation=[it-00] len1=24 len2=24 [2006/08/29 20:19:04, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/08/29 20:19:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x00088235 [2006/08/29 20:19:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x00088207 [2006/08/29 20:19:05, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) Got user=[kmshanah] domain=[WUM3] workstation=[it-00] len1=24 len2=24 [2006/08/29 20:19:05, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/08/29 20:19:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x00088235 If I don't include the domain: [2006/08/29 20:22:27, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x00088207 [2006/08/29 20:22:27, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) Got user=[kmshanah] domain=[] workstation=[it-00] len1=24 len2=24 [2006/08/29 20:22:27, 3] utils/ntlm_auth.c:winbind_pw_check(429) Login for user [EMAIL PROTECTED] failed due to [No such user] And, with Internet Explorer nothing at all ends up in the Apache error.log file. All I see is the access denied line in access.log: 192.168.0.53 - - [29/Aug/2006:20:15:57 +0930] "GET /auth-test HTTP/1.1" 401 547 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" Here's the config I'm using in Apache: NTLMAuth on NTLMBasicAuthoritative on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" AuthType NTLM AuthName "NTLM Authentication Test" require valid-user I tried adding --domain=WUM3 to the NTLMAuthHelper line, but that didn't seem to make any difference. Any help or ideas would be appreciated! Thanks, Kevin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configure Options while build Samba and OpenLDAP?
what about.. ldap options..? any one can help? On 8/28/06, Felipe Augusto van de Wiel <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/28/2006 05:30 AM, updatemyself . escreveu: > Hai All, > > can anyone help me to know > what all are the compailing option to use.. while build my samba and > open-ldap rpm from sourse. > > to configure samba + ldap domain Server > i wish to use the folowing package.. > > http://download.fedora.redhat.com/pub/fedora/linux/core/5/source/SRPMS/openldap-2.3.19-4.src.rpm > > http://us2.samba.org/samba/ftp/Binary_Packages/RedHat/SRPMS/samba-3.0.23b-1.src.rpm > > OS is.. > Red Hat Enterprise Linux WS (2.6.9-34.EL) > > if any one can give me the modified "spec" file.. that will be grate help > or give me the configure options... The conf_args of the debian/rules, Debian package (3.0.22) in Etch (testing). conf_args = \ --cache-file=./config.cache \ --with-fhs \ --enable-shared \ --enable-static \ --disable-pie \ --prefix=/usr \ --sysconfdir=/etc \ --libdir=/etc/samba \ --with-privatedir=/etc/samba \ --with-piddir=/var/run/samba \ --localstatedir=/var \ --with-netatalk \ --with-pam \ --with-syslog \ --with-utmp \ --with-readline \ --with-pam_smbpass \ --with-libsmbclient \ --with-winbind \ --with-shared-modules=idmap_rid,idmap_ad \ --with-msdfs \ --with-automount \ --with-tdbsam \ --with-ldap \ --with-python=python2.3 ifeq ($(DEB_HOST_ARCH_OS),linux) conf_args += \ --with-smbmount \ --with-acl-support \ --with-quotas mount_cifs= yes smbfs = yes else conf_args += --without-quotas mount_cifs= no smbfs = no endif > thank you in advance > jerrynikky. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE8xkdCj65ZxU4gPQRAjOWAJwIvlbtLvjorGb+ItKNuyLiOP078wCguyVx +xOs5VobqLXpU9MSqO8Ru9o= =3gIR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam +Windows 2k/XP Change Password
El Lunes, 28 de Agosto de 2006 16:59, [EMAIL PROTECTED] escribió: > unix password sync = Yes unix password sync = no at the moment to my I work myself -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change password on 1st signon
fname lname wrote: oh, last thing is there a way to make this setting default so everything I create an user it auto flags the person to change password on signon? If you're using ldap backend, just tell your add user script to set sambaPwdMustChange attribute less than current time. btw, pls do not top post. --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba