Re: [Samba] Re: 3.0.25 packages for debian/ubuntu

[Christian Perrier]

> With all due respect for the package maintainers of the Debian and Ubuntu 
> distros... I sort of wish there would be a way of getting "official 
> packages" of the current build verses some custom concoction (security 
> updates only). (shrug) I certainly do not seem to be the person to "make 
> that happen".

You're slightly wrong on that part.

backports.org has been set up precisely for that purpose.

There is currently no backporter for samba, only because the
maintenance team has enough to do with fighting with the big bunch of
old crappy bugs we have in Debian BTS.

However, having someone in the team working on backports would be
highly welcomed. These could be pretty easily sent to backports.org
for the benefit of Debian users who want to:
-keep running stable
-keep the packaging practices of the official Debian archive

See http://backports.org/dokuwiki/doku.php?id=contribute for details.

Please also note that both the Samba Team and the Debian packaging
team do their best for their packaging practices to converge. This
way, the deb packages provided on samba.org would indeed be as
identical as possible to the ones in the Debian archive.

We currently have a few blockers for this, the most difficult one
being that giant fhs.patch we use in Debian to respect the FHS for
some file locations (/var/cache/samba for discardable data
vs. /var/lib/samba for non-discardable ones mostly)


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: [clug] Samba PDC LDAP HowTo 4 U

[Michael Lueck]

Chris Smart wrote:

I've written a HowTo for 'Samba domain with LDAP back end' and am
looking for people to test it and tell me the stupid things I did.


Thanks for posting the URL. I just did a presentation which I do not cover LDAP 
back ends in, and I had a question about just such a configuration, so I will 
pass this along to him.

For reference, my presentation can be found at this URL.

"Samba 3 PDC for Windows Clients and Samba 3 Book Review"
http://www.lueckdatasystems.com/pub/presentations/iccm2007.pdf
http://www.lueckdatasystems.com/pub/presentations/iccm2007.zip

I did not get all of the dust knocked out before the presentation... but after I think two years since I had last given the presentation I definitely got my work out getting the presentation polished 
up as much as I did. (Scripts and config files are in the zip file.)


--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: 3.0.25 packages for debian/ubuntu

[Michael Lueck]

Guillermo Gutierrez wrote:

Any news on .deb packages of v3.0.25b for Debian 4.0 and ubuntu 7.04?


I recently asked the same question. Jerry answered... I think specifically for 
the Etch part of the question:

Gerald (Jerry) Carter wrote:
> Probably once Simo and I swap the Fedora & Debian packaging
> responsibilities with the 3.0.26 release.

I would definitely like to see Samba team packages for the current Ubuntu 
stable version, which currently is indeed 7.04. (hint! hint! ;-)

Debian, and I am getting the idea Ubuntu too, keep their Samba builds patched as far as security updates. So for Debian Sarge went stable with 3.0.14 I think, and that is what it always was... just 
with security patches. I did not pay attention to the debian.org packages as I always fetch Simo's from samba.org.


With all due respect for the package maintainers of the Debian and Ubuntu distros... I sort of wish there would be a way of getting "official packages" of the current build verses some custom 
concoction (security updates only). (shrug) I certainly do not seem to be the person to "make that happen".


--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.025b tree connect failed: NT_STATUS_ACCESS_DENIED

[sharif islam]

After much deliberation, I fixed my samba problem ( I was upgrading
from 3.0.20b to the new version in RHEL using krb5-libs-1.5-26
authenticating against windows 2003 AD server). Apparently  valid
users = "@MY Group Name" does not work anymore. I was able to connect
using  valid users = "[EMAIL PROTECTED] Group Name", even though I had
"winbind use default domain = Yes" in smb.conf.

--sharif




sharif islam wrote:
> I am trying to use new samba and having problems.
>
> # smbclient //sambamachine/shareweb -Uusername
> Password:
> Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.0.25b]
> tree connect failed: NT_STATUS_ACCESS_DENIED
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] One file open or locked way too many times. How to fix?

[Adam Tauno Williams]

> It is not a FoxPro app, but it does use dBase (FoxPro) style tables. I
> have had the settings you mention in the config from the beginning. I also
> have kernel oplocks = no. Should that one be 'yes' ??

We have no oplocks/locking parameters specified in out config.  And
Goldmine works fine (with multiple users).

I haven't had to diddle with locking since Samba 3.0.x was released.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] One file open or locked way too many times. How to fix?

[Adam Tauno Williams]

On Thu, 2007-06-28 at 10:16 -0400, Gary wrote:
> bump?
> > smbd   4803root  256uw REG8,2   1825128393 
> > /usr/local/samba/fo/Goldmine/SyncLock.DBF

Looks like Goldmine! :)  We have a goldmine database on a
Samba .0.22-13.18 (openSUSE 10.1) server.  No problems.

sardine:~ # smbstatus| grep -i gold | grep -i sync
24710DENY_NONE  0x2019f RDWR   EXCLUSIVE
+BATCH  /srv/cifs/goldmine   Program Files/GoldMine/SyncTask.DBF   Fri
Jun 29 02:06:54 2007
24710DENY_NONE  0x2019f RDWR   EXCLUSIVE
+BATCH  /srv/cifs/goldmine   Program Files/GoldMine/SyncLock.DBF   Fri
Jun 29 02:06:54 2007
24710DENY_NONE  0x2019f RDWR   EXCLUSIVE
+BATCH  /srv/cifs/goldmine   Program Files/GoldMine/SyncTask.MDX   Fri
Jun 29 02:06:54 2007

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.25 packages for debian/ubuntu

[Guillermo Gutierrez]

Any news on .deb packages of v3.0.25b for Debian 4.0 and ubuntu 7.04?

 

Guillermo Gutierrez

Network Administrator

Market Scan Information Systems, Inc.

(818) 575-2017

[EMAIL PROTECTED]

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: Samba testparm gives error in Solaris 10

[Nigel]

Wed Jun 14 01:50:55 GMT 2006 

*   Previous message: [Samba]
  LDAP Group
mapping 
*   Next message: [Samba] testparm
  gives error in
Solaris 10 
*   Messages sorted by: [
  date ] [
  thread
] [ 
subject ] [
  author
] 

  _  

Hello,
 
I am trying to set up Samba in a Solaris 10 system.
Solaris 10 already has Samba installed, so I just want
to make configuration changes in smb.conf and then
start the service. We already have a smb.conf file
from a RHEL 3 system where Samba works fine. So I
tried to use the same smb.conf file for Solaris. But
on running "testparm /etc/sfw/smb.conf", I get the
following error.
--
Load smb config files from /etc/sfw/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[storelib_dev]"
Processing section "[root]"
map_file: Failed to load /usr/sfw/lib/upcase.dat - No
such file or directory
map_file: Failed to load /usr/sfw/lib/lowcase.dat - No
such file or directory
creating lame upcase table
creating lame lowcase table
map_file: Failed to load /usr/sfw/lib/valid.dat - No
such file or directory
creating default valid table
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = MYGROUP
server string = Solaris box
security = SHARE
password server = None
guest account = storelib
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
printcap name = /etc/printcap
dns proxy = No
guest ok = Yes
cups options = raw
 
[homes]
comment = Home Directories
read only = No
browseable = No
 
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
 
[storelib_dev]
comment = Storelib Development
path = /export/home
read only = No
 
[root]
path = /
read only = No
---
 
It seems that the system does not have the files
/usr/sfw/lib/upcase.dat, /usr/sfw/lib/lowcase.dat and
/usr/sfw/lib/valid.dat. I'm not sure if there is any
other problem.
 
How can I make this work? Thanks for any help.

 

Hi

I had the same problem when setting up Samba on a Solaris 10 platform.  In
the end I found that I just had to create symbolic links in /usr/sfw/lib/ to
/usr/sfw/lib/codepages/lowercase , /usr/sfw/lib/codepages/upcase.dat and
/usr/sfw/lib/codepages/valid.dat



e.g 


cd /usr/sfw/lib/
ln -s ./codepages/lowercase lowercase
ln -s ./codepages/upcase.dat upcase.dat
ln -s ./codepages/valid.dat valid.dat
testparm now seems to run cleanly now

I do not understand however why the links are not created by the Solaris
install.

Regard
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] [Fwd: Problems with samba and windows 2000 professional]

[Frank Thomas]

 Thanks for the reply, but I did check into this matter and I've not as of
yet found a solution to the problem. If anyone can help on this issue, I
would be greatful, as it is getting urgent for my.

Thanks,

Frank.

-Original Message-
From: Address for list subcriptions [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 26, 2007 8:55 PM
To: Frank Thomas; samba@lists.samba.org
Subject: RE: [Samba] [Fwd: Problems with samba and windows 2000
professional]


Hi Frank,

i have just been reading through recent posts and reading Mike Petersen's
"Notes when changing network IP Addresses" and it occurs to me that you're
like to be dealing with the same problem.  XP and 2K deal with WINS
resolution in subtly different ways.  Worth looking at.

And thanks Mike, your post has already helped, though not in the way you
probably imagined  :)

Cheers,

m.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Frank
Thomas
Sent: Wednesday, 27 June 2007 3:18 AM
To: samba@lists.samba.org
Subject: [Samba] [Fwd: Problems with samba and windows 2000 professional]



Good day, I've posted this request again, as it got hijacked and probably
ignored.

I'm having issues with a small company with the following setup...
1. Windows 2003 active directory server (server.company.local) 2. samba
3.0.25 linux server (serve2.company.local) 3. windows xp and windows 2000
professional clients. All clients are part of the ads structure.

What's happening is the client's running windows xp can access the samba
shares with no issues what so ever, but the windows 2000 professional
clients keep popping up an "incorrect password" window asking for a proper
username and password to access the server and it's shares. Even if you
enter a correct username, it rejects it.

I see no errors with the linux/samba server tied to the domain. It just
seems that I'm missing something in regards to the windows 2000 professional
clients passing username/password info.

I'm totally stuck at this point. Here is the config files from the
linux/samba server.

/etc/samba/smb.conf
-
[global]
   workgroup = company
   server string = Company File Server
   security = ads
   printcap name = /etc/printcap
   load printers = yes
   cups options = raw
   log file = /var/log/samba/%m.log
   max log size = 50
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no
   password server = SERVER
   realm = COMPANY.LOCAL
   encrypt passwords = yes
   winbind enum users = yes
   winbind enum groups = yes
   winbind separator = +
   idmap uid = 1-2
   idmap gid = 1-2
   log level = 10
#   template shell = /bin/false

;[homes]
;   comment = Home Directories
;   browseable = no
;   writable = yes

;   template shell = /bin/false
;   winbind use default domain = no
[apps]
comment = Application Share
path = /home/samba/apps
writeable = yes
browseable = yes
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users =@"COMPANY+Domain Users"
admin users =@"COMPANY+Domain Admins"

[share]
comment = Company Central Share
path = /home/samba/share
writeable = yes
browseable = yes
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users =@"COMPANY+Domain Users"
admin users =@"COMPANY+Domain Admins"

[images]
comment = Company Desktop image files
path = /home/samba/images
writeable = yes
browseable = yes
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users =@"COMPANY+Domain Users"
admin users =@"COMPANY+Domain Admins"


/etc/krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = COMPANY.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 COMPANY.LOCAL = {
  kdc = server.company.local
  admin_server = server.company.local
  default_domain = company.local
 }

[domain_realm]
 .company.local = COMPANY.LOCAL
 company.local = COMPANY.LOCAL

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
-

Thanks ahead of time.

Frank Thomas


Frank Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: permission bit headache

[dave selby]

Tried cifs - works like a dream. Is smbfs b0rKed or something ?

cheers

Dave

--

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain

[Edmundo Valle Neto]

mikelOn escreveu:

Hi,

I have been trying different approaches to get it working and apparently I
do need nss installed to get it working (which I have not found as mandatory
in many tutorials). Once I installed nss-ldap and configured it still
failed, but then I removed the line "ldapsam:trusted = yes" and the machines
started to join the domain correctly.

Summing up, I needed nss-ldap and I did not need "ldapsam:trusted = yes".
Now I am trying to get the whole thing working with "ldapsam:trusted = yes"
uncommented.

Thank you all very much for your help. I expect to be able to help others
solve the problems I have had.



NSS is mandatory in the samba documentation, about the other "cake 
recipes" that you have readed, probably are incomplete.
You can read smb.conf man page to see what is expected from 
"ldapsam:trusted = yes". You dont need it to samba work, but it speeds 
up name resolution, resolving names directly in LDAP without consulting 
NSS. You must have all samba accounts in LDAP and with samba and posix 
attributes together in each object. So, yes, it can be problematic.


Regards.

Edmundo Valle Neto


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] AD auto-mounting (why does this work?)

[Juan Miscaro]

I have Samba and Active Directory (Win 2003) integrated whereby I can
login to my Ubuntu station using the credentials of an AD user.  I also
have a share automatically mounted based on this username (i.e. share
blah is mounted when user blah logs in).

I am wondering how this can work if I do not have any Kerberos tickets
issued?  When I log in I use the 'klist' command and it shows that
there are no tickets.

   Juan


  Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.25a && rfc2307

[Diego Julian Remolina]

I experienced the same behavior after upgrading to 3.0.25a and adding the idmap entries for my 
domain.  As you can see, the entries below from my smb.conf are commented out. With the entries 
commented out, everything works.


   idmap uid = 1-20
   idmap gid = 1-20
   #idmap domains = PRAXIS3
   #idmap config PRAXIS3: default   =   yes
   #idmap config PRAXIS3: backend   =   tdb
   #idmap config PRAXIS3: range =   1 - 20

How did I notice the problem?

1- I upgraded to 3.0.25a
2- Everything seemed to be ok until the moment I added a new user to AD
3- wbinfo -u would list the user, but getent passwd would not. Also, even when wbinfo -u would list 
all users, including the new one, wbinfo -i newusername would not provide any information.
4. I commented out the idmap fields, restarted samba and winbind, and sure enough all information 
was there afterwards.


I did not debug this more since it is working and I only have one domain. I am not sure if this may 
hint that there is a bug, but I will be happy to test this time permiting if I receive proper 
instructions.


Diego


David W. Chapman Jr. wrote:

I'm receiving the errors listed below.  It also seems unable to map the root
user uid 0 with this filter.  That's not that big of a deal.

Wbinfo -u and -g return output but getent passwd does not.  This is Ubuntu 7
using debian packages.


[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131)
  Finding user DOMAIN\chapman
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75)
  Trying _Get_Pwnam(), username as lowercase is DOMAIN\chapman
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(83)
  Trying _Get_Pwnam(), username as given is DOMAIN\chapman
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93)
  Trying _Get_Pwnam(), username as uppercase is DOMAIN\CHAPMAN
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102)
  Checking combinations of 0 uppercase letters in DOMAIN\chapman
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108)
  Get_Pwnam_internals didn't find user [DOMAIN\chapman]!
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131)
  Finding user chapman
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75)
  Trying _Get_Pwnam(), username as lowercase is chapman
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93)
  Trying _Get_Pwnam(), username as uppercase is CHAPMAN
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102)
  Checking combinations of 0 uppercase letters in chapman
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108)
  Get_Pwnam_internals didn't find user [chapman]!
[2007/06/28 13:27:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
  Username DOMAIN\chapman is invalid on this system
[2007/06/28 13:27:59, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE


# Samba config file created using SWAT
# from 172.16.30.30 (172.16.30.30)
# Date: 2007/06/28 13:19:12

[global]
workgroup = DOMAIN
realm = DOMAIN.COM
security = ADS
passdb backend = tdbsam
log level = 10
load printers = No
ldap ssl = no
idmap domains = ALLDOMAINS
winbind enum users = Yes
winbind enum groups = Yes
idmap config ALLDOMAINS:range = 0 - 2
idmap config ALLDOMAINS:default = yes
idmap config ALLDOMAINS:backend = ad

[data]
path = /data
read only = No

[test2]
path = /data



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP and Kerberos configuration

[Adam Tauno Williams]

> I am looking for configuration of SAMBA  3.0.25a with LDAP registry and
> Authentication with Kerberos.

http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] check_ntlm_password: authentication for user

[sharif islam]

What does the following mean? I have security=ads. Why it is using
ntlm? I still cannot connect to the shares. I am using RHEL 5
(samba-3.0.23c, krb5-libs-1.5-26)

[2007/06/29 09:33:01, 2] auth/auth.c:check_ntlm_password(309)
 check_ntlm_password:  authentication for user [username] ->
[username] -> [DOMAIN\username] succeeded


--sharif
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] could not get methods for backend rid

[Marco Berizzi]

simo wrote:

> On Fri, 2007-06-29 at 15:33 +0200, Marco Berizzi wrote:
>
> >   winbind enum users = no
> >   winbind enum groups = no
> >   idmap alloc backend = rid
> >   idmap alloc config:range = 1 - 5
>
> You cannot use the rid backend as an alloc backend.
> So far the only 2 usable backends for alloc are tdb and ldap.

Thanks Simo,

but I get this error if I switch to tdb:

[2007/06/29 16:13:53, 0] passdb/pdb_interface.c:pdb_new_rid(1066)
  Trying to allocate a RID when algorithmic RIDs are active
[2007/06/29 16:13:53, 0] groupdb/mapping.c:pdb_default_create_alias(468)
  Could not allocate a RID -- wasted a gid :-(
[2007/06/29 16:13:53, 10] intl/lang_tdb.c:lang_tdb_init(138)
  lang_tdb_init: /usr/lib/samba/en_US.msg: No such file or directory
Creating ciccio failed with NT_STATUS_ACCESS_DENIED
[2007/06/29 16:13:53, 2] utils/net.c:main(1032)
  return code = -1

Here is the relevant smb.conf part:

  idmap alloc backend = tdb
  idmap alloc config:range = 1 - 5
  idmap domains = domain trusted-domain CALIMERO
  idmap config domain:backend  = tdb
  idmap config domain:range= 1 - 24999
  idmap config trusted-domain:backend  = tdb
  idmap config trusted-domain:range= 25000 - 3
  idmap config CALIMERO:backend  = tdb
  idmap config CALIMERO:range= 4 - 4


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] 3.0.25a && rfc2307

[David W. Chapman Jr.]

I'm using the following settings and its working for me now

idmap domains = ALLDOMAINS
idmap config ALLDOMAINS:backend = ad
idmap config ALLDOMAINS:default = yes
idmap config ALLDOMAINS:range = 1 - 2
winbind nss info = rfc2307

My problem was that it without the winbind nss info it was pulling the
windows default groups which did not have RFC2307 attributes.  Once I gave
them attributes it started working then with help from Jerry I realized how
to make it pull the rfc2307 fields instead.  Once I cleared my winbind cache
all worked great.

-Original Message-
From: Diego Julian Remolina [mailto:[EMAIL PROTECTED] 
Sent: Friday, June 29, 2007 9:14 AM
To: David W. Chapman Jr.
Cc: samba@lists.samba.org
Subject: Re: [Samba] 3.0.25a && rfc2307

I experienced the same behavior after upgrading to 3.0.25a and adding the
idmap entries for my 
domain.  As you can see, the entries below from my smb.conf are commented
out. With the entries 
commented out, everything works.

idmap uid = 1-20
idmap gid = 1-20
#idmap domains = PRAXIS3
#idmap config PRAXIS3: default   =   yes
#idmap config PRAXIS3: backend   =   tdb
#idmap config PRAXIS3: range =   1 - 20

How did I notice the problem?

1- I upgraded to 3.0.25a
2- Everything seemed to be ok until the moment I added a new user to AD
3- wbinfo -u would list the user, but getent passwd would not. Also, even
when wbinfo -u would list 
all users, including the new one, wbinfo -i newusername would not provide
any information.
4. I commented out the idmap fields, restarted samba and winbind, and sure
enough all information 
was there afterwards.

I did not debug this more since it is working and I only have one domain. I
am not sure if this may 
hint that there is a bug, but I will be happy to test this time permiting if
I receive proper 
instructions.

Diego


David W. Chapman Jr. wrote:
> I'm receiving the errors listed below.  It also seems unable to map the
root
> user uid 0 with this filter.  That's not that big of a deal.
> 
> Wbinfo -u and -g return output but getent passwd does not.  This is Ubuntu
7
> using debian packages.
> 
> 
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131)
>   Finding user DOMAIN\chapman
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75)
>   Trying _Get_Pwnam(), username as lowercase is DOMAIN\chapman
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(83)
>   Trying _Get_Pwnam(), username as given is DOMAIN\chapman
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93)
>   Trying _Get_Pwnam(), username as uppercase is DOMAIN\CHAPMAN
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102)
>   Checking combinations of 0 uppercase letters in DOMAIN\chapman
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108)
>   Get_Pwnam_internals didn't find user [DOMAIN\chapman]!
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131)
>   Finding user chapman
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75)
>   Trying _Get_Pwnam(), username as lowercase is chapman
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93)
>   Trying _Get_Pwnam(), username as uppercase is CHAPMAN
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102)
>   Checking combinations of 0 uppercase letters in chapman
> [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108)
>   Get_Pwnam_internals didn't find user [chapman]!
> [2007/06/28 13:27:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
>   Username DOMAIN\chapman is invalid on this system
> [2007/06/28 13:27:59, 3] smbd/error.c:error_packet_set(106)
>   error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> 
> 
> # Samba config file created using SWAT
> # from 172.16.30.30 (172.16.30.30)
> # Date: 2007/06/28 13:19:12
> 
> [global]
> workgroup = DOMAIN
> realm = DOMAIN.COM
> security = ADS
> passdb backend = tdbsam
> log level = 10
> load printers = No
> ldap ssl = no
> idmap domains = ALLDOMAINS
> winbind enum users = Yes
> winbind enum groups = Yes
> idmap config ALLDOMAINS:range = 0 - 2
> idmap config ALLDOMAINS:default = yes
> idmap config ALLDOMAINS:backend = ad
> 
> [data]
> path = /data
> read only = No
> 
> [test2]
> path = /data
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP and Kerberos configuration

[Iliya Kalderon]

Hello,

I am looking for configuration of SAMBA  3.0.25a with LDAP registry and
Authentication with Kerberos.
Any help is appreciated.

Iliya

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.25b - A. OK on Standalone system

[david rankin]

Jerry, Jeremy, all:

  Just FYI: 3.0.25b is working great in standalone with XP just like 25a! 
Thanks team!


--
David C. Rankin, J.D., P.E.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] could not get methods for backend rid

[simo]

On Fri, 2007-06-29 at 15:33 +0200, Marco Berizzi wrote:

>   winbind enum users = no
>   winbind enum groups = no
>   idmap alloc backend = rid
>   idmap alloc config:range = 1 - 5

You cannot use the rid backend as an alloc backend.
So far the only 2 usable backends for alloc are tdb and ldap.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: [EMAIL PROTECTED]
http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] could not get methods for backend rid

[Marco Berizzi]

Hello everybody.
When I try to create a local group with this command:

net sam createlocalgroup ciccio -d 100

I get this error:

[2007/06/29 15:03:46, 10]
groupdb/mapping.c:pdb_default_create_alias(447)
  Trying to create alias ciccio
[2007/06/29 15:03:46, 10] passdb/lookup_sid.c:lookup_name(64)
  lookup_name: ciccio = (domain), ciccio (name)
[2007/06/29 15:03:46, 10]
passdb/util_wellknown.c:lookup_wellknown_name(154)
  map_name_to_wellknown_sid: looking up ciccio
[2007/06/29 15:03:46, 10]
passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1363)
  getsampwnam (smbpasswd): search by name: ciccio
[2007/06/29 15:03:46, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(230)
  startsmbfilepwent_internal: opening file /etc/samba/private/smbpasswd
[2007/06/29 15:03:46, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(585)
  getsmbfilepwent: end of file reached.
[2007/06/29 15:03:46, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(347)
  endsmbfilepwent_internal: closed password file.
[2007/06/29 15:03:46, 3] groupdb/mapping.c:pdb_default_create_alias(463)
  Could not get a gid out of winbind
[2007/06/29 15:03:46, 10] intl/lang_tdb.c:lang_tdb_init(138)
  lang_tdb_init: /usr/lib/samba/en_US.msg: No such file or directory
Creating ciccio failed with NT_STATUS_ACCESS_DENIED
[2007/06/29 15:03:46, 2] utils/net.c:main(1032)
  return code = -1

Also /var/log/samba/log.winbindd-idmap report
this message:

[2007/06/29 14:59:27, 1] nsswitch/idmap.c:idmap_init(343)
  Initializing idmap domains
[2007/06/29 14:59:27, 0] nsswitch/idmap.c:idmap_init(413)
  ERROR: Could not get methods for backend rid
[2007/06/29 14:59:27, 0] nsswitch/idmap.c:idmap_init(657)
  Aborting IDMAP Initialization ...

Any hint?

This is samba 3.0.25b with this smb.conf:

[global]
   workgroup = domain

   server string = Samba on Slackware Linux

  winbind enum users = no
  winbind enum groups = no
  idmap alloc backend = rid
  idmap alloc config:range = 1 - 5
  idmap domains = trusted-domain domain CALIMERO
  idmap config trusted-domain:backend  = rid
  idmap config trusted-domain:base_rid = 1000
  idmap config trusted-domain:range= 1 - 24999
  idmap config domain:backend  = rid
  idmap config domain:base_rid = 1000
  idmap config domain:range= 25000 - 3
  idmap config CALIMERO:backend  = rid
  idmap config CALIMERO:base_rid = 1000
  idmap config CALIMERO:range= 4 - 4
   security = domain
   log file = /var/log/samba/samba.%m
syslog = 0
   max log size = 50
   password server = hal9000
   socket options = TCP_NODELAY
   wins server = 172.16.1.16
   dns proxy = no
[tmp]
   comment = Temporary file space
   path = /tmp
   read only = no
   public = yes

[AAA]
path = /tmp/AAA
public = no
writable = yes
force create mode = 0660
force directory mode = 0770


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] files moved, copied files, operate in different ways

[Bruno Figueroa R.]

Hi, I have a problem with the way in which my friend manages the access 
permissions to files. I have a server ldap, acls, samba.in a SLES9.
En Linux, tengo la seguridad aplicada para que en mi arbol de 
directorios, los ficheros dentro de una carpeta heredan el grupo de esa 
carpeta.
Esto funciona bien cuando copio ficheros de windows a linux. Si los 
ficheros son movidos, no funciona bien. Los ficheros siguen teniendo el 
grupo anterior.

Esto puede ser un problema con samba?

--
Un Saludo,

Atentamente.

Bruno Figueroa Rodriguez

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Network Interfaces Not Recognized

[Nikolaus Rath]

Hello,

I am facing the problem that samba does not recognize my network
interfaces:

Jun 29 12:21:59 ebox nmbd[22377]: [2007/06/29 12:21:59, 0] 
lib/interface.c:load_interfaces(225) 
Jun 29 12:21:59 ebox nmbd[22377]:   WARNING: no network interfaces found 
Jun 29 12:21:59 ebox nmbd[22377]: [2007/06/29 12:21:59, 0] 
nmbd/nmbd_subnetdb.c:create_subnets(190) 
Jun 29 12:21:59 ebox nmbd[22377]:   create_subnets: No local interfaces ! 
Jun 29 12:21:59 ebox nmbd[22377]: [2007/06/29 12:21:59, 0] 
nmbd/nmbd_subnetdb.c:create_subnets(191) 
Jun 29 12:21:59 ebox nmbd[22377]:   create_subnets: Waiting for an interface to 
appear ... 
Jun 29 12:21:59 ebox smbd[22378]: [2007/06/29 12:21:59, 0] 
lib/interface.c:load_interfaces(225) 
Jun 29 12:21:59 ebox smbd[22378]:   WARNING: no network interfaces found 

However, the interfaces are certainly present and working:

[0] ebox:~# ifconfig
loLink encap:Local Loopback  
  inet addr:127.0.0.1  Mask:255.0.0.0
  UP LOOPBACK RUNNING  MTU:16436  Metric:1
  RX packets:1230259094 errors:0 dropped:0 overruns:0 frame:0
  TX packets:1631407780 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0 
  RX bytes:1140886155 (1.0 GiB)  TX bytes:1095793772 (1.0 GiB)

venet0Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
  inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  
Mask:255.255.255.255
  UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
  RX packets:4412 errors:0 dropped:0 overruns:0 frame:0
  TX packets:3471 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0 
  RX bytes:568119 (554.8 KiB)  TX bytes:537793 (525.1 KiB)

venet0:0  Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
  inet addr:85.214.16.64  P-t-P:85.214.16.64  Bcast:0.0.0.0  
Mask:255.255.255.255
  UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

I don't have any "interfaces = " or "bind interfaces only ="
configuration settings. Despite the above messages, "smbclient -L
localhost" works fine - but that is the only interface that works:

 [0] ebox:~# smbclient -L localhost
Password: 
Anonymous login successful
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.24]

Sharename   Type  Comment
-     ---
IPC$IPC   IPC Service (Samba 3.0.24)
Anonymous login successful
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.24]

Server   Comment
----

WorkgroupMaster
----
[0] ebox:~# smbclient -L 85.214.16.64
Error connecting to 85.214.16.64 (Connection refused)
Connection to 85.214.16.64 failed
  
I suppose the problem arises from the fact that Samba is running an a
virtual server with therefore unusal network interfaces. However,
apache for example works flawlessly so I think it should be possible
to run samba as well.

My system:
[0] ebox:~# smbd --version
Version 3.0.24
[0] ebox:~# uname -a
Linux ebox 2.6.9-023stab043.1-smp #1 SMP Mon Mar 5 16:38:22 MSK 2007 i686 
GNU/Linux


Thanks in advance for any hints,


  --Nikolaus
-- 
Gefährlich wird es, wenn die Dummen fleissig werden
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap_open: cannot access LDAP when not root..

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Eric PEYREMORTE wrote:
> Hi,
> 
> I often have theses messages on my two samba 3.0.25a servers.
> 
> What does it mean ?

I need more context.  Please file a bug report at attach
gzipped level 10 debug logs from smbd illustrating the problem.





cheers, jerry

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGhPqmIR7qMdg1EfYRAugFAJ9fly1vT6OyxbDzt2B7saZPo9QBegCg71Rq
lXETTJbIEr06lsCk/hlcXro=
=AzoZ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba shares slow

[Charles Marcus]

For now I'm going to use pure-ftpd and netdrive 
http://www.loyola.edu//netdrive/installingnetdrive/ a program that 
makes a window drive out of ftp. While its not very secure it seems to 
be very fast in both directions.


Be aware - netdrive is fairly old, and I had a lot of trouble with it 
causing mysterious problems on my XP Pro box - it was not very reliable, 
in other words...


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Help with smbmount

[James Watkins]

On Thursday 28 June 2007 20:33, Felipe Augusto van de Wiel wrote:
> On 06/22/2007 01:46 PM, Barry Stear wrote:
> > I am trying to mount another linux samba mount on my
> > linux machine. I can only mount using root account and
> > when i do this the permissions for the samba mount are
> > all owned by group root and user root. I want to have
> > rw access to this by myself. I have even specified in
> > the options of smbmount a uid and gid but still no
> > luck.
> 
>   Have you tried LinNighborhood?
> 
>   Mount a CIFS/SMB filesystem is not much different from
> a regular block device, the restrictions and security limitations
> still applies, you can add a line to /etc/fstab to allow users to
> mount it and specify the options.
> 
>   You can also use SUID approach or have it automounted on
> boot or other software. And using uid,gid is supposed to work.
> Can you show the command lines, permissions and errors? (Logs?)

I was recently caught out by the unix extensions that samba supports.  It 
turns out that if the server supports unix extensions then smbmount will 
apply the permissions as they are on the server and ignore the uid and gid 
options.  I dare say there may be a way to disable this at the smbmount end 
of things but I didn't have the time to find out so I just disabled unix 
extensions on the server.  If you find out how to do it at the client end I 
would be interested to know.

Cheers,

James.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain

[mikelOn]

Hi,

I have been trying different approaches to get it working and apparently I
do need nss installed to get it working (which I have not found as mandatory
in many tutorials). Once I installed nss-ldap and configured it still
failed, but then I removed the line "ldapsam:trusted = yes" and the machines
started to join the domain correctly.

Summing up, I needed nss-ldap and I did not need "ldapsam:trusted = yes".
Now I am trying to get the whole thing working with "ldapsam:trusted = yes"
uncommented.

Thank you all very much for your help. I expect to be able to help others
solve the problems I have had.


Edmundo Valle Neto wrote:
> 
> mikelOn escreveu:
>> The last few lines of the "pdbedit -v root" command show the following:
>>
>>
>> pm_process() returned Yes
>> smbldap_search_domain_info: Searching
>> for:[(&(objectClass=sambaDomain)(sambaDomainName=EREMU))]
>> smbldap_open_connection: connection opened
>> ldap_connect_system: succesful connection to the LDAP server
>> The LDAP server is succesfully connected
>> smbldap_search_domain_info: Searching
>> for:[(&(objectClass=sambaDomain)(sambaDomainName=EREMU))]
>> smbldap_open_connection: connection opened
>> ldap_connect_system: succesful connection to the LDAP server
>> The LDAP server is succesfully connected
>> init_sam_from_ldap: Entry found for user: root
>> Unix username:root
>> NT username:  root
>> Account Flags:[U  ]
>> User SID: S-1-5-21-325600022-3777026502-3741709481-500
>> ldapsam_getgroup: Did not find group
>> Primary Group SID:S-1-5-21-325600022-3777026502-3741709481-513
>> Full Name:root
>> Home Directory:   \\SAMBA\root
>> HomeDir Drive:H:
>> Logon Script: LOGON.BAT
>> Profile Path: \\SAMBA\profiles\root
>> Domain:   EREMU
>> Account desc:
>> Workstations:
>> Munged dial:
>> Logon time:   0
>> Logoff time:  mar, 19 ene 2038 04:14:07 CET
>> Kickoff time: mar, 19 ene 2038 04:14:07 CET
>> Password last set:mié, 27 jun 2007 20:35:52 CEST
>> Password can change:  0
>> Password must change: sáb, 11 ago 2007 20:35:52 CEST
>> Last bad password   : 0
>> Bad password count  : 0
>> Logon hours : FF
>>
>>
>> As you can see, the same error shows up: GROUP NOT FOUND
>>
>> Do you know why?
>>
>> Thanks
>>
>>
>> Edmundo Valle Neto wrote:
>>   
>>> mikelOn escreveu:
>>> 
 I have added the parameter "ldapsam:trusted = yes" and now the samba
 error
 has changed to NT_STATUS_UNSUCCESSFUL. The logs say the following:


 [2007/06/27 22:41:11, 4] auth/auth_sam.c:sam_account_ok(138)
   sam_account_ok: Checking SMB password for user root
 [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:push_sec_ctx(208)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
 [2007/06/27 22:41:11, 3] smbd/uid.c:push_conn_ctx(353)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
 [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
 [2007/06/27 22:41:11, 3]
 passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2663)
   primary group of [root] not found
 [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
 [2007/06/27 22:41:11, 0] auth/auth_sam.c:check_sam_security(352)
   check_sam_security: make_server_info_sam() failed with
 'NT_STATUS_UNSUCCESSFUL'
 [2007/06/27 22:41:11, 3] auth/auth_winbind.c:check_winbind_security(80)
   check_winbind_security: Not using winbind, requested domain [eremu]
 was
 for this SAM.
 [2007/06/27 22:41:11, 2] auth/auth.c:check_ntlm_password(319)
   check_ntlm_password:  Authentication for user [root] -> [root] FAILED
 with
 error NT_STATUS_UNSUCCESSFUL
 [2007/06/27 22:41:11, 3] smbd/error.c:error_packet(146)
   error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
 NT_STATUS_UNSUCCESSFUL
 [2007/06/27 22:41:11, 3] smbd/process.c:timeout_processing(1359)
   timeout_processing: End of file from client (client has
 disconnected).
 [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
 [2007/06/27 22:41:11, 3] smbd/connection.c:yield_connection(69)
   Yielding connection to
 [2007/06/27 22:41:11, 3] smbd/server.c:exit_server_common(675)
   Server exit (normal exit)


 Do you see anything familiar here?
 Thanks
   
   
>>> What "pdbedit -v root" shows?
>>>
>>> Regards.
>>>
>>> Edmundo Valle Net
> 
> Whats the output of:
> 
> net groupmap list
> smbldap-usershow root
> smbldap-groupshow "Domain Admins"
> 
> ?
> 
> ps: Im not interested in your password hashes :)
> 
> You said that root belongs to Domain Admins group, but the RID 513 is 
> the known RID of the Domin Users group.
> 
> 
> Regards.
> 
> Edmundo Valle Neto
> -- 
> To unsubscribe from this lis