Re: [Samba] get Samba Server via VPN from windows XP

[David C. Rankin]

Engi Zoltán wrote:

Hi,

I have network in my office with Samba server on Debian Linux. I would 
like to get the folders and files in this server from my home with 
Windows XP.
So, I done the VPN connection. I think, it works good. In the VPN 
connection Samba Server's ip address is 192.168.2.1 and net mask is 
255.255.255.255. The client's ip address is 192.168.2.6. and netmask is 
255.255.255.252.
I can ping the server from the client and back too.  The  workgrupname  
in the smb.conf and windows XP are same.


The problem is that I can't  see the linux computer in the network place 
on the Windows XP. Why?


Sincerely,
Zoli




Here is my post from 3/17/08 on the topic. It does work great, even from 
network neighborhood:


Jon Theil Nielsen wrote:
> My goal is to make VPN access to our Samba PDC (FreeBSD 7.0) so that users
> can access there home shares from Windows clients.
> I have read the instructions at
> http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf, but I can't
> make it work.

> Regards,
> Jon

Jon,

I do it this way:

pptp VPN server

/etc/pptpd.conf
option /etc/ppp/options.pptp
debug (comment out after testing)
localip 192.168.7.12
remoteip 192.168.7.2-5
pidfile /var/run/pptpd.pid

/etc/ppp/options.pptp
lock
noauth
nobsdcomp
lcp-echo-failure 10
lcp-echo-interval 10

/etc/ppp/options
name bonza.rbpllc.com
noipdefault
noauth
lock
local
lcp-echo-interval 30
lcp-echo-failure 4
lcp-max-configure 60
lcp-restart 2
idle 600
noipx
file /etc/ppp/filters
proxyarp
ms-dns 192.168.7.15
ms-wins 192.168.7.15
refuse-chap
refuse-mschap

/etc/ppp/pap-secrets
*   bonza.rbpllc.com""
*

/etc/ppp/chap-secrets
   * *

Of course, use your own information and get rid of the "< >" in the pap 
and chap-secret files. Good luck. This works like a charm. Just don't forget to 
open [port 1723] in your firewall and router for accessing the server locally 
as well as remotely. Also, you may need:


# TAG: bcrelay 
bcrelay eth0

in /etc/pptpd.conf if you are running an older version of pptpd to improve 
remote browsing.



--
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Trouble with trusted domains

[Volker Lendecke]

On Thu, Apr 10, 2008 at 05:27:24PM -0500, Gerald (Jerry) Carter wrote:
> > We should ask CONTOSO.COM. I'm afraid this is a known
> > limitation right now. It could be coded up, but it is not
> > yet.
> 
> Volker,  This is already done in 3.2 so I'm guessing you say
> we should backport this fix?

Oh, I did not see that code. Can you point me at the right
lines?

Thanks,

Volker


pgpZSl4ZLhyvA.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Help: justification for Linux PDC vs Windows...

[James Peach]

On 10/04/2008, JJB <[EMAIL PROTECTED]> wrote:
[snip]
>  Thanks everyone who posted so far. While we are at it, is Apple's
> OpenDirectory a rough equivalent of AD

In some ways, yes.

> or is OpenDirectory just
> Samba/OpenLDAP compiled on OS X?

No, it's a completely different beast.

-- 
James Peach | [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Help: justification for Linux PDC vs Windows...

[JJB]

Lukasz Szybalski wrote:

On Thu, Apr 10, 2008 at 12:08 PM, Adam Tauno Williams
<[EMAIL PROTECTED]> wrote:
 

Now I realize I'll get tarred-n-feather for this, but...


 > > My IT department has implemented a samba PDC and now we are 
taking flack
 > > for it. Can anyone help me out with some good justifications for 
doing
 > > it this way vs the Microsoft way? Have a meeting about it in a 
short

 > > while...
 > > We wanted to do it because Linux is more secure and more stable. 
But
 > > there may be other good reasons and it would be good to know 
them. Or

 > > maybe it would be better to go with the Microsoft solutions?
 > This is almost a troll question. what is better, beer or whine ...

   

* samba is open source = support for any version of will will continue
  

 >   as long as _you_ resp. your company are willing to support it

 Or as long as clients will continue to operate effectively in a NT4
 domain;  a window with is rapidly closing, IMO.


 > * beware that samba PDC == winnt PDC, no ADS PDC yet

 Yep - which is why I think your bosses are correct.  Deploying a *new*
 NT4 domain in 2008 is just nuts.  When most clients are XP or Vista and
 many applications have integration with AD.



Could you elaborate on difference in AD vs NT4? What specific
application that you are talking about have AD and not nt4
integration?


But as far as samba goes:
1. Free
2. Free upgrades
3. Easy to maintain
4. Lower maintenance costs because its deployed on linux (no $
upgrades to os required ?)
5. Higher security (If that is a case)
6. Integration of other tools to samba pdc/linux (webmail, antispam,
loadbalancer, linux pcs) (Which ever one applies)
7. Backup pdc if needed for free (no need to purchase another windows
server license)
8. No need to restart server every week. (I think people that have
windows servers know what I mean here)


For me the biggest impact as far as going opensource/linux way is
maintenance savings. You deploy on linux and you come back to it in 6
months and it still runs. The only thing to worry about is power
outage. If you go the other way then you have to baby sit your
servers.

Lucas




  


Thanks everyone who posted so far. While we are at it, is Apple's 
OpenDirectory a rough equivalent of AD or is OpenDirectory just 
Samba/OpenLDAP compiled on OS X?


- Joel

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File locks?

[Jim Young]

Thank you for the reply,

# modinfo cifs
filename:   /lib/modules/2.6.24-1-686/kernel/fs/cifs/cifs.ko
version:1.52
description:VFS to access servers complying with the SNIA CIFS
Specification e.g. Samba and Windows
license:GPL
author: Steve French <[EMAIL PROTECTED]>
srcversion: 6BE8BB9F68C542F4B1774D3
depends:
vermagic:   2.6.24-1-686 SMP mod_unload 686
parm:   CIFSMaxBufSize:Network buffer size (not including header).
Default: 16384 Range: 8192 to 130048 (int)
parm:   cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to
64 (int)
parm:   cifs_min_small:Small network buffers in pool. Default: 30
Range: 2 to 256 (int)
parm:   cifs_max_pending:Simultaneous requests to server. Default:
50 Range: 2 to 256 (int)

>
>
> On 10/04/2008, Guenter Kukkukk <[EMAIL PROTECTED]> wrote:
> >
> > Am Donnerstag, 10. April 2008 schrieb Jim Young:
> >
> > Hi Jim,
> >
> >
> > > Thanks for the info. I am using the smbfs debian package, but mount
> > tells me
> > > that type is cifs
> > >
> > > //nsh/jyoung on /mnt/uni type cifs (rw,mand)
> > >
> > > I have updated my fstab:
> > > //nsh/jyoung/mnt/unicifs
> > > credentials=/myfolder/credentials,gid=jyoung,uid=jyoung,auto,rw
> > > 0   0
> > >
> > > and remounted, same problem.
> > >
> > > Thanks, Jim
> > >
> >
> > On your local system. what's the outcome of 'modinfo cifs' ?
> >
> > Btw - recent debian/ubuntu packages ship versions of the smb/cifs
> > userland
> > helpers smbmount and smbumount, which are no longer mounting smbfs when
> > specified. Instead they mount cifs vfs "behind the scenes".
> > Both are (usually) also called indirectly by the mount/umount programs.
> > Technically spoken, 'mount -t smbfs ...' is (ususally) calling
> > /sbin/mount.smbfs which formerly mounted smbfs - but now cifs vfs
> > instead.
> > Cheers, Günter
> >
> >
> > > On 10/04/2008, Jeremy Allison <[EMAIL PROTECTED]> wrote:
> > > >
> > > > On Thu, Apr 10, 2008 at 10:12:54AM -0600, Jim Young wrote:
> > > > > Hello,
> > > > >
> > > > >   Recently, the following problem started happening with a
> > particular
> > > > samba
> > > > > server:
> > > > > If i have a file open for reading (say, a pdf in xpdf) and then
> > try to
> > > > write
> > > > > to it (say, through recompiling a latex document) it complains
> > that it
> > > > > cannot open the file for writing.
> > > > >
> > > > > this seems like a file lock issue but I am unsure where it is
> > happening.
> > > > My
> > > > > previous usage should be perfectly safe since xpdf should only
> > open for
> > > > > reading.
> > > > >
> > > > > This problem does not happen locally or when I connect to a
> > different
> > > > samba
> > > > > server (a windows machine). I can also ssh into the remote server,
> > port
> > > > xpdf
> > > > > , and my local process can write to the file. It is the samba
> > connection
> > > > > that is making the lock.
> > > > >
> > > > >   I am running Debian Unstable, using smbclient/smbfs 3.0.28a-1 to
> > > > connect
> > > > > to a samba server (unix backend) on my university network. Server:
> > > >
> > > > > Samba3.0.10-1.4E
> > > >
> > > > >
> > > > > I mount the smb share in my fstab as follows:
> > > > >
> > > > > //myserver/jyoung/mnt/unismbfs
> > > > > credentials=credsfile,gid=jyoung,uid=jyoung,auto,rw
> > > >
> > > >
> > > > smbfs is going out of support soon. You should be using cifsfs
> > > > instead.
> > > >
> > > >
> > > > Jeremy.
> > > >
> > >
> > >
> > >
> > > --
> > > James Young, B.Sc.
> > > Ph.D. Student
> > > Interactions laboratory, Department of Computer Science, University of
> > > Calgary
> > > 2500 University Drive NW, Calgary, Alberta, Canada, T2N 1N4
> > > Phone: +1.403.210.9502
> > > E-mail: [EMAIL PROTECTED]
> > > URL: 
> > > http://pages.cpsc.ucalgary.ca/~jyoung/
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>
>
>
> --
> James Young, B.Sc.
> Ph.D. Student
> Interactions laboratory, Department of Computer Science, University of
> Calgary
> 2500 University Drive NW, Calgary, Alberta, Canada, T2N 1N4
> Phone: +1.403.210.9502
> E-mail: [EMAIL PROTECTED]
> URL: 
> http://pages.cpsc.ucalgary.ca/~jyoung/
>



-- 
James Young, B.Sc.
Ph.D. Student
Interactions laboratory, Department of Computer Science, University of
Calgary
2500 University Drive NW, Calgary, Alberta, Canada, T2N 1N4
Phone: +1.403.210.9502
E-mail: [EMAIL PROTECTED]
URL: http://pages.cpsc.ucalgary.ca/~jyoung/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File locks?

[Guenter Kukkukk]

Am Donnerstag, 10. April 2008 schrieb Jim Young:

Hi Jim,

> Thanks for the info. I am using the smbfs debian package, but mount tells me
> that type is cifs
> 
> //nsh/jyoung on /mnt/uni type cifs (rw,mand)
> 
> I have updated my fstab:
> //nsh/jyoung/mnt/unicifs
> credentials=/myfolder/credentials,gid=jyoung,uid=jyoung,auto,rw
> 0   0
> 
> and remounted, same problem.
> 
> Thanks, Jim
> 
On your local system. what's the outcome of 'modinfo cifs' ?

Btw - recent debian/ubuntu packages ship versions of the smb/cifs userland
helpers smbmount and smbumount, which are no longer mounting smbfs when
specified. Instead they mount cifs vfs "behind the scenes".
Both are (usually) also called indirectly by the mount/umount programs.
Technically spoken, 'mount -t smbfs ...' is (ususally) calling 
/sbin/mount.smbfs which formerly mounted smbfs - but now cifs vfs instead.
Cheers, Günter

> On 10/04/2008, Jeremy Allison <[EMAIL PROTECTED]> wrote:
> >
> > On Thu, Apr 10, 2008 at 10:12:54AM -0600, Jim Young wrote:
> > > Hello,
> > >
> > >   Recently, the following problem started happening with a particular
> > samba
> > > server:
> > > If i have a file open for reading (say, a pdf in xpdf) and then try to
> > write
> > > to it (say, through recompiling a latex document) it complains that it
> > > cannot open the file for writing.
> > >
> > > this seems like a file lock issue but I am unsure where it is happening.
> > My
> > > previous usage should be perfectly safe since xpdf should only open for
> > > reading.
> > >
> > > This problem does not happen locally or when I connect to a different
> > samba
> > > server (a windows machine). I can also ssh into the remote server, port
> > xpdf
> > > , and my local process can write to the file. It is the samba connection
> > > that is making the lock.
> > >
> > >   I am running Debian Unstable, using smbclient/smbfs 3.0.28a-1 to
> > connect
> > > to a samba server (unix backend) on my university network. Server:
> >
> > > Samba3.0.10-1.4E
> >
> > >
> > > I mount the smb share in my fstab as follows:
> > >
> > > //myserver/jyoung/mnt/unismbfs
> > > credentials=credsfile,gid=jyoung,uid=jyoung,auto,rw
> >
> >
> > smbfs is going out of support soon. You should be using cifsfs
> > instead.
> >
> >
> > Jeremy.
> >
> 
> 
> 
> -- 
> James Young, B.Sc.
> Ph.D. Student
> Interactions laboratory, Department of Computer Science, University of
> Calgary
> 2500 University Drive NW, Calgary, Alberta, Canada, T2N 1N4
> Phone: +1.403.210.9502
> E-mail: [EMAIL PROTECTED]
> URL: http://pages.cpsc.ucalgary.ca/~jyoung/


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Trouble with trusted domains

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Volker Lendecke wrote:
> On Thu, Apr 10, 2008 at 02:20:28PM +0200, Martin Zielinski wrote:
>> winbind does this with a LSA RPC call to CHILD2 (not to CHILD1, where
>> the user comes from) and receives a "NO MAPPED USER" reply.
>>
>> Now my question is: shouldn't Samba ask CHILD1 for the user
>> CHILD1\testtest or
>> should CHILD2 know about user CHILD1\testtest?
>> Where lies the mistake?
> 
> We should ask CONTOSO.COM. I'm afraid this is a known
> limitation right now. It could be coded up, but it is not
> yet.

Volker,  This is already done in 3.2 so I'm guessing you say
we should backport this fix?






cheers, jerry
- --
=
Samba--- http://www.samba.org
Likewise Software  -  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH/pRMIR7qMdg1EfYRArUIAJ9dmMlpk7o5OtIF6jjBvPdIWgr1OgCffSNt
dB+Xz+hzXEA4tkRV3BxTzKI=
=7kFs
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Trouble with trusted domains

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Martin Zielinski wrote:
> Hello list,
> 
> perhaps someone can guide me, finding out what's going wrong in the
> following scenario (Active Directory , Samba 3.0.20b same with 3.0.28a):
> 
> CHILD1.CONTOSO.COM <-trusts-> CONTOSO.COM <-trusts->CHILD2.CONTOSO.COM
>  || |
>  User: CHILD1\testtest| Samba
>   Vista
> 
> CHILD1\testtest -> Vista : works (of course :-()
> CHLID1\testtest -> Samba : password prompt (logon failure)
> 
> What I can see, is that Samba decodes the user correctly out of kerberos
> ticket as [EMAIL PROTECTED]
> 
> Then, Samba (better to say: winbind) tries to resolve the shortened name
> CHILD1\testtest into a SID.
> 
> winbind does this with a LSA RPC call to CHILD2 (not to CHILD1, where
> the user comes from) and receives a "NO MAPPED USER" reply.
> 
> Now my question is: shouldn't Samba ask CHILD1 for the user
> CHILD1\testtest or
> should CHILD2 know about user CHILD1\testtest?
> Where lies the mistake?

Fixed in 3.2.  We should ask the root of our forest which is what we do
in the 3.2 series.




cheers, jerry
- --
=
Samba--- http://www.samba.org
Likewise Software  -  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH/pQeIR7qMdg1EfYRAk9WAJ46H3bDrtazz2MNmL1IRIGjc3YajgCcD30N
Dj1TGm46GURRr9wf4IIkT0g=
=JbCw
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL/Excel file issue

[Daniel Huntley]

Hi,

I have the same issue. Only started happening when I upgraded to 3.0.25b
Centos5

As a temporary solution I set force security mode = 0770 on the shares
which fixes the problem but is not an ideal solution.

Dan

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Ben Tisdall
Sent: Wednesday, 9 April 2008 3:08 AM
To: [EMAIL PROTECTED]
Subject: [Samba] ACL/Excel file issue

Hi,

I've just upgraded an organisation from 3.0.23a to 3.0.25b on CentOS.

Everything went fine excpet they're having an issue with Excel files 
going RO which perhaps is related to acls.

$ ls foo.xls
-r--rwxr--+ 1 mr.bogus staff 101376 Apr  8 12:59 08-04-04 foo.xls

and getfacl gives:

# owner: mr.bogus
# group: staff
user::r--
user:mr.test:rw-
group::rw-
mask::rwx
other::r--

This is the testparm output with extraneous shares pruned out. It's the 
same conf as the old server.

[global]
 workgroup = REDRESSTRUST
 netbios name = REDRESS3
 interfaces = eth0, lo
 bind interfaces only = Yes
 passdb backend = ldapsam:ldap://127.10.0.1:1389
 passwd program = /usr/sbin/smbldap-passwd %u
 passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n 
*Password*changed*
 username map = /etc/samba/users.conf
 log level = 1
 syslog = 0
 name resolve order = wins bcast hosts
 time server = Yes
 printcap name = cups
 show add printer wizard = No
 add user script = /usr/sbin/smbldap-useradd -m %u
 delete user script = /usr/sbin/smbldap-userdel "%u"
 add group script = /usr/sbin/smbldap-groupadd -p "%g"
 delete group script = /usr/sbin/smbldap-groupdel "%g"
 add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
 delete user from group script = /usr/sbin/smbldap-groupmod -x 
"%u" "%g"
 set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
 add machine script = /usr/sbin/smbldap-useradd -w "%u"
 logon script = login.bat
 logon drive = P:
 domain logons = Yes
 preferred master = Yes
 wins support = Yes
 ldap admin dn = uid=admin,dc=redress,dc=org
 ldap delete dn = Yes
 ldap group suffix = ou=groups
 ldap idmap suffix = ou=idmap
 ldap machine suffix = ou=computers
 ldap passwd sync = Yes
 ldap suffix = dc=redress,dc=org
 ldap ssl = no
 ldap user suffix = ou=users
 printing = cups
 print command =
 lpq command = %p
 lprm command =
 hide files = /desktop.ini/
 map archive = No
 include = /etc/samba/shares.conf

[OrgData]
 comment = "STAFF read/write, others read"
 path = /space/data1/orgdata
 valid users = root, @staff
 read only = No
 create mask = 0664
 force create mode = 0664
 directory mask = 0775
 force directory mode = 0775

Thanks,

-- 
Ben Tisdall
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Help: justification for Linux PDC vs Windows...

[Lukasz Szybalski]

On Thu, Apr 10, 2008 at 12:08 PM, Adam Tauno Williams
<[EMAIL PROTECTED]> wrote:
> Now I realize I'll get tarred-n-feather for this, but...
>
>
>  > > My IT department has implemented a samba PDC and now we are taking flack
>  > > for it. Can anyone help me out with some good justifications for doing
>  > > it this way vs the Microsoft way? Have a meeting about it in a short
>  > > while...
>  > > We wanted to do it because Linux is more secure and more stable. But
>  > > there may be other good reasons and it would be good to know them. Or
>  > > maybe it would be better to go with the Microsoft solutions?
>  > This is almost a troll question. what is better, beer or whine ...
>
> > * samba is open source = support for any version of will will continue
>  >   as long as _you_ resp. your company are willing to support it
>
>  Or as long as clients will continue to operate effectively in a NT4
>  domain;  a window with is rapidly closing, IMO.
>
>
>  > * beware that samba PDC == winnt PDC, no ADS PDC yet
>
>  Yep - which is why I think your bosses are correct.  Deploying a *new*
>  NT4 domain in 2008 is just nuts.  When most clients are XP or Vista and
>  many applications have integration with AD.

Could you elaborate on difference in AD vs NT4? What specific
application that you are talking about have AD and not nt4
integration?


But as far as samba goes:
1. Free
2. Free upgrades
3. Easy to maintain
4. Lower maintenance costs because its deployed on linux (no $
upgrades to os required ?)
5. Higher security (If that is a case)
6. Integration of other tools to samba pdc/linux (webmail, antispam,
loadbalancer, linux pcs) (Which ever one applies)
7. Backup pdc if needed for free (no need to purchase another windows
server license)
8. No need to restart server every week. (I think people that have
windows servers know what I mean here)


For me the biggest impact as far as going opensource/linux way is
maintenance savings. You deploy on linux and you come back to it in 6
months and it still runs. The only thing to worry about is power
outage. If you go the other way then you have to baby sit your
servers.

Lucas




-- 
Automotive Recall Database. Cars, Trucks, etc.
http://www.lucasmanual.com/recall/
Install Broadcom wireless card on Linux:
http://lucasmanual.com/mywiki/bcm43xx
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Help: justification for Linux PDC vs Windows...

[Udo Rader]

On Thu, 2008-04-10 at 13:08 -0400, Adam Tauno Williams wrote:
> Now I realize I'll get tarred-n-feather for this, but...

of course you'll be :-)

> > > My IT department has implemented a samba PDC and now we are taking flack 
> > > for it. Can anyone help me out with some good justifications for doing 
> > > it this way vs the Microsoft way? Have a meeting about it in a short 
> > > while...
> > > We wanted to do it because Linux is more secure and more stable. But 
> > > there may be other good reasons and it would be good to know them. Or 
> > > maybe it would be better to go with the Microsoft solutions?
> > This is almost a troll question. what is better, beer or whine ... 
> > * samba is open source = support for any version of will will continue 
> >   as long as _you_ resp. your company are willing to support it
> 
> Or as long as clients will continue to operate effectively in a NT4
> domain;  a window with is rapidly closing, IMO.

Show evidence for that. I know many big companies (airlines, yes
airlines) that still operate on WINNT (or alike => samba) based server
infrastructure.

> > * beware that samba PDC == winnt PDC, no ADS PDC yet
> 
> Yep - which is why I think your bosses are correct.  Deploying a *new*
> NT4 domain in 2008 is just nuts.  When most clients are XP or Vista and
> many applications have integration with AD.  You can always migrate to
> Samba4 if that ever becomes a viable DC option.   I've known of many
> SambaPDC+LDAP sites in my area and I believe we have one the last
> remaining;  just about everyone from my old LUG and other acquaintances
> have tossed in the towel due to policy implementation and application
> issues [and gone over to AD].

I agree. Policies coming with ADS are a true benefit for anybody
operating even mid sized networks.

Samba4 for sure is desperately awaited by many people :-)

> > * samba let's you control/configure much more things you could ever
> >   configure in a windows PDC
> > * all components of a samba PDC are well documented (like openldap etc.)
> 
> This is *very* debatable.  Basic setup is well documented.  Implementing
> things like effective security policies (password requirements, etc...)
> is downright dodgy,  and very possible just not possible [see the recent
> ppolicy related thread].  Making use of technologies like Kerberos is
> really awkward.

I disagree. The only problem ie. with Kerberos is that there are so many
weird and misleading so called "HOWTOs" on the net (that should rather
be called "HOWNOTTOs") so that it seems to be "badly" documented. But as
usual, google/your local LUG/a "good" server distribution are your
friends.

-- 
Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File locks?

[Helmut Hullen]

Hallo, Jeremy,

Du (jra) meintest am 10.04.08:

> smbfs is going out of support soon. You should be using cifsfs
> instead.

Maybe cifs doesn't work with Windows9x Clients.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File locks?

[Jim Young]

Thanks for the info. I am using the smbfs debian package, but mount tells me
that type is cifs

//nsh/jyoung on /mnt/uni type cifs (rw,mand)

I have updated my fstab:
//nsh/jyoung/mnt/unicifs
credentials=/myfolder/credentials,gid=jyoung,uid=jyoung,auto,rw
0   0

and remounted, same problem.

Thanks, Jim

On 10/04/2008, Jeremy Allison <[EMAIL PROTECTED]> wrote:
>
> On Thu, Apr 10, 2008 at 10:12:54AM -0600, Jim Young wrote:
> > Hello,
> >
> >   Recently, the following problem started happening with a particular
> samba
> > server:
> > If i have a file open for reading (say, a pdf in xpdf) and then try to
> write
> > to it (say, through recompiling a latex document) it complains that it
> > cannot open the file for writing.
> >
> > this seems like a file lock issue but I am unsure where it is happening.
> My
> > previous usage should be perfectly safe since xpdf should only open for
> > reading.
> >
> > This problem does not happen locally or when I connect to a different
> samba
> > server (a windows machine). I can also ssh into the remote server, port
> xpdf
> > , and my local process can write to the file. It is the samba connection
> > that is making the lock.
> >
> >   I am running Debian Unstable, using smbclient/smbfs 3.0.28a-1 to
> connect
> > to a samba server (unix backend) on my university network. Server:
>
> > Samba3.0.10-1.4E
>
> >
> > I mount the smb share in my fstab as follows:
> >
> > //myserver/jyoung/mnt/unismbfs
> > credentials=credsfile,gid=jyoung,uid=jyoung,auto,rw
>
>
> smbfs is going out of support soon. You should be using cifsfs
> instead.
>
>
> Jeremy.
>



-- 
James Young, B.Sc.
Ph.D. Student
Interactions laboratory, Department of Computer Science, University of
Calgary
2500 University Drive NW, Calgary, Alberta, Canada, T2N 1N4
Phone: +1.403.210.9502
E-mail: [EMAIL PROTECTED]
URL: http://pages.cpsc.ucalgary.ca/~jyoung/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File locks?

[Jeremy Allison]

On Thu, Apr 10, 2008 at 10:12:54AM -0600, Jim Young wrote:
> Hello,
> 
>   Recently, the following problem started happening with a particular samba
> server:
> If i have a file open for reading (say, a pdf in xpdf) and then try to write
> to it (say, through recompiling a latex document) it complains that it
> cannot open the file for writing.
> 
> this seems like a file lock issue but I am unsure where it is happening. My
> previous usage should be perfectly safe since xpdf should only open for
> reading.
> 
> This problem does not happen locally or when I connect to a different samba
> server (a windows machine). I can also ssh into the remote server, port xpdf
> , and my local process can write to the file. It is the samba connection
> that is making the lock.
> 
>   I am running Debian Unstable, using smbclient/smbfs 3.0.28a-1 to connect
> to a samba server (unix backend) on my university network. Server:
> Samba3.0.10-1.4E
> 
> I mount the smb share in my fstab as follows:
> 
> //myserver/jyoung/mnt/unismbfs
> credentials=credsfile,gid=jyoung,uid=jyoung,auto,rw

smbfs is going out of support soon. You should be using cifsfs
instead.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Help: justification for Linux PDC vs Windows...

[Adam Tauno Williams]

Now I realize I'll get tarred-n-feather for this, but...

> > My IT department has implemented a samba PDC and now we are taking flack 
> > for it. Can anyone help me out with some good justifications for doing 
> > it this way vs the Microsoft way? Have a meeting about it in a short 
> > while...
> > We wanted to do it because Linux is more secure and more stable. But 
> > there may be other good reasons and it would be good to know them. Or 
> > maybe it would be better to go with the Microsoft solutions?
> This is almost a troll question. what is better, beer or whine ... 
> * samba is open source = support for any version of will will continue 
>   as long as _you_ resp. your company are willing to support it

Or as long as clients will continue to operate effectively in a NT4
domain;  a window with is rapidly closing, IMO.

> * beware that samba PDC == winnt PDC, no ADS PDC yet

Yep - which is why I think your bosses are correct.  Deploying a *new*
NT4 domain in 2008 is just nuts.  When most clients are XP or Vista and
many applications have integration with AD.  You can always migrate to
Samba4 if that ever becomes a viable DC option.   I've known of many
SambaPDC+LDAP sites in my area and I believe we have one the last
remaining;  just about everyone from my old LUG and other acquaintances
have tossed in the towel due to policy implementation and application
issues [and gone over to AD].

> * samba let's you control/configure much more things you could ever
>   configure in a windows PDC
> * all components of a samba PDC are well documented (like openldap etc.)

This is *very* debatable.  Basic setup is well documented.  Implementing
things like effective security policies (password requirements, etc...)
is downright dodgy,  and very possible just not possible [see the recent
ppolicy related thread].  Making use of technologies like Kerberos is
really awkward.

> * samba is - of course - muchmuch cheaper due to the lack of license 
>   costs

Agree.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File locks?

[Jim Young]

Hello,

  Recently, the following problem started happening with a particular samba
server:
If i have a file open for reading (say, a pdf in xpdf) and then try to write
to it (say, through recompiling a latex document) it complains that it
cannot open the file for writing.

this seems like a file lock issue but I am unsure where it is happening. My
previous usage should be perfectly safe since xpdf should only open for
reading.

This problem does not happen locally or when I connect to a different samba
server (a windows machine). I can also ssh into the remote server, port xpdf
, and my local process can write to the file. It is the samba connection
that is making the lock.

  I am running Debian Unstable, using smbclient/smbfs 3.0.28a-1 to connect
to a samba server (unix backend) on my university network. Server:
Samba3.0.10-1.4E

I mount the smb share in my fstab as follows:

//myserver/jyoung/mnt/unismbfs
credentials=credsfile,gid=jyoung,uid=jyoung,auto,rw


I spoke with my system administrator and he said it may also be possible to
get the server settings changed depending on what is required (and the
implications).

Thanks

Jim


-- 
James Young, B.Sc.
Ph.D. Student
Interactions laboratory, Department of Computer Science, University of
Calgary
2500 University Drive NW, Calgary, Alberta, Canada, T2N 1N4
Phone: +1.403.210.9502
E-mail: [EMAIL PROTECTED]
URL: 
http://pages.cpsc.ucalgary.ca/~jyoung/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] loss of trust?

[Mike Eggleston]

Last night in I lost power to my building and all my servers. This
morning while recovering from the outage I have four Windows XP boxes
that when a user attempted to log into the box using a domain account
served from a Samba PDC, the windows box complained saying something like
'loss of trust with the domain controller'. My solution (which worked)
is to remove the offending windows box from my samba pdc domain, then
add the offending windows box back to the samba pdc domain. After these
steps the user could log in without error.

My question is why the loss of trust?

Mike

Fedora Core 5

$ rpm -qa | grep samba
samba-client-3.0.24-7.fc5
system-config-samba-1.2.34-1
samba-swat-3.0.24-7.fc5
samba-common-3.0.24-7.fc5
samba-3.0.24-7.fc5
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Tdbtool in Samba 3.0.28a

[Volker Lendecke]

On Thu, Apr 10, 2008 at 03:56:46PM +0200, Grzegorz Wakan wrote:
> okey, thanks for your reply Volker but in case of net idmap dump I get
> output like this
> for example:
> 
> UID 111 S-1-5-21-1161552919-2021084893-2910719778-1125
> UID 126 S-1-5-21-1161552919-2021084893-2910719778-1235
> GID 114 S-1-5-21-1161552919-2021084893-2910719778-520
> UID 124 S-1-5-21-1161552919-2021084893-2910719778-1199
> UID 106 S-1-5-21-1161552919-2021084893-2910719778-1106
> 
> let's say we want to change UID 126 to something else for example 193
> how to do that? Only thing to do is to put 193 instead of 126, save
> file and do "net idmap restore winbindd_idmap.tdb < "modified file
> with uid's"? Is this going to work or I should do something more?

This should work.

Volker


pgpnHJeedUDUj.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Tdbtool in Samba 3.0.28a

[Grzegorz Wakan]

okey, thanks for your reply Volker but in case of net idmap dump I get
output like this
for example:

UID 111 S-1-5-21-1161552919-2021084893-2910719778-1125
UID 126 S-1-5-21-1161552919-2021084893-2910719778-1235
GID 114 S-1-5-21-1161552919-2021084893-2910719778-520
UID 124 S-1-5-21-1161552919-2021084893-2910719778-1199
UID 106 S-1-5-21-1161552919-2021084893-2910719778-1106

let's say we want to change UID 126 to something else for example 193
how to do that? Only thing to do is to put 193 instead of 126, save
file and do "net idmap restore winbindd_idmap.tdb < "modified file
with uid's"? Is this going to work or I should do something more?


2008/4/10, Volker Lendecke <[EMAIL PROTECTED]>:
> On Thu, Apr 10, 2008 at 01:38:37PM +0200, Grzegorz Wakan wrote:
>  > how to change UID's or GID's in tdbtool?
>
>
> Probably not at all, you're much better off using "net idmap
>  dump", vi and "net idmap restore".
>
>
>  Volker
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Trouble with trusted domains

[Volker Lendecke]

On Thu, Apr 10, 2008 at 02:20:28PM +0200, Martin Zielinski wrote:
> winbind does this with a LSA RPC call to CHILD2 (not to CHILD1, where
> the user comes from) and receives a "NO MAPPED USER" reply.
> 
> Now my question is: shouldn't Samba ask CHILD1 for the user
> CHILD1\testtest or
> should CHILD2 know about user CHILD1\testtest?
> Where lies the mistake?

We should ask CONTOSO.COM. I'm afraid this is a known
limitation right now. It could be coded up, but it is not
yet.

Volker


pgpCkwYWxnJMY.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Trouble with trusted domains

[Martin Zielinski]

Hello list,

perhaps someone can guide me, finding out what's going wrong in the
following scenario (Active Directory , Samba 3.0.20b same with 3.0.28a):

CHILD1.CONTOSO.COM <-trusts-> CONTOSO.COM <-trusts->CHILD2.CONTOSO.COM
 || |
 User: CHILD1\testtest| Samba
  Vista

CHILD1\testtest -> Vista : works (of course :-()
CHLID1\testtest -> Samba : password prompt (logon failure)

What I can see, is that Samba decodes the user correctly out of kerberos
ticket as [EMAIL PROTECTED]

Then, Samba (better to say: winbind) tries to resolve the shortened name
CHILD1\testtest into a SID.

winbind does this with a LSA RPC call to CHILD2 (not to CHILD1, where
the user comes from) and receives a "NO MAPPED USER" reply.

Now my question is: shouldn't Samba ask CHILD1 for the user
CHILD1\testtest or
should CHILD2 know about user CHILD1\testtest?
Where lies the mistake?

Using rpcclient, I can resolve the name into a SID when addressing
CHILD1 *or* CONTOSO, but not CHILD2.

"wbinfo -n CHILD1\testtest" on Samba also fails.

Thanks,
Martin


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Tdbtool in Samba 3.0.28a

[Volker Lendecke]

On Thu, Apr 10, 2008 at 01:38:37PM +0200, Grzegorz Wakan wrote:
> how to change UID's or GID's in tdbtool?

Probably not at all, you're much better off using "net idmap
dump", vi and "net idmap restore".

Volker


pgpdnU5TFxgjw.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Tdbtool in Samba 3.0.28a

[Grzegorz Wakan]

Hello,

I'm wondering if tdbtool is working in new samba. I have some UID's,
which I have to delete but when i'm starting tdbtool, next open
/usr/local/samba/var/locks/winbindd_idmap.tdb and trying to delete UID
109 for example, i get "delete failed", when I type "keys" command in
tdbtool, I got all UID's GID's and SID's and what I was found on the
list is that to delete SID I have to type at the end \0

my sample output of "keys" command looks like this:

key 8 bytes: UID 120
key 47 bytes: S-1-5-21-1161552919-2021084893-2910719778-1125
key 47 bytes: S-1-5-21-1161552919-2021084893-2910719778-1235
key 8 bytes: UID 110
key 8 bytes: GID 114
key 8 bytes: UID 102
key 46 bytes: S-1-5-21-1161552919-2021084893-2910719778-520

typing
tdb> delete S-1-5-21-1161552919-2021084893-2910719778-1125\0

looks like working correctly, but what about UID's or GID's ?

typing
tdb>delete UID 110
delete failed

how to change UID's or GID's in tdbtool?

thank you very much for any help
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] write list vs read list

[Luca Ferrari]

On Wednesday 9 April 2008 your cat, walking on the keyboard, wrote:
> > However, the @estero group cannot access the share at all
> > (NT_STATUS_ACCESS_DENIED). What am I doing wrong?
>
> Most likely the filesystem permissions prevent users in @estero from
> executing or reading the /home/samba/lab_smb folder and/or the files in
> it.

Uhm..I've checked the file permissions, and since they are 777 I guess this is 
not the problem. Moreover, since I've got a NT_STATUS_ACCESS_DENIED I think 
that it is something that prevents users to access the share at all.
Any suggestion?

Thanks,
Luca
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a

[Angela Gavazzi]

Am Freitag, 16. November 2007 11.33:06 schrieb Duncan Brannen:
> Setting the User Account Flags to [UX] on the LDAP server allows the
> user to log in,
>
> Previous to this pdbedit was reporting 'Password must change: 0' should
> that have been -1?
>
> Any way to get back to what seemed to be default behaviour prior to 3.0.25
> ?
>
> Cheers,
>  Duncan
>

Dear Duncan,

I'm having the same trouble between 3.0.24 and all later than 3.0.25.

Did you find a solution for it?

Thank you very much,

Angela
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba