RE: [Samba] samba PDC, cannot add windows workstations
Smells like a DNS (or firewall) issue on the PDC. Make sure that your DNS resolution is happening properly. From: samba-bounces+andrew.masterson=nuvistaenergy@lists.samba.org on behalf of Viji V Nair Sent: Wed 12/31/2008 7:01 AM To: samba@lists.samba.org Subject: [Samba] samba PDC, cannot add windows workstations Hi, I have setup samba as a PDC with kerberos and ldap. While adding the windows clients I get the following error message on the logs, and windows says the user name and password is incorrect [2008/12/31 19:00:09, 0] lib/util_sock.c:write_data(1059) [2008/12/31 19:00:09, 0] lib/util_sock.c:get_peer_addr_internal(1607) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2008/12/31 19:00:09, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Any help on the same will be gratly appreciated. # rpm -qa |grep samba samba-client-3.2.5-0.23.fc10.x86_64 samba-common-3.2.5-0.23.fc10.x86_64 samba-3.2.5-0.23.fc10.x86_64 samba-winbind-3.2.5-0.23.fc10.x86_64 # uname -a Linux viji.testing.com 2.6.27.7-134.fc10.x86_64 #1 SMP Mon Dec 1 22:21:35 EST 2008 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/samba/smb.conf [global] workgroup = TESTING.COM server string = Samba Server Version %v security= user passdb backend = smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level= 33 domain logons = yes domain master = yes local master= yes preferred master= yes wins support= yes template shell = /bin/false realm = TESTING.COM use kerberos keytab = yes load printers = yes cups options = raw # log level = 3 passdb:5 auth:10 [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable= yes [share] comment = Share path = /share browseable = yes guest ok = no writable = yes valid users = admin Thanks Viji -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with Privileges
Hi all, I am using samba 3.2.6 on Debian lenny I can create user and groups with the UserManger for NT. It is also possible to add users to groups. But if I then try to open the group again with the UserManger for NT, I get an ACCESS DENIED ERROR. However the user has all rights, which I am able to set: net rpc rights list ytom SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege tail -f /var/log/samba/log.ytom [2008/12/31 17:42:54, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3571) Returning domain sid for domain SCHULE -> S-1-5-21-2462391502-1360153102-2655098952 [2008/12/31 17:42:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 9018 [2008/12/31 17:42:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 9018 [2008/12/31 17:42:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 9018 [2008/12/31 17:42:55, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr__LookupRids: ACCESS DENIED (granted: 0x000d067a; required: 0x0100) cat /etc/samba/smb.conf [global] unix charset = LOCALE workgroup = SCHULE netbios name = SERVER-1 server string = %h server interfaces = 192.168.231.48/24, 127.0.0.1/8 bind interfaces only = Yes security = user name resolve order = wins bcast host passdb backend = ldapsam lanman auth = Yes syslog = 0 max log size = 1000 log level = 2 log file = /var/log/samba/log.%m log file = /var/log/samba/log.%U add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p -a "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" logon script = logon.bat logon drive = L: logon path = \\%L\Profiles\%U logon home = \\%L\%U domain logons = Yes domain master = Yes local master = yes preferred master =yes os level = 254 wins support = Yes ldap admin dn = cn=admin,dc=schule,dc=xx ldap delete dn = Yes ldap machine suffix = ou=ARBEITSSTATIONEN,o=SCHULE ldap passwd sync = Yes ldap suffix = dc=schule,dc=xx ldap debug level = 160 panic action = /usr/share/samba/panic-action %d template shell = /bin/bash template homedir = /home/%g/%U ea support = Yes store dos attributes = Yes [IPC$] path = /var/log/samba/tmp [homes] comment = Home Directories read only = No create mask = 0755 browseable = No [Profiles] path = /home/samba/Profiles create mask = 0600 directory mask = 0700 nt acl support = no read only = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = @domainadmins guest ok = Yes read only = Yes -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fixed problem with permissions on new server
Here is the solution to a problem that I recently had. (I almost emailed this list asking for help, but then a co-worker clued me into the solution.) Server: a new Cent OS 5.1 install with Samba 3.0.28 that is joined to a Win 2003 domain. Client: Win XP Pro SP3, member of same domain A user was attempting to save an Excel file which had 644 perms and was owned by her. As soon as she saved it, Excel threw a cryptic error stating that the file had been saved, but had to be re-opened read-only. Subsequent attempts to open the file gave a permission denied error, saying the file was possibly encrypted or corrupted. Looking at the file's security properties in Windows (XP Pro SP3) showed four access entries: Her (the owner): should have had R/W, but had no access Domain users group: should have had R, but had no access Everyone: should have had R, but had no access Unix User 504: this access entry should not have been there It turns out that the directory containing the Excel file was owned by a local user and group I had failed to carry over from the previous system. Samba apparently freaked out and applied bizarre permissions to the file, including an ACE for the nonexistent user. I had transferred all the shared files from a previous system, using rsync to retain correct file ownership and permissions. What is actually retained is the Linux UID and GID for each file and directory, so you must ensure that your Linux and Winbind users (and groups) have the same underlying IDs from the old server to the new one. I was careful to do this with the domain (Winbind) users, but failed to do this for the local system users. The old server had a local user called "samba" with UID 504 that owned some of the directories within the share. So, the symptom was bizarre and cryptic, but the solution was to make sure all of the files and directories are owned by existing users and groups. I hope this helps someone!! Michael Davidson Mount Washington Observatory -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba PDC, cannot add windows workstations
Hi, I have setup samba as a PDC with kerberos and ldap. While adding the windows clients I get the following error message on the logs, and windows says the user name and password is incorrect [2008/12/31 19:00:09, 0] lib/util_sock.c:write_data(1059) [2008/12/31 19:00:09, 0] lib/util_sock.c:get_peer_addr_internal(1607) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2008/12/31 19:00:09, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Any help on the same will be gratly appreciated. # rpm -qa |grep samba samba-client-3.2.5-0.23.fc10.x86_64 samba-common-3.2.5-0.23.fc10.x86_64 samba-3.2.5-0.23.fc10.x86_64 samba-winbind-3.2.5-0.23.fc10.x86_64 # uname -a Linux viji.testing.com 2.6.27.7-134.fc10.x86_64 #1 SMP Mon Dec 1 22:21:35 EST 2008 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/samba/smb.conf [global] workgroup = TESTING.COM server string = Samba Server Version %v security= user passdb backend = smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level= 33 domain logons = yes domain master = yes local master= yes preferred master= yes wins support= yes template shell = /bin/false realm = TESTING.COM use kerberos keytab = yes load printers = yes cups options = raw # log level = 3 passdb:5 auth:10 [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable= yes [share] comment = Share path = /share browseable = yes guest ok = no writable = yes valid users = admin Thanks Viji -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permission on trash folder
Hi folks :-) [...] vfs object = recycle recycle:repository = .Trash/ recycle:keeptree = Yes recycle:repository = .Trash/%U recycle:noversions = *.doc|*.xls|*.ppt recycle:excludedir = /tmp|/temp|/cache recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~?? recycle:maxsize = 0 recycle:versions = Yes recycle:touch = Yes [...] permissions (of dir, subdir and files) when an user delete a file are: root:user I need that these permission be user:user and not root:user is there a way to do this? thanks Pol -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Sorting directory lists [SOLVED]
On Wed, Dec 31, 2008 at 11:56:17AM +1100, Andy Kelk wrote: > It may also help others out so I've posted the results here: > http://code.google.com/p/samba-dirsort-vfs/ Some comments: It will not compile on some c compilers, in dirsort_opendir you define source_directory after a statement. Same for dp. In dirsort_readdir you might want to implement a check based on fstat if the directory has changed since you read it. It might take a while before smbd actually does the readdir call. You might want to throw away the cached contents. You might want to look at vfs_syncops for information how to get a directory fd. It would be good if we got this in git format-patch format :-) Volker pgp8vLuvc6OYt.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba