[Samba] smbpasswd -a not working with ldap

[James]

Hi i'm trying to add new samba users with an ldap backend
i can use smbpasswd to change current samba user passwords but if i try 
to add a user it won't add the attributes to the ldap account.

i have run smbpasswd -w already
I noticed that when running smbpasswd and adding a user the search 
filter is looking for a sambasamaccount but that attribute needs to be 
CREATED by smbpasswd -a right?

Debian Etch
Samba 3.0.24-6etch4
TIA

Here's my smb.conf and my smbpasswd debug

smb.conf

[global]
workgroup = PDC-TEST
netbios name = machine
server string = Samba %v


# Domain Directives #
os level = 65
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
#interfaces = eth1

# Generic Directives #
hide dot files = yes
security = user
max log size = 1000
log level = 9
syslog = 1666
username map = /etc/samba/smbusers
#passdb backend = tdbsam
# LDAP Directives #
passdb backend = ldapsam:"ldap://ldap-master.example.com";
ldap suffix = dc=example,dc=com
ldap admin dn = cn=admin,dc=example,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap uid = 1-2
idmap gid = 1-2

#add user script = /usr/sbin/smbldap-useradd -a -m "%u"
#add machine script = /usr/sbin/smbldap-useradd -a -w "%u"
#add group script = /usr/sbin/smbldap-groupadd -a -p "%g"
#add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
#set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

#passwd program = /usr/sbin/smbldap-passwd -u %u
#passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new 
password*" %n\n"



## Comment Out to Disable PASSWD Sync #
ldap passwd sync = yes
encrypt passwords = yes

[homes]
  comment = Home Directories
  browseable = no
  writable = no
  create mask = 0700
  directory mask = 0700
  valid users = %S

[netlogon]
   path = /var/lib/samba/netlogon
   guest ok = yes
   browseable = No

[profiles]
   comment = Network Profiles Service
   path = %H
   read only = no
   store dos attributes = yes
   create mask = 0700
   directory mask = 0700
   browseable = no


SMBPASSWD Debug:
# smbpasswd -a Admin -D 256
The LDAP server is succesfully connected
pdb backend ldapsam:"ldap://ldap-master.example.com"; has a valid init
New SMB password:
Retype new SMB password:
smbldap_search_ext: base => [dc=example,dc=com], filter => 
[(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2]

smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [Admin] count=0
Failed to modify password entry for user Admin


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem on displaying groupquota info

[Fabiano Caixeta Duarte]

Gentleman,

I have samba-3.0.25a working on a FreeBSD6.2 server.

It was been compiled with-quota support.

It was supposed to be working well with userquota and groupquota. Actually it 
is ok with userquotas. But it is passing wrong information about groupquota.


On the server, 'quota -g sti' shows

Disk quotas for group sti (gid 1001):
   Filesystem   usage   quota   limit   grace   files   quota   limit   grace
   /group 4339050 5242880 52428807279   0   0

As you can see, I set 5GB quota size for that group. Unfortunatelly, clients 
using windows are informed that this share has 63,9GB of total size and 34,6GB 
free space.


grep groupquota /etc/fstab says:
/dev/da0s1g  /group   ufs rw,noexec,groupquota,acls2 2

Note that quota is working well. No one can exceed the size.

The problem is restricted to wrong information.

I hope you can help.

Thanks in advance!

--
Fabiano Caixeta Duarte
Especialista em Redes de Computadores
Seção Técnica de Informática
FEA-RP/USP-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Illegal Characters in filename

[James Peach]

On 14/09/2007, Sean Dizazzo <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> We are sharing directories from Windows 2003 server to, among other
> things, Mac computers.  Most of the time the windows shares work
> perfectly.  However we are running into a problem with users entering
> odd characters into file names on the Mac clients.

What sort of characters?

> The Mac clients see these files/folders perfectly fine, as samba on
> the Mac allows for these odd characters.  However, if someone tries to
> access one of these files on a  windows client, the operation errors
> out.  The errors range from "not sufficient permissions" to "the file
> doesn't exist"

Which windows clients? If the server is happy to accept file names
with these characters in them, it's odd that clients would not also
accept them.

> For internal use, we can yell at the offenders to have them stop
> adding odd characters to the names.  This will work somewhat.  But
> some of these files and folders are created by external clients that
> are much harder to yell at.
>
> Is there any way to either use the mac samba client to limit the
> allowed characters, or to somehow force a filename change when an
> illegal character is entered?

Not to my knowledge.

The Mac client is not Samba, so you might have better luck on a
Mac-specific mailing list, eg:
http://lists.apple.com/mailman/listinfo/macos-x-server/

make sure you note what Os the mac clients are running and whether the
SMB client is the Apple one or the Thursby one

-- 
James Peach | [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Windows client hangs running .exe from Samba share

[CJ]

I'm running Mac OS X Server 10.4.1, smbd --version 3.0.10.

I have been using it for a couple years running roaming profiles for  
Windows 2000 clients with few problems.


It was time to reinstall the client machines with new applications,  
keeping Win2K as the client operating system.  I consulted my notes  
and adjusted the local system policies to exclude certain folders  
from the roaming profiles, map certain groups to local Administrators  
and Power Users, etc.  All's fine.


The users can log into the new machines fine, roaming profiles are  
working, and reads and writes to the network shares seem fine.


But if someone tries to run a small application file from a network  
share (examples being putty.exe and whoami.exe), windows explorer  
hangs - won't respond to any more input, the quick launch icons and  
task bar buttons disappear, and the machine must be rebooted.  I can  
copy putty.exe from the network share and run it from the local drive  
just fine.  Users on the client machines I haven't rebuilt yet can  
run it from the share without issue.


I really don't know what in Windows could be causing this and am  
wondering if anyone else has ever seen this.


Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Windows client hangs running .exe from Samba share

[CJ]

I'm running Mac OS X Server 10.4.1, smbd --version 3.0.10.

I have been using it for a couple years running roaming profiles for  
Windows 2000 clients with few problems.


It was time to reinstall the client machines with new applications,  
keeping Win2K as the client operating system.  I consulted my notes  
and adjusted the local system policies to exclude certain folders  
from the roaming profiles, map certain groups to local Administrators  
and Power Users, etc.  All's fine.


The users can log into the new machines fine, roaming profiles are  
working, and reads and writes to the network shares seem fine.


But if someone tries to run a small application file from a network  
share (examples being putty.exe and whoami.exe), windows explorer  
hangs - won't respond to any more input, the quick launch icons and  
task bar buttons disappear, and the machine must be rebooted.  I can  
copy putty.exe from the network share and run it from the local drive  
just fine.  Users on the client machines I haven't rebuilt yet can  
run it from the share without issue.


I really don't know what in Windows could be causing this and am  
wondering if anyone else has ever seen this.


Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Illegal Characters in filename

[Sean Dizazzo]

Hi all,

We are sharing directories from Windows 2003 server to, among other
things, Mac computers.  Most of the time the windows shares work
perfectly.  However we are running into a problem with users entering
odd characters into file names on the Mac clients.

The Mac clients see these files/folders perfectly fine, as samba on
the Mac allows for these odd characters.  However, if someone tries to
access one of these files on a  windows client, the operation errors
out.  The errors range from "not sufficient permissions" to "the file
doesn't exist"

For internal use, we can yell at the offenders to have them stop
adding odd characters to the names.  This will work somewhat.  But
some of these files and folders are created by external clients that
are much harder to yell at.

Is there any way to either use the mac samba client to limit the
allowed characters, or to somehow force a filename change when an
illegal character is entered?  For example, replacing the odd
character with an underscore?  Any solid way to solve this problem?

Any help you can offer would be greatly appreciated.

~Sean DiZazzo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Allowed punctuation in samba filenames?

[Jeremy Allison]

On Fri, Sep 14, 2007 at 09:56:56PM +0100, Matthew Studley wrote:
> hi 
> 
> I've run into problems moving stuff from one ext3 filesystem to another
> via samba.  It seems the problem is due to some punctuation not being
> allowed in paths/filenames.
> 
> Can anyone tell me where I can find a definitive list of allowed /
> illegal characters?

If you're using a modern Samba with a modern CIFS client
all POSIX pathnames are supported (via the UNIX extensions).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Allowed punctuation in samba filenames?

[Matthew Studley]

hi 

I've run into problems moving stuff from one ext3 filesystem to another
via samba.  It seems the problem is due to some punctuation not being
allowed in paths/filenames.

Can anyone tell me where I can find a definitive list of allowed /
illegal characters?

Thanks in advance

Matt 

-- 
==
Dr Matthew Studley
Lecturer : Robotics
Bristol Robotics Laboratory

Room 3Q75
University of the West of England
Coldharbour Lane
Bristol BS16 1QY

+44 (0)117 968 2671
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] NT4 PDC -> Samba/LDAP PDC failing to work

[Alan Silver]

Hi all:

I am trying to migrate my NT4 domain to a samba server which uses an 
LDAP server on the backend for authentication
This machine that I want to be the new PDC is running RHEL5 with samba 
3.0.23c and an openldap 2.3.27 running on the same machine.


I used the by-example page
http://us3.samba.org/samba/docs/man/Samba-Guide/ntmigration.html
as my guide

I set this up in a test environment first and it worked  seamlessly.

Then I tried it out on the production environment

My problems arose when I shut down the NT4 controllers and my samba 
server became the PDC. The samba machine became the PDC, but I was not 
able to log into the domain from any machine. It appears (at least to 
me) that the machine accounts are set up correctly.

The ldap entry looks like

dn: uid=SCANNER1$,ou=Computers,ou=core,dc=wisc,dc=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: SCANNER1$
sn: SCANNER1$
uid: SCANNER1$
uidNumber: 1344
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 9-999a-999b-99af-9b9b99c9c999
creatorsName: cn=Manager,dc=wisc,dc=edu
createTimestamp: 20070511203011Z
sambaSID: S-1-5-21-1-22-33-2370
displayName: UNIVERSI-TIYXWK$
sambaNTPassword: 0733ABB2C2BB1AA
sambaPwdLastSet: 1178423137
sambaAcctFlags: [W  ]
gidNumber: 513
sambaPrimaryGroupSID: S-1-5-21-1-22-33-513
entryCSN: 20070511203013Z#00#00#00
modifiersName: cn=Manager,dc=wisc,dc=edu
modifyTimestamp: 20070511203013Z


I have pasted what I think is the relevant portion of the log below. 
What is striking me is


"[2007/08/26 16:52:54, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
 _net_auth2: creds_server_check failed. Rejecting auth request from 
client SCANNER1 machine account SCANNER1$"


Does anyone have any experience with such an error? I saw people on this 
mailing list having the same problem, but I didn't see any responses



[2007/08/26 16:52:54, 5] lib/smbldap.c:smbldap_search_ext(1179)
 smbldap_search_ext: base => [ou=core,dc=wisc,dc=edu], filter => 
[(&(uid=SCANNER1$)(objectclass=sambaSamAccount))], scope => [2]

[2007/08/26 16:52:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
 init_sam_from_ldap: Entry found for user: SCANNER1$
[2007/08/26 16:52:54, 4] lib/substitute.c:automount_server(407)
 Home server: smb_pdc
[2007/08/26 16:52:54, 4] lib/substitute.c:automount_server(407)
 Home server: smb_pdc
[2007/08/26 16:52:54, 5] lib/smbldap.c:smbldap_search_ext(1179)
 smbldap_search_ext: base => [ou=Groups,ou=core,dc=wisc,dc=edu], filter 
=> [(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2]

[2007/08/26 16:52:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2136)
 init_group_from_ldap: Entry found for group: 513
[2007/08/26 16:52:54, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2007/08/26 16:52:54, 3] smbd/uid.c:push_conn_ctx(345)
 push_conn_ctx(101) : conn_ctx_stack_ndx = 1
[2007/08/26 16:52:54, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2007/08/26 16:52:54, 5] auth/auth_util.c:debug_nt_user_token(448)
 NT user token: (NULL)
[2007/08/26 16:52:54, 5] auth/auth_util.c:debug_unix_user_token(474)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2007/08/26 16:52:54, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1478)
 lookup_global_sam_rid: looking up RID 513.
[2007/08/26 16:52:54, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2007/08/26 16:52:54, 3] smbd/uid.c:push_conn_ctx(345)
 push_conn_ctx(101) : conn_ctx_stack_ndx = 2
[2007/08/26 16:52:54, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2007/08/26 16:52:54, 5] auth/auth_util.c:debug_nt_user_token(448)
 NT user token: (NULL)
[2007/08/26 16:52:54, 5] auth/auth_util.c:debug_unix_user_token(474)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2007/08/26 16:52:54, 5] lib/smbldap.c:smbldap_search_ext(1179)
 smbldap_search_ext: base => [ou=core,dc=wisc,dc=edu], filter => 
[(&(sambaSID=S-1-5-21-1-22-33-513)(objectclass=sambaSamAcco

unt))], scope => [2]
[2007/08/26 16:52:54, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
 ldapsam_getsampwsid: Unable to locate SID 
[S-1-5-21-1-22-3-513] count=0

[2007/08/26 16:52:54, 5] lib/smbldap.c:smbldap_search_ext(1179)
 smbldap_search_ext: base => [ou=Groups,ou=core,dc=wisc,dc=edu], filter 
=> [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1-22

-33-513))], scope => [2]
[2007/08/26 16:52:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2136)
 init_group_from_ldap: Entry found for group: 513
[2007/08/26 16:52:54, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ct

Re: [Samba] ADS authentication error

[Kevin R. Gutch]

That did the trick!

Thanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Adding printer port from Win2K client

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

James Perry wrote:

> I click Add..., and follow the APW (Add Port Wizard) right up
> through the last step (same as I would if I were installing the printer
> on the machine locally), and click OK -- at this point I get a "Access
> Denied" dialog. I am using an account with SePrintOperatorPrivelege
> privileges, as I was able to upload the drivers to the server. Maybe
> this can not be done this way, and I have to configure the networked
> printers on the server, I don't know -- I'm relatively new to this. I've
> searched the web, looked through loads of documentation, and I don't
> find anything that elaborates on setting up additional printer ports on
> the server.

James,

Do you have an "add port command" and "enum ports command" defined
in smb.conf?





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG6rj+IR7qMdg1EfYRAgdoAJ0fMleybw+2ZL0i3syg7yITGEOi8QCgo9oW
T8qaA9+NtYbBbqk2PeWCtcA=
=NUCI
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Adding printer port from Win2K client

[James Perry]

Hello all,

I have been using the latest edition of "Using Samba" to set up a  
Samba server in our local school. Everything has been working great  
thus far. I've been asked to get printers going, so I thought I would  
share the printers using Samba, and have the clients 'connect' to the  
printers and get the drivers from the server. This works fine if I  
install, say, a HP LaserJet 4 on the local parallel printer port of  
the server, I can share the printer, the drivers get installed on the  
clients when I connect, and I can print fine.


My problem is in trying to add additional printer ports. Maybe this  
can't be done, or I have to find an alternate way of doing this. I  
have 2 HP LaserJet 5Si printers, both are network printers. I don't  
want to have to install drivers locally on every single machine, so I  
thought I would try to set up the TCP/IP printer ports and bind the  
printers to these ports, and all would be wonderful. I go to the  
server properties dialog, and go to the ports tab, and the generic  
Samba printer port is available. I click Add..., and follow the APW  
(Add Port Wizard) right up through the last step (same as I would if  
I were installing the printer on the machine locally), and click OK  
-- at this point I get a "Access Denied" dialog. I am using an  
account with SePrintOperatorPrivelege privileges, as I was able to  
upload the drivers to the server. Maybe this can not be done this  
way, and I have to configure the networked printers on the server, I  
don't know -- I'm relatively new to this. I've searched the web,  
looked through loads of documentation, and I don't find anything that  
elaborates on setting up additional printer ports on the server.


If anyone has some experience with this and could enlighten me, I'd  
be forever in your debt :-)


Other than this small hurdle, Samba has been fantastic!!

Samba Rocks!

JP
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: R: R: [Samba] howwinbind cache time works

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

(CC'ing back on list)

Gianluca Culot wrote:

> When the users change their passwords on the AD domain server  
> it takes one hour before winbind starts refusing the old
> password (as it is in cache, I suppose)

Nope.  This is a Windows DC bug.
  https://bugzilla.samba.org/show_bug.cgi?id=2874

Unless you have enabled "winbind offline logons = yes",
passwords are never cached in Winbind.

> and failing authentication, forcing the user to enter 
> the new password (for example in email client)
>
> So I was thinking about lowering cache timeout... But I'm 
> not happy about this.

Try setting "krb5_auth = yes" in /etc/security/pam_winbind.conf
(assuming you are running a recent version of Winbind).




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG6q+AIR7qMdg1EfYRAg3mAKDpt5IajIKNUIOWRolCYOCmHCM4mgCdFsgd
VQti17imu6oIB011Gr05q7k=
=lYxc
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ADS authentication error

[simo]

On Fri, 2007-09-14 at 11:39 -0400, Kevin R. Gutch wrote:
> Hi,
> 
> I have a fresh install of Fedora 7 and Samba (Version 3.0.26a-0.fc7). 
> Trying to set up ADS authentication. I try "net ads join -U 
> Administrator" and receive the following error
> 
> "net: relocation error: net: symbol krb5_get_init_creds_opt_alloc, 
> version krb5_3_MIT not defined in file libkrb5.so.3 with link time 
> reference"
> 
> Does anyone know how to fix this?

Have you updated the MIT libraries as well ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: [EMAIL PROTECTED]
http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ADS authentication error

[Kevin R. Gutch]

Hi,

I have a fresh install of Fedora 7 and Samba (Version 3.0.26a-0.fc7). 
Trying to set up ADS authentication. I try "net ads join -U 
Administrator" and receive the following error


"net: relocation error: net: symbol krb5_get_init_creds_opt_alloc, 
version krb5_3_MIT not defined in file libkrb5.so.3 with link time 
reference"


Does anyone know how to fix this?


-Kevin

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: NT4 domain authentication password expires, but is set not to

[Sunny]

On 9/13/07, Sunny <[EMAIL PROTECTED]> wrote:
> I have OpenSuse 10.2 authenticating against NT 4 domain.
>

Here is my smb.conf file:

[global]
workgroup = ICEBERG
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
idmap gid = 1-2
idmap uid = 1-2
security = domain
template shell = /bin/bash
usershare max shares = 100
domain logons = No
domain master = No
password server = *
winbind enum users = Yes
winbind enum groups = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/

[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes

-- 
Svetoslav Milenov (Sunny)

Even the most advanced equipment in the hands of the ignorant is just
a pile of scrap.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba don't see DC

[calvano69]

Hi

now, i have added my server to my AD, the command net ads join work's and with 
kerberos, i can verify login/pass.

But when i sent wbinfo -t i have:

[EMAIL PROTECTED] samba]# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233)
Could not check secret

i don't know why he don't see the DC ... anyone have a idea ?

into log, i have:

[EMAIL PROTECTED] samba]# [2007/09/14 17:45:26, 6] 
nsswitch/winbindd.c:new_connection(638)
  accepted socket 17
[2007/09/14 17:45:26, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INTERFACE_VERSION
[2007/09/14 17:45:26, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(454)
  [0]: request interface version
[2007/09/14 17:45:26, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/09/14 17:45:26, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
  [0]: request location of privileged pipe
[2007/09/14 17:45:26, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 18
[2007/09/14 17:45:26, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn CHECK_MACHACC
[2007/09/14 17:45:26, 3] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(35)
  [0]: check machine account
[2007/09/14 17:45:26, 10] 
nsswitch/winbindd_cache.c:cache_retrieve_response(1534)
  Retrieving response for pid 14737


into my AD, see my server into machine account

thanks for your help

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] password syncronization issue...

[John Saroglou]

Greetings,

Has anyone had any success with samba-3.25[a-c] under solaris10 amd64
using 'unix password sync=yes' option?

% smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
machine 127.0.0.1 rejected the password change: Error was : RAP86: The
specified password is invalid. Password changed for user sambatest

debugging reveals the following condition:

[2007/09/13 22:05:15, 3] smbd/chgpasswd.c:chat_with_program(430)
  chat_with_program: Dochild for user sambatest (uid=0,gid=0) (as_root
= Yes) [2007/09/13 22:05:15, 3] smbd/chgpasswd.c:dochild(200)
  could not read default terminal attributes on pty
[2007/09/13 22:05:15, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/09/13 22:05:15, 0] smbd/chgpasswd.c:chat_with_program(440)
  chat_with_program: Error: dochild() returned 0
[2007/09/13 22:05:15, 5] lib/util_sock.c:read_socket_with_timeout(485)
  read_socket_with_timeout: timeout read. EOF from client.
[2007/09/13 22:05:15, 2] smbd/chgpasswd.c:expect(285)
  expect: Error 0
[2007/09/13 22:05:15, 3] smbd/chgpasswd.c:talktochild(316)
  Response 1 incorrect
[2007/09/13 22:05:15, 3] smbd/chgpasswd.c:chat_with_program(372)
  chat_with_program: Child failed to change password: sambatest


my config is:

security = user
bind interfaces only = yes
interfaces=e1000g0 lo0
passwd program = /bin/passwd %u
passwd 
chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\spassword\ssuccessfully\schanged*\n
 
passdb backend = tdbsam 
unix password sync = yes 
encrypt passwords =yes 
local master = no 
log level=5 
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY

Thanks in advance.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: R: [Samba] howwinbind cache time works

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gianluca,

> So cache time will start some kind of job and lowering it 
> too much would pose some stressing on servers and network ?

Yup.  The cache is used for things like user and group
enumeration, name2sid conversions, etc

> what would a reasonable value for that param ?

Most of this information is static and rarely changes.
IIRC, the default in current releases is 15 minutes.
Unless you rename users/groups frequently, the default
should be fine although it can be useful at much higher
cache timeouts.

> Actually I've set it at 3600, but as users are blaming for 
> new password to be accepted too slowly...

You mean the login is slow?  I'd tail a level 10 winbindd log
during login to find the delay.

> I was planning to  lower it at 60... Would it be advisable ?

No.  Much too low IMO.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG6pp/IR7qMdg1EfYRAmqqAJ44Ow1WQRaUQPSMUOctJ+M2UeowOQCgwDW4
wcNt3+Yj1b8FWgTtk9jTUtc=
=ieyn
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

R: [Samba] howwinbind cache time works

[Gianluca Culot]

> -Messaggio originale-
> Da: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
> Inviato: venerdì 14 settembre 2007 14.59
> A: Gianluca Culot
> Cc: [EMAIL PROTECTED] Samba. Org
> Oggetto: Re: [Samba] howwinbind cache time works
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Gianluca Culot wrote:
> > Hello list
> >  
> > I' ve a question regarding Samba Documentation
> >  
> > I could not figure out how Winbind chace time works
> >  
> > I know thsi parameter is user to configure a period of time 
> in which 
> > the samba server  "retain" user credential to speed up access...
> > What I need to know is WHEN this time starts and is renewed
> >  
> > the countdown is restarted every time the user authenticates ?
> > or is a cicle starting since the first user login (let's say of the 
> > day ) and is restarted at the first user login after the 
> countdown expired ?
> 
> The "winbind cache time" refers to a period check made by winbindd.
> It is not related to the time a user logs one.  It is more 
> reasonably related to the start time of winbindd.
> 
> 
> 
> 
> 
> cheers, jerry
> =
> Samba--- http://www.samba.org
> Centeris ---  http://www.centeris.com
> "What man is a man who does not make the world better?"  --Balian
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2.2 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFG6oWIIR7qMdg1EfYRAsYQAJsEhkRxglreamlO5qkV251BlP+uWACgu6Z1
> sP4qpywNyLYzOusKjfU87Fc=
> =C+Q+
> -END PGP SIGNATURE-
> 

Hello Gerald and thanks for the info

But, 
So cache time will start some kind of job and lowering it too much would
bose some stressing on servers and network ?

what would a reasonable value for that param ?
Actually I've set it at 3600, but as users are blaming for new password to
be accepted too slowly... I was planning to lower it at 60...
Would it be advisable ?

Regards


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.26a Standalone Up 3 day no complaints!

[David C. Rankin]

Jerry,

3.0.26a in standalone mode has been up for 3 days and so far no
problems and no repeat of 3.0.25c Going Nuts...

-- 
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] howwinbind cache time works

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gianluca Culot wrote:
> Hello list
>  
> I' ve a question regarding Samba Documentation
>  
> I could not figure out how Winbind chace time works
>  
> I know thsi parameter is user to configure a period of time in which the
> samba server  "retain" user credential to speed up access... 
> What I need to know is WHEN this time starts and is renewed
>  
> the countdown is restarted every time the user authenticates ?
> or is a cicle starting since the first user login (let's say of the day )
> and is restarted at the first user login after the countdown expired ?

The "winbind cache time" refers to a period check made by winbindd.
It is not related to the time a user logs one.  It is more
reasonably related to the start time of winbindd.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG6oWIIR7qMdg1EfYRAsYQAJsEhkRxglreamlO5qkV251BlP+uWACgu6Z1
sP4qpywNyLYzOusKjfU87Fc=
=C+Q+
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem while accessing DFS links.

[Avinash]

Hi All ,

I am trying to navigate the DFS links, but getting the following error.

cli_negprot: SMB signing is mandatory and we have disabled it.
protocol negotiation failed
Couldn't resolve \sal1

where sal1 is the DFS link created under STAND ALONE ROOT.

Could any one of you please help me to get rid of this error ?

Thanks and Regards,
-Avinash
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] howwinbind cache time works

[Gianluca Culot]

Hello list
 
I' ve a question regarding Samba Documentation
 
I could not figure out how Winbind chace time works
 
I know thsi parameter is user to configure a period of time in which the
samba server  "retain" user credential to speed up access... 
What I need to know is WHEN this time starts and is renewed
 
the countdown is restarted every time the user authenticates ?
or is a cicle starting since the first user login (let's say of the day )
and is restarted at the first user login after the countdown expired ?
 
Thanks
 

--
Gianluca Culot
DMS Multimedia
Via delle Arti e dei Mestieri, 6
20050 Sulbiate (Mi) - Italy
Tel: +39 039 5968925
Fax: +39 039 3309813

www.dmsware.com 

Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in
questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora
il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza
copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il
mittente comunica che il presente messaggio ed ogni suo allegato, al momento
dell’invio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri
tipo di codice software dannoso. Questo messaggio e i suoi allegati
potrebbero essere stati infettati durante la trasmissione. Leggendo il
messaggio e/o aprendo gli allegati, il Destinatario si prende la piena
responsabilità nei confronti di ogni azione protettiva o di rimedio per la
rimozione di virus ed altri difetti. DMS Multimedia non potrà essere
considerata responsabile per qualsivoglia danno o perdita derivata qualunque
modo da questo messaggio o dai suoi allegati.

The information in this electronic mail message, including any attachments,
is confidential and may be legally privileged. It is intended solely for the
addressee(s). Access to this Internet electronic mail message by anyone else
is unauthorised. If you are not the intended recipient, any disclosure,
copying, distribution or action taken or omitted to be taken in reliance on
it is prohibited and may be unlawful. The sender believes that this E-mail
and any attachments were free of any virus, worm, Trojan horse, and/or
malicious code when sent. This message and its attachments could have been
infected during transmission. By reading the message and opening the
attachments, the recipient accepts full responsibility for taking protective
and remedial action about viruses and other defects.DMS Multimedia is not
liable for any loss or damage arising in any way from this message or its
attachments 

 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba