Re: [Samba] Server Migration Problem
Problem solved! Apparently the SID for the domain doesn't matter when there's an LDAP server, as samba reads the sid from the LDAP entry for the domain (it does a search for sambaDomainName=). My problem was rather patheticly simple. Turns out that solaris seperates out the nmbd and smbd process. I had turned on samba (smbd) but not wins (nmbd). I've enabled wins, and everything's fine now - except that I feel dreadfully embarrassed ;) On 02/10/2008, at 6:26 PM, Matt Skerritt wrote: Gidday I am in the process of finishing a server migration (to a new server), and am having problems with samba on the new server. The old server was running samba 3.0.22-r3 on a Gentoo machine, and the new server is running Samba 3.0.25a on a Solaris 10 machine. I have copied the files across OK, I have copied the samba configuration OK, samba runs fine, connects to the ldap backend fine, seems to check passwords fine, and even lets me connect to the file shares just fine. -- Matt Skerritt [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista Joining Samba Domain 3.0.24-6etch10
I think i might've found the problem but don't know how to fix it? Vista uses DNS to find PDC domain name while XP uses WINS is there anyway to allow vista to find a PDC domain name without having a valid DNS record for it or to find it using WINS? or maybe i'm mistaken altogether Help is much appreciated, James James wrote: > Hi guys i'm having problem joining a vista machine to Samba PDC > > I can connect XP machines ok but the vista one keep giving an error that > it can't locate the active directory > > The detailed info says something about DNS SRV records. > I know i've gotten this working without SRV records before but i don't > remember what i did. > > Any help would be appreciated. > > Thanks, > James > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Revisiting Samba's interaction with LDAP's ppolicy overlay
On 10/2/08, Ryan Steele <[EMAIL PROTECTED]> wrote: > Volker Lendecke wrote: > > > On Mon, Sep 29, 2008 at 10:14:01AM -0400, Adam Tauno Williams wrote: > > > > > > > This is, AFAIK, the only solution currently. We do the > > > same thing. It stinks. > > > > > > > > > > As I said in the former mail thread: Patches are welcome. If > > you really want it done quickly, some companies on > > http://samba.org/samba/support also offer development > > services. > > > > Volker > > > > > Unfortunately, I suspect that many of the folks who probably want this done > are system administrators, not software developers. As a systems > administrator, I do have the ability to write code, but all I really use in > my day-to-day life is Perl and Bash, maybe dabbling in some Python or Ruby. > As Samba is written primarily in C, I probably wouldn't write very good > patches for it - I find that my proficiency lies in the languages I actually > use now, not the ones I used during undergrad in college. And while I'd > love just dump money in to the project (or have an employer do it), that's > just not always a reality (especially not the amounts needed to fund > development efforts). > > All that being said, I'd be curious to know where this lies in the current > development pipeline (if at all). Again, I (and I believe the community) > think this would be very beneficial to Samba as a use and marketing tool, > and deserves some consideration. I'm happy to do what I can - testing, > tracking down bugs (even if I can't submit working patches), and money when > I have it. But mostly I rely on good developers to develop, so that I can > focus on my role in the chain - testing it and implementing it in real-world > situations, and promoting it by installing it in all applicable > environments. > > However, it can't be overstated how much I appreciate the work that has > been done up to this point on Samba - it's a fantastic piece of software. > Keep up the good work! Do we have any paper explaining the work that have to be done ? Or early patches (proof of concept) that could be used as starting point for this ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing files and folders on Vista
Antoine Leblanc a écrit : Richard Foltyn a écrit : Anyway, I just tested this on both Gentoo/Samba 3.0.32 and CentOS 5/Samba 3.2.3 with 1100 subfolders and WinXP 32bit / Vista 32bit clients, and both had no problem displaying all folders. [I] never had that kind of problem when using an earlier version of Samba on Gentoo. I'm starting to think this might be a FreeBSD issue... I tried to find the smallest possible example to show what kind of problem I face : FreeBSD 7.0 Samba 3.0.30 $ testparm [global] workgroup = HYRULE server string = Samba Server guest account = guest log level = 10 log file = /usr/local/samba/var/log.%m socket options = ldap ssl = start tls create mask = 0740 directory mask = 0750 hosts allow = 192.168. [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [Documents] comment = Documents path = /mnt/data/Documents read only = No guest ok = Yes vfs objects = recycle recycle:versions = Yes recycle:maxsize = 1g recycle:touch = Yes recycle:keeptree = No recycle:repository = /mnt/data/Documents/.Poubelle On the server, in a empty folder, I run: $ for i in `gseq 1` ; do mkdir $i ; done which basically creates 1 empty folders. Vista sees only 3352 elements in the folder. There are a lot of missing folders ; none is displayed between 325 and 6974 for instance. Mac OS X sees the 1 folders. Thanks in advance for any help... -- Antoine Leblanc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + ADS in native mode
Hi Sergey, Sergey Pororegnik wrote: > Hello, friends. > Before change Active Directory Server mode to "native mode" user > authentification dont' work. In native ADS mode i need use kerberos. > > OS: RHEL 4 (x86) > Samba: 3.0.10-1.4E > Kerberos: 1.3.4-9 > Domain controller: Win 2003 ADS in native mode > # wbinfo -a [EMAIL PROTECTED] > plaintext password authentication failed > error code was NT_STATUS_NO_SUCH_USER (0xc064) > error messsage was: No such user > Could not authenticate user [EMAIL PROTECTED] with plaintext password > challenge/response password authentication failed > error code was NT_STATUS_NO_SUCH_USER (0xc064) > error messsage was: No such user > Could not authenticate user [EMAIL PROTECTED] with challenge/response You have set "winbind use default domain = yes", so what does "wbinfo -a username" give you? And "wbinfo -a DOMAIN+username" (where you use your short Domain name not the realm name). > # wbinfo -g > and > # wbinfo -u > work correct. So I assume, you have successfully done "net ads join"? Cheers - Michael PS: You could also consider upgrading. 3.0.10 is quite old. AD-Support has evolved a lot since that release. > # more /etc/samba/smb.conf > [global] >workgroup = DOMAIN >server string = FTP Server >netbios name = SRVFTP >log file = /var/log/samba/%m.log >log level = 3 auth:5 passdb:5 >max log size = 500 >security = ADS >realm = CORP.DOMAIN.COM >encrypt passwords = yes >socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >dns proxy = no >winbind enum users = yes >winbind enum groups = yes >winbind use default domain = yes >auth methods = winbind >idmap uid = 1-2 >idmap gid = 1-2 >winbind separator = + >winbind nested groups = yes >password server = dc1.domain.local >case sensitive = no > > > > > # more /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = CORP.DOMAIN.COM > dns_lookup_realm = true > dns_lookup_kdc = true > > [realms] > CORP.DOMAIN.COM = { > kdc = dc1.domain.local:88 > admin_server = dc1.domain.local:749 > default_domain = CORP.DOMAIN.COM > } > > [domain_realm] > .domain.local = CORP.DOMAIN.COM > domain.local = CORP.DOMAIN.COM > > [kdc] > profile = /var/kerberos/krb5kdc/kdc.conf > > [appdefaults] > pam = { >debug = false >ticket_lifetime = 36000 >renew_lifetime = 36000 >forwardable = true >krb4_convert = false > } > > > > > > # klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: [EMAIL PROTECTED] > > Valid starting ExpiresService principal > 10/02/08 10:20:43 10/02/08 20:20:50 krbtgt/[EMAIL PROTECTED] > renew until 10/02/08 20:20:43 > 10/02/08 10:24:30 10/02/08 20:20:50 [EMAIL PROTECTED] > renew until 10/02/08 20:20:43 > > > Kerberos 4 ticket cache: /tmp/tkt0 > klist: You have no tickets cached > > -- Michael Adam <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE pgpedrT580i0Q.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba LDAP Tools
I am looking for some good tools to manage Samba users in LDAP. It looks like there are several good tools mentioned on the Samba Wiki, but I am concerned mostly with the proper addition of new users to LDAP, in particular, generating unique SIDs. smbldap-useradd, for example, generates the SIDs for primary user and group based off of a simple formula based on the UID and GID, whereas Samba itself using a very simple mechanism of storing the next free RID in an LDAP attribute. Since I still plan to use the Add Computer to Domain wizard in Windows for adding computers, I am concerned that an overlap could occur between these two approaches. AFAIK, there are no SQL-like feature in LDAP like transactions, unique indices, or sequences that would allow multiple mechanisms to generate a unique SID. I wouldn't mind a tool like pdbedit which goes through Samba to update the backend db, but I want it to be scriptable and not ask for a password so I can integrate password updates with other systems such as LDAP (using userPassword) and Kerberos. -- Loren M. Lang [EMAIL PROTECTED] http://www.alzatex.com/ Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: 10A0 7AE2 DAF5 4780 888A 3FA4 DCEE BB39 7654 DE5B smime.p7s Description: S/MIME cryptographic signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] files disappearing from Samba server
Heya, Can you verify from the server that the file is gone as well. Could it be that the file actually does exist on the server, but they cannot see it on the Windows mount? -Kevin > I've had dozens of > kids come up to me and claim that they've written files > to their mapped > shares (P: maps to their home directory when they log onto > a Windows > machine), and the files have disappeared. Teachers have > confirmed that > they've looked over the kids shoulders while > they're saving files, and > checked when they were done by accessing the drive via My > Computer, and > the files are there, but the next day they're gone. > Sometimes they say > a kid will write a file to the server, and not get any > error message, > but when they go to My Computer, the file's no where to > be found. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Why do I see two Workgroups in Windows?
I have two samba servers in a domain one, named Thelma is the Domain Controller. The other named Louise is a member server. When I browse the network on a Windows workstation I see two workgroups, ATLANTA which is the domain name and contains all of the computers and THELMA, which is empty. I think the only WORKGROUP should be ATLANTA. Any idea why this is happening? -- Robert Steinmetz, AIA Principal Steinmetz & Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Vista Joining Samba Domain 3.0.24-6etch10
Hi guys i'm having problem joining a vista machine to Samba PDC I can connect XP machines ok but the vista one keep giving an error that it can't locate the active directory The detailed info says something about DNS SRV records. I know i've gotten this working without SRV records before but i don't remember what i did. Any help would be appreciated. Thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Noob question about cached credentials
Cool, Thanks You know anything about cache of logon script? if you do logout and login, the windows don't execute the logon script. Reggards, Iarly Selbir On Thu, Oct 2, 2008 at 4:27 PM, John Drescher <[EMAIL PROTECTED]> wrote: > On Thu, Oct 2, 2008 at 12:26 PM, Iarly Selbir <[EMAIL PROTECTED]> > wrote: > > You know how to disable this features in the Windows?? > > > > > http://www.howtogeek.com/howto/windows-vista/disable-logon-windows-no-domain/ > > John > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Noob question about cached credentials
On Thu, Oct 2, 2008 at 12:26 PM, Iarly Selbir <[EMAIL PROTECTED]> wrote: > You know how to disable this features in the Windows?? > http://www.howtogeek.com/howto/windows-vista/disable-logon-windows-no-domain/ John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Noob question about cached credentials
You know how to disable this features in the Windows?? On Thu, Oct 2, 2008 at 4:20 PM, John Drescher <[EMAIL PROTECTED]> wrote: > On Thu, Oct 2, 2008 at 10:41 AM, Douglas Phillipson > <[EMAIL PROTECTED]> wrote: > > Can a samba domain user login successfully to a PC in the domain if the > PC > > is not connected to the network? This assumes the user has logged on at > > some point in the past to get their credentials on the local PC of > course. > > Is this a "Standard" feature of SAMBA (allowing Cached credentials) or do > > you have to some how trick samba to allow this? I've looked in the > Official > > Samba-3 and Samba by example books but don't see any info on this. > Googling > > this subject seems to show it works sometimes but could break depending > on > > the version you run. > > > > This is a feature of windows not samba. > > John > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Noob question about cached credentials
On Thu, Oct 2, 2008 at 10:41 AM, Douglas Phillipson <[EMAIL PROTECTED]> wrote: > Can a samba domain user login successfully to a PC in the domain if the PC > is not connected to the network? This assumes the user has logged on at > some point in the past to get their credentials on the local PC of course. > Is this a "Standard" feature of SAMBA (allowing Cached credentials) or do > you have to some how trick samba to allow this? I've looked in the Official > Samba-3 and Samba by example books but don't see any info on this. Googling > this subject seems to show it works sometimes but could break depending on > the version you run. > This is a feature of windows not samba. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Noob question about cached credentials
Can a samba domain user login successfully to a PC in the domain if the PC is not connected to the network? This assumes the user has logged on at some point in the past to get their credentials on the local PC of course. Is this a "Standard" feature of SAMBA (allowing Cached credentials) or do you have to some how trick samba to allow this? I've looked in the Official Samba-3 and Samba by example books but don't see any info on this. Googling this subject seems to show it works sometimes but could break depending on the version you run. Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Could not join the domain - Samba and Openldap
On Tue, 30 Sep 2008, Charles Marcus wrote: > On 9/30/2008, [EMAIL PROTECTED] wrote: > > Our PDC accidentally crashed and to eliminate down time, > I hate it when that happens... I much prefer a server that crashes > intentionally. a server that crashes intentionally shoul be a victim of malware, so i prefer the accidentality. > sorry, couldn't resist... ;) me too ... incidentally: an accidental crash could alsa be someone that plugged out the wrong plug from the ops -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] files disappearing from Samba server
Sorry if I'm pointing out something obvious that you've already checked, but are you sure it isn't a problem with the client machines failing to map the drive? I think if the home drive fails to map a windows client (XP at least, that's what we use here) defaults to using the local drive for the home directory without reporting anything. We get students saving things and complaining that the files aren't there (on the file server) when they're actually on the last machine they sat at! Steve Rippl Woodland School District On Thu, 2008-10-02 at 07:56 -0400, Robert Wickberg wrote: > The files that are reported missing are missing if I log in an look via a > shell, too. > > > > > On Thu, Oct 2, 2008 at 2:24 AM, Helmut Hullen <[EMAIL PROTECTED]> wrote: > > > Hallo, Robert, > > > > Du (rwickberg) meintest am 01.10.08: > > > > > I'm the tech coordinator for a high school. Last year, we had a file > > > server kids could save work to that was a generic Celeron 800 PC with > > > an IDE hard drive. It ran Debian Sarge, with whatever version of > > > Samba ships with that. It was down to a couple of gig of free disk > > > space by the end of the year, so this year I took an old Compaq > > > Proliant server (ML360 or something like that) with a three drive > > > RAID 5 SCSI array and installed Debian Etch on that with whatever > > > version of Samba is shipped with that. School's been in session a > > > month now, and I've had dozens of kids come up to me and claim that > > > they've written files to their mapped shares (P: maps to their home > > > directory when they log onto a Windows machine), and the files have > > > disappeared. > > > > Strange. > > I run a schoolserver (http://arktur.de) on many machines, in many > > schools without these problems. > > The servers use slackware - that's the only difference to your > > configuration; Samba has versions from 3.0.22 to 3.2.3 (that differs > > from school to school), there are at least two schools which run a > > Compaq Proliant. Clients: from Windows 9x to Windows XP. > > No such problems. > > > > Can you see the files under Linux on the server? > > > > Viele Gruesse! > > Helmut > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba WINS Server losing all elections against
On Tuesday 30 September 2008 02:04:11 pm ZeWaren / Erwan Martin wrote: > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\"Ma >intainServerList" to No On the problem Windows boxen: == Besides setting: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList to No Also set: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster to FALSE == But first test to see if the info below doesn't solve the problem before going around hacking the registry on the Windows systems (and let us know!). I use the following in my Samba PDC's: == os level = 255 announce version = 5.9 == This was posted previously on the list: == "I find that values over 64 ofter return unexpected results, and I've found that my Samba servers don't lose elections in recent memory and I usually leave them at the default value in smb.conf of 33." == Haven't personally verified that anything over 64 should be a problem. That poster, myself, and others (I guess) were hoping for an official comment from the developers. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba & LDAP, with XP and Linux clients
Hello - I'm not sure if this is the right place to ask, so if not I will be grateful to learn of a more appropriate mailing list. I have a Slackware box (2.6.26 kernel) running Samba 3.0.25b (yes, I know, I'll upgrade soon). This machine provides DC functionality for several Windows XP workstations in my house. I recently changed the backend password database to OpenLDAP (v2.3.33) specifically because I wanted to start introducing Linux clients to the domain as well. I thought everything went well with the database migration, and all the XP clients seemed to continue to interact with the DC normally (it may be relevant here to note that I only use local profiles on the workstations, and no roaming profiles at all). I brought up a Debian (v4.0.x) workstation, and am having problems authenticating on it with a valid domain username. My experiences are causing me to question whether I fully understand my own OpenLDAP implementation and Samba reconfiguration, along with the necessary additions of things like NSS, PAM, etc. I'd like to have a fairly detailed discussion of configurations and steps for just about all of these things, which is why I'm not sure this is exactly the right mailing list. I'd also be very willing to take a discussion offline to e-mail with anyone who may be willing to help out. So, before I post stuff that may be wildly off-topic, I thought I'd ask. Please let me know. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Member Server Problems
I have having problems with what should be a fairly simple configuration. I have a PDC and a Member server accessed by several windows workstation. The PDC seem to be working fine, but every time I restart the network (usually for an update) all users have problems accessing the shares on the Member Server. Sometimes only a few share are accessible. sometime none. I have been able to get it to work eventually, but I still can figure our what is causing the problem. Perhaps someone here can help, PDC Globals [global] workgroup = ATLANTA server string = %h mail passwd server (Samba, Ubuntu) passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes hostname lookups = Yes logon path = \\THELMA\%U\.profiles logon drive = U: logon home = \\THELMA\%U domain logons = Yes domain master = Yes preferred master = Yes security = user Member Server Globals [global] workgroup = ATLANTA server string = %h file server (Samba, Ubuntu) security = domain password server = 192.168.1.24 log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 wins proxy = yes wins server = 192.168.1.24 panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash name resolve order = wins bcast hosts hosts allow = 192.168.1.0/255.255.255.0 username map = /etc/samba/smbusers winbind enum groups = yes winbind enum users = yes Working Share [Projects] path = /files/Lucretia/Projects comment = Project Specific Data force group = samba read only = no # valid users = @"ATLANTA\Domain Users" create mask = 0764 directory mask = 0775 Not Working Share [Office] comment = General Office Data path = /files/Lucretia/Office force group = samba # valid users = @"ATLANTA\Domain Users" read only = No create mask = 0764 directory mask = 0775 On the Member Server wbinfo -u lists the users getent passwd lists users net usersidlist lists the users On the PDC Smbclient fails with this error Domain=[ATLANTA] OS=[Unix] Server=[Samba 3.0.28a] tree connect failed: NT_STATUS_ACCESS_DENIED Another odd thing I've notices is that whne browsing the network under windows there are two Workgroups shpown, the correct one ATLANTA and another empty oen with the name of the PDC/login server THELMA. That doesn't seem quite right. -- Robert Steinmetz, AIA Principal Steinmetz & Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.2.4 Solaris 9: configure gets error: Active Directory support requires ldap_initialize
Thanks, Volker. This works for me. I have a related configure question. If you set --with-krb5=dir, shouldn't configure add a "-Rdir" so that it finds the run-time version of the library? It appears to only do a "-Ldir", so some of the configure tests fail. Thanks. -John Volker Lendecke wrote: On Wed, Oct 01, 2008 at 06:28:42PM -0400, John Center wrote: I had the same problem. I fixed one line in configure: if test "x$debug" = "xyes" ; then CFLAGS="${CFLAGS} -g" else CFLAGS="-O" fi The second if statement was clearing my CFLAGS setting, replacing it with just "-O". I changed the line from CFLAGS="-O" to CFLAGS="${CFLAGS} -O". This kept my settings. I don't know if this is the correct fix, but it worked for me. Pushed the attached patch which should also solve it, configure is made from configure.in. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] joining the domain failes with 3.2.3
Hallo, samba, when I run Samba 3.0.32 on my Linux server (security = user) then I can join a Windows 2000 client to the server, the users on the client can connect to the domain. When I update from 3.0.32 to 3.2.3 (the last "official" slackware package) the client cannot more connect to the server; the client shows an error message that the profile directory on the server cannot be found. Client messages: Window "Benutzerumgebung" first message: "Das Profilverzeichnis "\\arktur\Profile\\Win2k.pds" konnte nicht erstellt werden. Sie werden nur mit Ihrem lokalen Profil angemeldet. ..." second message: "Das lokal Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. ..." The directories "/home/Profile" and "/home/Profile/" and "/home/ Profile//Win2K" were created with 0700. When I change the rights to 0777, the directory "...//Win2K" is filled with data. But the error messages leaves unchanged. Server messages (debug level 1): (Client think82) think82.log: [2008/10/02 15:10:29, 0] lib/util_sock.c:write_data(1059) [2008/10/02 15:10:29, 0] lib/util_sock.c:get_peer_addr_internal(1596) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2008/10/02 15:10:29, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) 192.168.0.42.log [2008/10/02 15:10:29, 0] lib/util_sock.c:get_peer_name(1790) Matchname failed on Client-A42.wm8.hullen.de 192.168.0.42 (but that message seems to appear also with Samba 3.0.32) Where can I search for the error? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 & Windows Vista Guide
Just wanted to let everyone know that I put together a guide covering Windows Vista clients within Samba 3 Domains. I still have a few kinks to work out with Roaming profiles, but mostly the guide is somewhat complete. The majority of the guide covers how I had to work around Vista's lack of support of System Policies. Hopefully it helps people confidently deploy Vista within Samba Domains. The article is here: http://www.pcc-services.com/samba/samba-vista.html If anyone has the time or need, feel free to upload it to the Samba Wiki so others can edit / rewrite it to their hearts content :-) Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Synchronize nt 4 with samba 3
On Thu, Oct 02, 2008 at 01:06:03PM +, Iarly Selbir wrote: > I have the following problem to sync my NT 4.0 (BDC) with my Samba 3 ( PDC > ), in the "Event log viewer" of the NT has logged, after click in > "Synchronize with Primary Domain Controller" > > 1 -The partial synchronization replication of the LSA database from the > primary domain controller failed with the following error: > The procedure number is out of range. > > 2 -The partial synchronization replication of the BUILTIN database from the > primary domain controller failed with the following error: > The procedure number is out of range. > > 3 - The partial synchronization replication of the SAM database from the > primary domain controller failed with the following error: > The procedure number is out of range. > > Anybody can help me? No, sorry. The corresponding calls are not supported. Volker pgpsXPEzkN85L.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Revisiting Samba's interaction with LDAP's ppolicy overlay
Volker Lendecke wrote: On Mon, Sep 29, 2008 at 10:14:01AM -0400, Adam Tauno Williams wrote: This is, AFAIK, the only solution currently. We do the same thing. It stinks. As I said in the former mail thread: Patches are welcome. If you really want it done quickly, some companies on http://samba.org/samba/support also offer development services. Volker Unfortunately, I suspect that many of the folks who probably want this done are system administrators, not software developers. As a systems administrator, I do have the ability to write code, but all I really use in my day-to-day life is Perl and Bash, maybe dabbling in some Python or Ruby. As Samba is written primarily in C, I probably wouldn't write very good patches for it - I find that my proficiency lies in the languages I actually use now, not the ones I used during undergrad in college. And while I'd love just dump money in to the project (or have an employer do it), that's just not always a reality (especially not the amounts needed to fund development efforts). All that being said, I'd be curious to know where this lies in the current development pipeline (if at all). Again, I (and I believe the community) think this would be very beneficial to Samba as a use and marketing tool, and deserves some consideration. I'm happy to do what I can - testing, tracking down bugs (even if I can't submit working patches), and money when I have it. But mostly I rely on good developers to develop, so that I can focus on my role in the chain - testing it and implementing it in real-world situations, and promoting it by installing it in all applicable environments. However, it can't be overstated how much I appreciate the work that has been done up to this point on Samba - it's a fantastic piece of software. Keep up the good work! Respectfully, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Synchronize nt 4 with samba 3
hi guys I have the following problem to sync my NT 4.0 (BDC) with my Samba 3 ( PDC ), in the "Event log viewer" of the NT has logged, after click in "Synchronize with Primary Domain Controller" 1 -The partial synchronization replication of the LSA database from the primary domain controller failed with the following error: The procedure number is out of range. 2 -The partial synchronization replication of the BUILTIN database from the primary domain controller failed with the following error: The procedure number is out of range. 3 - The partial synchronization replication of the SAM database from the primary domain controller failed with the following error: The procedure number is out of range. Anybody can help me? Reggards Iarly Selbir -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [ANNOUNCE] Samba 3.3.0pre2 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Release Announcements = This is the second preview release of Samba 3.3.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.3.0 include: Configuration/installation: o Splitting of library directory into library directory and separate modules directory. File Serving: o Extended Cluster support. Winbind: o Simplified idmap configuration. o New idmap backends "adex" and "hash". o Added new parameter "winbind reconnect delay". o Added support for user and group aliasing. Administrative tools: o The destination "all" of smbcontrol does now affect all running daemons including nmbd and winbindd. o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. o The 'net' utility can now use kerberos for joining and authentication. Libraries: o NetApi library implements various new calls for User- and Group Account Management. Configure changes = The configure option "--with-libdir" has been removed. The library directory can still be specified by using the existing "--libdir" option. A new option "--with-modulesdir" has been added to allow the specification of a separate directory for the shared modules. Winbind idmap backend changes = The idmap configuration has changed with version 3.3 to something that allows a smoother upgrade path from pre-3.0.25 configurations that use "idmap backend". The reason for this change is that to many, also to Samba developers, the 3.0.25 style configuration with "idmap config" turned out to be very complex. Version 3.3 no longer deprecates the "idmap backend" parameter, instead with "idmap backend" the default idmap backend is specified. Accordingly, the "idmap config : default = yes" setting is no longer being looked at. The alloc backend defaults to the default backend, which should be able to allocate IDs. In the default distribution the tdb and ldap backends can allocate, the ad and rid backends can not. The idmap alloc range is now being set with the "old" parameters "idmap uid" and "idmap gid". The "idmap domains" parameter has been removed. winbind reconnect delay === This is a new parameter which specifies the number of seconds the Winbind daemon will wait between attempts to contact a Domain controller for a domain that is determined to be down or not contactable. Winbind's Name Aliasing === Name aliasing in Winbind is a feature that allows an administrator to map a fully qualified user or group name from a Windows domain to a convenient short name for Unix access. This is similar to the username map functionality supported by smbd but is primary intended for clients and servers making use of Winbind's PAM and NSS libraries. For example, the user "DOMAIN\fred" has been mapped to the Unix name "freddie". $ getent passwd "DOMAIN\fred" freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash $ getent passwd freddie freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash The name aliasing support is provided by individual nss_info plugins. For example, the new "adex" plugin reads the uid attribute from Active Directory to make a short login name to the fully qualified name. While the new "hash" module utilizes a local file to map "short_name = QUALIFIED\name". Both user and group name mapping is supported. Please refer to the "winbind nss info" option in smb.conf(5) and to individual plugin man pages for further details. idmap_hash == The idmap_hash plugin provides similar support as the idmap_rid module. However, uids and gids are generated from the full domain SID using a hashing algorithm that maps the lower 19 bits from the user or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from the domain SID to bits 20 - 30 in the Unix id. The result is a 31 bit uid or gid that is consistent across machines and provides support for trusted domains. Please refer to the idmap_hash(8) man page for more details. idmap_adex == The adex idmap/nss_info plugin is an adaptation of the Likewise Enterprise plugin with support for OU based cells removed (since the Windows pieces to manage the cells are not available). This plugin supports * The RFC2307 schema for users and groups. * Connections to trusted domains * Global catalog searches * Cross forest trusts * User and group aliases Prerequisite: Add the following attributes to the Partial Attribute Set in global catalog: * uidNumber * uid * gidNumber A basic config using the current trunk code would look like: [global] idmap backend = adex idmap uid = 1 - 2 idmap gid = 1 - 2 winbind nss info = adex winbind normaliz
[Samba] Samba WINS Server losing all elections against
Hello everybody. I've been trying for weeks to find a solution for my problem, but since I couldn't find anything, here I am. I manage a network of about 200 PCs, 90% windows XP and Vista, 10% linux. A samba server is located on the main server, acting as a WINS server, to manage the list of connected computers. However, when a resident computer is badly configured (ie no wins server is specified), or if a stupid firewall is installed on it, that machine tries to become the local master. So it starts an election with my samba server... and it wins. This is the part I don't understand. Why is my WINS server always losing elections against other computers? I set its os level to 255, which I read is the highest value. Here is my smb.conf: [global] netbios-name = myworkgroup-server workgroup = MYWORKGROUP server string = myworkgroup Server wins support = yes prefered master = yes local master = yes domain master = yes os level = 255 Well, if I configure the resident computer correctly, ie: -On windows computers, add a 'wins server' in the TCP/IP properties, and set the registry parameter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\"MaintainServerList" to No -On linux computers, set 'os level' to 0 and 'local master' to no in the samba configuration file. Then no election is generated and so my server is fine. Here is an example of what I see in my log file when I'm losing my status of 'local master' [2008/09/30 19:31:01, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(308) process_local_master_announce: Server PC-DE-CRETIN at IP 192.168.xx.yy is announcing itself as a local master browser for workgroup MYWORKGROUP and we think we are master. Forcing election. [2008/09/30 19:31:01, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(148) * Samba name server MYWORKGROUP-SERVER has stopped being a local master browser for workgroup MYWORKGROUP on subnet 192.168.1.2 * [2008/09/30 19:31:18, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(395) * Samba name server MYWORKGROUP-SERVER is now a local master browser for workgroup MYWORKGROUP on subnet 192.168.1.2 * I also don't understand why the log file says I became local master again after losing that status, since it's not anymore (Querying the server does not work). The only way I've got to get it work again is to force-reload the samba server (/etc/init.d/samba force-reload). Does anyone know what I should do to get my WINS server to win the elections? I'm tired of having to restart my samba server every 20 minutes to make sure my people get a working list of computers. Thanks in advance. Erwan Martin, French network administrator student. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba : Strong(er) authentication required
Good morning I am running a windows server 2003 AD domain where the option "server signing" cannot be changed I have installed the latest version of samba and i always get this error msg " Failed to join domain : Strong(er) authentication required" Kinit is working net ads join -U xx -d4 does give above error message Is there a solution for this ? It seems lots of person are getting the problem and the only solution i have seeen is to change DC configuration for server signing that could not be allowed in the entreprise. thanks best regards Francis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap and password expiration
On 29 sept. 08, at 21:28, Onatawahtaw wrote: Greetings, I just recently set up a new server with samba and openldap authentication using smbldap. The passwords seem to be expiring after about 30 days. How do I set them so that they don't expire? Change the value of defaultMaxPasswordAge in smbldap.conf Regards, Thierry Thanks, Onatawahtaw -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] files disappearing from Samba server
The files that are reported missing are missing if I log in an look via a shell, too. On Thu, Oct 2, 2008 at 2:24 AM, Helmut Hullen <[EMAIL PROTECTED]> wrote: > Hallo, Robert, > > Du (rwickberg) meintest am 01.10.08: > > > I'm the tech coordinator for a high school. Last year, we had a file > > server kids could save work to that was a generic Celeron 800 PC with > > an IDE hard drive. It ran Debian Sarge, with whatever version of > > Samba ships with that. It was down to a couple of gig of free disk > > space by the end of the year, so this year I took an old Compaq > > Proliant server (ML360 or something like that) with a three drive > > RAID 5 SCSI array and installed Debian Etch on that with whatever > > version of Samba is shipped with that. School's been in session a > > month now, and I've had dozens of kids come up to me and claim that > > they've written files to their mapped shares (P: maps to their home > > directory when they log onto a Windows machine), and the files have > > disappeared. > > Strange. > I run a schoolserver (http://arktur.de) on many machines, in many > schools without these problems. > The servers use slackware - that's the only difference to your > configuration; Samba has versions from 3.0.22 to 3.2.3 (that differs > from school to school), there are at least two schools which run a > Compaq Proliant. Clients: from Windows 9x to Windows XP. > No such problems. > > Can you see the files under Linux on the server? > > Viele Gruesse! > Helmut > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC + BDC + LDAP. Advise need.
Hello all! First of all - I very new to Samba and don't really sure what i do all right. I'm ask some advise from community. I'm make this configuration in my company: PDC + Master LDAP: smb.conf: [global] # Base workgroup = hq netbios name = dc server string = DC Server security = domain hosts allow = 172.16.1. 192.168.1. 127. encrypt passwords = yes admin users = admin time server = yes # LOG log file = /var/log/samba/log.%m max log size = 500 # LDAP passdb backend = ldapsam:ldap://localhost/ ldap suffix = ou=Samba,dc=fxclub,dc=org ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap admin dn = "cn=root,dc=fxclub,dc=org" ldap delete dn = no ldap ssl = off # Tuning socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # PDC local master = yes os level = 64 domain master = yes preferred master = yes domain logons = yes # Roaming profiles diabled logon path = # WINS wins support = yes winbind use default domain = yes winbind separator = + dns proxy = no # Charset settings display charset = koi8-r unix charset = koi8-r dos charset = cp866 # Use inherited ACLs for directories nt acl support = yes inherit acls = yes map acl inherit = yes *scripts to add users,computers, etc* BDC + Slave LDAP smb.conf: only difference from PDC: # BDC local master = no os level = 50 domain master = no preferred master = no domain logons = yes # WINS wins support = no wins server = 172.16.1.2 remote announce = 172.16.1.2/hq OS: FreeBSD-6.3 Questions: 1) Is all right im my conf? May by im something missed? 2) My smbd.log full of this: lib/util_sock.c:set_socket_options(261) Failed to set socket option TCP_NODELAY (Error Connection reset by peer) This errors *don`t* disappear if I comment "socket options" 3) For what im may need a security = domain? -- Best regards, Proskurin Kirill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Server Migration Problem
Oops - I accidently sent this reply direct to Helmut, isntead of to the list. Here it is for the list. My most humble apologies to you Helmut - I neglected to check which address the reply was going to. On 02/10/2008, at 7:02 PM, Helmut Hullen wrote: Hallo, Matt, Gidday, and thankyou for your reply. Have you transferred the "localsid" from the old to the new server? I just tried this then, and it didn't seem to make a difference. The old server has two SID's ... Here's the output [EMAIL PROTECTED] ~ $ sudo net getlocalsid SID for domain CORWIN2 is: S-1-5-21-2514297305-1808913229-953362460 [EMAIL PROTECTED] ~ $ sudo net getlocalsid ALLSTAFF SID for domain ALLSTAFF is: S-1-5-21-3463326904-3566436207-4149259612 (I'm not going to bother hiding the domain and computer names anymore). ALLSTAFF is the name of the samba domain. CORWIN2 is the name of the old server. The name of the new server is INFRASTRUCTURE. The localsid on INFRASTRUCTURE used to be "S-1-5-21-1308997507-3478987709-343013683" I tried using net setlocalsid to change the SID on the new server, and tried both of the SID's above form CORWIN2, but the clients still did not see the domain controller in either case. I have the following entries in my ldap database for the domains (from a ldapsearch sambaDomainName=* ): # INFRASTRUCTURE, Allstaff Recruitment, Hamilton, NSW, AU dn: sambaDomainName=INFRASTRUCTURE,o=Allstaff Recruitment,l=Hamilton,st=NSW,c= AU sambaDomainName: INFRASTRUCTURE sambaSID: S-1-5-21-1308997507-3478987709-343013683 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 # ALLSTAFF, Allstaff Recruitment, Hamilton, NSW, AU dn: sambaDomainName=ALLSTAFF,o=Allstaff Recruitment,l=Hamilton,st=NSW,c=AU sambaDomainName: ALLSTAFF sambaSID: S-1-5-21-3463326904-3566436207-4149259612 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 Should I try and set the sambaSID entry for the ALLSTAFF domain to be the SID for INFRASTRUCTURE? Sometimes that helps: change "domain logon" to "workgroup"; new start change "workgroup" to "domain logon"; new start Sometimes you may need to change the computername too. But that leeds to problems with the profile ... The background may be some information about the old server is stored somewhere in the client's registry. Yes, I've been trying this , and it's not working :(. ... I'm just about at the stage where I'm going to set the NETBIOS name of the new server to be the same as the old server ;) -- Matt Skerritt [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Server Migration Problem
Hallo, Matt, Du meintest am 02.10.08 zum Thema Re: [Samba] Server Migration Problem: >> Have you transferred the "localsid" from the old to the new server? > I just tried this then, and it didn't seem to make a difference. The > old server has two SID's ... Here's the output [...] [LDAP] sorry - I don't use LDAP, I don't like LDAP. Please leave the thread in the mailinglist - thank you! > Yes, I've been trying this , and it's not working :(. ... I'm just > about at the stage where I'm going to set the NETBIOS name of the new > server to be the same as the old server ;) Maybe that helps - I had some strange effects when I changed the host name to another; somewhere in the Linux files there was still an entry with the old name. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Server Migration Problem
Hallo, Matt, Du (matt.skerritt) meintest am 02.10.08: > I am in the process of finishing a server migration (to a new > server), and am having problems with samba on the new server. The > old server was running samba 3.0.22-r3 on a Gentoo machine, and the > new server is running Samba 3.0.25a on a Solaris 10 machine. I have > copied the files across OK, I have copied the samba configuration OK, > samba runs fine, connects to the ldap backend fine, seems to check > passwords fine, and even lets me connect to the file shares just > fine. > The problem is that the clients don't recognise the new server as > their domain controller. Attempts to log in with a username that is > not already cached on the client returns a "The domain is > not available" error. If I remove the computer from the domain, and > then try reconnect it, it brings up the error saying "A domain > controller for domain could not be contacted", and an > advanced info button seems to indicate that I should check that my > domain is registered properly in WINS. Have you transferred the "localsid" from the old to the new server? Sometimes that helps: change "domain logon" to "workgroup"; new start change "workgroup" to "domain logon"; new start Sometimes you may need to change the computername too. But that leeds to problems with the profile ... The background may be some information about the old server is stored somewhere in the client's registry. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Server Migration Problem
Gidday I am in the process of finishing a server migration (to a new server), and am having problems with samba on the new server. The old server was running samba 3.0.22-r3 on a Gentoo machine, and the new server is running Samba 3.0.25a on a Solaris 10 machine. I have copied the files across OK, I have copied the samba configuration OK, samba runs fine, connects to the ldap backend fine, seems to check passwords fine, and even lets me connect to the file shares just fine. The problem is that the clients don't recognise the new server as their domain controller. Attempts to log in with a username that is not already cached on the client returns a "The domain is not available" error. If I remove the computer from the domain, and then try reconnect it, it brings up the error saying "A domain controller for domain could not be contacted", and an advanced info button seems to indicate that I should check that my domain is registered properly in WINS. Doing a smbclient -L /// gives me: Domain=[] OS=[Unix] Server=[Samba 3.0.25a] Sharename Type Comment - --- tempDisk testDisk c Disk blah Disk stuff Disk IPC$IPC IPC Service (Allstaff Fileserver) someuserDisk Home Directories Domain=[] OS=[Unix] Server=[Samba 3.0.25a] Server Comment ---- BROTHER-COLOUR BROTHER1 BROTHER2 Fileserver New Fileserver WorkgroupMaster ---- (I've changed the names here to protect the innocent, but I think I've kept it unambiguous). If I log onto the clients, (using a username whose password is cached by the client) I notice that the environment variable LOGONSERVER is still set to the name of the old server. That may just be part of the caching, however - I'm not sure. Any ideas on what I should do? Do I need to change the sambaSID entry in the sambaDomainName=, entry of my ldap server? Included here is a copy of my smb.conf, if that helps. [global] workgroup = realm = server string = Fileserver map to guest = Bad User # smb passwd file = /etc/samba/private/smbpasswd passdb backend = ldapsam:ldap://ldap.dns.domain/ socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = logon.cmd logon path = \\%N\profiles\%U logon drive = H: logon home = \\fileserver\%U domain logons = Yes os level = 255 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=IT_Administrator, ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers,ou=Users ldap suffix = #ldap ssl = start tls ldap user suffix = ou=People,ou=Users template homedir = /dev/null nt acl support = Yes ea support = Yes map acl inherit = Yes print command = /usr/bin/lp -d '%p' %s; rm %s lpq command = /usr/bin/lpstat -o '%p' lprm command = /usr/bin/cancel '%p-%j' lppause command = lp -i '%p-%j' -H hold lpresume command = lp -i '%p-%j' -H resume queuepause command = /usr/bin/disable '%p' queueresume command = /usr/bin/enable '%p' hide files = /thumbs.db/Thumbs.db/ Thanks in advance. -- Matt Skerritt [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba