Re: [Samba] problems setting a public share

[Michael Heydon]

you will need to show us your entire config, not just the share

do you have a map to guest line? does your guest user exist?

*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 


Luca Ferrari wrote:

Hi all,
my samba server has security set to user, and it works for each share I 
specify a valid users list. However, the following public share does not 
work:


[PUB_SMB]
comment   = Cartella pubblica (Mac e PC) - Non viene fatto il 
backup

path  = /mnt/samba/pub_smb
browsable = yes
available = yes
writable  = yes
printable = no
force group   = pub
guest ok  = yes
public= yes

I found in the logs that 
make_connection: connection to PUB_SMB denied due to security descriptor.


If I connect to the share authenticating as a user I can log-in, but as a 
guest no. I've tried to delete the file /var/lib/samba/share_info.tbd, but 
once I try to reconnect the file appears again, and even when the file is 
absent I cannot connect to the share.


Any idea?

Thanks,
Luca
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Fwd: file locking issue

[Jim Young]

-- Forwarded message --
From: Jim Young <[EMAIL PROTECTED]>
Date: 7 Apr 2008 09:11
Subject: file locking issue
To: samba@lists.samba.org

Hello,
  Until recently, I could work from my samba share and do the following:
Edit a latex document, compile, view its pdf output in kpdf/xpdf.  Leave the
pdf viewer open, modify the document, recompile. then get the pdf viewer to
reload (r key in xpdf). This no longer works, as the latex compile complains
that it cannot open the output pdf file for writing.

this seems like a file lock issue but I am unsure where it is happening. My
previous usage should be perfectly safe since xpdf should only open for
reading. I am not sure which upgrades correspond to this breaking as I was
not using latex continuously.

  I am running Debian Unstable, using smbclient/smbfs 3.0.28a-1 to connect
to a samba server (unix backend) on my university network. Server:
Samba3.0.10-1.4E

I mount the smb share in my fstab as follows:

//myserver/jyoung/mnt/unismbfs
credentials=credsfile,gid=jyoung,uid=jyoung,auto,rw


I spoke with my system administrator and he said it may also be possible to
get the server settings changed depending on what is required (and the
implications).

Thanks

Jim


-- 
James Young, B.Sc.
Ph.D. Student
Interactions laboratory, Department of Computer Science, University of
Calgary
2500 University Drive NW, Calgary, Alberta, Canada, T2N 1N4
Phone: +1.403.210.9502
E-mail: [EMAIL PROTECTED]
URL: 
http://pages.cpsc.ucalgary.ca/~jyoung/

-- 
James Young, B.Sc.
Ph.D. Student
Interactions laboratory, Department of Computer Science, University of
Calgary
2500 University Drive NW, Calgary, Alberta, Canada, T2N 1N4
Phone: +1.403.210.9502
E-mail: [EMAIL PROTECTED]
URL: http://pages.cpsc.ucalgary.ca/~jyoung/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ACL/Excel file issue

[Ben Tisdall]

Hi,

I've just upgraded an organisation from 3.0.23a to 3.0.25b on CentOS.

Everything went fine excpet they're having an issue with Excel files 
going RO which perhaps is related to acls.


$ ls foo.xls
-r--rwxr--+ 1 mr.bogus staff 101376 Apr  8 12:59 08-04-04 foo.xls

and getfacl gives:

# owner: mr.bogus
# group: staff
user::r--
user:mr.test:rw-
group::rw-
mask::rwx
other::r--

This is the testparm output with extraneous shares pruned out. It's the 
same conf as the old server.


[global]
workgroup = REDRESSTRUST
netbios name = REDRESS3
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://127.10.0.1:1389
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n 
*Password*changed*

username map = /etc/samba/users.conf
log level = 1
syslog = 0
name resolve order = wins bcast hosts
time server = Yes
printcap name = cups
show add printer wizard = No
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x 
"%u" "%g"

set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = login.bat
logon drive = P:
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = uid=admin,dc=redress,dc=org
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = dc=redress,dc=org
ldap ssl = no
ldap user suffix = ou=users
printing = cups
print command =
lpq command = %p
lprm command =
hide files = /desktop.ini/
map archive = No
include = /etc/samba/shares.conf

[OrgData]
comment = "STAFF read/write, others read"
path = /space/data1/orgdata
valid users = root, @staff
read only = No
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775

Thanks,

--
Ben Tisdall
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] disable '_' to '/' replacement in %S for default service configuration

[Paul B. Henson]

We've been using a fairly old version of samba for quite some time to serve
user home directories and group project directories with a configuration
approximately like:

-
[global]
default service = groups

[homes]
path = /export/user/%u

[groups]
path = /export/group/%S
-

This has worked out very well, the samba configuration is minimal, and does
not need to be changed as users/groups come and go.

However, while trying to use the same configuration for a newer version of
Samba, groups with _'s in their names were not working.

On reviewing the documentation, I found out that at some point Samba
started translating _'s to /'s for the %S substitution in the default
service.

That breaks our configuration, for a group 'foo_bar' Samba tries to access
/export/group/foo/bar instead of /export/group/foo_bar.

Is there any way to disable this translation such that %S is substituted as
is and prevent the mangling? I really don't want to have to explicitly list
every group in the Samba configuration, there are thousands.

Thanks...

-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  [EMAIL PROTECTED]
California State Polytechnic University  |  Pomona CA 91768
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] "restrict anonymous = 2" breaks Dfs root functionality

[Paul B. Henson]

I've been trying to get samba working as a msdfs root server, but was
having a problem where the client did not recognize the server as a Dfs
root.

After twiddling with the configuration for a while, I narrowed it down to
the "restrict anonymous" configuration setting. When that option was set to
2, the client did not recognize the server as a msdfs root. When either
left at the default, or configured to 1, the client did recognize the
server as a Dfs root and worked fine.

While researching potential causes of my problem, I didn't find any
material regarding the restrict anonymous settings possibly causing Dfs
problems. The documentation indicated that setting restrict anonymous = 2
might break some third-party applications, but perhaps it would be good to
explicitly indicate in the smb.conf man page that it also breaks Dfs?


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  [EMAIL PROTECTED]
California State Polytechnic University  |  Pomona CA 91768
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] unable to compile samba 3.0.28a on RHEL 5.1 i386

[Adam Williams]

thanks that did it, gcc wasn't installed for some reason :), yum -y 
install gcc-* worked and samba compiled fine.


Randall Svancara wrote:

Try this and report back the output:


rpm -qa |grep gcc

Thanks,

Randall



On Tue, 2008-04-08 at 14:04 -0500, Adam Williams wrote:
  
any ideas why it won't compile? running 
/root/samba-3.0.28a/packaging/RHEL/makerpms.sh

eventually it gets to:



./autogen.sh: running script/mkversion.sh
./script/mkversion.sh: 'include/version.h' created for
Samba("3.0.28a")
./autogen.sh: running autoheader -I. -Ilib/replace
./autogen.sh: running autoconf -I. -Ilib/replace
Now run ./configure and then make.
+ CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 
-mtune=generic -fasynchronous-unwind-tables  -D_GNU_SOURCE'
+ ./configure --prefix=/usr --localstatedir=/var 
--with-configdir=/etc/samba --with-libdir=/usr/lib/samba 
--with-lockdir=/var/lib/samba --with-logfilebase=/var/log/samba 
--with-mandir=/usr/share/man --with-piddir=/var/run 
--with-privatedir=/etc/samba 
--with-sambabook=/usr/share/swat/using_samba 
--with-swatdir=/usr/share/swat --enable-cups --with-acl-support 
--with-ads --with-automount --with-fhs --with-pam_smbpass 
--with-libsmbclient --with-libsmbsharemodes --without-smbwrapper 
--with-pam --with-quotas --with-shared-modules=idmap_rid,idmap_ad 
--with-smbmount --with-syslog --with-utmp --with-dnsupdate

SAMBA VERSION: 3.0.28a
LIBREPLACE_LOCATION_CHECKS: START
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
LIBREPLACE_LOCATION_CHECKS: END
LIBREPLACE_CC_CHECKS: START
checking for gcc... gcc
checking for C compiler default output file name... configure: error:
C 
compiler cannot create executables

See `config.log' for more details.
error: Bad exit status from /var/tmp/rpm-tmp.12141 (%build)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.12141 (%build)
makerpms.sh: Done.



and config.log:

[EMAIL PROTECTED] RHEL]# cat 
/usr/src/redhat/BUILD/samba-3.0.28a/source/config.log |more

This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by configure, which was
generated by GNU Autoconf 2.59.  Invocation command line was

  $ ./configure --prefix=/usr --localstatedir=/var 
--with-configdir=/etc/samba -
-with-libdir=/usr/lib/samba --with-lockdir=/var/lib/samba 
--with-logfilebase=/va
r/log/samba --with-mandir=/usr/share/man --with-piddir=/var/run 
--with-privatedi
r=/etc/samba --with-sambabook=/usr/share/swat/using_samba 
--with-swatdir=/usr/sh
are/swat --enable-cups --with-acl-support --with-ads --with-automount 
--with-fhs
 --with-pam_smbpass --with-libsmbclient --with-libsmbsharemodes 
--without-smbwra

pper --with-pam --with-quotas
--with-shared-modules=idmap_rid,idmap_ad 
--with-sm

bmount --with-syslog --with-utmp --with-dnsupdate

## - ##
## Platform. ##
## - ##

hostname = preshs.mdah.state.ms.us
uname -m = i686
uname -r = 2.6.18-53.el5PAE
uname -s = Linux
uname -v = #1 SMP Mon Nov 12 02:55:09 EST 2007

/usr/bin/uname -p = unknown
/bin/uname -X = unknown

/bin/arch  = i686
/usr/bin/arch -k   = unknown
/usr/convex/getsysinfo = unknown
hostinfo   = unknown
/bin/machine   = unknown
/usr/bin/oslevel   = unknown
/bin/universe  = unknown

PATH: /usr/kerberos/sbin
PATH: /usr/kerberos/bin
PATH: /usr/local/sbin
PATH: /usr/local/bin
PATH: /sbin
PATH: /bin
PATH: /usr/sbin
PATH: /usr/bin
PATH: /root/bin

## --- ##
## Core tests. ##
## --- ##

configure:1441: checking build system type
configure:1459: result: i686-pc-linux-gnu
configure:1467: checking host system type
configure:1481: result: i686-pc-linux-gnu
configure:1489: checking target system type
configure:1503: result: i686-pc-linux-gnu
configure:1975: checking for gcc
configure:1991: found /usr/bin/gcc
configure:2001: result: gcc
configure:2245: checking for C compiler version
configure:2248: gcc --version &5
gcc (GCC) 3.4.6 20060404 (Red Hat 3.4.6-9)
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There
is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.

configure:2251: $? = 0
configure:2253: gcc -v &5
Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.6/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/u

sr/share/info --enable-shared --enable-threads=posix
--disable-checking 
--with-s
ystem-zlib --enable-__cxa_atexit --disable-libunwind-exceptions 
--enable-java-aw

t=gtk --host=i386-redhat-linux
Thread model: posix
gcc version 3.4.6 20060404 (Red Hat 3.4.6-9)
configure:2256: $? = 0
configure:2258: gcc -V &5
gcc: `-V' option must have argument
configure:2261: $? = 1
configure:2284: checking for C compiler default output file 

RE: [Samba] Printing Problem with Samba ' Failed to allocate a print job'

[Misty Stanley-Jones]

Hi Bill,

That would be fabulous (in a bad way) but it is not the case.  Here is the 
equivalent part of dumpe2fs for /dev/sda1 (/data):
Inode count:  183156736
Block count:  366286008
Reserved block count: 18314300
Free blocks:  287497221
Free inodes:  181068686

And here is for /dev/sdf1 (/):
Inode count:  14057472
Block count:  28103701
Reserved block count: 1405185
Free blocks:  17311944
Free inodes:  13849218

Any other ideas would be appreciated!

--Misty

-Original Message-
From: William Jojo [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 08, 2008 1:49 PM
To: Misty Stanley-Jones
Subject: Re: [Samba] Printing Problem with Samba ' Failed to allocate a print 
job'



This will sound stupid, I am certain, but is this an inode issue? Does the FS 
type you are using auto-extend (like JFS2 on AIX) the number of available 
inodes? Or fragmentation perhaps?

I only ask since you clearly have enough space, but a lack of inode may appear 
as no space left on device and a high level of fragmentation in JFS (not jfs2) 
on AIX will throw strange errors.


Cheers,
Bill

(PS: I know you are not running AIX. :-) :-) )



No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 
AM
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] unable to compile samba 3.0.28a on RHEL 5.1 i386

[Svancara, Randall]

Try this and report back the output:


rpm -qa |grep gcc

Thanks,

Randall



On Tue, 2008-04-08 at 14:04 -0500, Adam Williams wrote:
> any ideas why it won't compile? running 
> /root/samba-3.0.28a/packaging/RHEL/makerpms.sh
> eventually it gets to:
> 
> 
> 
> ./autogen.sh: running script/mkversion.sh
> ./script/mkversion.sh: 'include/version.h' created for
> Samba("3.0.28a")
> ./autogen.sh: running autoheader -I. -Ilib/replace
> ./autogen.sh: running autoconf -I. -Ilib/replace
> Now run ./configure and then make.
> + CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
> -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 
> -mtune=generic -fasynchronous-unwind-tables  -D_GNU_SOURCE'
> + ./configure --prefix=/usr --localstatedir=/var 
> --with-configdir=/etc/samba --with-libdir=/usr/lib/samba 
> --with-lockdir=/var/lib/samba --with-logfilebase=/var/log/samba 
> --with-mandir=/usr/share/man --with-piddir=/var/run 
> --with-privatedir=/etc/samba 
> --with-sambabook=/usr/share/swat/using_samba 
> --with-swatdir=/usr/share/swat --enable-cups --with-acl-support 
> --with-ads --with-automount --with-fhs --with-pam_smbpass 
> --with-libsmbclient --with-libsmbsharemodes --without-smbwrapper 
> --with-pam --with-quotas --with-shared-modules=idmap_rid,idmap_ad 
> --with-smbmount --with-syslog --with-utmp --with-dnsupdate
> SAMBA VERSION: 3.0.28a
> LIBREPLACE_LOCATION_CHECKS: START
> checking build system type... i686-pc-linux-gnu
> checking host system type... i686-pc-linux-gnu
> checking target system type... i686-pc-linux-gnu
> LIBREPLACE_LOCATION_CHECKS: END
> LIBREPLACE_CC_CHECKS: START
> checking for gcc... gcc
> checking for C compiler default output file name... configure: error:
> C 
> compiler cannot create executables
> See `config.log' for more details.
> error: Bad exit status from /var/tmp/rpm-tmp.12141 (%build)
> 
> 
> RPM build errors:
> Bad exit status from /var/tmp/rpm-tmp.12141 (%build)
> makerpms.sh: Done.
> 
> 
> 
> and config.log:
> 
> [EMAIL PROTECTED] RHEL]# cat 
> /usr/src/redhat/BUILD/samba-3.0.28a/source/config.log |more
> This file contains any messages produced by compilers while
> running configure, to aid debugging if configure makes a mistake.
> 
> It was created by configure, which was
> generated by GNU Autoconf 2.59.  Invocation command line was
> 
>   $ ./configure --prefix=/usr --localstatedir=/var 
> --with-configdir=/etc/samba -
> -with-libdir=/usr/lib/samba --with-lockdir=/var/lib/samba 
> --with-logfilebase=/va
> r/log/samba --with-mandir=/usr/share/man --with-piddir=/var/run 
> --with-privatedi
> r=/etc/samba --with-sambabook=/usr/share/swat/using_samba 
> --with-swatdir=/usr/sh
> are/swat --enable-cups --with-acl-support --with-ads --with-automount 
> --with-fhs
>  --with-pam_smbpass --with-libsmbclient --with-libsmbsharemodes 
> --without-smbwra
> pper --with-pam --with-quotas
> --with-shared-modules=idmap_rid,idmap_ad 
> --with-sm
> bmount --with-syslog --with-utmp --with-dnsupdate
> 
> ## - ##
> ## Platform. ##
> ## - ##
> 
> hostname = preshs.mdah.state.ms.us
> uname -m = i686
> uname -r = 2.6.18-53.el5PAE
> uname -s = Linux
> uname -v = #1 SMP Mon Nov 12 02:55:09 EST 2007
> 
> /usr/bin/uname -p = unknown
> /bin/uname -X = unknown
> 
> /bin/arch  = i686
> /usr/bin/arch -k   = unknown
> /usr/convex/getsysinfo = unknown
> hostinfo   = unknown
> /bin/machine   = unknown
> /usr/bin/oslevel   = unknown
> /bin/universe  = unknown
> 
> PATH: /usr/kerberos/sbin
> PATH: /usr/kerberos/bin
> PATH: /usr/local/sbin
> PATH: /usr/local/bin
> PATH: /sbin
> PATH: /bin
> PATH: /usr/sbin
> PATH: /usr/bin
> PATH: /root/bin
> 
> ## --- ##
> ## Core tests. ##
> ## --- ##
> 
> configure:1441: checking build system type
> configure:1459: result: i686-pc-linux-gnu
> configure:1467: checking host system type
> configure:1481: result: i686-pc-linux-gnu
> configure:1489: checking target system type
> configure:1503: result: i686-pc-linux-gnu
> configure:1975: checking for gcc
> configure:1991: found /usr/bin/gcc
> configure:2001: result: gcc
> configure:2245: checking for C compiler version
> configure:2248: gcc --version &5
> gcc (GCC) 3.4.6 20060404 (Red Hat 3.4.6-9)
> Copyright (C) 2006 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.  There
> is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
> PURPOSE.
> 
> configure:2251: $? = 0
> configure:2253: gcc -v &5
> Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.6/specs
> Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
> --infodir=/u
> sr/share/info --enable-shared --enable-threads=posix
> --disable-checking 
> --with-s
> ystem-zlib --enable-__cxa_atexit --disable-libunwind-exceptions 
> --enable-java-aw
> t=gtk --host=i386-redhat-linux
> Thread model: posix
> gcc version 3.4.6 20060404 (Red Hat 3.4.6-9)
> configure:2256: $? = 0
> configure:2258

Re: [Samba] Username case mangling -- Linux username is mixed-case, Samba returns lower-case

[Steve Briggs]

--- Jeremy Allison <[EMAIL PROTECTED]> wrote:

> On Tue, Apr 08, 2008 at 09:56:45AM -0700, Steve Briggs wrote:
> > I have a problem that I first observed when I upgraded from
> > 3.0.24 to 3.0.28 and is, I believe, related to the introduction
> > of the "printjob username" configuration parameter.
> > 
> > I print via CUPS and the Cups-PDF driver wants to know the
> > Linux username (so it can put the PDF in the proper location).
> > 
> > The problem is that "printjob username = %U" results in
> > a lowercase username ("steve"), even though the Linux account
> > is "Steve".  The Samba logs clearly show me authenticating
> > as "Steve" and the last message I see (with logging at 20)
> > with an obvious user name shows me connecting to the
> > Cups-PDF printer share with username "Steve".  But, the
> > Cups logs show a username of "steve" -- which ends up mapped
> > to anonymous.
> 
> I think you want to use '%u', not '%U'. From the man page :
> 
>%U
>   session username (the username that the client wanted, not 
> necessarily the same  as 
> the  one
>   they got).
> 
> this is the incoming Windows username. %u is :
> 
>%u
>   username of the current service, if any.
> 
> which is a UNIX username.
> 
> Jeremy.
> 
Well, as I tried to explain in my original posting, 
I tried "%u", but (at least for the printjob username 
parameter) "%u" didn't get mapped to *anything*
... it just went through as "%u".I noted in
the documentation that not every substitution 
necessarily works in all cases; this seems like
a case where only(?) "%U" gets mapped.

I can try "%u" again, I assumed it should work
and was surprised when it didn't

Thanks for the suggestion...

Steve



  

You rock. That's why Blockbuster's offering you one month of Blockbuster Total 
Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Username case mangling -- Linux username is mixed-case, Samba returns lower-case

[Jeremy Allison]

On Tue, Apr 08, 2008 at 09:56:45AM -0700, Steve Briggs wrote:
> I have a problem that I first observed when I upgraded from
> 3.0.24 to 3.0.28 and is, I believe, related to the introduction
> of the "printjob username" configuration parameter.
> 
> I print via CUPS and the Cups-PDF driver wants to know the
> Linux username (so it can put the PDF in the proper location).
> 
> The problem is that "printjob username = %U" results in
> a lowercase username ("steve"), even though the Linux account
> is "Steve".  The Samba logs clearly show me authenticating
> as "Steve" and the last message I see (with logging at 20)
> with an obvious user name shows me connecting to the
> Cups-PDF printer share with username "Steve".  But, the
> Cups logs show a username of "steve" -- which ends up mapped
> to anonymous.

I think you want to use '%u', not '%U'. From the man page :

   %U
  session username (the username that the client wanted, not 
necessarily the same  as  the  one
  they got).

this is the incoming Windows username. %u is :

   %u
  username of the current service, if any.

which is a UNIX username.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple IP addresses

[Robert Pollard]

Hey Greg,

I don't have a firewall in between the server and the Internet.  I was 
trying to do some benchmarks on file transfers and then I would disconnect 
it after getting the benchmarks.


I believe I know why I couldn't reach the Samba shares though -- the Sun 
X4200 M2 has been having configuration problems with the 4 ethernet ports. 
I can get the nge0 (the first port) working fine which has our production 
system on it.  But, I can't get any other port to come up along with the 
primary port.


Suggestion #2 seems like a possibility.  So, the class A address I'm using 
will need to be entered into the Hosts allow field?


For production, there will be a firewall and VPN access only.  I have been 
looking for a stable VPN router/client that works solid on all recent 
Windows releases and haven't found one yet.  I started using PPTP and it 
seems to be the most stable of all, believe it or not.


Thanks for the help!

- Original Message - 
From: "Greg J. Zartman, P.E." <[EMAIL PROTECTED]>

To: "Robert Pollard" <[EMAIL PROTECTED]>
Cc: 
Sent: Thursday, April 03, 2008 5:32 PM
Subject: Re: [Samba] Multiple IP addresses


I have been trying to connect to Samba over the Internet as I have static 
IP that is publicly available for connection.  I can use this IP to 
connect to our Intranet web site but Samba doesn't work correctly when 
trying to connect to it from outside.  Our internal network addresses 
work fine.  Even a VPN connection, which gets our internal address scheme 
works.  But, when trying to use the publicly available IP address to 
connect to Samba it can't find it.


There are likely a couple things preventing access:

1. Did you open the Samba ports on your firewall?  Most firewalls have 
these ports closed by default.


2. Hosts allow/Hosts deny parameter.  Is this set so that Samba will 
actually respond to the subnet that you are trying to access Samba from?


IMO, opening Samba up to the internet is an inherently bad thing to do and 
something that very rarely really needs to be done.  Instead, you should 
look at an ssh tunnel or an IPSec VPN.


I use IPsec VPN routers to connect my two offices, which are both on 
different subnets and in different Citys.  The routers I used are fairly 
inexpensive, but work wonderfully and are very easy to setup: 
http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS114.aspx


Greg

---
Greg J. Zartman, P.E.
President, Principal Engineer

LEI Engineering & Surveying
2468 West 11th Avenue
Eugene, Oregon 97402
Voice 541-683-8383Fax 541-683-8144
www.leiinc.com 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] unable to compile samba 3.0.28a on RHEL 5.1 i386

[Adam Williams]

any ideas why it won't compile? running 
/root/samba-3.0.28a/packaging/RHEL/makerpms.sh

eventually it gets to:



./autogen.sh: running script/mkversion.sh
./script/mkversion.sh: 'include/version.h' created for Samba("3.0.28a")
./autogen.sh: running autoheader -I. -Ilib/replace
./autogen.sh: running autoconf -I. -Ilib/replace
Now run ./configure and then make.
+ CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 
-mtune=generic -fasynchronous-unwind-tables  -D_GNU_SOURCE'
+ ./configure --prefix=/usr --localstatedir=/var 
--with-configdir=/etc/samba --with-libdir=/usr/lib/samba 
--with-lockdir=/var/lib/samba --with-logfilebase=/var/log/samba 
--with-mandir=/usr/share/man --with-piddir=/var/run 
--with-privatedir=/etc/samba 
--with-sambabook=/usr/share/swat/using_samba 
--with-swatdir=/usr/share/swat --enable-cups --with-acl-support 
--with-ads --with-automount --with-fhs --with-pam_smbpass 
--with-libsmbclient --with-libsmbsharemodes --without-smbwrapper 
--with-pam --with-quotas --with-shared-modules=idmap_rid,idmap_ad 
--with-smbmount --with-syslog --with-utmp --with-dnsupdate

SAMBA VERSION: 3.0.28a
LIBREPLACE_LOCATION_CHECKS: START
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
LIBREPLACE_LOCATION_CHECKS: END
LIBREPLACE_CC_CHECKS: START
checking for gcc... gcc
checking for C compiler default output file name... configure: error: C 
compiler cannot create executables

See `config.log' for more details.
error: Bad exit status from /var/tmp/rpm-tmp.12141 (%build)


RPM build errors:
   Bad exit status from /var/tmp/rpm-tmp.12141 (%build)
makerpms.sh: Done.



and config.log:

[EMAIL PROTECTED] RHEL]# cat 
/usr/src/redhat/BUILD/samba-3.0.28a/source/config.log |more

This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by configure, which was
generated by GNU Autoconf 2.59.  Invocation command line was

 $ ./configure --prefix=/usr --localstatedir=/var 
--with-configdir=/etc/samba -
-with-libdir=/usr/lib/samba --with-lockdir=/var/lib/samba 
--with-logfilebase=/va
r/log/samba --with-mandir=/usr/share/man --with-piddir=/var/run 
--with-privatedi
r=/etc/samba --with-sambabook=/usr/share/swat/using_samba 
--with-swatdir=/usr/sh
are/swat --enable-cups --with-acl-support --with-ads --with-automount 
--with-fhs
--with-pam_smbpass --with-libsmbclient --with-libsmbsharemodes 
--without-smbwra
pper --with-pam --with-quotas --with-shared-modules=idmap_rid,idmap_ad 
--with-sm

bmount --with-syslog --with-utmp --with-dnsupdate

## - ##
## Platform. ##
## - ##

hostname = preshs.mdah.state.ms.us
uname -m = i686
uname -r = 2.6.18-53.el5PAE
uname -s = Linux
uname -v = #1 SMP Mon Nov 12 02:55:09 EST 2007

/usr/bin/uname -p = unknown
/bin/uname -X = unknown

/bin/arch  = i686
/usr/bin/arch -k   = unknown
/usr/convex/getsysinfo = unknown
hostinfo   = unknown
/bin/machine   = unknown
/usr/bin/oslevel   = unknown
/bin/universe  = unknown

PATH: /usr/kerberos/sbin
PATH: /usr/kerberos/bin
PATH: /usr/local/sbin
PATH: /usr/local/bin
PATH: /sbin
PATH: /bin
PATH: /usr/sbin
PATH: /usr/bin
PATH: /root/bin

## --- ##
## Core tests. ##
## --- ##

configure:1441: checking build system type
configure:1459: result: i686-pc-linux-gnu
configure:1467: checking host system type
configure:1481: result: i686-pc-linux-gnu
configure:1489: checking target system type
configure:1503: result: i686-pc-linux-gnu
configure:1975: checking for gcc
configure:1991: found /usr/bin/gcc
configure:2001: result: gcc
configure:2245: checking for C compiler version
configure:2248: gcc --version &5
gcc (GCC) 3.4.6 20060404 (Red Hat 3.4.6-9)
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

configure:2251: $? = 0
configure:2253: gcc -v &5
Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.6/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/u
sr/share/info --enable-shared --enable-threads=posix --disable-checking 
--with-s
ystem-zlib --enable-__cxa_atexit --disable-libunwind-exceptions 
--enable-java-aw

t=gtk --host=i386-redhat-linux
Thread model: posix
gcc version 3.4.6 20060404 (Red Hat 3.4.6-9)
configure:2256: $? = 0
configure:2258: gcc -V &5
gcc: `-V' option must have argument
configure:2261: $? = 1
configure:2284: checking for C compiler default output file name
configure:2287: gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 
-fexceptions -fst
ack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic 
-fasynch

ronous-unwind-tables  -D_GNU_SOURCE -D_SAMBA_BUILD_=3   conftest.c  >&5
gcc: installation problem, cannot exec `cc

[Samba] Mac OS upgrade upsets access to samba shares

[Helen Nulty]

Mac OS details:
Our client was able to access her network resources without any problem 
until  yesterday.


She is using a high end Macbook Pro. She has the latest full version of 
Dave 7.1 installed.  Her Mac OS X is 10.4.11


When she attempts to connect to these resources she receives the 
following error:


"The Finder cannot complete the operation because some of the data in 
smb:// could not be read or written. (Error code -36)."


Attempts to connect to the shares have used fully qualified domain names:

smb://server.my.domain/share_name

Her Domain password is correct and working.  We tested it out on a PC.

Samba server details:
client is on different subnet from samba server
no evidence on samba logs of connection attempt by client
# smbd -V
Version 3.0.24-SerNet-RedHat

smb.conf:
[global]
   workgroup = MYWG
   realm = MY.DOMAIN
   netbios aliases = SERVER
   server string = SPH IIS File Server
   interfaces = eth2:1, lo, 127.0.0.1
   bind interfaces only = Yes
   security = ADS
   password server = x.x.x.x
   log level = 0 passdb:3 auth:3
   syslog = 0
   syslog only = Yes
   max log size = 5
   name resolve order = wins bcast
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=20480 
SO_SNDBUF=20480

   wins server = x.x.x.x
   ldap ssl = no
   socket address = x.x.x.x, 127.0.0.1
   load printers = no
   printing = bsd
   printcap name = /dev/null
   disable spoolss = yes
   hosts allow = 127.0.0.1, x.y.0.0/255.255.0.0, 
x.z.0.0/255.255.0.0, x.m.0

.0/255.255.0.0, x.y.n.
   hosts deny = all
   block size = 4096
   veto oplock files = /*.*db/
   strict locking = No

"smb.global" 28L, 755C written   
[EMAIL PROTECTED] ~]# cat smb.global

[global]
   workgroup = MYWG
   realm = MY.DOMAIN
   netbios aliases = SERVER
   server string = SPH IIS File Server
   interfaces = eth2:1, lo, 127.0.0.1
   bind interfaces only = Yes
   security = ADS
   password server = x.x.x.x
   encrypt passwords = Yes
   log level = 0 passdb:3 auth:3
   syslog = 0
   syslog only = Yes
   max log size = 5
   name resolve order = wins bcast
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=20480 
SO_SNDBUF=20480

   wins server = x.x.x.x
   ldap ssl = no
   socket address = x.x.x.x, 127.0.0.1
   load printers = no
   printing = bsd
   printcap name = /dev/null
   disable spoolss = yes
   hosts allow = 127.0.0.1, x.y.0.0/255.255.0.0, 
x.z.0.0/255.255.0.0, x.m.0.0/255.255.0.0, x.y.n.

   hosts deny = all
   block size = 4096
   veto oplock files = /*.*db/
   strict locking = No


We have googled our brains out and tried using NETBIOS names and ip 
addr's in place of fqdn's. 


Any suggestions out there?

Helen

--
Helen P. Nulty
Systems Analyst
UNC-CH School of Public Health
Instructional & Information Systems
CB# 7400
Chapel Hill, NC  27599
ph:  919-966-9136
email:  [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba / Vista Problem

[William Witteman]

I have a problem - I am trying to set up shared folders on a Debian etch
machine, and then access them from a bunch of Vista Business machines.
I set up a very basic smb.conf, and when I request the hostname of the
Linux machine, I am prompted for a username and password.  I enter them,
and I see the shares that I expect to see.  If I attempt to create a new
folder, however, I get the following error message:

Title: Item Not Found
Text: Could not find this item
This is no longer located in <%3 NULL:OpText>.
Verify the item's location and try again.
 $SHARENAME

 Try Again Cancel

I have tried everything I can think of and I am at my wit's end.

Details:

client OS: Vista Business
server OS: Debian etch
Samba version: 3.0.24-6etch9

smb.conf
[global]
log file = /var/log/samba-log.%m
lock directory = /var/lock/samba
share modes = yes
encrypt passwords = yes
smb passwd file = /etc/smbpasswd

[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750

[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes

[public]
comment = Public Stuff
path = /home/public
public = yes
writable = yes
printable = no

Thanks for any help.
-- 

yours,

William

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Username case mangling -- Linux username is mixed-case, Samba returns lower-case

[Wes Deviers]

On Tue 8 Apr  2008 12:56:45 pm Steve Briggs wrote:
>
> As an aside while checking the samba documentation, I saw
> references to how Linux usernames should "always" be all lower
> case.  Why?  I've had mixed-case names for over 6 years and
> am unaware of any problems until now.  Certainly, standard
> tools let you create mixed-case usernames without complaint.
>
> TIA,
> Steve
>

Basically...for exactly the problem you have here.  That's a convention that's 
been around for many years, for various reasons.  First, you'll occasionally 
run into problems like that.  Second, on large production environments, if 
you allow mixed case usernames people will forget them daily; it's best to 
just say lowercase only.  Third, you never know when you might need to expand 
into a system that *is* case sensitive.  

On modern Linux systems it's not such a problem, but it used to be, and the 
Proper Ettiquite for Systems Administrators Guidebook still says lowercase. 

I'll note that Debian and children do not, by default, allow uppercase names:

[EMAIL PROTECTED]:/home/wes# adduser YonNewblette
adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX[_SYSTEM] configuration variable.  Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX or NAME_REGEX_SYSTEM.

[EMAIL PROTECTED]:/home/wes# adduser yonnewblette
Adding user `yonnewblette' ...


And I would submit that no well-behaved GNU/Linux system should allow 
uppercase in usernames.

Unfortunately, I can't help you with your -actual- problem.  As a workaround, 
you could create a second username, "steve", with the same UID/GID and $HOME, 
and add it to the "Steve" group and it should work effectively the same way.  
I don't like workarounds, but if it's a toLower() in the Samba code then 
you're either SOL or you'll have to change the code.

Wes



>
>
>  
> ___
>_ You rock. That's why Blockbuster's offering you one month of
> Blockbuster Total Access, No Cost.
> http://tc.deals.yahoo.com/tc/blockbuster/text5.com


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Printing Problem with Samba ' Failed to allocate a print job'

[Misty Stanley-Jones]

I’m using Samba 3.0.24 on Ubuntu Feisty.  I’m managing my printers with
CUPS.  

 

Just yesterday, one printer stopped being able to print through Samba.  This
printer still prints fine directly from CUPS.  When I try to send any print
job to the print via Samba, I get this:

 

[2008/04/08 11:15:58, 0] printing/printing.c:allocate_print_jobid(2262)

  allocate_print_jobid: failed to allocate a print job for queue
truss_hp4050_2

[2008/04/08 11:15:58, 3] printing/printing.c:print_job_start(2431)

  print_job_start: returning fail. Error = No space left on device

 

At first glance, I would think the disk was full.  It’s actually not:

[EMAIL PROTECTED]:~# df -h

FilesystemSize  Used Avail Use% Mounted on

/dev/sdf1 106G   41G   60G  41% /

varrun   1006M  844K 1005M   1% /var/run

varlock  1006M  4.0K 1006M   1% /var/lock

procbususb   1006M  140K 1006M   1% /proc/bus/usb

udev 1006M  140K 1006M   1% /dev

devshm   1006M 0 1006M   0% /dev/shm

/dev/sda1 1.4T  293G 1014G  23% /data

/dev/md0  1.2T  770G  380G  67% /backup

/data/home1.4T  293G 1014G  23% /home

 

Then I checked to make sure the permissions on the spool directory were OK:

[EMAIL PROTECTED]:~# ls -ld /data/samba/spool

drwxrwxrwt 3 root Domain Users 49152 2008-04-08 11:17 /data/samba/spool

 

I don’t use /var/spool/samba but here are its permissions anyway:

[EMAIL PROTECTED]:~# ls -ld /var/spool/samba

drwxrwxrwt 2 root root 4096 2007-05-22 13:53 /var/spool/samba

 

Thinking it might just be a temporary thing with Samba, I restarted it last
night after everyone left.  The problem still persists.  I have not
restarted the entire server yet.  There are no errors in dmesg or
/var/log/messages.

 

I checked this morning to see if there was a newer Samba version for Feisty,
but there isn’t.  I found a few instances of this type of problem on Google,
but no real answers.  Plus, they all seemed to be old.

 

Thanks for any help,

Misty

 


No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008
7:30 AM
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Username case mangling -- Linux username is mixed-case, Samba returns lower-case

[Steve Briggs]

I have a problem that I first observed when I upgraded from
3.0.24 to 3.0.28 and is, I believe, related to the introduction
of the "printjob username" configuration parameter.

I print via CUPS and the Cups-PDF driver wants to know the
Linux username (so it can put the PDF in the proper location).

The problem is that "printjob username = %U" results in
a lowercase username ("steve"), even though the Linux account
is "Steve".  The Samba logs clearly show me authenticating
as "Steve" and the last message I see (with logging at 20)
with an obvious user name shows me connecting to the
Cups-PDF printer share with username "Steve".  But, the
Cups logs show a username of "steve" -- which ends up mapped
to anonymous.

I see I'm not the first to observe this change:
http://www.mail-archive.com/samba@lists.samba.org/msg85076.html

Linux prints fine to Cups-PDF, the username in the Cups logs
is shown as "Steve", and the older samba (3.0.24 on Fedora
Core 6) printed fine with username "Steve", it just seems
to be the newer Samba is lowercasing the username.
"%U" give "steve", "%u", "%$USER", "%$(USER)" are all taken
literally (i.e. "%u" gives "%u").  Is there anyway to
get Samba to output the *real* Linux username?

As an aside while checking the samba documentation, I saw
references to how Linux usernames should "always" be all lower
case.  Why?  I've had mixed-case names for over 6 years and
am unaware of any problems until now.  Certainly, standard
tools let you create mixed-case usernames without complaint.

TIA,
Steve



  

You rock. That's why Blockbuster's offering you one month of Blockbuster Total 
Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: How to create a write-only share?

[Ash Gosh]

It seems to be too complex for me. I'll share my config, please tell me what
also I need to do:

parts from smb.conf:

nt acl support = yes
acl compatibility = win2k
map acl inherit = yes
.
[michael]
   path = /home/shared/michael
   valid users = +users
   read only = no
   admin users = +wheel
[roman]
   path = /home/shared/roman
   valid users = +users
   read only = no
   admin users = +wheel



FS:

[EMAIL PROTECTED] shared]# ls -ld michael roman
drwxrwx---+ 3 michael wheel 4096 Apr  4 22:13 michael
drwxrwx---+ 4 roman   sales 4096 Apr  4 22:12 roman

[EMAIL PROTECTED] shared]# getfacl michael
# file: michael
# owner: michael
# group: wheel
user::rwx
user:michael:rwx
group::---
group:wheel:rwx
mask::rwx
other::---
default:user::rwx
default:user:michael:rwx
default:group::---
default:group:wheel:rwx
default:mask::rwx
default:other::---
[EMAIL PROTECTED] shared]# getfacl roman
# file: roman
# owner: roman
# group: sales
user::rwx
user:roman:rwx
group::---
group:wheel:rwx
group:sales:rwx
mask::rwx
other::---
default:user::rwx
default:user:roman:rwx
default:group::---
default:group:wheel:rwx
default:group:sales:rwx
default:mask::rwx
default:other::---



What also I have to do to allow every member of group 'users' to drag'n'drop
ot paste any file/folder into the michael but do not allow to read or evet
to list the share contents. On Windows NT 4.0 server it was done by adding a
"Add" permission for group 'users' to shared folder. Please help me, our
users is near to kill me!!!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] hardware change

[Roberto Sacchetti]

Hi all,

I'm just thinking to change my PDC's hardware and I've a question for 
you all: is there a way to migrate the whole configuration of Samba at a 
glance without having to rejoin all clients to the domain and re-setting 
all the users' passwords?

My passdb backend is now "tdbsam".

Thank you in advance.

Roberto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba.conf share settings

[Marc Fromm]

Is there a resource on how to configure a samba share on a Fedora core
linux box so that anyone can save and edit documents, but the documents
that can be seen and edited are limited to only the documents that the
logged in user created or saved in the samba share?


Marc 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Domain Member Server pam_mkhomedir help

[mrosamba]

Thanks to a reply yesterday by Udo Rader, I have been trying to get
pam_mkhomedir working to automatically create home directories on a domain
member server (DMS).  I have not been successful getting the home
directory automatically created.  Note that if I manually allocate the
home directory for a user, the user is successful in logging in and using
the home directory so I think my samba DMS setup is correct.

The DMS setup is Fedora 8 64 bit and samba 3.0.28 connecting to a similar
samba PDC.  selinux is disabled.

Below is a part of smb.conf, /etc/pam.d/system-auth and the log output

Any help/suggestions are appreciated
smb.conf

 security = domain

 idmap domains = EGHSLIB
 idmap config EGHSLIB:backend = rid
 idmap config EGHSLIB:range = 1 - 4
 idmap config EGHSLIB:baserid = 1000

 template homedir = /home/%U


/etc/pam.d/system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired  pam_env.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid >= 500 quiet
authrequired  pam_deny.so

account required  pam_unix.so
account sufficientpam_localuser.so
account sufficientpam_succeed_if.so uid < 500 quiet
account required  pam_permit.so

passwordrequisite pam_cracklib.so try_first_pass retry=3
passwordsufficientpam_unix.so md5 shadow nullok try_first_pass
use_authtok
passwordrequired  pam_deny.so

session required  /lib64/security/pam_mkhomedir.so skel=/etc/skel
umask=0077
# session required  pam_mkhomedir.so skel=/etc/skel umask=0077
session optional  pam_keyinit.so revoke
session required  pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session required  pam_unix.so


/var/lib/messages

Apr  8 07:59:06 mssrv01 winbindd[2785]: [2008/04/08 07:59:06.957241, 0]
nsswitch/winbindd_cache.c:initialize_winbindd_cache()
Apr  8 07:59:06 mssrv01 winbindd[2785]:   initialize_winbindd_cache:
clearing cache and re-creating with version number 1
Apr  8 08:03:09 mssrv01 smbd[2825]: [2008/04/08 08:03:09.745144, 0]
smbd/service.c:make_connection_snum(1003)
Apr  8 08:03:09 mssrv01 smbd[2825]:   '/home/maoms08' does not exist or
permission denied when connecting to [maoms08] Error was No such file or
directory
Apr  8 08:03:46 mssrv01 smbd[2830]: [2008/04/08 08:03:46.314890, 0]
smbd/service.c:make_connection_snum(1003)
Apr  8 08:03:46 mssrv01 smbd[2830]:   '/home/maoms08' does not exist or
permission denied when connecting to [maoms08] Error was No such file or
directory
Apr  8 08:03:50 mssrv01 smbd[2830]: [2008/04/08 08:03:50.711436, 0]
smbd/service.c:make_connection_snum(1003)
Apr  8 08:03:50 mssrv01 smbd[2830]:   '/home/maoms08' does not exist or
permission denied when connecting to [maoms08] Error was No such file or
directory

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.24 handling LDAP responses incorrectly

[Ryan Steele]

Volker Lendecke wrote:
> On Mon, Apr 07, 2008 at 03:19:00PM -0400, Ryan Steele wrote:
>   
>> It's not defined in my Samba source, but I guess that was the wrong
>> place to look.  On my system, /usr/include/ldap.h does in fact have that
>> defined.  However, Samba still returns NT_STATUS_UNSUCCESSFUL, and
>> Windows still  reports that the password couldn't be changed because the
>> domain was unavailable... have I zigged where I should've zagged, or is
>> Samba not setting rc properly when it gets the response from LDAP?
>> 
>
> Please check that your LDAP server indeed does return 0x13
> over the 389 connection. You might also add a DEBUG
> statement right above the #if defined(LDAP_CONSTRAINT_VIOLATION) 
> to check what smbd sees. That's at least what I would do.
>
> Volker
>   

My initial process for building the binary package was flawed (the
makefile was using the wrong source tree).  After correcting that, the
new code has been inserted, and it is successfully returning
NT_STATUS_PASSWORD_RESTRICTION in pdb_ldap.c.  However, there is a
slight problem.  Instead of showing the user the message that LDAP is
passing back (and which Samba receives) which is:

[2008/04/08 05:35:26, 10] lib/smbldap.c:smbldap_extended_operation(1472)
  Extended operation failed with error: Constraint violation (Password
fails quality checking policy)
[2008/04/08 05:35:26, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1644)
  ldapsam_modify_entry: LDAP Password could not be changed for user
tester: Constraint violation
Password fails quality checking policy

...it returns "Your password must be at least 5 characters, cannot
repeat any of your previous 0 passwords and must be at least 0 days
old.  Please type a different password.  Type a password that meets
these requirements in both text boxes."  Is it possible to have Samba
convey to the user the message that LDAP returns, instead of returning
the aformentioned message?  I want the error the users see to reflect
why they're actually being denied a password change. 

I'm using ldapsam:ldap://server as my passdb backend, so I'm not sure
why it's showing the user this message instead.  I see I can edit the
values that Samba is showing the user with pdbedit, but I shouldn't need
to edit that - my password policy is defined in LDAP, and those are the
message I'd like the users to see.

Thanks as always for your help and insight,

Ryan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.24 handling LDAP responses incorrectly

[Ryan Steele]

Volker Lendecke wrote:
> On Mon, Apr 07, 2008 at 03:19:00PM -0400, Ryan Steele wrote:
>   
>> It's not defined in my Samba source, but I guess that was the wrong
>> place to look.  On my system, /usr/include/ldap.h does in fact have that
>> defined.  However, Samba still returns NT_STATUS_UNSUCCESSFUL, and
>> Windows still  reports that the password couldn't be changed because the
>> domain was unavailable... have I zigged where I should've zagged, or is
>> Samba not setting rc properly when it gets the response from LDAP?
>> 
>
> Please check that your LDAP server indeed does return 0x13
> over the 389 connection. You might also add a DEBUG
> statement right above the #if defined(LDAP_CONSTRAINT_VIOLATION) 
> to check what smbd sees. That's at least what I would do.
>
> Volker
>   
My initial process was flawed (the makefile I was using was pointing to
the wrong source tree).  I have now gotten the new code in pdb_ldap.c
working, but there's still a slight issue.  It returns
NT_STATUS_PASSWORD_RESTRICTION as expected, but instead of passing back
the message that LDAP sends, which is:

[2008/04/08 05:35:26, 10] lib/smbldap.c:smbldap_extended_operation(1472)
  Extended operation failed with error: Constraint violation (Password
fails quality checking policy)
[2008/04/08 05:35:26, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1644)
  ldapsam_modify_entry: LDAP Password could not be changed for user
tester: Constraint violation
Password fails quality checking policy

...it returns "Your password must be at least 5 characters, cannot
repeat any of your previous 0 passwords and must be at least 0 days
old.  Please type a different password.  Type a password that meets
these requirements in both text boxes."  Is there any way to get Samba
to use what it's being given by LDAP, instead of using these values? 
I'm using ldapsam:ldap://server as my passdb backend, so I'm not sure
where it's actually getting those from, but it's not what the users are
being restricted by and I'd like the error messages to reflect the LDAP
restrictions that it's passing back to Samba.

Thanks as always for your help and insight,

Ryan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] failed to get machine password for account

[Ivan Arteaga]

Hi,

I have a samba server working as pdc, i have xp workstations joined to 
the samba domain working fine but suddenly since last week some of them 
can´t log into the domain and got an error message about the server is 
not available, the strange thing is the other machines can log in 
without problems.
In the /var/log/samba/smbd.log i got the following error when the 
machine tries to log in:


[2008/04/08 08:47:58, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
 _net_auth2: failed to get machine password for account pc_name$: 
NT_STATUS_NO_TRUST_SAM_ACCOUNT


I had to create a new machine account in the server and change the 
machine name in order to get into the domain. I will appreciate any tip 
in order to fix it up.

My OS is centOS 4.4 and samba 3.025xx

Regards,

--Ivan.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] mac os x & samba: refresh problem

[Luca Ferrari]

Hi all,
is it possible to force a refresh of Samba shares opened from a mac osx? If 
two mac users work on the same share and put files in it, then the other user 
cannot see the former's files until reconnecting to the share. I've tried 
even with a Finder-Refresh extension, but it does not work. I believe this is 
a more related OS-X problem, but I hope someone else has experience in this 
area.

Thanks,
Luca
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problems setting a public share

[Luca Ferrari]

Hi all,
my samba server has security set to user, and it works for each share I 
specify a valid users list. However, the following public share does not 
work:

[PUB_SMB]
comment   = Cartella pubblica (Mac e PC) - Non viene fatto il 
backup
path  = /mnt/samba/pub_smb
browsable = yes
available = yes
writable  = yes
printable = no
force group   = pub
guest ok  = yes
public= yes

I found in the logs that 
make_connection: connection to PUB_SMB denied due to security descriptor.

If I connect to the share authenticating as a user I can log-in, but as a 
guest no. I've tried to delete the file /var/lib/samba/share_info.tbd, but 
once I try to reconnect the file appears again, and even when the file is 
absent I cannot connect to the share.

Any idea?

Thanks,
Luca
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] AUTO: Luc Sainte-Marie is Out of Office / N'est pas au bureau (returning Wed 04/09/2008)

[Luc . Sainte-Marie]

I am out of the office from Tue 04/08/2008 until Wed 04/09/2008.

En cas d'urgence, contacter Frederic Bergeron au 450-432-1128 ext.279 // If
you need assistance please contact Frederic Bergeron 450-432-1128 ext.279


Note: This is an automated response to your message samba Digest, Vol 64,
Issue 8 sent on 2008-04-08 08:02:09.
This is the only notification you will receive while this person is away.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] RE: Samba 3.0.28a under Solaris 8 + libnss_winbind.so problem?

[Oliver Weinmann]

Hi,

yes it does. some users groups are shown using the group command and some 
others don't. the command just hangs and has no output.

Thank you very much for your reply.

Regards,
Oli 

-Original Message-
From: Dietrich Streifert [mailto:[EMAIL PROTECTED] 
Sent: 08 April 2008 12:27
To: Oliver Weinmann
Cc: samba@lists.samba.org
Subject: Re: [Samba] RE: Samba 3.0.28a under Solaris 8 + libnss_winbind.so 
problem?

Hi,

does your /etc/nsswitch.conf contain the winbind name service modules? 
This should look like this:

passwd: files winbind
group:  files winbind




Oliver Weinmann schrieb:
> Hi,
>
> I'm really lost with this problem. Here is my /etc/pam.conf, maybe 
> someone can help me, the system still keeps kicking me out of telnet 
> and local console. id and group commands are now working, group is not 
> working on every user.
>
> #
> #ident "@(#)pam.conf 1.14 99/09/16 SMI"
> #
> # Copyright (c) 1996-1999, Sun Microsystems, Inc.
> # All Rights Reserved.
> #
> # PAM configuration
> #
> # Authentication management
> #
> login   auth required   /usr/lib/security/pam_winbind.so
> login auth required  /usr/lib/security/$ISA/pam_unix.so.1 
> try_first_pass login auth required  
> /usr/lib/security/$ISA/pam_dial_auth.so.1
> try_first_pass
> #
> rlogin  auth sufficient /usr/lib/security/pam_winbind.so rlogin  auth 
> sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> rlogin auth required  /usr/lib/security/$ISA/pam_unix.so.1
> try_first_pass
> #
> dtlogin auth sufficient /usr/lib/security/pam_winbind.so dtlogin auth 
> required  /usr/lib/security/$ISA/pam_unix.so.1
> try_first_pass
> #
> rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> other   auth sufficient /usr/lib/security/pam_winbind.so
> other auth required /usr/lib/security/$ISA/pam_unix.so.1 
> try_first_pass # # Account management #
> login   account sufficient  /usr/lib/security/pam_winbind.so
> login account requisite /usr/lib/security/$ISA/pam_roles.so.1
> login account required /usr/lib/security/$ISA/pam_unix.so.1
> #
> dtlogin account sufficient  /usr/lib/security/pam_winbind.so
> dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
> dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
> #
> other   account sufficient  /usr/lib/security/pam_winbind.so
> other account requisite /usr/lib/security/$ISA/pam_roles.so.1
> other account required /usr/lib/security/$ISA/pam_unix.so.1
> #
> # Session management
> #
> other session required /usr/lib/security/$ISA/pam_unix.so.1
> #
> # Password management
> #
> #other   password sufficient /usr/lib/security/pam_winbind.so
> other password required /usr/lib/security/$ISA/pam_unix.so.1
> dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
> #
> # Support for Kerberos V5 authentication (uncomment to use Kerberos) # 
> #rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
> try_first_pass
> #login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 
> try_first_pass #dtlogin auth optional 
> /usr/lib/security/$ISA/pam_krb5.so.1
> try_first_pass
> #other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 
> try_first_pass #dtlogin account optional 
> /usr/lib/security/$ISA/pam_krb5.so.1
> #other account optional /usr/lib/security/$ISA/pam_krb5.so.1
> #other session optional /usr/lib/security/$ISA/pam_krb5.so.1
> #other password optional /usr/lib/security/$ISA/pam_krb5.so.1
> try_first_pass
>
> -Original Message-
> From: Oliver Weinmann
> Sent: 04 April 2008 19:34
> To: samba@lists.samba.org
> Subject: Samba 3.0.28a under Solaris 8 + libnss_winbind.so problem?
>
> Hi i compiled Samba 3.0.28a under Solaris 8 (sparc). Everything seems 
> to be fine except the libnss_winbind.so.
>  
> i copied it to /usr/lib and linked it to:
>  
> libnss_winbind.so.1
> libnss_winbind.so.2
> nss_winbind.so.1
> nss_winbind.so.1
>  
> now when i type: "id user" nothing happens. The same goes for "group 
> user".
>  
> wbinfo -t / -g / -u all work fine. So it must be something with the 
> nss I guess?
>
> But it's getting even more strange. After a reboot i can now use "id", 
> "group" still doesn't work and my telnet and login session get 
> disconnected after a few minutes. If I change the /etc/pam.conf back 
> to normal I don't get disconnected. Any ideas where I could look for 
> debugging information?
>
> Oliver Weinmann
> Unix/Linux Administrator
>
> VEGA IT GmbH
> Europaplatz 5
> D-64293 Darmstadt
> Germany
> Tel   : +49 (0) 6151 8257 744
> Fax   : +49 (0)6151 8257-799
> Email : [EMAIL PROTECTED]
> Web   : www.vega-group.com
>   

--
Mit freundlichen Grüßen
Dietrich Streifert
--
Visionet GmbH
Firmensitz: Am Weichselgarten 7, 91058 Erlangen
Registergericht: Handelsregister Fürth, HRB 6573
Geschäftsführer: Stefan Lindner




__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
_

Re: [Samba] RE: Samba 3.0.28a under Solaris 8 + libnss_winbind.so problem?

[Dietrich Streifert]

Hi,

does your /etc/nsswitch.conf contain the winbind name service modules? 
This should look like this:


passwd: files winbind
group:  files winbind




Oliver Weinmann schrieb:

Hi,

I'm really lost with this problem. Here is my /etc/pam.conf, maybe
someone can help me, the system still keeps kicking me out of telnet and
local console. id and group commands are now working, group is not
working on every user.

#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login   auth required   /usr/lib/security/pam_winbind.so
login auth required  /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login auth required  /usr/lib/security/$ISA/pam_dial_auth.so.1
try_first_pass
#
rlogin  auth sufficient /usr/lib/security/pam_winbind.so
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required  /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth required  /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient /usr/lib/security/pam_winbind.so
other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
# Account management
#
login   account sufficient  /usr/lib/security/pam_winbind.so
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account sufficient  /usr/lib/security/pam_winbind.so
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other   account sufficient  /usr/lib/security/pam_winbind.so
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
#other   password sufficient /usr/lib/security/pam_winbind.so
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other password optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass

-Original Message-
From: Oliver Weinmann 
Sent: 04 April 2008 19:34

To: samba@lists.samba.org
Subject: Samba 3.0.28a under Solaris 8 + libnss_winbind.so problem?

Hi i compiled Samba 3.0.28a under Solaris 8 (sparc). Everything seems to
be fine except the libnss_winbind.so.
 
i copied it to /usr/lib and linked it to:
 
libnss_winbind.so.1

libnss_winbind.so.2
nss_winbind.so.1
nss_winbind.so.1
 
now when i type: "id user" nothing happens. The same goes for "group

user".
 
wbinfo -t / -g / -u all work fine. So it must be something with the nss

I guess?

But it's getting even more strange. After a reboot i can now use "id",
"group" still doesn't work and my telnet and login session get
disconnected after a few minutes. If I change the /etc/pam.conf back to
normal I don't get disconnected. Any ideas where I could look for
debugging information?

Oliver Weinmann
Unix/Linux Administrator

VEGA IT GmbH
Europaplatz 5
D-64293 Darmstadt
Germany
Tel : +49 (0) 6151 8257 744
Fax : +49 (0)6151 8257-799
Email   : [EMAIL PROTECTED]
Web : www.vega-group.com
  


--
Mit freundlichen Grüßen
Dietrich Streifert
--
Visionet GmbH
Firmensitz: Am Weichselgarten 7, 91058 Erlangen
Registergericht: Handelsregister Fürth, HRB 6573
Geschäftsführer: Stefan Lindner



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Issues with migration from default mapping to idmap_rid in 3.0.26a

[Jens Nissen]

What I want to do:
I have a lot of Samba AD member server which all should have the same 
mapping of Domain Users (SIDs) to local UID/GID, so files with ACLs can 
be moved from one machine to another and still grant the access rights 
to the same users as on the other machine.


What I have:

idmap uid=1000-6
idmap gid=1000-6
winbind use default domain=no
winbind enum users=Yes
winbind enum groups=Yes
winbind nested groups=Yes
winbind nss info=template
winbind offline logon=True
security=Ads
passdb backend=tdbsam

This is working fine, but (of course) leads to indeterministic UID/GID 
mappings.


So I want to change to RID - this is all I changed:

#idmap uid=1000-6
#idmap gid=1000-6
idmap domains=MYDOMAIN
idmap config MYDOMAIN:backend=rid
idmap config MYDOMAIN:base_rid=1000
idmap config MYDOMAIN:range=998 - 6

(I have two manually mapped groups, thus starting the allowed range at 998)
I clear all TDB files and join the server from scratch to the domain.
This still works.

Then I look at
wbinfo -u
which shows all Domain users correctly.

Trouble already starts with
wbinfo -i MYDOMAIN\\dagobert
> Could not get info for user MYDOMAIN\\dagobert

The Domain Administrator can actually connect to the Samba server, but 
no other user can.

From the log, I retrieve a lot like this:

  Could not query gid for user MYDOMAIN\dagobert
[2008/04/08 11:12:34, 5] lib/username.c:Get_Pwnam_internals(83)
  Trying _Get_Pwnam(), username as given is MYDOMAIN\dagobert
[2008/04/08 11:12:34, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETPWNAM
[2008/04/08 11:12:34, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
  [20573]: getpwnam MYDOMAIN\dagobert
[2008/04/08 11:12:34, 10] 
nsswitch/winbindd_cache.c:cache_retrieve_response(2300)

  Retrieving response for pid 15771
[2008/04/08 11:12:34, 10] 
nsswitch/winbindd_cache.c:cache_retrieve_response(2300)

  Retrieving response for pid 15771
[2008/04/08 11:12:34, 10] 
nsswitch/winbindd_cache.c:cache_retrieve_response(2300)

  Retrieving response for pid 15786
[2008/04/08 11:12:34, 7] 
nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving 
S-1-5-21-1214440339-113007714-839522115-513 to a gid
[2008/04/08 11:12:34, 10] 
nsswitch/winbindd_cache.c:cache_retrieve_response(2300)

  Retrieving response for pid 15786
[2008/04/08 11:12:34, 5] 
nsswitch/winbindd_async.c:winbindd_sid2gid_recv(527)

  sid2gid returned an error

It looks as though conversion of SIDs to IDs is not correctly working.

# wbinfo -G 1000
S-1-5-21-1214440339-113007714-839522115-1002
# wbinfo -S S-1-5-21-1214440339-113007714-839522115-1002
Could not convert sid S-1-5-21-1214440339-113007714-839522115-1002 to uid
# wbinfo -Y S-1-5-21-1214440339-113007714-839522115-1002
Could not convert sid S-1-5-21-1214440339-113007714-839522115-1002 to gid
# wbinfo -R 1000
Domain: MYDOMAIN
1000: TsInternetUser (User)

Manually added SIDs are actually working, so winbind is operational:

# wbinfo -Y S-1-5-13
998

So my questions are:
(1) Is idmap_rid suitable for what I want?
(2) Is idmap_rid working 3.0.26a , is there someone who got this working?
(3) Is there anything else I need to change in smb.conf when migrating 
as above?
(4) Is there some trick with compilation/configuration necessary? I have 
an Intel ARM Big Endian architecture and have the RID module statically 
linked (dynamic loading does not work on this architecture).


Kind regards and thanks for any advice or help,

Jens

P.S testparm of smb.conf

[global]
dos charset = ISO-8859-1
unix charset = ISO-8859-1
display charset = ISO-8859-1
workgroup = MYDOMAIN
realm = MYDOMAIN.TEST
server string = myserver
interfaces = ixp0
security = ADS
allow trusted domains = No
password server = sbs2000.mydomain.test
private dir = /var/lib/adsamba/private
passdb backend = tdbsam
guest account = samba
username map = /etc/cfg_user/usermap.ads
log level = 6 winbind:10
log file = /export/log/smblog.ad
max log size = 0
name resolve order = wins bcast host
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE 
SO_RCVBUF=8192 SO_SNDBUF=8192

load printers = No
show add printer wizard = No
preferred master = No
local master = No
domain master = No
wins server = 192.168.1.4
lock directory = /var/lib/adsamba
idmap domains = MYDOMAIN
winbind enum users = Yes
winbind enum groups = Yes
winbind offline logon = Yes
ldapsam:trusted = No
idmap config MYDOMAIN:range = 998 - 6
idmap config MYDOMAIN:base_rid = 1000
idmap config MYDOMAIN:backend = rid
ea support = Yes

[shared]
comment = ACL shared folder
path = /export/shared
read only = No
create mask = 0777
directory mask = 0777
inherit 

[Samba] Command to force a windows domain client to log off

[thuan tran]

As the subject stated, I want to forcibly log off (more like kick off) a
Windows domain client from a Samba PDC. Which is the command I need to use?

Regards.
Thuan Tran
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: Samba 3.0.28a under Solaris 8 + libnss_winbind.so problem?

[Oliver Weinmann]

Hi,

I'm really lost with this problem. Here is my /etc/pam.conf, maybe
someone can help me, the system still keeps kicking me out of telnet and
local console. id and group commands are now working, group is not
working on every user.

#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login   auth required   /usr/lib/security/pam_winbind.so
login auth required  /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login auth required  /usr/lib/security/$ISA/pam_dial_auth.so.1
try_first_pass
#
rlogin  auth sufficient /usr/lib/security/pam_winbind.so
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required  /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth required  /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient /usr/lib/security/pam_winbind.so
other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
# Account management
#
login   account sufficient  /usr/lib/security/pam_winbind.so
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account sufficient  /usr/lib/security/pam_winbind.so
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other   account sufficient  /usr/lib/security/pam_winbind.so
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
#other   password sufficient /usr/lib/security/pam_winbind.so
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other password optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass

-Original Message-
From: Oliver Weinmann 
Sent: 04 April 2008 19:34
To: samba@lists.samba.org
Subject: Samba 3.0.28a under Solaris 8 + libnss_winbind.so problem?

Hi i compiled Samba 3.0.28a under Solaris 8 (sparc). Everything seems to
be fine except the libnss_winbind.so.
 
i copied it to /usr/lib and linked it to:
 
libnss_winbind.so.1
libnss_winbind.so.2
nss_winbind.so.1
nss_winbind.so.1
 
now when i type: "id user" nothing happens. The same goes for "group
user".
 
wbinfo -t / -g / -u all work fine. So it must be something with the nss
I guess?

But it's getting even more strange. After a reboot i can now use "id",
"group" still doesn't work and my telnet and login session get
disconnected after a few minutes. If I change the /etc/pam.conf back to
normal I don't get disconnected. Any ideas where I could look for
debugging information?

Oliver Weinmann
Unix/Linux Administrator

VEGA IT GmbH
Europaplatz 5
D-64293 Darmstadt
Germany
Tel : +49 (0) 6151 8257 744
Fax : +49 (0)6151 8257-799
Email   : [EMAIL PROTECTED]
Web : www.vega-group.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba