Re: [Samba] Best Way to Securely Mount SMB/CIFS Shares
On Thu, May 21, 2009 at 12:05 PM, wrote: > Although I am comfortable mounting smbf/cifs shares for myself, as root, > I am trying to determine the optimal way to have users get specific > mounts, without having to put in any user account details in fstab, and > specific mounts for specific users. I know I can create a .credentials > file in each users /home/user folder and point to that in fstab. But I > dont want to have multiple lines in fstab for each user. > > Can a mount line be added to a users bash_profile and using a hidden/hashed > > credentials file? or something similar so that only those mounts needed > for any particular user are mounted when they log in. Rather than in > fstab and mounted for everyone? > > > Or maybe there is another way to securely create different windows share > mounts for different users without having them in fstab? > > CentOS 5.3, x86 > Samba: 3.033375 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > If you have a Kerberos realm set-up, you could leverage that so that no password is needed. Active Directory uses Kerberos if that is available. A user on Debian can call smbmount without having to be root. Robert LeBlanc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Best Way to Securely Mount SMB/CIFS Shares
On Thu, May 21, 2009 at 2:05 PM, wrote: > Although I am comfortable mounting smbf/cifs shares for myself, as root, > I am trying to determine the optimal way to have users get specific > mounts, without having to put in any user account details in fstab, and > specific mounts for specific users. I know I can create a .credentials > file in each users /home/user folder and point to that in fstab. But I > dont want to have multiple lines in fstab for each user. > > Can a mount line be added to a users bash_profile and using a hidden/hashed > > credentials file? or something similar so that only those mounts needed > for any particular user are mounted when they log in. Rather than in > fstab and mounted for everyone? > > > Or maybe there is another way to securely create different windows share > mounts for different users without having them in fstab? > > CentOS 5.3, x86 > Samba: 3.033375 http://pam-mount.sourceforge.net/ -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Best Way to Securely Mount SMB/CIFS Shares
Although I am comfortable mounting smbf/cifs shares for myself, as root, I am trying to determine the optimal way to have users get specific mounts, without having to put in any user account details in fstab, and specific mounts for specific users. I know I can create a .credentials file in each users /home/user folder and point to that in fstab. But I dont want to have multiple lines in fstab for each user. Can a mount line be added to a users bash_profile and using a hidden/hashed credentials file? or something similar so that only those mounts needed for any particular user are mounted when they log in. Rather than in fstab and mounted for everyone? Or maybe there is another way to securely create different windows share mounts for different users without having them in fstab? CentOS 5.3, x86 Samba: 3.033375 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error in smbldap-populate
Maximo Mosalvo wrote: HI, sorry my english and if this is a stupid question i am newby in samba with ldap Im install a clear install the ubuntu 9.04 server follow this guide from ubuntu docs https://help.ubuntu.com/9.04/serverguide/C/samba-ldap.html https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html but i get this error when i try to populate samba can somebody helpme? administra...@server:~$ sudo smbldap-populate Populating LDAP directory for domain GRUPORESASCO (S-1-5-21-1830305083-2452246421-2263414248) (using builtin directory structure) entry dc=gruporesasco,dc=local already exist. entry ou=People,dc=gruporesasco,dc=local already exist. entry ou=Groups,dc=gruporesasco,dc=local already exist. adding new entry: ou=Machines,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 22. adding new entry: ou=Idmap,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 27. adding new entry: uid=root,ou=People,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 58. adding new entry: uid=nobody,ou=People,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 101. adding new entry: cn=Domain Users,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 134. adding new entry: cn=Administrators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 179. adding new entry: cn=Account Operators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 201. adding new entry: cn=Print Operators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 212. adding new entry: cn=Backup Operators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 223. adding new entry: cn=Replicators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 234. adding new entry: sambaDomainName=GRUPORESASCO,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 242. Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist Maximo, It appears to be looking for the root account, which is disabled by default in Ubuntu. See the following to enable: https://help.ubuntu.com/community/RootSudo Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Panic
Jeremy Allison wrote: If this is reliably reproducible, can you try doing the following: It's 100% reliably reproducible across 2 different site :) I'll have a go this evening and post what I find. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP - valid users = @group
John H Terpstra - Samba Team wrote: Before claiming it is broken, please try: valid users = @DOMAIN\somegroup This change happened during the mid-3.0.x series and is documented in the WHATSNEW.txt file. - John T. I tried that with valid users = @ADMIN\is, and get the following error in the log file: [2009/05/21 13:17:51, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/05/21 13:17:51, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Group,dc=mdah,dc=state,dc=ms,dc=us], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=is)(cn=is)))], scope => [2] [2009/05/21 13:17:51, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=is)(cn=is))) [2009/05/21 13:17:51, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/05/21 13:17:51, 5] smbd/share_access.c:token_contains_name(117) lookup_name ADMIN\is failed [2009/05/21 13:17:51, 10] smbd/share_access.c:user_ok_token(210) User awilliam not in 'valid users' [2009/05/21 13:17:51, 2] smbd/service.c:make_connection_snum(736) user 'awilliam' (from session setup) not permitted to access this share (is) [2009/05/21 13:17:51, 3] smbd/error.c:error_packet_set(61) error packet at smbd/reply.c(701) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED using valid users = @is lets me connect to the share ok. this is on samba 3.2.11 on fedora 10 x86_64. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Panic
On Tue, May 19, 2009 at 11:14:54AM +0100, Andrew Porter wrote: > Below is a log file of a panic that occurs on two different sites > running Debian Stable Samba 3.2.5. The problem is triggered by Sophos > Control Centre doing it's hourly check for updates, and as SCC is > running on a user's PC in both cases causes problems for the user. I've > tried everything and cannot figure it out - anyone got any > pointers/ideas what to do next ? If this is reliably reproducible, can you try doing the following: Ensure you have an smbd with debug symbols, then add the line: panic action = "/bin/sleep 9" to the [global] section of your smb.conf. Then reproduce the problem. The crashed smbd will be stuck waiting for the sleep to exit, it will be the parent process of the sleep process. Attach to it with gdb and then type "bt" to get a full stack backtrace. This looks to me a bit like a null pointer indirection which we may have fixed in the current 3.2.x code in the git tree (but I can't promise that until I see the backtrace). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error in smbldap-populate
HI, sorry my english and if this is a stupid question i am newby in samba with ldap Im install a clear install the ubuntu 9.04 server follow this guide from ubuntu docs https://help.ubuntu.com/9.04/serverguide/C/samba-ldap.html https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html but i get this error when i try to populate samba can somebody helpme? administra...@server:~$ sudo smbldap-populate Populating LDAP directory for domain GRUPORESASCO (S-1-5-21-1830305083-2452246421-2263414248) (using builtin directory structure) entry dc=gruporesasco,dc=local already exist. entry ou=People,dc=gruporesasco,dc=local already exist. entry ou=Groups,dc=gruporesasco,dc=local already exist. adding new entry: ou=Machines,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 22. adding new entry: ou=Idmap,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 27. adding new entry: uid=root,ou=People,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 58. adding new entry: uid=nobody,ou=People,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 101. adding new entry: cn=Domain Users,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 134. adding new entry: cn=Administrators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 179. adding new entry: cn=Account Operators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 201. adding new entry: cn=Print Operators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 212. adding new entry: cn=Backup Operators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 223. adding new entry: cn=Replicators,ou=Groups,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 234. adding new entry: sambaDomainName=GRUPORESASCO,dc=gruporesasco,dc=local failed to add entry: modifications require authentication at /usr/sbin/smbldap- populate line 499, line 242. Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Client driver installation
I had a similar problem a time ago which was related to a anti-virus-scanner; see: http://groups.google.com/group/linux.samba/browse_thread/thread/ab7e66d793a1c440/512b30ab7fb4a314?lnk=gst&q=nod32#512b30ab7fb4a314 My Server is also running opensuse. Maybe that helps? good luck, Johannes Am 21.05.2009 08:53, schrieb Liutauras Adomaitis: On Thu, May 21, 2009 at 1:27 AM, Gary L. Greene, Jr. wrote: I've an OpenSuSE based server installed at work that uses Samba to share out the prrinters for our users on the AD that will be replacing our aging Windows 2000 print server. I'm in the process of getting the printer drivers installed for Windows clients. At present, I'm installing the drivers for the RICOH Aficio we have. When I run the following command: printmaster:/var/lib/samba/drivers/W32X86 # rpcclient -U ggreene -c "adddriver 'Windows NT x86' 'RICOH:RIC641K.DLL:RIC641K.DLL:RIC641U.DLL:RIC641.HLP:NULL:RAW:RIC641K.DLL,RIC641U.DLL,RIC641.HLP,RIC641P.DLL,RIC641C.DLL,RIC641L.DLL,RIC641X.DLL,RIC641S.DLL,RIC641J.DLL,RIC641Q.EXE,RIC641ZU.DLL,RIC641ZK.DLL,RIC641WU.DLL,RIC641WK.DLL,RIC641PI.DLL,RIC641SR.EXE,RIC641CF.DLL,RIC641X.EXE,TrackID.DLL,TIBase64.dll,TIFmtA.dll,RICJC32.dll,JCUI.exe' 3" printmaster I get the following output: result was WERR_UNKNOWN_PRINTER_DRIVER With the logging output of the printdrivers set to 10, I get the following from the logs: [2009/05/20 14:51:58, 0] printing/nt_printing.c:move_driver_to_download_area(1931) move_driver_to_download_area: Unable to rename [W32X86/RIC641K.DLL] to [W32X86/3/RIC641K.DLL] Any help would be appreciated as I'm trying to get this done ASAP. i was strugling a lot with these things and i'm not an expert, but what do you have in your [print$] and [printers] shares in your smb.conf? look for use client drivers directive -- |- | weberhofer GmbH | Johannes Weberhofer | information technologies | Austria, 1080 Wien, Blindengasse 52/3 | | Firmenbuch: 225566s, Handelsgericht Wien | UID: ATU55277701 | | phone : +43 (0)1 5454421 0| email: off...@weberhofer.at | fax : +43 (0)1 5454421 19 | web : http://weberhofer.at | mobile: +43 (0)699 11998315 |--->> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba