Re: [Samba] Writing operations to a Samba share fail

[elias]

Walter Mautner kirjoitti:

Am Tuesday 21 April 2009 13:30:28 schrieb Elias Knuutila:
  

  Hi,

I have a problem with Samba occasionally starting to fail with any write
operations to a public share. When Samba is started clean, everything
works OK. Then at some stage some users start to experience errors
trying to write into a share. At the same time other users may not
perceive any problems.



.
  

System is Suse Linux Enterprise Server 10 with Samba version
3.0.22-13.23-SUSE-SLES10. Filesystem Reiserfs, with about plenty of free
space, RAID. Simultaneous connected clients up to ~15. Samba is also a
primary domain controller. Users log on it to authenticate into the
domain, with local (not roaming) profiles. No problems have appeared
with this.

Samba log and strace shows errors that are not very helpful to me.
Following error messages are found in log.smbd:

error packet at smbd/notify.c(55) cmd=160 (SMBnttrans) NT_STATUS_CANCELLED
error packet at smbd/trans2.c(2629) cmd=50 (SMBtrans2)
NT_STATUS_OBJECT_NAME_NOT_FOUND
error packet at smbd/nttrans.c(652) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_PATH_NOT_FOUND
error packet at smbd/nttrans.c(95) cmd=160 (SMBnttrans)
NT_STATUS_NOT_A_REPARSE_POINT



Looks like a forced reiserfschk is overdue.
  


Have you experienced this personally? I didn't find any sign of 
scheduled file system checking in the system, that would conflict with 
samba. Hope that corrupt file system itself is not causing this. But 
this is output from debugreiserfs command:



Filesystem state: consistency is not checked after last mounting

Reiserfs super block in block 16 on 0x900 of format 3.6 with standard 
journal

Count of blocks on the device: 59737680
Number of bitmaps: 1824
Blocksize: 4096
Free blocks (count of blocks - used [journal, bitmaps, data, reserved] 
blocks): 12814955

Root block: 6750614
Filesystem is NOT clean
Tree height: 5
Hash function used to sort names: "r5"
Objectid map size 18, max 972
Journal parameters:
  Device [0x0]
  Magic [0x31d77285]
  Size 8193 blocks (including 1 for journal header) (first block 18)
  Max transaction length 1024 blocks
  Max batch size 900 blocks
  Max commit age 30
Blocks reserved by journal: 0
Fs state field: 0x0:
sb_version: 2
inode generation number: 9429742
UUID: 7e39db7d-6705-486b-a3b6-173f51ec3c30
LABEL:
Set flags in SB:
  ATTRIBUTES CLEAN

Seems that something is wrong, but don't know how serious is it.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Did I screw up my PDC on this Terminal Services problem?

[MargoAndTodd]

John Drescher wrote:

On Wed, Apr 22, 2009 at 11:38 PM, MargoAndTodd  wrote:

Hi All,

I am upgrading my samba server from a workgroup
to PDC server.  I am doing this to make a
Windows 2008 Terminal server happy.  Eventually
there will be a bank of them (thank you Virtual Box).

Anyway, in my test bed, I have a Samba PDC (newly
updated to PDC), a Windows 2008 server, and
XP-Pro-SP3.

Both Windows machines are able to join the domain
and log in as users only in the Samba database.
Both Windows machines have "$" machine names in
the samba database and /etc/passwd.

Problem: the XP machine can only run a TS *.rdp
program on the 2008 server if it logs in
as "administrator".  (I made a *.rdp out of the
calculator program.)

This is why I think I may has screwed up my new PDC.
This is the error log on the 2008 server when a regular
user tries to run the same TS *.rdp program:

Oh crap, I did not get a copy of the error report.
If I remember correctly, it said the user's SID was NULL.

Did I screw up my PDC or is this a Terminal Services
issue?



Are you using samba 3.0.34 or greater?

John
 


$ uname -r
2.6.18-128.1.6.el5

$ cat /etc/redhat-release
CentOS release 5.3 (Final)

$ rpm -qa \*samba\*
samba-common-3.0.33-3.7.el5
system-config-samba-1.2.41-3.el5
samba-3.0.33-3.7.el5
samba-client-3.0.33-3.7.el5

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

RE: [Samba] With a PDC, is homes mapping automatic?

[Nick Sharp]

I know its a little un samba ish, but we force this registry change via the
login scripts and its pretty useful - you might want to turn off Offline
Files in windows to sync all folders otherwise when any user logs off it
tries to sync all other users and this prompts for their password.

Logon.bat:
regedit /s \\\netlogon\user_shell_folder.reg

user_shell_folder.reg:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders]
"Personal"="h:\\"
"My Pictures"="h:\\My Pictures"
"My Music"="h:\\My Music"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders]
"Personal"="h:\\"
"My Pictures"="h:\\My Pictures"
"My Music"="h:\\My Music"

Assuming h: is the users mapped drive letter.

Nick


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Did I screw up my PDC on this Terminal Services problem?

[John Drescher]

On Wed, Apr 22, 2009 at 11:38 PM, MargoAndTodd  wrote:
> Hi All,
>
> I am upgrading my samba server from a workgroup
> to PDC server.  I am doing this to make a
> Windows 2008 Terminal server happy.  Eventually
> there will be a bank of them (thank you Virtual Box).
>
> Anyway, in my test bed, I have a Samba PDC (newly
> updated to PDC), a Windows 2008 server, and
> XP-Pro-SP3.
>
> Both Windows machines are able to join the domain
> and log in as users only in the Samba database.
> Both Windows machines have "$" machine names in
> the samba database and /etc/passwd.
>
> Problem: the XP machine can only run a TS *.rdp
> program on the 2008 server if it logs in
> as "administrator".  (I made a *.rdp out of the
> calculator program.)
>
> This is why I think I may has screwed up my new PDC.
> This is the error log on the 2008 server when a regular
> user tries to run the same TS *.rdp program:
>
> Oh crap, I did not get a copy of the error report.
> If I remember correctly, it said the user's SID was NULL.
>
> Did I screw up my PDC or is this a Terminal Services
> issue?
>

Are you using samba 3.0.34 or greater?

John
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] With a PDC, is homes mapping automatic?

[John Drescher]

>> This connection between My Documents and whatever persistent storage
>> is a registry setting on the windows side and has nothing directly to
>> do with samba.
>>
>> John
>>
>
> My choice as the administrator then (and I did not screw
> something up).  Thank you!
>
http://ask-leo.com/how_do_i_change_the_location_of_the_my_documents_folder.html

John
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Did I screw up my PDC on this Terminal Services problem?

[MargoAndTodd]

Hi All,

I am upgrading my samba server from a workgroup
to PDC server.  I am doing this to make a
Windows 2008 Terminal server happy.  Eventually
there will be a bank of them (thank you Virtual Box).

Anyway, in my test bed, I have a Samba PDC (newly
updated to PDC), a Windows 2008 server, and
XP-Pro-SP3.

Both Windows machines are able to join the domain
and log in as users only in the Samba database.
Both Windows machines have "$" machine names in
the samba database and /etc/passwd.

Problem: the XP machine can only run a TS *.rdp
program on the 2008 server if it logs in
as "administrator".  (I made a *.rdp out of the
calculator program.)

This is why I think I may has screwed up my new PDC.
This is the error log on the 2008 server when a regular
user tries to run the same TS *.rdp program:

Oh crap, I did not get a copy of the error report.
If I remember correctly, it said the user's SID was NULL.

Did I screw up my PDC or is this a Terminal Services
issue?

Many thanks,
-T
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Fwd: [Samba] With a PDC, is homes mapping automatic?

[John Drescher]

On Wed, Apr 22, 2009 at 11:17 PM, MargoAndTodd  wrote:
> Hi All,
>
> I am upgrading my Samba server to a PDC from a work
> group server.
>
> Question: when a client computer joins as a domain
> member, is his "My Documents" automatically mapped
> to his [homes} directory?  Or, is it something
> I do optionally?  (In my test bed, My Documents
> is getting mapped to his "C:\Documents and Settings...")
>

This connection between My Documents and whatever persistent storage
is a registry setting on the windows side and has nothing directly to
do with samba.

John
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Administrator can not see network shaes

[MargoAndTodd]

Hi All,

I am upgrading my Samba server to a PDC.  On my
test bed, I have a M$ Windows 2008 server (no *dc
anything).

This server can look at network shares with any
user, except the Administrator.  When I browse
a file share as administrator, Windows asks me
for my user name and password.  It reject all
users, user or administrator.  I have tested
by logging out as administrator and logging
back in as one of the rejected users (and it
woks perfectly).  Samba's logs are complete
quiet when the users are being rejected.

What am I doing wrong?

Many thanks,
-T

$ cat smbusers
# Unix_name = SMB_name1 SMB_name2 ...
# Escape names with spaces in them with quotes
root = administrator admin
nobody = guest pcguest smbguest
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] With a PDC, is homes mapping automatic?

[MargoAndTodd]

Hi All,

I am upgrading my Samba server to a PDC from a work
group server.

Question: when a client computer joins as a domain
member, is his "My Documents" automatically mapped
to his [homes} directory?  Or, is it something
I do optionally?  (In my test bed, My Documents
is getting mapped to his "C:\Documents and Settings...")

Many thanks,
-T
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] problems using smbpasswd to enable/disable workstations trusted accounts

[Alceu Rodrigues de Freitas Junior]

Greetings,

My name is Alceu and I was trying to create some scripts to
enable/disable users when I found this strange behavior with the account
flags:

# please assume that the Unix user is already created

r...@midgard:~# smbpasswd -a -m lab16$
Added user lab16$.

r...@midgard:~# pdbedit -Lv lab16$
Unix username:lab16$
NT username:
Account Flags:[W  ]
...

r...@midgard:~# smbpasswd -d lab16$
Disabled user lab16$.

r...@midgard:~# pdbedit -Lv lab16$
Unix username:lab16$
NT username:
Account Flags:[DU ]
...

r...@midgard:~# smbpasswd -e lab16$
Enabled user lab16$.

r...@midgard:~# pdbedit -Lv lab16$
Unix username:lab16$
NT username:
Account Flags:[U  ]
...

Looks like my workstation trusted account is now a new user in the
system. I never had experienced that, I thought that smbpasswd -e or -d
keys  would only add or remove the D flag. With pbedit works fine, but I
need to check if there are other flags that I should maintain (and I
would create a possible race condition in my script):

r...@midgard:~# smbpasswd -x lab16$
Deleted user lab16$.

r...@midgard:~# smbpasswd -a -m lab16$
Added user lab16$.
r...@midgard:~# pdbedit -Lv lab16$
Unix username:lab16$
NT username:
Account Flags:[W  ]
...

r...@midgard:~# pdbedit -c '[D]' lab16$
Unix username:lab16$
NT username:
Account Flags:[DW ]

Is this a bug? Or there is any possibility that I'm doing something wrong?

I tested this against two machines: one with Debian 4 (Samba 3.0.20b-1)
and Kubuntu 8.04 (Samba 3.0.28a-1ubuntu4.7). Kubuntu box is fully
updated. Both are using tdbsam as backend.

Thanks,
Alceu



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba with legacy LDAP

[Michael Heydon]

Jorgen Lundman wrote:
There is no way around adding Samba schema? Not that is a big deal, 
but curious. Can I perhaps ask samba to merely query a script for 
authentication and retrieval of uid/gid/homeDirectory? If so, I could 
(temporarily) work around the schema.
Other than your suggestion of trying it out with smbpasswd rather than 
LDAP, not really. As well as the username and password there are other 
attributes that need to be stored (Domain SID, user SIDs, password 
aging, etc), in your situation they probably aren't going to be used 
much but I think samba still expects them to be present.


Ok so it will get the attributes without PAM, but the schema and 
attribute-names are hard-coded.
I believe so, I vaguely recall seeing something about using a different 
field for the username or something (I think they were using a different 
or outdated schema) but it certainly isn't a common practice.



*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba with legacy LDAP

[Jorgen Lundman]

Thanks for your reply,

Connecting to SMB/CIFS over the internet tends to be extremely slow. I'm 
not sure why that should be the case, but having played with direct 
access over the internet vs over a VPN, the internet one is 
substantially slower (to the point of being practically unusable). That 
might be less of an issue if you are their ISP.


That we are. Bandwidth in Japan is pretty good. But even then, I get the 
feeling some users would be happy with slow but "easier" means of 
accessing their content. But I guess that depends on just how bad it is, 
but naturally I am setting up a proof-of-concept on the test system first.




Mapping a drive could also cause problems. In the past I have had issues 
with very long delays opening My Computer when network drives are slow 
to respond. I've just tried to replicate this issue and it doesn't 
appear to be a problem in Vista but I have certainly seen it with some 
versions of XP.


This is true, I experienced this in my past. But perhaps not a permanent 
mapping, if there was a icon the could double click or similar, to 
temporarily set up the drive. I will keep that in mind.



I hesitate to say that storing passwords in plain-text is "good", but in 
this case it will greatly simplify things. You will need to add the 
samba schema.


I know, I know.. in the past, there was no choice with some software. 
CHAP/SAUTH etc, needed it. Recently, most software can do auth-bind on a 
 leaf for testing which is much better.


There is no way around adding Samba schema? Not that is a big deal, but 
curious. Can I perhaps ask samba to merely query a script for 
authentication and retrieval of uid/gid/homeDirectory? If so, I could 
(temporarily) work around the schema.



Samba is able to talk to LDAP directly and fully understands the fields 
in the POSIX schema, there are plenty of OSs supported by Samba that 
don't use PAM (Slackware, AIX, probably the various BSDs).


Ok so it will get the attributes without PAM, but the schema and 
attribute-names are hard-coded.



Not without having to make changes to how the client PCs will 
authenticate, so pretty much "no". However since you have the passwords 
in plaintext it isn't too much of a hassle to generate the hashes.


Perhaps I should ignore LDAP and simply add a smbpasswd user and test it 
first.


Lund



--
Jorgen Lundman   | 
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo| +81 (0)90-5578-8500  (cell)
Japan| +81 (0)3 -3375-1767  (home)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Time capsule and "bad smb"

[James Peach]

2009/4/21 Pietro Battiston :
> Il giorno lun, 16/02/2009 alle 23.03 -0800, Jeremy Allison ha scritto:
>> On Mon, Feb 16, 2009 at 09:42:48PM -0800, James Peach wrote:
>> >
>> > Volker's suggestion is the best.
>> >
>> > Pietro should to  and log a
>> > bug against the TIme Capsule. It would be best to attach a packet
>> > trace to the bug. Follow the instructions here:
>> >
>> > 
>>
>> Boo, hiss, cop-out :-).
>>
>> > I'll try and dig up a time capsule to bring to Connectathon next week
>> > if any of the Linux smbfs folks would like to test against it ...
>>
>> Sure, I'll be there and I'd love to take a look at it.
>> Will there be any Time Capsule engineers there though
>> if we do find bugs ?
>
> Did someone debug the problem?

yes

> The bug I filed (# 6598363) in the Apple bugtracker is just there,
> alone, with apparently no care given to, since more than 2 months...

Not everything that happens to a bug report is visible to the
originator. When they ship a release that includes the fix, the bug
should be sent back to you to verify. Sorry the process is so opaque.

-- 
James Peach | jor...@gmail.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

RE: [Samba] Question about BUILTIN\Administrators and BUILTIN\Usersnested groups in 3.3.3

[Dorrian, William M]

Update:

I did a "net sam createbuiltingroup Administrators" and a "net sam
createbuiltingroup Users" to solve the nested group problem. Then I populated
them with:

net sam addmem Users "DOMAIN\Domain Users"
net sam addmem Administrators "DOMAIN\Domain Admins"

Thanks,
Bill D.

-Original Message-
From: samba-bounces+william.m.dorrian=usace.army@lists.samba.org
[mailto:samba-bounces+william.m.dorrian=usace.army@lists.samba.org] On
Behalf Of Dorrian, William M 
Sent: Thursday, April 16, 2009 2:16 PM
To: samba@lists.samba.org
Subject: [Samba] Question about BUILTIN\Administrators and
BUILTIN\Usersnested groups in 3.3.3

Sorry about the dumb question:

Are the "BUILTIN\Administrators" and "BUILTIN\Users" local (nested) groups
supposed to be populated with DOMAINNAME\Domain Administrators and
DOMAINNAME\Domain Users (respectively) by default? If I download the Redhat
Samba package, they are populated. Not so with a compiled version.

I've had a helluva time populating BUILTIN\Administrators and BUILTIN\Users,
even using "net sam addmem". I'm guessing that it is something I'm doing
wrong.

My compile options are:

--with-acl-support --with-configdir=/etc --with-winbind --with-ads --with-pam
--with-ldap=/usr/local/openldap


Thanks,
Bill D.



"Give a man a fish and you've freed him up for the day to write a poem,
compose a song, or howl at the Gods. Teach a man to fish and you've doomed
him to a lifetime as a fisherman."

-Rodney Anonymous
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] problem with groups when adding windows workstation to domain

[Ivo Karabojkov]

I am trying to implement my Samba 3.3.3 running on FreeBSD 7.1 as a PDC.
Since I am new to Samba I am using some "adopted" sample configurations and
my is similar to shown here: http://www.mrp3.com/windows-to-unix-samba.html

I have two problems and hope to get some help from all of you:

When I add a Windows XP workstation to the domain the group Domain admins is
not automatically added in local Administrators group. I have to log in as
local administrator, add the global group to local one and everything works
fine. I noticed that a group with (?) and SID almost like the Domain admins
(mapped to Wheel) has actually been added. The SID differs in its last
numbers - I have SID ending in "1000", added to local Administrators ends in
"512". Where should I look more carefully?

My other problem is with managing users with SRVTools - usermgr. When I add
a new user I get the following message:
This security ID may not be assigned as the primary group of an object
Managing users (setting passwords, profile location, etc.) works fine,
as works adding new machines to the domain.

Thanks in advance,

Ivo Karabojkov

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Clarification of 'administrator' config w/ldap

[Adam Williams]

no.  the correct way to join a computer to the machine account is to 
either use the username root when you type in the domain on computer 
name properties, or a user who is in the ntadmins group that has 
SEMachineAccountPrivilege


jeff sacksteder wrote:

run smbpasswd -a root and put in root's password.



So on a client machine, I can now authenticate with 'root' and the
appropriate passwd, but shouldn't the smbusers mapping cause
administrator to work the same way?
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbclient fails when LDAP server is down

[Anderson Stano]

Hi all,

 

I´m having some trouble setting up a samba failover scenario.

This is what I’ve done:

 

Subnet 192.168.1.0 -> Samba PDC e Samba BDC

Subnet 192.168.20.0 -> LDAP Master e LDAP Slave

 

If all servers are up I can login to domain. If I put the LDAP Master
service down I am still able to login from the Slave LDAP. But if the server
where the master LDAP is installed is down (unreachable) I can´t login. The
logs show me the following info after I try the command:

 

smbclient -U adurelli -L dme1372

Password:

session setup failed: NT_STATUS_LOGON_FAILURE

 

[2009/04/22 10:49:55, 10] lib/smbldap.c:smb_ldap_setup_conn(566)

  smb_ldap_setup_connection: ldap://ldap1.dmepc.com.br
ldap://ldap2.dmepc.com.br

[2009/04/22 10:49:55, 2] lib/smbldap.c:smbldap_open_connection(722)

  smbldap_open_connection: connection opened

[2009/04/22 10:49:55, 10] lib/smbldap.c:smbldap_connect_system(862)

  ldap_connect_system: Binding to ldap server ldap://ldap1.dmepc.com.br
ldap://ldap2.dmepc.com.br

[2009/04/22 10:49:58, 3] lib/smbldap.c:smbldap_connect_system(905)

  ldap_connect_system: succesful connection to the LDAP server

  ldap_connect_system: LDAP server does support paged results

[2009/04/22 10:49:58, 4] lib/smbldap.c:smbldap_open(969)

  The LDAP server is succesfully connected

[2009/04/22 10:49:58, 0] lib/smbldap.c:smbldap_search_suffix(1346)

  smbldap_search_suffix: Problem during the LDAP search:  (Time limit
exceeded)

[2009/04/22 10:49:58, 3] smbd/sec_ctx.c:pop_sec_ctx(386)

  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0

[2009/04/22 10:49:58, 3] auth/auth_sam.c:check_sam_security(264)

  check_sam_security: Couldn't find user 'adurelli' in passdb.

 

Can anyone help??

 

Anderson Stano Durelli
Engenheiro da Computação
  adure...@dmepc.com.br

  _  

Departamento Municipal de Eletricidade de Poços de Caldas
Gerência de Tecnologia da Informação
Poços de Caldas - MG
Cel.: (35)9822-8045
Tel.: (35)3697-3002 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Mixed Win98 and WinXP Pro

[Carl Parsons]

Hi

I have a PDC server version samba-3.2.8-0.27.fc10.i386.rpm serving 
mostly Win98 machines after adding the following two lines managed to 
get it working with authentication and logon.bat scripts.

/etc/samba/smb.conf
   lanman auth = Yes
   ntlm auth = No

Now I want to add some XPPro machines but they can no not see server 
shares any more ( used to work on Fedora 5 server )


I have tried adding with some success.

include = /etc/samba/smb.conf.%a

smb.conf.WinXP

Also do I need winbind
/etc/nsswitch.conf
hosts:   files wins dns nis ldap  NOTE: I have a BDC and trying to get 
ldap working but disabled for now.


Incidently a Vista machine works fine can I modify all the winxp 
machines in the registry to get them working as well.


And I get samba.___192.168.1.28 in the logs I have tried disabling 
ipv6 but perhaps somehow it is still enabled and causing me problems 
somehow.




Also when the clients try to use the Fedora 10 server often it seems a 
lot slower than Fedora 5 even though the server is more powerfull.


Carl

--
PinGNU Systems Ltd
A company registered in England and Wales
Registered office: 6 Flackdale Road, Hilton, Cambs, PE28 9NY
Registered company number: 4176338

Mobile  07709 935666 Day time only 
Home: 01480 831607 weekends

Skype: carlpingnu

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [Release Planning 3.3] Samba 3.3.4 will be delayed

[Karolin Seeger]

Hey folks,

Samba 3.3.4 will be delayed due to a bug related to "profile acls = yes".
The new planned release date is April, 29.

Cheers,
Karolin

-- 
Samba   http://www.samba.org
SerNet  http://www.sernet.de
sambaXP http://www.sambaxp.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba with legacy LDAP

[Michael Heydon]

Jorgen Lundman wrote:
Standard ISP hosting with virtual users here. So we already have an 
existing system setup, based around OpenLDAP data for customer 
information. Currently for WWW hosting, users have FTP access. But FTP 
seems to be a hurdle for certain users, so I was thinking about also 
offering SMB access in parallel with FTP, so they could just MAP a 
drive letter to their WWW area.
Connecting to SMB/CIFS over the internet tends to be extremely slow. I'm 
not sure why that should be the case, but having played with direct 
access over the internet vs over a VPN, the internet one is 
substantially slower (to the point of being practically unusable). That 
might be less of an issue if you are their ISP.


Mapping a drive could also cause problems. In the past I have had issues 
with very long delays opening My Computer when network drives are slow 
to respond. I've just tried to replicate this issue and it doesn't 
appear to be a problem in Vista but I have certainly seen it with some 
versions of XP.


Currently the LDAP has user data in "qmail" and POSIX style schema, 
which seems to be fairly common. (uidNumber, gidNumber, gecos, 
homeDirectory etc). Currently passwords are stored in plain-text.
I hesitate to say that storing passwords in plain-text is "good", but in 
this case it will greatly simplify things. You will need to add the 
samba schema.


1) Can I make Samba lookup uid,gid,homeDirectory from LDAP directly? 
The new privacy-laws do not allow us to use PAM for the customers as a 
whole. I expected to be able to specify LDAP search filter, and a map 
between our LDAP attributes and those Samba expects (which appear to 
mostly overlap though). But this appears to have been removed?
Samba is able to talk to LDAP directly and fully understands the fields 
in the POSIX schema, there are plenty of OSs supported by Samba that 
don't use PAM (Slackware, AIX, probably the various BSDs).


2) Can I use the plain-text passwords directly, and avoid having to 
store nt and lm passwords?
Not without having to make changes to how the client PCs will 
authenticate, so pretty much "no". However since you have the passwords 
in plaintext it isn't too much of a hassle to generate the hashes.


Since with FTP you login as "ftpu...@example.com" with appropriate 
password, I was hoping that users could connect to our samba server, 
authenticating as "ftpu...@example.com" and same password. It would 
then set the share path to the users homeDirectory 
(/export/cust14/com/e/x/example/ftpuser/) and use their uid, gid.

Sounds reasonably straight forward.


Are there other reasons why this could not be done? Anyone already 
done something similar? Any pit-falls?

I'm not certain that it is a good idea, but it's not impossible.

*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba with legacy LDAP

[Jorgen Lundman]

Hello lists,

Standard ISP hosting with virtual users here. So we already have an 
existing system setup, based around OpenLDAP data for customer 
information. Currently for WWW hosting, users have FTP access. But FTP 
seems to be a hurdle for certain users, so I was thinking about also 
offering SMB access in parallel with FTP, so they could just MAP a drive 
letter to their WWW area.


Currently the LDAP has user data in "qmail" and POSIX style schema, 
which seems to be fairly common. (uidNumber, gidNumber, gecos, 
homeDirectory etc). Currently passwords are stored in plain-text.



1) Can I make Samba lookup uid,gid,homeDirectory from LDAP directly? The 
new privacy-laws do not allow us to use PAM for the customers as a 
whole. I expected to be able to specify LDAP search filter, and a map 
between our LDAP attributes and those Samba expects (which appear to 
mostly overlap though). But this appears to have been removed?



2) Can I use the plain-text passwords directly, and avoid having to 
store nt and lm passwords?



Since with FTP you login as "ftpu...@example.com" with appropriate 
password, I was hoping that users could connect to our samba server, 
authenticating as "ftpu...@example.com" and same password. It would then 
set the share path to the users homeDirectory 
(/export/cust14/com/e/x/example/ftpuser/) and use their uid, gid.


Are there other reasons why this could not be done? Anyone already done 
something similar? Any pit-falls?


Lund

--
Jorgen Lundman   | 
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo| +81 (0)90-5578-8500  (cell)
Japan| +81 (0)3 -3375-1767  (home)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Time capsule and "bad smb"

[Pietro Battiston]

Il giorno lun, 16/02/2009 alle 23.03 -0800, Jeremy Allison ha scritto:
> On Mon, Feb 16, 2009 at 09:42:48PM -0800, James Peach wrote:
> > 
> > Volker's suggestion is the best.
> > 
> > Pietro should to  and log a
> > bug against the TIme Capsule. It would be best to attach a packet
> > trace to the bug. Follow the instructions here:
> > 
> > 
> 
> Boo, hiss, cop-out :-).
> 
> > I'll try and dig up a time capsule to bring to Connectathon next week
> > if any of the Linux smbfs folks would like to test against it ...
> 
> Sure, I'll be there and I'd love to take a look at it.
> Will there be any Time Capsule engineers there though
> if we do find bugs ?

Did someone debug the problem?

The bug I filed (# 6598363) in the Apple bugtracker is just there,
alone, with apparently no care given to, since more than 2 months...

bye

Pietro

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba