Re: [Samba] A simple stand-alone scenario but "public" share doesn´t work

2007-12-28 Thread Yan Seiner 

Rolf Deenen wrote:


[shared]
   comment = Shared Directories
   browseable = no   <
   path=/home/samba/Documents
   writable = yes
   create mask = 0770
   directory mask = 0770
   browseable = yes  <




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Access to shares too slow

2007-12-28 Thread Ryan Novosielski 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Charles Marcus wrote:
> Just curious...
> 
>> The switch is set to 100-FDx (100baseT/Full Duplex), so everything
>> matches... 
> 
> You don't have this (a SERVER) plugged into a Gb switch? If not, why?
> You will get a huge performance boost...
> 
> Also, you have auto-neg enabled on the server - this can cause problems,
> it is better to manually set it to the desired link speed/mode.

This is somewhat of a falsehood. Sure, you can eliminate problems this
way, but I find most problems are NOT caused by autonegotiation, they
are caused by improperly configured switches. When both ends are
configured for BOTH speed and duplex of auto, things generally work
correctly nowadays. If one end is not set that way, the standard says to
try the highest speed and then drop progressively lower, ALL at half
duplex. This can cause a lot of problems. Let's say you have your
machine configured to 100/Full. Your switch, set to auto, WILL drop to
100/Half and you'll get a lot of errors. I'd say this is how 90% of
these problems occur.

With Sun machines, I know, you can force a certain speed by taking away
the card's ability to advertise a higher speed, while still leaving
autonegotiate on. Not sure how this works with other platforms.

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdX6Dmb+gadEcsb4RAjMHAJ9fFV3VWyOGl7/8+zzqqhawCc5ERgCfTaxz
MPkeq8U0mj/8oijIvi5ViD0=
=Z9M+
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] A simple stand-alone scenario but "public" share doesn´t work

2007-12-28 Thread Rolf Deenen 

Dear list,

For a simple home-network i recently installed Debian Etch on an extra
machine to act as server. It stores my mail, it acts as

webserver, firewall, dns-, dhcp- and database-server. All of these
services are running like a charm. The only thing left is

to get samba running. Well, it is running, but to get it running how i
want it to is a different matter i suppose, for i am

quite stuck here.

First, let me explain what i want. On my network there are two users,
"rolf" and "ingrid". I want both these users to have a

personal share on the server as well as a shared directory. Samba
version 3.0.24 is installed on the computer for this. I´ve

added these two statements in my /etc/samba/smb.conf :

[homes]
   comment = Home Directories
   browseable = no
   path=/home/%U/Documents
   writable = yes
   create mask = 0700
   directory mask = 0700

[shared]
   comment = Shared Directories
   browseable = no
   path=/home/samba/Documents
   writable = yes
   create mask = 0770
   directory mask = 0770
   browseable = yes

I added both users to the smb password database using the smbpasswd
command. After booting my windows XP laptop and logging

into the machine (local logon) with the same username-password
combination as i am known on the server i can see the contents

of \\Myservername. I see a share "rolf" and a share "shared". I can
access the share "rolf" without a problem, and create and

delete content on it. However, i  cannot get into the "shared" share
getting "access denied". The only way to get to the

share is by doing a "chmod 777" on /home/samba . I dislike this idea
very much. The filesystem-rights on this directory on

the server are as follows:

drwxrwx---  3 root   users  4096 2007-12-27 22:43 /home/samba

As such all groupmembers of the group "users" can access the
directory. They can however not access the "share", even though

they are members of the correct group.

While searching for information about this i am drowning in
information about things like authentication, group membership

and uid-to-sid-mapping. So much that i am losing overview. I therefore
have the following questions (to begin with :-) )

1. Should the above setup work and give the users "rolf" and "ingrid"
to the "shared" share?
2. Is there anybody else, using the same configuration who is willing
to explain how he/she did this?
3. Is there any documentation about setting the described scenario up?

Like i said, I've searched all over the web, but i found it hard to
find relative information. Some documentation i found

seem to suggest that the setup I've described here should simply work.
Other documentation describe setting up a similar

environment, but want to make the server a domain controller,  and the
samba howto gives so much information that a can not

determine what part of this information is relevant.

Thanks in advance,
Rolf Deenen
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems with Samba and Active Directory

2007-12-28 Thread Ryan 
I have version 5 installed, that was just the output of klist

Ya i have followed that and still no luck.  Accually, now im getting
different errors!  GAH!

When i try to connect after restarting the services, the logfile seems to
show its passing the domain FEDORAFTP.which makes NO sence

[2007/12/28 14:14:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029)
  Doing spnego session setup
[2007/12/28 14:14:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2007/12/28 14:14:57, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(739)
  Got user=[redwards] domain=[FEDORAFTP] workstation=[PIP03572] len1=24
len2=24

now i have the WTF going on lol

On Dec 28, 2007 2:01 PM, Dale Schroeder <[EMAIL PROTECTED]>
wrote:

>  Maybe it was a typo, but you mentioned Kerberos 4 in the original post.
> Do you have version 5 installed?
>
> > Kerberos 4 ticket cache: /tmp/tkt0
> > klist: You have no tickets cached
> > [EMAIL PROTECTED] /]#
>
> Not knowing everything you've done, perhaps try comparing what you did to
> the following two articles.  These are what I follow.
>
> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
>
> http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
>
> They cover Samba/winbind/nsswitch/kerberos/pam - everything needed for ADS
> integration.
>
> Dale
>
> Ryan wrote:
>
> Thanks, but now it throws a different error :(
>
> From log of computer tryin to connect to the share
>
> [2007/12/28 13:40:54, 3]
> libads/kerberos_verify.c:ads_secrets_verify_ticket(279)
>   ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
> Decrypt integrity check failed
> [2007/12/28 13:40:54, 3] libads/kerberos_verify.c:ads_verify_ticket(427)
>   ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check
> failed)
> [2007/12/28 13:40:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
>   Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
> [2007/12/28 13:40:54, 3] smbd/error.c:error_packet_set(106)
>   error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2007/12/28 13:40:54, 3] smbd/process.c:timeout_processing(1328)
>   timeout_processing: End of file from client (client has disconnected).
>
>
> noticed this in the log.smbd file
>
>
> [2007/12/28 13:40:19, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
>   ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
> [2007/12/28 13:40:19, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
>   ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
> found)
> [2007/12/28 13:40:19, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache]
> expiration Fri, 28 Dec 2007 23:40:19 CST
>
>
> Any other thoughts? :)
>
> Cheers!
>
>
> On Dec 28, 2007 1:29 PM, Dale Schroeder <[EMAIL PROTECTED]>
> wrote:
>
> > Ryan,
> >
> > In your share try prefacing domain users and groups with the workgroup:
> >
> >admin users = @"PIPFS#Domain Users"
> >valid users = @"PIPFS#Domain Users"
> >
> > This is required since Samba 3.0.23.
> >
> > Good luck,
> > Dale
> >
> > Ryan wrote:
> > > Afternoon!
> > >
> > > Let me apologize first if this is something s simple, but i have
> > been
> > > working on this for days and I'm still stuck on one part.
> > >
> > > Where to start.  Small user environment (under 100 users) using Active
> > > Directory on Win 2k3 server.  Running Fedora 8 on a server, and I am
> > trying
> > > to get it added to the domain, and to be able to access a share using
> > > Windows usernames and passwords.
> > >
> > > The server (known from here as fedoraftp) can kinit
> > >
> > > [EMAIL PROTECTED] /]# kinit Administrator
> > > Password for [EMAIL PROTECTED]:
> > > [EMAIL PROTECTED] /]# klist
> > > Ticket cache: FILE:/tmp/krb5cc_0
> > > Default principal: [EMAIL PROTECTED]
> > >
> > > Valid starting ExpiresService principal
> > > 12/28/07 12:44:31  12/28/07 22:44:35  krbtgt/[EMAIL PROTECTED]
> > > renew until 12/29/07 12:44:31
> > >
> > >
> > > Kerberos 4 ticket cache: /tmp/tkt0
> > > klist: You have no tickets cached
> > > [EMAIL PROTECTED] /]#
> > >
> > > It can join the domain
> > > [EMAIL PROTECTED] /]# net ads join -U Administrator
> > > Administrator's password:
> > > Using short domain name -- DOMAIN
> > > Joined 'FEDORAFTP' to realm 'DOMAIN.LOCAL'
> > > [EMAIL PROTECTED] /]#
> > >
> > > wbinfo -u, wbinfo -g, getent passwd and getent group both show correct
> > > information (not going to show output).  I can also login locally on
> > > fedoraftp using my windows username and password and not have any
> > issues.
> > > What i cannot get to work is accessing the share, as it wont take any
> > > username/password thrown at it.
> > >
> > > smb.conf
> > > [global]
> > > log file = /var/log/samba/log.%m
> > > guest account = admin
>

Re: [Samba] Problems with Samba and Active Directory

2007-12-28 Thread Ryan 
Thanks, but now it throws a different error :(

>From log of computer tryin to connect to the share

[2007/12/28 13:40:54, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(279)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2007/12/28 13:40:54, 3] libads/kerberos_verify.c:ads_verify_ticket(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check
failed)
[2007/12/28 13:40:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2007/12/28 13:40:54, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2007/12/28 13:40:54, 3] smbd/process.c:timeout_processing(1328)
  timeout_processing: End of file from client (client has disconnected).


noticed this in the log.smbd file


[2007/12/28 13:40:19, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2007/12/28 13:40:19, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2007/12/28 13:40:19, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache]
expiration Fri, 28 Dec 2007 23:40:19 CST


Any other thoughts? :)

Cheers!


On Dec 28, 2007 1:29 PM, Dale Schroeder <[EMAIL PROTECTED]>
wrote:

> Ryan,
>
> In your share try prefacing domain users and groups with the workgroup:
>
>admin users = @"PIPFS#Domain Users"
>valid users = @"PIPFS#Domain Users"
>
> This is required since Samba 3.0.23.
>
> Good luck,
> Dale
>
> Ryan wrote:
> > Afternoon!
> >
> > Let me apologize first if this is something s simple, but i have
> been
> > working on this for days and I'm still stuck on one part.
> >
> > Where to start.  Small user environment (under 100 users) using Active
> > Directory on Win 2k3 server.  Running Fedora 8 on a server, and I am
> trying
> > to get it added to the domain, and to be able to access a share using
> > Windows usernames and passwords.
> >
> > The server (known from here as fedoraftp) can kinit
> >
> > [EMAIL PROTECTED] /]# kinit Administrator
> > Password for [EMAIL PROTECTED]:
> > [EMAIL PROTECTED] /]# klist
> > Ticket cache: FILE:/tmp/krb5cc_0
> > Default principal: [EMAIL PROTECTED]
> >
> > Valid starting ExpiresService principal
> > 12/28/07 12:44:31  12/28/07 22:44:35  krbtgt/[EMAIL PROTECTED]
> > renew until 12/29/07 12:44:31
> >
> >
> > Kerberos 4 ticket cache: /tmp/tkt0
> > klist: You have no tickets cached
> > [EMAIL PROTECTED] /]#
> >
> > It can join the domain
> > [EMAIL PROTECTED] /]# net ads join -U Administrator
> > Administrator's password:
> > Using short domain name -- DOMAIN
> > Joined 'FEDORAFTP' to realm 'DOMAIN.LOCAL'
> > [EMAIL PROTECTED] /]#
> >
> > wbinfo -u, wbinfo -g, getent passwd and getent group both show correct
> > information (not going to show output).  I can also login locally on
> > fedoraftp using my windows username and password and not have any
> issues.
> > What i cannot get to work is accessing the share, as it wont take any
> > username/password thrown at it.
> >
> > smb.conf
> > [global]
> > log file = /var/log/samba/log.%m
> > guest account = admin
> > load printers = no
> > show add printer wizard = No
> > idmap gid = 1-2
> > smb passwd file = /etc/samba/smbpasswd
> > unix password sync = yes
> > guest ok = yes
> > encrypt passwords = yes
> > realm = PIPFS.LOCAL
> > template shell = /bin/bash
> > netbios name = FEDORAFTP
> > cups options = raw
> > server string = Fedora Server Ver %v
> > idmap uid = 1-2
> > password server = 192.168.0.240
> > winbind nested groups = yes
> > workgroup = PIPFS
> > dns proxy = no
> > passwd program = /usr/bin/passwd %u
> > obey pam restrictions = yes
> > os level = 20
> > security = ads
> > preferred master = no
> > max log size = 50
> > winbind separator = #
> > winbind cache time = 0
> > log level = 3
> > winbind enum users = yes
> > winbind enum groups = yes
> > winbind use default domain = yes
> > passdb backend = tdbsam
> >
> > [FTP]
> > msdfs root = yes
> > inherit permissions = yes
> > writeable = yes
> > admin users = @"domain users"
> > path = /home/ftpshare/
> > create mask = 700
> > directory mask = 700
> > valid users = admin,@"domain users",
> > inherit acls = yes
> > ; public=yes
> >
> > Output of /var/log/samba/log.smbd
> >
> > [2007/12/28 12:53:05, 0] smbd/server.c:main(944)
> >   smbd version 3.0.28-0.fc8 started.
> >   Copyright Andrew Tridgell and the Samba Team 1992-2007

Re: [Samba] Access to shares too slow

2007-12-28 Thread Charles Marcus 

On 12/28/2007, Martin Mielke ([EMAIL PROTECTED]) wrote:


# ethtool -s eth0 speed 1000 duplex full autoneg off
Cannot set new settings: Invalid argument
 not setting speed
 not setting duplex
 not setting autoneg

nor from the configuration files for eth0 under 
/etc/sysconfig/network-scripts/ifcfg-eth0 (in that case, I'd need to 
add

ETHTOOL_OPTS="speed 1000 duplex full autoneg off" in there)

therefore the switch negotiates 100BaseT...which could be the reason 
for my problems... :-/ 


What card/driver? Ethtool isn't supported (in part or whole) on all 
drivers. This could be one of those things that you may have had to deal 
with after the last reboot, but forgot about (or someone else handled it)...


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Access to shares too slow

2007-12-28 Thread Martin Mielke 

Charles Marcus wrote:

Just curious...

The switch is set to 100-FDx (100baseT/Full Duplex), so everything 
matches... 


You don't have this (a SERVER) plugged into a Gb switch? If not, why? 
You will get a huge performance boost...


Also, you have auto-neg enabled on the server - this can cause 
problems, it is better to manually set it to the desired link speed/mode.




the switches can handle 1000BaseT flawlessly but for some reason I still 
don't know I cannot change the link speed on the server...


It won't work from the command line:

# ethtool -s eth0 speed 1000 duplex full autoneg off
Cannot set new settings: Invalid argument
 not setting speed
 not setting duplex
 not setting autoneg

nor from the configuration files for eth0 under 
/etc/sysconfig/network-scripts/ifcfg-eth0 (in that case, I'd need to add

ETHTOOL_OPTS="speed 1000 duplex full autoneg off" in there)

therefore the switch negotiates 100BaseT...which could be the reason 
for my problems... :-/



Cheers,
Martin


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with Samba and Active Directory

2007-12-28 Thread Ryan 
Afternoon!

Let me apologize first if this is something s simple, but i have been
working on this for days and I'm still stuck on one part.

Where to start.  Small user environment (under 100 users) using Active
Directory on Win 2k3 server.  Running Fedora 8 on a server, and I am trying
to get it added to the domain, and to be able to access a share using
Windows usernames and passwords.

The server (known from here as fedoraftp) can kinit

[EMAIL PROTECTED] /]# kinit Administrator
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] /]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting ExpiresService principal
12/28/07 12:44:31  12/28/07 22:44:35  krbtgt/[EMAIL PROTECTED]
renew until 12/29/07 12:44:31


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[EMAIL PROTECTED] /]#

It can join the domain
[EMAIL PROTECTED] /]# net ads join -U Administrator
Administrator's password:
Using short domain name -- DOMAIN
Joined 'FEDORAFTP' to realm 'DOMAIN.LOCAL'
[EMAIL PROTECTED] /]#

wbinfo -u, wbinfo -g, getent passwd and getent group both show correct
information (not going to show output).  I can also login locally on
fedoraftp using my windows username and password and not have any issues.
What i cannot get to work is accessing the share, as it wont take any
username/password thrown at it.

smb.conf
[global]
log file = /var/log/samba/log.%m
guest account = admin
load printers = no
show add printer wizard = No
idmap gid = 1-2
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
guest ok = yes
encrypt passwords = yes
realm = PIPFS.LOCAL
template shell = /bin/bash
netbios name = FEDORAFTP
cups options = raw
server string = Fedora Server Ver %v
idmap uid = 1-2
password server = 192.168.0.240
winbind nested groups = yes
workgroup = PIPFS
dns proxy = no
passwd program = /usr/bin/passwd %u
obey pam restrictions = yes
os level = 20
security = ads
preferred master = no
max log size = 50
winbind separator = #
winbind cache time = 0
log level = 3
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
passdb backend = tdbsam

[FTP]
msdfs root = yes
inherit permissions = yes
writeable = yes
admin users = @"domain users"
path = /home/ftpshare/
create mask = 700
directory mask = 700
valid users = admin,@"domain users",
inherit acls = yes
; public=yes

Output of /var/log/samba/log.smbd

[2007/12/28 12:53:05, 0] smbd/server.c:main(944)
  smbd version 3.0.28-0.fc8 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/28 12:53:05, 2] param/loadparm.c:do_section(3796)
  Processing section "[FTP]"
[2007/12/28 12:53:05, 3] param/loadparm.c:lp_add_ipc(2711)
  adding IPC service
[2007/12/28 12:53:05, 3] printing/pcap.c:pcap_cache_reload(117)
  reloading printcap cache
[2007/12/28 12:53:05, 3] printing/pcap.c:pcap_cache_reload(223)
  reload status: ok
[2007/12/28 12:53:05, 3] printing/pcap.c:pcap_cache_reload(117)
  reloading printcap cache
[2007/12/28 12:53:05, 3] printing/pcap.c:pcap_cache_reload(223)
  reload status: ok
[2007/12/28 12:53:05, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.0.50 bcast=192.168.0.255 nmask=255.255.255.0
[2007/12/28 12:53:05, 3] smbd/server.c:main(982)
  loaded services
[2007/12/28 12:53:05, 3] smbd/server.c:main(997)
  Becoming a daemon.
[2007/12/28 12:53:05, 2] lib/tallocmsg.c:register_msg_pool_usage(105)
  Registered MSG_REQ_POOL_USAGE
[2007/12/28 12:53:05, 2] lib/dmallocmsg.c:register_dmalloc_msgs(75)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2007/12/28 12:53:05, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133)
  store_gid_sid_cache: gid 0 in cache ->
S-1-5-21-3422581952-716862249-2814536807-1002
[2007/12/28 12:53:05, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133)
  store_gid_sid_cache: gid 1 in cache -> S-1-5-32-544
[2007/12/28 12:53:05, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133)
  store_gid_sid_cache: gid 10001 in cache -> S-1-5-32-545
[2007/12/28 12:53:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/12/28 12:53:05, 3] smbd/uid.c:push_conn_ctx(358)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/12/28 12:53:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/12/28 12:53:05, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-22-1-0]
[2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5

Re: [Samba] Access to shares too slow

2007-12-28 Thread Martin Mielke 

Jeff Ross wrote:

Martin Mielke wrote:

Charles Marcus wrote:

Martin Mielke, on 12/28/2007 12:11 PM, said the following:
we recently moved our offices to a bigger place. Therefore all our 
servers and network electronic had to be turned off... :)


Well, I know it sounds odd but after the move Samba is much slower 
serving the shares and users have to wait ages for the information 
to be copied or moved across the network. In some cases, Windows 
desktops seem to freeze until the data is retrieved from the Samba 
server where the shares are hosted...


Nothing has been changed nor modified. System and network 
configurations remain the same, smb.conf is the same on the server, 
we use the same IP range, gateways, etc etc.


Any clues? Maybe I'm overseeing something really obvious... :-/


First, I'd be looking at any changes that were made since last 
reboot - many times I've been bit by some change that doesn't get 
applied until a reboot.


Other possibilities are a bad port on a switch (the one the server 
is on, since its affecting everyone) or a mismatched duplex mode on 
either the switch or server side of the network connection.




Hmmm...

Both Samba server and switches are configured to use the same speed 
and duplex mode.


Samba server:
---
# ethtool eth0
Settings for eth0:
   Supported ports: [ TP ]
   Supported link modes:   10baseT/Half 10baseT/Full
   100baseT/Half 100baseT/Full
   1000baseT/Full
   Supports auto-negotiation: Yes
   Advertised link modes:  10baseT/Half 10baseT/Full
   100baseT/Half 100baseT/Full
   1000baseT/Full
   Advertised auto-negotiation: Yes
   Speed: 100Mb/s
   Duplex: Full
   Port: Twisted Pair
   PHYAD: 1
   Transceiver: internal
   Auto-negotiation: on
   Supports Wake-on: d
   Wake-on: d
   Link detected: yes

---

The switch is set to 100-FDx (100baseT/Full Duplex), so everything 
matches...


Still confused...


Cheers,
Martin



Any chance you've accidentally got a loop going between switches?  
(i.e. two cables connecting two switches instead of one?)


Jeff


Nope.

I also thought of that :-)


Cheers

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Access to shares too slow

2007-12-28 Thread Charles Marcus 

Just curious...

The switch is set to 100-FDx (100baseT/Full Duplex), so everything matches... 


You don't have this (a SERVER) plugged into a Gb switch? If not, why? 
You will get a huge performance boost...


Also, you have auto-neg enabled on the server - this can cause problems, 
it is better to manually set it to the desired link speed/mode.


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Access to shares too slow

2007-12-28 Thread Martin Mielke 

Charles Marcus wrote:

Martin Mielke, on 12/28/2007 12:11 PM, said the following:
we recently moved our offices to a bigger place. Therefore all our 
servers and network electronic had to be turned off... :)


Well, I know it sounds odd but after the move Samba is much slower 
serving the shares and users have to wait ages for the information to 
be copied or moved across the network. In some cases, Windows 
desktops seem to freeze until the data is retrieved from the Samba 
server where the shares are hosted...


Nothing has been changed nor modified. System and network 
configurations remain the same, smb.conf is the same on the server, 
we use the same IP range, gateways, etc etc.


Any clues? Maybe I'm overseeing something really obvious... :-/


First, I'd be looking at any changes that were made since last reboot 
- many times I've been bit by some change that doesn't get applied 
until a reboot.


Other possibilities are a bad port on a switch (the one the server is 
on, since its affecting everyone) or a mismatched duplex mode on 
either the switch or server side of the network connection.




Hmmm...

Both Samba server and switches are configured to use the same speed and 
duplex mode.


Samba server:
---
# ethtool eth0
Settings for eth0:
   Supported ports: [ TP ]
   Supported link modes:   10baseT/Half 10baseT/Full
   100baseT/Half 100baseT/Full
   1000baseT/Full
   Supports auto-negotiation: Yes
   Advertised link modes:  10baseT/Half 10baseT/Full
   100baseT/Half 100baseT/Full
   1000baseT/Full
   Advertised auto-negotiation: Yes
   Speed: 100Mb/s
   Duplex: Full
   Port: Twisted Pair
   PHYAD: 1
   Transceiver: internal
   Auto-negotiation: on
   Supports Wake-on: d
   Wake-on: d
   Link detected: yes

---

The switch is set to 100-FDx (100baseT/Full Duplex), so everything 
matches...


Still confused...


Cheers,
Martin

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Access to shares too slow

2007-12-28 Thread Charles Marcus 

Martin Mielke, on 12/28/2007 12:11 PM, said the following:
we recently moved our offices to a bigger place. Therefore all our 
servers and network electronic had to be turned off... :)


Well, I know it sounds odd but after the move Samba is much slower 
serving the shares and users have to wait ages for the information to be 
copied or moved across the network. In some cases, Windows desktops seem 
to freeze until the data is retrieved from the Samba server where the 
shares are hosted...


Nothing has been changed nor modified. System and network configurations 
remain the same, smb.conf is the same on the server, we use the same IP 
range, gateways, etc etc.


Any clues? Maybe I'm overseeing something really obvious... :-/


First, I'd be looking at any changes that were made since last reboot - 
many times I've been bit by some change that doesn't get applied until a 
reboot.


Other possibilities are a bad port on a switch (the one the server is 
on, since its affecting everyone) or a mismatched duplex mode on either 
the switch or server side of the network connection.


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Access to shares too slow

2007-12-28 Thread Martin Mielke 

Hi all,

we recently moved our offices to a bigger place. Therefore all our 
servers and network electronic had to be turned off... :)


Well, I know it sounds odd but after the move Samba is much slower 
serving the shares and users have to wait ages for the information to be 
copied or moved across the network. In some cases, Windows desktops seem 
to freeze until the data is retrieved from the Samba server where the 
shares are hosted...


Nothing has been changed nor modified. System and network configurations 
remain the same, smb.conf is the same on the server, we use the same IP 
range, gateways, etc etc.


Any clues? Maybe I'm overseeing something really obvious... :-/


TIA,

Martin


--
*Martin Mielke*
Senior Systems Administrator

Casino.com

Envelope  *Email:* [EMAIL PROTECTED]

The contents of this email and any attachments are for the intended 
recipient(s) only. This email may contain proprietary, confidential, or 
otherwise private information belonging
to Casino.com (hereafter referred to as "The Company") or its 
affiliates. The Company does not take any responsibility for, or endorse 
any information which does not relate to its
official business, including personal mail and/or opinions by senders 
whether or not they are employed by The Company. If you receive a 
message that was not intended for you,
please notify the sender immediately (or forward the email to 
[EMAIL PROTECTED] ). Do not read, use or 
disclose the contents in any way and delete the message immediately.


The Company will take reasonable precautions but cannot ensure that this 
e-mail and any attachments will be free of errors, viruses, interception 
or interference.
Therefore The Company can not be held liable for any loss or damages 
incurred by you which have been caused by any of the foregoing. No 
undertaking, guarantee or other
obligation contained in this email or any attachments will bind The 
Company unless it is later confirmed in writing.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Fwd: Re: [Samba] password]

2007-12-28 Thread Ryan Novosielski 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Returning this reply to the list.

=R
- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdTG/mb+gadEcsb4RAtcvAJ9Pbi+V0ck1+hmL4JUJbef3wyrzRwCg5VeS
3I4T4WJrotGF7wKdanQn/to=
=kYvL
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + LDAP cannot get account from NT4

2007-12-28 Thread Stephen Vermeulen 
I recently worked through a migration of an NT4 PDC to a Samba PDC using
the vampire command,
while doing this I ran into some problems, possibly including your problem.

There are at least two steps to this procedure that are not included in
most of the documentation
on how to do this that I found on the net. These are:

1. you need to use the NT4 server's "Server Manager" tool to create a
backup domain
controller account for the Samba box before you issue the "net join" command

2. you need to manually change the SID of the Samba box to be the same as
the SID of the NT4 PDC that it will be replacing

You might also have forgotten to use "smbpasswd" to set the root account
password
into Samba.

I have written up a step-by-step procedure for doing the migration based
on my
experiences. I did repeat this procedure a few times from clean Linux
installs to
verify that it was repeatable.

Take a look at:

http://vermeulen.ca/linux-windows-nt.html

Regards,

Stephen



wilson kwok wrote:
> Can anyone help me to solve this problem ?
>  
> Thx !
>   
>> From: [EMAIL PROTECTED]> To: samba@lists.samba.org> Date: Fri, 28 Dec 2007 
>> 01:15:58 +0800> Subject: [Samba] Samba + LDAP cannot get account from NT4> > 
>> > Hello,> > I do a Migration from NT4 to Samba + LDAP, I already join Samba 
>> to NT4, when I type > net rpc vampire -S NT -U Administrator%nt, the 
>> following error occur,> > [2007/12/28 00:13:16, 0] 
>> rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2673) 
>> cli_rpc_pipe_open_schannel: failed to get schannel session key from server 
>> NT for domain SFA.[2007/12/28 00:13:16, 0] 
>> utils/net_rpc.c:run_rpc_command(151) Could not initialise schannel netlogon 
>> pipe. Error was NT_STATUS_INVALID_NETWORK_RESPONSE> > Thx> 
>> _> Express 
>> yourself instantly with MSN Messenger! Download today it's FREE!> 
>> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/> -- > To 
>> unsubscribe from this list go to the following URL and read the> 
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>> 
> _
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + LDAP cannot get account from NT4

2007-12-28 Thread Hans-Wilhelm Heisinger 
I migrated a few NT domains to Samba using the rpc net vampire command
to a tdbsam backend, and then move to a LDAP backend and was successful.
I had tried going directly to LDAP using the rpc net vampire command but
it failed like yours. However I have come across scripts that do this
migration in a book Windows to Linux Migration toolkit.


wilson kwok wrote:
> Can anyone help me to solve this problem ?
>  
> Thx !
>   
>> From: [EMAIL PROTECTED]> To: samba@lists.samba.org> Date: Fri, 28 Dec 2007 
>> 01:15:58 +0800> Subject: [Samba] Samba + LDAP cannot get account from NT4> > 
>> > Hello,> > I do a Migration from NT4 to Samba + LDAP, I already join Samba 
>> to NT4, when I type > net rpc vampire -S NT -U Administrator%nt, the 
>> following error occur,> > [2007/12/28 00:13:16, 0] 
>> rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2673) 
>> cli_rpc_pipe_open_schannel: failed to get schannel session key from server 
>> NT for domain SFA.[2007/12/28 00:13:16, 0] 
>> utils/net_rpc.c:run_rpc_command(151) Could not initialise schannel netlogon 
>> pipe. Error was NT_STATUS_INVALID_NETWORK_RESPONSE> > Thx> 
>> _> Express 
>> yourself instantly with MSN Messenger! Download today it's FREE!> 
>> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/> -- > To 
>> unsubscribe from this list go to the following URL and read the> 
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>> 
> _
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>   

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] password

2007-12-28 Thread Ryan Novosielski 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andrea Bencini wrote:
> I would like to know about "passwd program" and "passwd chat" (I have
> already read man of smb.conf)
> 
> 1- What is their function
> 2- When I should use them

Have you read Samba by example?

In any case, you're unlikely to get an answer unless you ask a more
specific question. My reading of the man page is that it's pretty clear
exactly what they do.

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdR2imb+gadEcsb4RAhRkAJ0btSqCQ81qwr4BOW0mwKq80yMNCQCfUh4Q
2b8+VasW3e6s2twk1lHXaJ4=
=hVaB
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Single Sign On, authentication, and Windows XP Home

2007-12-28 Thread Gary Dale 

Chris Smith wrote:

On Thursday 27 December 2007, Gary Dale wrote:
  

Not necessarily. If you have a business where each person only logs
onto one computer, then Home is probably all you need. For example, a
small business with only one computer in a department/section or one
with multiple computers but each staff member only uses the computer
assigned to them. This latter case covers a lot of businesses - but
many larger businesses in this class still should prefer Pro over
Home for domain policy setting.



There's always the exception but in most cases I find centralized 
authentication invaluable. No need to have local accounts whatsoever. 
Plus it's not just the system being used for login purposes, there's 
all of the other shared resources that need to be managed. IMO any 
business with 5 or more systems (and sometimes even fewer) can save 
lots of time and trouble by implementing domain control.


  
Actually, I look after an office with only two computers that needs Pro 
both for the roaming profiles (they want to able to work from either 
computer) and for the centralized backup roaming profiles allows (since 
the profiles are stored on the server, I just have to back up the one 
machine).


Having said that, there are other small offices where different 
circumstances make Pro unnecessary. For example, a lot of small 
businesses have an accountant come in to look after their books. He/She 
backs up the accounting files onto a USB stick so they always have an 
off-site backup. Other sites have a policy that all files are stored on 
the server so that "personal" files on your computer are your 
responsibility.


Small businesses don't usually have a lot of "shared resources" to be 
managed, so there's not a lot to gain by centralising the authentication 
- everything else is already pretty centralised on their one server.



Surprisingly, the place where probably Home shouldn't be used is at
home. At home you are quite likely to have different people using any
given computer and keeping passwords sync'ed is a problem.  However,
home users put up with it because they usually aren't running a
server.



I agree, but not for your reasons, only because Home has too many other 
limitations (only safe mode for acl editing).
  
ACL editing on a home network? Few home users would even know what it 
is.  :)


  

The expensive mistake  both home and business users are making is
using Windows in the first place.



That we can agree on.
  
The hard part is getting people to switch over.  I put Linux on a 
computer and people love it. It's getting them to even try that's 
difficult. The "better the devil you know" attitude is hard to overcome.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba + LDAP cannot get account from NT4

2007-12-28 Thread wilson kwok 

Can anyone help me to solve this problem ?
 
Thx !
> From: [EMAIL PROTECTED]> To: samba@lists.samba.org> Date: Fri, 28 Dec 2007 
> 01:15:58 +0800> Subject: [Samba] Samba + LDAP cannot get account from NT4> > 
> > Hello,> > I do a Migration from NT4 to Samba + LDAP, I already join Samba 
> to NT4, when I type > net rpc vampire -S NT -U Administrator%nt, the 
> following error occur,> > [2007/12/28 00:13:16, 0] 
> rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2673) 
> cli_rpc_pipe_open_schannel: failed to get schannel session key from server NT 
> for domain SFA.[2007/12/28 00:13:16, 0] utils/net_rpc.c:run_rpc_command(151) 
> Could not initialise schannel netlogon pipe. Error was 
> NT_STATUS_INVALID_NETWORK_RESPONSE> > Thx> 
> _> Express 
> yourself instantly with MSN Messenger! Download today it's FREE!> 
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/> -- > To 
> unsubscribe from this list go to the following URL and read the> 
> instructions: https://lists.samba.org/mailman/listinfo/samba
_
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] password

2007-12-28 Thread Andrea Bencini 
I would like to know about "passwd program" and "passwd chat" (I have 
already read man of smb.conf)


1- What is their function
2- When I should use them

Thanks
Andrea

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: mount.cifs and Posix acls

2007-12-28 Thread Pawel Jaworski 
I have read somewhere that ACL is supported neither by cifs, nor by 
smbfs. I think I found it in plans to implement it but not being sure... 
 can't find it anymore.


Pawel Jaworski

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] where is my PC in the workgroup

2007-12-28 Thread Adel ESSAFI 

Dear all
I have configured the KDE to browse windows network. all goes correctly, 
on linux and even on windows it does not show a pc called LP in the 
list. when I execute smbclient, it does not show the group of the PC 
alghout I have added it to the group "workgroup" and actibated the 
option netbios over TCP/IP.


Could you help please
Regards
Adel



[EMAIL PROTECTED] ~]$ /usr/bin/smbclient -I 192.168.1.127 -L LP -N
Domain=[LP] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

   Sharename   Type  Comment
   -     ---
   E$  Disk  Partage par défaut
   IPC$IPC   IPC distant
   print$  Disk  Pilotes d'imprimantes
   SharedDocs  Disk
   linuxplus   Disk
   bac 207 Disk
   partage Disk
   E   Disk
   ADMIN$  Disk  Administration à distance
   C$  Disk  Partage par défaut
   EPSONEPLPrinter   EPSON EPL-6200 Advanced
Domain=[LP] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

   Server   Comment
   ----

   WorkgroupMaster
   ----
[EMAIL PROTECTED] ~]$


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba