[Samba] Re: samba: offer public share to Windows 98 and writable share to Windows XP

[Zhang Weiwu]

On Wed, 2007-04-11 at 11:57 +0800, Zhang Weiwu wrote:
> Dear List. My requirement is to set up a samba share named "music"
> that: 
>  I. it's read-only accessible from both Windows 98 and Windows
> 2000/XP not requiring password; 
> II. it's write-accessible from Windows XP protected by a password.

In my last email I forgot to mention my "uname -a" and my smb.conf

[global]
  server string = File Server Sappho %v
  log file = /var/log/samba/log.%m
  map to guest = nobody
  hosts allow = 218.193.55.
  security = share
  encrypt passwords = no
  bind interfaces only = 218.193.55.205
  dos charset = 936
  unix charset = UTF-8

[music]
   comment = /var/music
   path = /var/music
   guest ok = yes
   read only = no

Later I am aware that Windows NT (including XP) probably doesn't work
with "encrypt passwords = no" so I removed that line, the result is,
Windows XP user can always map the share as user "music" but after
mounted the user still don't have permission to write to the share.
Sambe log shows the user is still "nobody" but not "music".

[2007/04/11 02:15:59, 1]
smbd/service.c:make_connection_snum(693)
  218.193.55.233 (218.193.55.233) connect to service music initially as 
user nobody (uid=65534, gid=65534) (pid 15327)

my system information:
sappho ~ # equery which samba
/usr/portage/net-fs/samba/samba-3.0.24.ebuild
sappho ~ # uname -a
Linux sappho.realss.com 2.6.18-gentoo-r3 #23 Mon Apr 9 23:27:21 HKT 2007 
sparc64 sun4u TI UltraSparc IIi (Sabre) GNU/Linux

My latest smb.conf:

sappho ~ # cat /etc/samba/smb.conf
[global]
  server string = File Server Sappho %v
  log file = /var/log/samba/log.%m
  map to guest = nobody
  hosts allow = 218.193.55.
  security = share
  bind interfaces only = 218.193.55.205
  dos charset = 936
  unix charset = UTF-8

[music]
   comment = /var/music
   path = /var/music
   guest ok = yes
   read only = no


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba: offer public share to Windows 98 and writable share to Windows XP

[Zhang Weiwu]

Dear List. My requirement is to set up a samba share named "music"
that: 
 I. it's read-only accessible from both Windows 98 and Windows
2000/XP not requiring password; 
II. it's write-accessible from Windows XP protected by a password.

I thought in order to cope with Windows 98 I need to 
 I. use "security = share" (done), and set "guest ok = nobody" 
II. make sure "nobody" have read-only access on the Linux server the
directory to be shared (done) 
   III. test the server against Windows all versions to make sure public
read-only access is okay and do not require a password (done);

Now my problem is: the windows XP user who should have write access to
the share, never actually got write access. Here is how it happens:

 I. A user "music" (same as the share name) exists on Linux samba
server and have full write access to the directory being
shared; 
II. the Windows XP user, when accessing the share, is not prompted
for password and got read-only access (expected); 
   III. now the XP user wish to write the share, she go to create a map
from the share "\\server\music" to "Z:", in that dialog box she
got the option to login as another user (fine); 
IV. she choose to login as "music", password which is the password
of Linux user "music", and click login; 
 V. login failed, she is asked for username again (surprise);

>From what I've read on the smb.conf manual, it says:

Note  that  smbd  ALWAYS uses a valid UNIX user to act on behalf
of the client, even in security = share level security.

As clients are not required to send a username to the server in
share level  security,  smbd  uses several techniques to
determine the correct UNIX user to use on behalf of the client.

[snip]
  * The name of the service the client requested is added as
a potential username. 
[snip]

If  the  guest only parameter is not set, then this list is then
tried with the supplied password. The first user for whom the
password matches will be used as the UNIX user.

So, if I understood the manual correctly, the name of the service
"music" is a potential username, and the password sent from Windows XP
to Samba on Linux is tried with "music" and should gets validated as
Linux user "music". This should happen whatever username the Windows XP
user filled, because "music" will always be a potential username.

The question is now how do I let the Windows XP user write the share?
I'd very much appreciate a solution and somone point me out my
misunderstanding of the manual (if I did). Thanks a lot in advance!

-- 
Zhang Weiwu
Real Softservice
http://www.realss.com
+86 592 2091112

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ldap password sync

[Edmundo Valle Neto]

Sean Elble escreveu:

On 4/10/07 9:29 PM, "Edmundo Valle Neto" <[EMAIL PROTECTED]> wrote:

  

David.

You appears to have two conflicting options setted, I saw that you
enabled the "ldap passwd sync", this is the right way to do this, samba
will sync the password directly in ldap without any external command (at
least I think it does that way).




Heh, I never even noticed that he had that option enabled in the first
place. Oops . . .

  

But when you set "unix password sync" to yes, samba will try to use the
specified "passwd program" using the specified "passwd chat" as root. I
dont know exactly what happens in the samba code when the two are setted
to yes, in my tests (with the other options (unix pass sync, passwd
program and chat) setted as yours) windows clients refuses to change the
password saying that they doesnt have right to do that (heh, a very nice
error message to someone say to me that I need to fix my LDAP acls to
solve that :) ).




I would think that one *COULD* use just the unix password sync and passwd
program parameters to change all the passwords, assuming the passwd program
had access to a DN with ACLs to change those parameters. BUT, LDAP passwd
sync is definitely the easiest/best option . . .
  
Yes it could and probably works, but as the official IDEALX 
documentation suggests: 
http://sourceforge.net/docman/display_doc.php?docid=33543&group_id=166108


6.8  The directive passwd program = /usr/local/sbin/smbldap-passwd -u %u 
is not called, or i got a error message when changing the password from 
windows

The directive is called if you also set unix password sync = Yes. Notes:

   * if you use OpenLDAP, none of those two options are needed. You 
just need ldap passwd sync = Yes.
   * the script called here must only update the userPassword 
attribute. This is the reason of the -u option. Samba passwords will be 
updated by samba itself.
   * the passwd chat directive must match what is prompted when using 
the smbldap-passwd command


So..., just -u to change only userPassword and a working passwd chat :)

And in: 8.1.3  The samba configuration file : /etc/samba/smb.conf

   #unix password sync = Yes
   #passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
   #passwd chat = "Changing password for*\nNew password*" %n\n 
"*Retype new password*" %n\n"

   ldap passwd sync = Yes

One OR another.


If I remember right "unix password sync" is no by default (you can check
this with "testparm -v | grep sync" when the option is not setted), in
this case, passwd program and chat are simply ignored, doesnt make
difference what you put there.

Just dont set "unix password sync" to yes at the same time with "ldap
passwd sync".



Good advice - Wish I had noticed that in David's original post.

  

Regards.

Edmundo Valle Neto


David Pinkerton escreveu:


I'm trying to get ldap/unix password sync working.

Using this config, packet traces show no requests to update userPassword
(only the samba passwords)

Can  someone see what I've done wrong?



[global]
   workgroup = HOME
   netbios name = DHP

   security = user
   encrypt passwords = yes
   enable privileges = yes

   passdb backend = ldapsam:ldap://127.0.0.1
   passwd program = /usr/local/sbin/smbldap-passwd -u %u
   unix password sync = yes

   log file = /var/log/samba/%m.log
   utmp = yes
   max log size = 50
   log level = 1
   syslog = 0

   add user script = /usr/local/sbin/smbldap-useradd -m "%u"
   add machine script = /usr/local/sbin/smbldap-useradd -w "%u"

   add group script = /usr/local/sbin/smbldap-groupadd -p "%g"

   add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
   set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

   domain logons = yes
   domain master = yes
   os level = 65
   preferred master = yes
   wins support = yes

   ldap admin dn = cn=admin,o=dhp
   ldap passwd sync = yes
   ldap delete dn = yes
   ldap suffix = o=dhp
   ldap machine suffix = ou=machine
   ldap user suffix = ou=staff
   ldap group suffix = ou=group
   ldap idmap suffix = ou=idmap
   idmap uid = 1-2
   idmap gid = 1-2





The contents of this email may be privileged and confidential, any
unauthorised use of the contents is expressly prohibited. If you are not the
intended recipient, any disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it, is prohibited and may be unlawful.
PLAN Australia is not liable for the proper and complete transmission of the
information contained in this communication, nor for any delay in its
receipt.
 

  
  


  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ldap password sync

[Sean Elble]

On 4/10/07 9:29 PM, "Edmundo Valle Neto" <[EMAIL PROTECTED]> wrote:

> David.
> 
> You appears to have two conflicting options setted, I saw that you
> enabled the "ldap passwd sync", this is the right way to do this, samba
> will sync the password directly in ldap without any external command (at
> least I think it does that way).
> 

Heh, I never even noticed that he had that option enabled in the first
place. Oops . . .

> But when you set "unix password sync" to yes, samba will try to use the
> specified "passwd program" using the specified "passwd chat" as root. I
> dont know exactly what happens in the samba code when the two are setted
> to yes, in my tests (with the other options (unix pass sync, passwd
> program and chat) setted as yours) windows clients refuses to change the
> password saying that they doesnt have right to do that (heh, a very nice
> error message to someone say to me that I need to fix my LDAP acls to
> solve that :) ).
> 

I would think that one *COULD* use just the unix password sync and passwd
program parameters to change all the passwords, assuming the passwd program
had access to a DN with ACLs to change those parameters. BUT, LDAP passwd
sync is definitely the easiest/best option . . .

> If I remember right "unix password sync" is no by default (you can check
> this with "testparm -v | grep sync" when the option is not setted), in
> this case, passwd program and chat are simply ignored, doesnt make
> difference what you put there.
> 
> Just dont set "unix password sync" to yes at the same time with "ldap
> passwd sync".

Good advice - Wish I had noticed that in David's original post.

> 
> Regards.
> 
> Edmundo Valle Neto
> 
> 
> David Pinkerton escreveu:
>> I'm trying to get ldap/unix password sync working.
>> 
>> Using this config, packet traces show no requests to update userPassword
>> (only the samba passwords)
>> 
>> Can  someone see what I've done wrong?
>> 
>> 
>> 
>> [global]
>>workgroup = HOME
>>netbios name = DHP
>> 
>>security = user
>>encrypt passwords = yes
>>enable privileges = yes
>> 
>>passdb backend = ldapsam:ldap://127.0.0.1
>>passwd program = /usr/local/sbin/smbldap-passwd -u %u
>>unix password sync = yes
>> 
>>log file = /var/log/samba/%m.log
>>utmp = yes
>>max log size = 50
>>log level = 1
>>syslog = 0
>> 
>>add user script = /usr/local/sbin/smbldap-useradd -m "%u"
>>add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
>> 
>>add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
>> 
>>add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
>>delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
>> "%g"
>>set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
>> 
>>domain logons = yes
>>domain master = yes
>>os level = 65
>>preferred master = yes
>>wins support = yes
>> 
>>ldap admin dn = cn=admin,o=dhp
>>ldap passwd sync = yes
>>ldap delete dn = yes
>>ldap suffix = o=dhp
>>ldap machine suffix = ou=machine
>>ldap user suffix = ou=staff
>>ldap group suffix = ou=group
>>ldap idmap suffix = ou=idmap
>>idmap uid = 1-2
>>idmap gid = 1-2
>> 
>> 
>> 
>> 
>> 
>> The contents of this email may be privileged and confidential, any
>> unauthorised use of the contents is expressly prohibited. If you are not the
>> intended recipient, any disclosure, copying, distribution or any action taken
>> or omitted to be taken in reliance on it, is prohibited and may be unlawful.
>> PLAN Australia is not liable for the proper and complete transmission of the
>> information contained in this communication, nor for any delay in its
>> receipt.
>>  
>> 
>>   

-- 
+-+
|  Sean Elble |
|  Virginia Tech, Class of 2008   |
|  Vice President, VTLUUG |
|  E-Mail:   [EMAIL PROTECTED]|
|  Web:  http://www.sessys.com/~elbles/   |
|  Cell: 860.946.9477 |
+-+
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ldap password sync

[Edmundo Valle Neto]

David.

You appears to have two conflicting options setted, I saw that you 
enabled the "ldap passwd sync", this is the right way to do this, samba 
will sync the password directly in ldap without any external command (at 
least I think it does that way).


But when you set "unix password sync" to yes, samba will try to use the 
specified "passwd program" using the specified "passwd chat" as root. I 
dont know exactly what happens in the samba code when the two are setted 
to yes, in my tests (with the other options (unix pass sync, passwd 
program and chat) setted as yours) windows clients refuses to change the 
password saying that they doesnt have right to do that (heh, a very nice 
error message to someone say to me that I need to fix my LDAP acls to 
solve that :) ).


If I remember right "unix password sync" is no by default (you can check 
this with "testparm -v | grep sync" when the option is not setted), in 
this case, passwd program and chat are simply ignored, doesnt make 
difference what you put there.


Just dont set "unix password sync" to yes at the same time with "ldap 
passwd sync".


Regards.

Edmundo Valle Neto


David Pinkerton escreveu:

I'm trying to get ldap/unix password sync working.

Using this config, packet traces show no requests to update userPassword (only 
the samba passwords)

Can  someone see what I've done wrong?



[global]
   workgroup = HOME
   netbios name = DHP

   security = user
   encrypt passwords = yes
   enable privileges = yes

   passdb backend = ldapsam:ldap://127.0.0.1
   passwd program = /usr/local/sbin/smbldap-passwd -u %u
   unix password sync = yes

   log file = /var/log/samba/%m.log
   utmp = yes
   max log size = 50
   log level = 1
   syslog = 0

   add user script = /usr/local/sbin/smbldap-useradd -m "%u"
   add machine script = /usr/local/sbin/smbldap-useradd -w "%u"

   add group script = /usr/local/sbin/smbldap-groupadd -p "%g"

   add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

   domain logons = yes
   domain master = yes
   os level = 65
   preferred master = yes
   wins support = yes

   ldap admin dn = cn=admin,o=dhp
   ldap passwd sync = yes
   ldap delete dn = yes
   ldap suffix = o=dhp
   ldap machine suffix = ou=machine
   ldap user suffix = ou=staff
   ldap group suffix = ou=group
   ldap idmap suffix = ou=idmap
   idmap uid = 1-2
   idmap gid = 1-2





The contents of this email may be privileged and confidential, any unauthorised 
use of the contents is expressly prohibited. If you are not the intended 
recipient, any disclosure, copying, distribution or any action taken or omitted 
to be taken in reliance on it, is prohibited and may be unlawful. PLAN 
Australia is not liable for the proper and complete transmission of the 
information contained in this communication, nor for any delay in its receipt.
 

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] machine authentication at Active Directory

[Otto Fuchshuber Filho]

On a 802.1X environment, it's possible to permit a windows 
desktop gain access to the network by using only machine 
authentication at the Active Directory (no need for login + 
password).
Is it possible to do the same with a Linux desktop with samba?  I 
mean a Linux desktop pass machine credentials to Active Directory 
as windows do (SID), without any login and password.

--
Otto Fuchshuber Filho
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ldap password sync

[Sean Elble]

On 4/10/07 7:25 PM, "David Pinkerton" <[EMAIL PROTECTED]>
wrote:

> 
> I'm trying to get ldap/unix password sync working.
> 
> Using this config, packet traces show no requests to update userPassword (only
> the samba passwords)
> 
> Can  someone see what I've done wrong?
> 
> 
> 
> [global]
>workgroup = HOME
>netbios name = DHP
> 
>security = user
>encrypt passwords = yes
>enable privileges = yes
> 
>passdb backend = ldapsam:ldap://127.0.0.1
>passwd program = /usr/local/sbin/smbldap-passwd -u %u
>unix password sync = yes
> 

This could easily be part of your problem. I would imagine that your
smbldap-passwd script is not working correctly, is misconfigured some way,
et cetra. Perhaps you might want to try this in your smb.conf file instead
of using the passwd program and unix password sync parameters:

Ldap passwd sync = yes

>From the smb.conf(5) man page:

"This option is used to define whether or not Samba should sync the LDAP
password with the NT and LM hashes for normal accounts (NOT for workstation,
server or domain trusts) on a password change via SAMBA."

That sounds like it should do exactly what you want it to do, assuming of
course, your admin DN has the privileges to set the userPassword parameter.
I'm not speaking from experience here, as I use Kerberos for UNIX/Linux
password authentication, but I think that should take care of what you want
to do . . . Hope that helps.

>log file = /var/log/samba/%m.log
>utmp = yes
>max log size = 50
>log level = 1
>syslog = 0
> 
>add user script = /usr/local/sbin/smbldap-useradd -m "%u"
>add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> 
>add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> 
>add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
>delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
> "%g"
>set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
> 
>domain logons = yes
>domain master = yes
>os level = 65
>preferred master = yes
>wins support = yes
> 
>ldap admin dn = cn=admin,o=dhp
>ldap passwd sync = yes
>ldap delete dn = yes
>ldap suffix = o=dhp
>ldap machine suffix = ou=machine
>ldap user suffix = ou=staff
>ldap group suffix = ou=group
>ldap idmap suffix = ou=idmap
>idmap uid = 1-2
>idmap gid = 1-2
> 
> 
> 
> 
> 
> The contents of this email may be privileged and confidential, any
> unauthorised use of the contents is expressly prohibited. If you are not the
> intended recipient, any disclosure, copying, distribution or any action taken
> or omitted to be taken in reliance on it, is prohibited and may be unlawful.
> PLAN Australia is not liable for the proper and complete transmission of the
> information contained in this communication, nor for any delay in its receipt.
>  

-- 
+-+
|  Sean Elble |
|  Virginia Tech, Class of 2008   |
|  Vice President, VTLUUG |
|  E-Mail:   [EMAIL PROTECTED]|
|  Web:  http://www.sessys.com/~elbles/   |
+-+



SES Computer Systems Anti-Virus and Anti-Spam E-Mail Filtering
Powered By ClamAV & SpamAssassin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba kills network.

[Roots]

Tom Peters wrote:

Nope Refreshing my shares does not help when i am getting errors on the 
network. Still getting large amounts of errors generated and a hang of 
all the computers using network processes:


Apr 11 01:08:37 Ghost smbd[32453]: [2007/04/11 01:08:37, 0] 
lib/util_sock.c:write_data(562)
Apr 11 01:08:37 Ghost smbd[32453]:   write_data: write failure in 
writing to client 192.168.1.97. Error Broken pipe
Apr 11 01:08:37 Ghost smbd[32453]: [2007/04/11 01:08:37, 0] 
lib/util_sock.c:send_smb(769)
Apr 11 01:08:37 Ghost smbd[32453]:   Error writing 75 bytes to client. 
-1. (Broken pipe)
Apr 11 01:09:18 Ghost smbd[9885]: [2007/04/11 01:09:18, 0] 
lib/util_sock.c:read_data(534)
Apr 11 01:09:18 Ghost smbd[9885]:   read_data: read failure for 4 bytes 
to client 192.168.1.97. Error = Connection reset by peer
Apr 11 01:09:18 Ghost smbd[9885]: [2007/04/11 01:09:18, 0] 
lib/util_sock.c:write_data(562)
Apr 11 01:09:18 Ghost smbd[9885]:   write_data: write failure in writing 
to client 192.168.1.97. Error Broken pipe
Apr 11 01:09:18 Ghost smbd[9885]: [2007/04/11 01:09:18, 0] 
lib/util_sock.c:send_smb(769)
Apr 11 01:09:18 Ghost smbd[9885]:   Error writing 75 bytes to client. 
-1. (Broken pipe)


Tim Otten


At 10:14 AM 4/7/2007 +0200, C.Scheeder wrote:

Tom Peters schrieb:
By the way, I was hoping this would be significant: If I refresh my 
view of a Samba share on the XP box by pressing F5 or clicking 
View-->Refresh, so that there is some recent activity on that share, 
and then begin the copy operation immediately, e.g. within 20 
seconds, the copy operation always succeeds.


This makes me beleave it's a problem of your XP-installation.
Please give it a try to boot with a knoppix or another live-cd and 
then test if the problems are reproduceable or not.



Roots <[EMAIL PROTECTED]> is that true for you as well?
The files I am copying tend to be medium-large: 180 mb to 900 mb. 
But even with small files I've had it do the same thing.

At 10:00 AM 4/6/2007 +0200, C.Scheeder wrote:

Hi,
First:
you missed to tell us the version of samba you are using, and the
Software/OS of the client you are trying to copy your files from.
Yes, sorry, I realized after that we had not discussed versions or 
etc. Of course I don't know what versions Roots <[EMAIL PROTECTED]> 
but I have 3.0.9-2.3 of Samba here. I know it's pretty old.


and your kernelversion is?


2.6.8-24.25



second:
I never had any problems moving large files around using w98/W2k/XP
boxes to and from the samba-servers i maintain (roundabout 12 
machines),

except when bad/dying hardware/software was involved.

have you tried from another client?

Yes. Similar issues result from another XP Pro box.


have you updated ALL your clients drivers (not only the Nic's drivers)
to the latest versions?

No.


Ok as you have tryend from two clients, that shouldn't be a problem,
as i guess they have diffrentz Hardware.

have you checked if there are corrupted packets on your network 
("ifconfig eth1" shows you statistics off packets on your server)
It's eth0 for me. Out of 95 million packets received the errors 
counts are: 1 error, 7 overruns, 1 frame, 0 dropped.
For 102.77 million packet sent, I have zero errors of any kind, zero 
collisions, txqueue length 1000.


OK, that is bad. You should not get errors here with modern Hardware.
I checked the servers i can lay my hands on from here, and they have 
no errors, nada. (one of them with over 300 million packets send and 
received, and 5 other with lower counts, probably caused by wrapping 
counters.)



have you replaced any peace of hardware inbetween the server and the
client?
No. Well, yes, but it made no difference. I swapped my SMC 
10/100/1000 switch out for a 3Com SmartStack 10/100.
I did however try a crossover cable some time ago. The same results 
(errors) occur.


Did you try and replace the NIC's in the clients and the server?
I have seen strange things happen with partly damaged/dying NIC's.
Even defekt onboard NIC's on brand new motherboards.

(if you don't have a spare-switch, connect client and server via an 
crossover-cable...)


has your switch updateable firmware? if yes, have you updated it to 
the

latest version?

I checked. There is no later version available for the SMC.

try to boot knoppix on the client and smbmount the shares then test 
if then copying works.


Make shure your server is the masterbrowser at any time.

The os level is set to 33, which is supposed to make sure of that.


SUPPOSED, i've seen XP-computers steal the Masterbrowser-role even from
a samba server with os-level set to 255, took me half a Day to find the
machine and punish the user for having installed tcp-ip, netbios and
netware-protokoll on the machine.

make shure ALL unused network connections in your clients are 
disabled. (like ieee1394-network, or dvb-network, unused 
WLAN-Connetions and what the hell modern windows versions think of 
devices being able to do networking)


Hmmm The 1394 connection was bou

[Samba] Some errors importing accounts from NT4 PDC with net vampire

[Filipe]

Hi
I have folowed this guide
http://www.enterprisenetworkingplanet.com/netos/article.php/3457461 to
import users from my NT4 domain to a debian sarge with samba 3.0.14a
Everything runs fine till the net rpc vampire command, some users give
an error others are imported fine.
I don't see any problem on this users configuration in the NT4 server,
here is part of the output:
thanks.

fb_nt2:/etc/samba# net rpc vampire -S fb_nt -W FFTBL -UFilipe%*
Fetching DOMAIN database
Creating account: Administrator
Creating account: Guest
[2007/03/19 11:19:24, 0] passdb/pdb_tdb.c:tdb_update_sam(641)
Unable to modify passwd TDB! Error: Record does not exist occured while
storing the main record (USER_guest)
Creating account: FB_NT$
[2007/03/19 11:19:24, 0] passdb/pdb_tdb.c:tdb_update_sam(641)
Unable to modify passwd TDB! Error: Record does not exist occured while
storing the main record (USER_fb_nt$)
Creating account: Augusto
[2007/03/19 11:19:24, 0] passdb/pdb_tdb.c:tdb_update_sam(641)
Unable to modify passwd TDB! Error: Record does not exist occured while
storing the main record (USER_augusto)
Creating account: Miit
[2007/03/19 11:19:24, 0] passdb/pdb_tdb.c:tdb_update_sam(641)
Unable to modify passwd TDB! Error: Record does not exist occured while
storing the main record (USER_miit)
Creating account: Natalia
[2007/03/19 11:19:24, 0] passdb/pdb_tdb.c:tdb_update_sam(641)
Unable to modify passwd TDB! Error: Record does not exist occured while
storing the main record (USER_natalia)
Creating account: Publico
Creating account: Mariana
Creating account: Jaime
[2007/03/19 11:19:24, 0] passdb/pdb_tdb.c:tdb_update_sam(641)
Unable to modify passwd TDB! Error: Record does not exist occured while
storing the main record (USER_jaime)
Creating account: Filomena
[2007/03/19 11:19:24, 0] passdb/pdb_tdb.c:tdb_update_sam(641)
Unable to modify passwd TDB! Error: Record does not exist occured while
storing the main record (USER_filomena)
Creating account: Mendes
[2007/03/19 11:19:24, 0] passdb/pdb_tdb.c:tdb_update_sam(641)
Unable to modify passwd TDB! Error: Record does not exist occured while
storing the main record (USER_mendes)
Creating account: Maria do Ceu
[2007/03/19 11:19:24, 0] passdb/pdb_tdb.c:tdb_update_sam(641)
Unable to modify passwd TDB! Error: Record does not exist occured while
storing the main record (USER_maria do ceu)
Creating account: M1
Creating account: isabel
Creating account: Luis
Creating account: Carla
Creating account: M2
Creating account: Manuela
Creating account: Jose Alberto
Creating account: Labqui
Creating account: Faria

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ldap password sync

[David Pinkerton]

I'm trying to get ldap/unix password sync working.

Using this config, packet traces show no requests to update userPassword (only 
the samba passwords)

Can  someone see what I've done wrong?



[global]
   workgroup = HOME
   netbios name = DHP

   security = user
   encrypt passwords = yes
   enable privileges = yes

   passdb backend = ldapsam:ldap://127.0.0.1
   passwd program = /usr/local/sbin/smbldap-passwd -u %u
   unix password sync = yes

   log file = /var/log/samba/%m.log
   utmp = yes
   max log size = 50
   log level = 1
   syslog = 0

   add user script = /usr/local/sbin/smbldap-useradd -m "%u"
   add machine script = /usr/local/sbin/smbldap-useradd -w "%u"

   add group script = /usr/local/sbin/smbldap-groupadd -p "%g"

   add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

   domain logons = yes
   domain master = yes
   os level = 65
   preferred master = yes
   wins support = yes

   ldap admin dn = cn=admin,o=dhp
   ldap passwd sync = yes
   ldap delete dn = yes
   ldap suffix = o=dhp
   ldap machine suffix = ou=machine
   ldap user suffix = ou=staff
   ldap group suffix = ou=group
   ldap idmap suffix = ou=idmap
   idmap uid = 1-2
   idmap gid = 1-2





The contents of this email may be privileged and confidential, any unauthorised 
use of the contents is expressly prohibited. If you are not the intended 
recipient, any disclosure, copying, distribution or any action taken or omitted 
to be taken in reliance on it, is prohibited and may be unlawful. PLAN 
Australia is not liable for the proper and complete transmission of the 
information contained in this communication, nor for any delay in its receipt.
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roaming Desktops with Linux Clients

[Daniel O'Connor]

On Wednesday 11 April 2007 06:55, Jimmy Perkins wrote:
> I have Samba setup on a Debian server and have implemented roaming desktops
> for the windows clients.  In this network, there
> are also LINUX clients that i would like to use roaming desktops and the
> users be able to access their home directory on the server
> when they login to one of these linux clients.
>
> Is this possible using Samba?  And can anyone point me to a
> website/tutorial or any information regarding this?  I have searched a lot
> and have not found much related to my problem.

You could try pam_mount - http://pam-mount.sourceforge.net/

That combined with pam_winbind and nss_winbind should get you what you want.

-- 
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C


pgpmRG8FBef6w.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roaming Desktops with Linux Clients

[Gary Dale]

It occurs to me that you would need two things. One is to have Samba do 
the authentication for the Linux clients. Samba.org has a howto on this 
topic. The other is to mount /home as a share from the server during bootup.


With Samba authentication and /home on a remote volume, you would have 
difficulty if you don't have a network connection. You may want to try 
using rsync instead - running as a daemon - to keep selected local home 
directories synched with the server.



Jimmy Perkins wrote:

Hi,

I have Samba setup on a Debian server and have implemented roaming 
desktops

for the windows clients.  In this network, there
are also LINUX clients that i would like to use roaming desktops and the
users be able to access their home directory on the server
when they login to one of these linux clients.

Is this possible using Samba?  And can anyone point me to a 
website/tutorial

or any information regarding this?  I have searched a lot and have not
found much related to my problem.

Thanks in advance!!
Jim


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Roaming Desktops with Linux Clients

[Jimmy Perkins]

Hi,

I have Samba setup on a Debian server and have implemented roaming desktops
for the windows clients.  In this network, there
are also LINUX clients that i would like to use roaming desktops and the
users be able to access their home directory on the server
when they login to one of these linux clients.

Is this possible using Samba?  And can anyone point me to a website/tutorial
or any information regarding this?  I have searched a lot and have not
found much related to my problem.

Thanks in advance!!
Jim
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Drag and Drop and Crash

[Jim Summers]

More info.  I went the user's workstation and created a new user.  Then mapped 
 a drive to a different share.  Attempted to copy a file within that share 
and boom, reboot.


H.

TIA

Jim Summers wrote:

Hello List,

I am running a 3.0.24 server on redhat EL4.  I have a user that has 
mapped a drive to his home directory on the server.  When he copies a 
file from the share to a local disk location, desktop for example, it 
goes just fine.  When he attempts to copy / move / cut and paste a file 
from one location on the share to another location in the same share, it 
will literally crash his local machine and it reboots.  Other users can 
do the same no problems.  He can map to a different samba server and is 
able to copy a file within that share.


I am suspecting some corrupt file entry or possibly something strange in 
the registry not sure.  I have looked in his home directory and do not 
see any thing out of the ordinary.


Ideas / Suggestions?

Many Thanks


--
Jim Summers
School of Computer Science-University of Oklahoma
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Drag and Drop and Crash

[Jim Summers]

Hello List,

I am running a 3.0.24 server on redhat EL4.  I have a user that has mapped a 
drive to his home directory on the server.  When he copies a file from the 
share to a local disk location, desktop for example, it goes just fine.  When 
he attempts to copy / move / cut and paste a file from one location on the 
share to another location in the same share, it will literally crash his local 
machine and it reboots.  Other users can do the same no problems.  He can map 
to a different samba server and is able to copy a file within that share.


I am suspecting some corrupt file entry or possibly something strange in the 
registry not sure.  I have looked in his home directory and do not see any 
thing out of the ordinary.


Ideas / Suggestions?

Many Thanks
--
Jim Summers
School of Computer Science-University of Oklahoma
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] root ownership of print jobs

[Daulton Theodore]

Samba 3.0.23a
Solaris 9

I have reecently upgraded my Samba server to the above version and joined an 
Active Directory domain. Since having achieved this I have been encountering 
a strange problem. 
On some of my printers the printing of banner pages is enabled. In some 
instances when a user submits a print job it prints with root as the owner
on the banner page and not the user's who submitted the job.
I have included the Global section of my conf file. Has anyone encountered 
this behavior?

# Global parameters
[globals]
   netbios name  = my_netbiosname
   server string = %L
   workgroup = my_workgroup
   browsable = yes
   local master  = no

   allow hosts   = allowed-hosts
   hosts deny = 0.0.0.0/0

   security  = ADS
   realm = mydomain


   password server = my password servers

   machine password timeout = 314496000
   name resolve order = lmhosts wins host bcast

   remote announce = x.x.x.x

   wins server = w.w.w.w

#  force Samba to bind only to hme0
   interfaces= y.y.y.y/255.255.255.0
   bind interfaces only = yes
   socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
   deadtime = 0

   client lanman auth = no
   client ntlmv2 auth = yes
   client plaintext auth = no
   lanman auth = no
   ntlm auth = no
   enable privileges = no


#  Encrypt all passwords stored in /usr/local/samba3/private/smbpasswd
   encrypt passwords = yes
   smb passwd file   = passwd file
   username map = names file

#  not allowed to log in
   invalid users = invalid users

   writeable = yes

#  Debug Logging information
   log level = 3
   syslog = 2
   log file = log.%m
   max log size = 2000
   debug timestamp = yes


#  printing stuff
   printing  = SYSV
   load printers = yes
   lprm command = cancel %p-%j
   use client driver = yes


# ---

-- 
--- 0 
Daulton Theodore  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem to start services nmbd and smbd

[Rodrigo Hashimoto]

Hi, I'm new in the Linux world, I've worked for about tree months with
Debian and I've a big problem to start the samba services (nmbd and smbd).

I downloaded the samba-latest.tar.gz from the www.samba.org and tried to
compile it. I didn't have problem with it, but I can't initialize the
services.

What can I do?

Thanks a lot.

--
Rodrigo Hashimoto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Backup Domain Controller

[Jason Baker]

On a related note. How do I know if my BDC is actually working? I am 
able to run getent passwd and see all the correct users (even with the 
BDC disconnected to the network) and if I add a new user it shows up on 
the BDC, but how do I know that the machines on my network are using the 
BDC? How does load balancing work, are the workstations only sent to the 
BDC is the PDC is "too busy"? Is there a tool available to monitor the 
way the network load balances? Maybe I could use Wireshark to watch 
network traffic and see the authentication requests. Just curious.


*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 

-BEGIN GEEK CODE BLOCK- 
Version: 3.1

GIT$ d- s: a C++$ LU+++$ P+ L++>L !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

--END GEEK CODE BLOCK--



On 4/10/2007 11:54 AM, Wolfgang Ratzka wrote:

Jason Baker schrieb:

  

I created a BDC for my network, running a slave LDAP server. Do I need
specify the same workgroup as the PDC in the smb.conf? I was thinking
I'd put it on a different workgroup just for organizational purposes.



The workgroup name serves as the domain name if you are running your samba
servers as domain controlers. A BDC must have the same domain name as the PDC,
so the answer is "no".
Once you start with PDCs and BDCs you must stop thinking of workgroups. You have
a domain.
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SMB Signature verification failed when establish trust with win2003 domain

[Lin Li]

I have a samba PDC (using samba 3.0.24). When I try to establish trust 
with a win2003 domain, I got signing error, see the log below. Trust 
with NT domain and win2000 domain works. Any help are appreciated.


Thanks,
Lin

[2007/04/04 17:00:13, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
 all: True/10
 tdb: False/0
 printdrivers: False/0
 lanman: False/0
 smb: False/0
 rpc_parse: False/0
 rpc_srv: False/0
 rpc_cli: False/0
 passdb: False/0
 sam: False/0
 auth: False/0
 winbind: False/0
 vfs: False/0
 idmap: False/0
 quota: False/0
 acls: False/0
 locking: False/0
 msdfs: False/0
 dmapi: False/0
[2007/04/04 17:00:13, 3] param/loadparm.c:lp_load(4953)
lp_load: refreshing parameters
[2007/04/04 17:00:13, 3] param/loadparm.c:init_globals(1418)
Initialising global parameters
[2007/04/04 17:00:13, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2007/04/04 17:00:13, 3] param/loadparm.c:do_section(3695)
Processing section "[global]"
doing parameter admin users = XANSMB+administrator @XANSMB+admins
doing parameter add machine script = /opt/xandros/bin/dvaddcomputer %u
doing parameter client use spnego = no
doing parameter display charset = UTF8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2LE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16LE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16LE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2BE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2BE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16BE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16BE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ASCII
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ASCII
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset 646
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset 646
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ISO-8859-1
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ISO-8859-1
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS2-HEX
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS2-HEX
doing parameter dns proxy = no
doing parameter domain logons = yes
doing parameter domain master = yes
doing parameter dos filetimes = yes
doing parameter encrypt passwords = yes
doing parameter idmap gid = 1-2
doing parameter idmap uid = 1-2
doing parameter invalid users = root
doing parameter ldap admin dn = "cn=admin,dc=xpassdb,dc=xsmb"
doing parameter ldap delete dn = yes
doing parameter ldap group suffix = ou=Groups
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap suffix = dc=xpassdb,dc=xsmb
doing parameter ldap user suffix = ou=People
doing parameter load printers = no
doing parameter local master = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter logon drive = Z:
doing parameter logon home = \\%N\%U
doing parameter logon path = \\%N\profiles\%U
doing parameter map to guest = Bad User
doing parameter max log size = 1000
doing parameter name resolve order = lmhosts host wins bcast
doing parameter obey pam restrictions = yes
doing parameter os level = 65
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter passdb backend = ldapsam:ldap://127.0.0.1:4389
doing parameter passwd chat = *Enter\snew\spassword:* %n\n .
doing parameter passwd program = /opt/xandros/bin/gumpasswdsync %u
doing parameter password server = *
doing parameter preferred master = yes
doing parameter printcap name = cups
doing parameter printing = cups
doing parameter security = USER
doing parameter server string = %h (Xandros Server)
doing parameter socket options = TCP_NODELAY
doing parameter syslog = 0
doing parameter template shell = /bin/bash
doing parameter unix charset = UTF8
doing parameter unix password sync = yes
doing parameter winbind enum groups = no
doing parameter winbind enum users = no
doing parameter winbi

Re: [Samba] Backup Domain Controller

[Jason Baker]

Thanks for the answer. I'm just going to keep everything on the same 
domain to eliminate complexity. I suppose I could set up another subnet, 
but that sounds too much like work.


*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 

-BEGIN GEEK CODE BLOCK- 
Version: 3.1

GIT$ d- s: a C++$ LU+++$ P+ L++>L !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

--END GEEK CODE BLOCK--



On 4/10/2007 11:54 AM, Wolfgang Ratzka wrote:

Jason Baker schrieb:

  

I created a BDC for my network, running a slave LDAP server. Do I need
specify the same workgroup as the PDC in the smb.conf? I was thinking
I'd put it on a different workgroup just for organizational purposes.



The workgroup name serves as the domain name if you are running your samba
servers as domain controlers. A BDC must have the same domain name as the PDC,
so the answer is "no".
Once you start with PDCs and BDCs you must stop thinking of workgroups. You have
a domain.
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Supressing smbclient output.

[Mark Adams]

Have you tried -E ?

*snip from man page*

-E This parameter causes the client to write messages to the standard
error stream (stderr) rather than to the standard output stream.

Regards,
Mark

On Tue, Apr 10, 2007 at 05:55:22AM -0600, [EMAIL PROTECTED] wrote:
> 
> 
> Hi,
> 
>   I'm using smbclient -c in a perl script that I'm
> writing, but everytime I invoke the smbclient command I get the smb client
> connection banner (Domain=[ENG-DEV] OS=[Windows Server 2003 3790]
> Server=[Windows Server 2003 5.2]).  How can I supress this
> information?
> 
> Thanks,
> 
> Rich Browne
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] access problem on linux mounted Windows Vista share

[Mark Adams]

This user responded to me and advised it was a simple workgroup name
problem.

Regards,
Mark

On Tue, Apr 10, 2007 at 04:59:36PM +0100, Mark Adams wrote:
> I would say this is due to the new Security in Vista, Has anyone used
> smbclient or smbmount/smbfs with Vista?
> 
> May be similar to this issue;
> 
> http://forums.windowsvistamagazine.com/forums/2111/ShowThread.aspx
> 
> On Sat, Apr 07, 2007 at 02:58:14PM -0400, David Yoakley wrote:
> > Windows Workgroup, private network with a Windows Vista PC sharing a folder
> > for full access to a specific user name.  The share is browsable and
> > readable from other PCs on the network.
> > 
> > I can mount the share on linux (Debian /Ubuntu) with no errors BUT have no
> > permissions on the mount point once mounted (see below).
> > 
> > # mkdir data
> > # mount -t smbfs -o username=,password= //CHEDDAR/data  data
> > # ls -l
> > ?-  ? ??   ?? data
> > 
> > Get a strange "SUCCESS" error when smbclient trys make the connection to
> > list the share with same loging it was created with.
> > 
> > # smbclient -U  -L //CHEDDAR
> > Password: x
> > session setup failed: SUCCESS - 0
> > 
> > But...I can get an anonymous connection to the server.
> > 
> > # smbclient -L //CHEDDAR
> > Password:
> > Anonymous login successful
> > Domain=[WORKGROUP] OS=[Windows Vista (TM) Ultimate 6000]
> > Server=[Windows Vista (TM) Ultimate 6.0]
> > 
> >   Sharename   Type  Comment
> >   -     ---
> > Error returning browse list: NT_STATUS_ACCESS_DENIED
> > Anonymous login successful
> > Domain=[WORKGROUP] OS=[Windows Vista (TM) Ultimate 6000]
> > Server=[Windows Vista (TM) Ultimate 6.0]
> > 
> >   Server   Comment
> >   ----
> >   CHEDDAR
> > 
> >   WorkgroupMaster
> >   ----
> >   WORKGROUP
> > 
> > -- 
> > David Yoakley
> > Cell 512.417.7172
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net rpc vampire umlauts (äöü ß) problem

[Wolfgang Ratzka]

Stefan Drees schrieb:

> Hi,
> im using net rpc vampire to migrate users/ groups from nt4 to samba3
> with ldap backend.
> But the umlauts (äöüß) in the displayname are malformend.
> Unix charset in smb.conf is set to ISO8859-1.
> 
> Any hint how to correct this?
> 
> Regards
> S.Drees
> 

Did you consider switching your unix charset from ISO8859-1 to UTF-8?
Windows does allow unicode characters in file names and in other places.
Translating them to ISO8859-1 will not always work.

Kind regards
Wolfgng Ratzka
-- 
Wolfgang Ratzka  Phone: +49 6421 2823531  FAX: +49 6421 2826994
Uni Marburg,  HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Backup Domain Controller

[Wolfgang Ratzka]

Jason Baker schrieb:

> I created a BDC for my network, running a slave LDAP server. Do I need
> specify the same workgroup as the PDC in the smb.conf? I was thinking
> I'd put it on a different workgroup just for organizational purposes.

The workgroup name serves as the domain name if you are running your samba
servers as domain controlers. A BDC must have the same domain name as the PDC,
so the answer is "no".
Once you start with PDCs and BDCs you must stop thinking of workgroups. You have
a domain.
-- 
Wolfgang Ratzka  Phone: +49 6421 2823531  FAX: +49 6421 2826994
Uni Marburg,  HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] access problem on linux mounted Windows Vista share

[Mark Adams]

I would say this is due to the new Security in Vista, Has anyone used
smbclient or smbmount/smbfs with Vista?

May be similar to this issue;

http://forums.windowsvistamagazine.com/forums/2111/ShowThread.aspx

On Sat, Apr 07, 2007 at 02:58:14PM -0400, David Yoakley wrote:
> Windows Workgroup, private network with a Windows Vista PC sharing a folder
> for full access to a specific user name.  The share is browsable and
> readable from other PCs on the network.
> 
> I can mount the share on linux (Debian /Ubuntu) with no errors BUT have no
> permissions on the mount point once mounted (see below).
> 
> # mkdir data
> # mount -t smbfs -o username=,password= //CHEDDAR/data  data
> # ls -l
> ?-  ? ??   ?? data
> 
> Get a strange "SUCCESS" error when smbclient trys make the connection to
> list the share with same loging it was created with.
> 
> # smbclient -U  -L //CHEDDAR
> Password: x
> session setup failed: SUCCESS - 0
> 
> But...I can get an anonymous connection to the server.
> 
> # smbclient -L //CHEDDAR
> Password:
> Anonymous login successful
> Domain=[WORKGROUP] OS=[Windows Vista (TM) Ultimate 6000]
> Server=[Windows Vista (TM) Ultimate 6.0]
> 
>   Sharename   Type  Comment
>   -     ---
> Error returning browse list: NT_STATUS_ACCESS_DENIED
> Anonymous login successful
> Domain=[WORKGROUP] OS=[Windows Vista (TM) Ultimate 6000]
> Server=[Windows Vista (TM) Ultimate 6.0]
> 
>   Server   Comment
>   ----
>   CHEDDAR
> 
>   WorkgroupMaster
>   ----
>   WORKGROUP
> 
> -- 
> David Yoakley
> Cell 512.417.7172
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Group Policy install MSI from Samba share

[James A. Dinkel]

I have a Windows 2000 Active Directory domain and I need to create a
group policy to assign an msi install to a computer.  This has always
worked fine on a Windows share, but now the install fails after moving
to a Samba file server.  I'm guessing it's some sort of permissions
issue.  Does anyone know how to make this work?

 

James Dinkel

Network Engineer

Butler County of Kansas

 

There's no place like ~/

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba - deny 2 or more connections in a pc

[Dennis McLeod]

Do you mean you can't connect to a resource with a different username while
you are connected already?
("Multiple connections to the server or shared resource are not allowed")
This is an XP issue. 

If you mapped a drive using the server name first, try mapping your next
drive as a different user using the ipaddress.





NET USE z: \\myserver\sharename password /user:user1 /persistent:no

NET USE y: \\192.168.1.1\sharename password /user:user2 /persistent:no





-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Ana Cal
Sent: Tuesday, April 10, 2007 6:47 AM
To: samba@lists.samba.org
Subject: [Samba] Samba - deny 2 or more connections in a pc


I installed Samba 3.04 in a Solaris 10, but i have a problem, I can't have 2
or more connections, at the same time,  in a pc Windows XP, with permissions
to modify files. To have permission to modify i can only make one connection
at a time. Can any one help me? Am I missing some configuration?



Ana Cal
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Backup Domain Controller

[Jason Baker]

I created a BDC for my network, running a slave LDAP server. Do I need 
specify the same workgroup as the PDC in the smb.conf? I was thinking 
I'd put it on a different workgroup just for organizational purposes.

--

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 

-BEGIN GEEK CODE BLOCK- 
Version: 3.1

GIT$ d- s: a C++$ LU+++$ P+ L++>L !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

--END GEEK CODE BLOCK--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba - deny 2 or more connections in a pc

[Ana Cal]

I installed Samba 3.04 in a Solaris 10, but i have a problem, I can't have 2 or 
more connections, at the same time,  in a pc Windows XP, with permissions to 
modify files. To have permission to modify i can only make one connection at a 
time. Can any one help me? Am I missing some configuration?



Ana Cal
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with Single-Sign-On

[Renee Gehlbach]

I have a Xandros computer running samba and winbind which has joined an
active directory domain.  The samba side seems fine -- I can browse
shares, the net ads join worked fine (after some help from this mailing
list), net ads user lists all users, etc.  However, single sign on is
still posing a problem.

When the computer is first booted up, wbinfo -p, wbinfo -t, and wbinfo -a
work fine.  wbinfo -u never does, although I can list users with net ads
user.  At the X windows login screen, there is a nice pick list with the
domains for all of the schools on the network, the same list that I would
see on a windows machine.  Trying to log in to the domain using usernames
and passwords that checked out with wbinfo -a fails.  If I then log in
through the X windows login screen to just the local machine, not the
domain, wbinfo -p, wbinfo -t, and wbinfo -a no longer work until the
machine is rebooted.  (I have not had any luck with even wbinfo -p after
logging in through an X windows login screen, even if I restart samba and
winbind.)  Logging in just from a command prompt never causes this
problem, that I have seen.

I am putting all of the files that I can think of that you might need here
(minus most of the comments for the sake of brevity).  If you need
anything else please let me know.

Thanks,
Renee


/etc/pam.d/common-account:

account sufficient  pam_winbind.so
account requiredpam_unix.so



/etc/pam.d/common-auth

auth sufficient pam_winbind.so
authrequiredpam_unix.so use_first_pass



/etc/pam.d/common-session

session requiredpam_mkhomedir.so skel=/etc/skel umask=0022
session sufficient  pam_winbind.so
session requiredpam_unix.so



/etc/krb5.conf

[libdefaults]
default_realm = FAYETTE.KETSDS.NET

[realms]
FAYETTE.KETSDS.NET = {
kdc = FAYETTE.ketsds.net
default_domain = FAYETTE.ketsds.net
}


[domain_realm]
FAYETTE.ketsds.net = FAYETTE.KETSDS.NET
.FAYETTE.ketsds.net = FAYETTE.KETSDS.NET

[login]



/etc/nsswitch.conf

passwd: files winbind
group:  files winbind
shadow: files winbind

hosts:  files dns
networks:   files

protocols:  db files
services:   db files
ethers: db files
rpc:db files

netgroup:   nis



/etc/samba/smb.conf

#=== Global Settings ===
[global]
realm = FAYETTE.KETSDS.NET
workgroup = FAYETTE
security = ads
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes
wins server = 10.84.0.50 10.84.0.52
password server = FAYETTE.ketsds.net

## Browsing/Identification ###
;   wins support = no
;   wins server = w.x.y.z
   dns proxy = no
   name resolve order = lmhosts host wins bcast

 Debugging/Accounting 
   log file = /var/log/samba/log
   max log size = 1000
;   syslog only = no
   syslog = 0
   panic action = /usr/share/samba/panic-action %d

### Authentication ###
   encrypt passwords = true
   passdb backend = tdbsam guest
   obey pam restrictions = yes
;   guest account = nobody
   invalid users = root
   map to guest = Bad User
;   unix password sync = no
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
;   pam password change = no
   client use spnego = no

## Printing ##
   load printers = no
   printing = cups
   printcap name = cups

 File sharing 
   dos filetimes = yes

 Misc 
   socket options = TCP_NODELAY
   display charset = iso8859-1
   unix charset = iso8859-1
;   domain master = auto




-- 
Renee Gehlbach Lexair, Inc.
[EMAIL PROTECTED] 2025 Mercer Rd
859.255.5001   Lexington, KY 40511



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] I have to delete samba cache everynight

[Aaron Souza]

All,

I work for a school and we have laptop carts. However, for over a month, I
had this travelling laptop problem where somewhere between 5-15% of my
laptops could not see the domain controller (domain not available error). I
called it the travelling problem, because randomly throughout the day,
different laptops could not connect. Some would start out not working, and
by the end of the day, they would.

After trying to reformat, connect with a wired connection, and basically
everything else I could think of on the Windows XP side of things- I decided
to delete the samba cache. This solved the issue. However, two days later
the issue came back. So I deleted samba cache again and it went away. I now
do a nightly cronjob of deleting samba cache.

My question is: What am I actually fixing and is there a patch for this?

I am running Samba: samba-3.0.14a-2 on Fedora Core 4 and at my other school:
samba-3.0.10-1.4E.11 on Cent OS 4.4.

In case you were wondering, here is my vacuum samba script:
#!/bin/bash
/etc/init.d/smb stop
sleep 15
cd /var/cache/samba
rm -fr *
/etc/init.d/smb start
sleep 15
net groupmap modify ntgroup="Domain Admins" unixgroup=root

Any advice would be appreciated.

Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: SID resolution to Username

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Diego Alencar Alves de Lima wrote:
> Did you set up the trust both ways (i.e. they both trust 
> and are trusted by the other domain)?

For the record, Windows allows a DC to translate SIDs/names
with only a one-way, outgoing trust in place.  So you don't
have to have a two way trust.

>> When I add an user of each domain to the permissions of 
>> a file on a windows machine (W2k, WXP), it shows for
>> them DOMAIN\USERNAME. Everything> is fine. But when
>> i close the permission window and reopen it, then the
>> user out of the trusted domain is only shown as SID. 
>> The one of the own domain is resolved fine. This
>> happens on clients of both domains.

First suggestion is to take a network trace and see
who the client is sending the LsaLookupSids() call to
and figure out why that is failing.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGG4JjIR7qMdg1EfYRAujYAJ9pg7TgRsni++t4RuF5liYff/xoWACfWOEl
FR4uKHRbhRpSERK2hEUErAk=
=fTWp
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Supressing smbclient output.

[rbrowne]

Hi,

  I'm using smbclient -c in a perl script that I'm
writing, but everytime I invoke the smbclient command I get the smb client
connection banner (Domain=[ENG-DEV] OS=[Windows Server 2003 3790]
Server=[Windows Server 2003 5.2]).  How can I supress this
information?

Thanks,

Rich Browne
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: SID resolution to Username

[Diego Alencar Alves de Lima]

Did you set up the trust both ways (i.e. they both trust and are trusted by 
the other domain)?

On Tuesday 10 April 2007 07:21:20 Marc Muehlfeld wrote:
> Nobody any idea? :-(
>
> --
> Marc Muehlfeld
> Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
> Lochhamer Str. 29 - D-82152 Martinsried
> Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
> http://www.medizinische-genetik.de
>
>
>  Ursprüngliche Nachricht -
> Betreff: SID resolution to Username
> Von: "Marc Muehlfeld" <[EMAIL PROTECTED]>
> Datum:   Mi, 4.04.2007, 13:41
> An:  samba@lists.samba.org
> --
>
> Hello,
>
> I have two Samba 3.0.22 PDCs and each trust each other.
>
> When I add an user of each domain to the permissions of a file on a
> windows machine (W2k, WXP), it shows for them DOMAIN\USERNAME. Everything
> is fine. But when i close the permission window and reopen it, then the
> user out of the trusted domain is only shown as SID. The one of the own
> domain is resolved fine. This happens on clients of both domains.
>
> Any ideas?
>
> Regards
> Marc
>
>
> --
> Marc Muehlfeld
> Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
> Lochhamer Str. 29 - D-82152 Martinsried
> Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
> http://www.medizinische-genetik.de
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba



-- 
Diego Alencar Alves de Lima
Prodesan - Departamento de Informática
www.prodesan.com.br

-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fwd: ntprinters.tdb and ntdrivers.tdb

[Guillaume RENARD]

Hello,

With exactly the same samba version, all is OK now, thanks for your help !

On 4/10/07, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Guillaume RENARD wrote:

> I am trying to migrate a samba printing server (with cups).
> (3.0.10fc3) by renaming it
>
> localhost=drlinux=the test machine
> newscribe=the production machine
>
> I did the following operations :
> 1/ Install a basic samba and cups
> 2/ copy all the configuration files and other from our
>running samba to our test server (including all tdb
>files)
> 3/ Adding the new server to the domain net rpc join -->OK
> 4/ I can see all the domain member (pdbedit -L)
> 5/ But when I do a " rpcclient -U'root%ingwie' -c 'enumdrivers'
>localhost" I get nothing so I don't understand.
>
> My question is " how can I get all the drivers installed
> on a samba server to another ?"

There's a bug in Samba which causes the drivers to only be
associated with the server primary name.  I've not been able
to track it down yet.

Please file a bug and I'll try to track it down.




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGGr2NIR7qMdg1EfYRAoCMAKDjhrVitGnaek1/CwN5H0780DytRACePySB
+IzTs8EZioSb4KYcrNIkdbw=
=LeYu
-END PGP SIGNATURE-





--
Guillaume RENARD
http://glmrenard.fr
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net rpc vampire umlauts (äöü ß) problem

[Filipe]

Stefan Drees wrote:

Hi,
im using net rpc vampire to migrate users/ groups from nt4 to samba3
with ldap backend.
But the umlauts (äöüß) in the displayname are malformend.
Unix charset in smb.conf is set to ISO8859-1.

Any hint how to correct this?

Regards
S.Drees

  

hi.
in my debian sarge I followed this tutorial for portuguese... 
http://www.vivaolinux.com.br/dicas/verDica.php?codigo=4548
He says to put locales in iso8859-1 then to compile the kernel with some 
options for that, but I have not did that and it worked by adding this 
to smb.conf:


dos charset = cp850
unix charset = iso8859-1
display charset = LOCALE

now you should change for your locale I don't know if it is the same in 
german..

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: SID resolution to Username

[Marc Muehlfeld]

Nobody any idea? :-(

-- 
Marc Muehlfeld
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de


 Ursprüngliche Nachricht -
Betreff: SID resolution to Username
Von: "Marc Muehlfeld" <[EMAIL PROTECTED]>
Datum:   Mi, 4.04.2007, 13:41
An:  samba@lists.samba.org
--

Hello,

I have two Samba 3.0.22 PDCs and each trust each other.

When I add an user of each domain to the permissions of a file on a
windows machine (W2k, WXP), it shows for them DOMAIN\USERNAME. Everything
is fine. But when i close the permission window and reopen it, then the
user out of the trusted domain is only shown as SID. The one of the own
domain is resolved fine. This happens on clients of both domains.

Any ideas?

Regards
Marc


-- 
Marc Muehlfeld
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbindd breaks after unsuccesfull foreign account authentication attempt

[Janusz Krzysztofik]

Hello,

I am trying to set up ntlm_auth for squid, using debian etch packages
(samba version 3.0.24).

I have faced a problem similiar to the one described in October 2005
under http://lists.samba.org/archive/samba/2005-October/112447.html.
Using version 3.0.24 I get exactly the same results as described in that
thread, even if the reason is supposed to be corrected in version 3.0.20.

I have found that the problem occures after squid is accessed for the
first time from IE started on a XP domain member by a user logged into a
local account instead of a domain account. After that happens, no user
can be authenticated anymore unless winbindd is restarted.

Does anyone know about a solution to this problem?

Thanks,
Janusz

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba