[Samba] smbclient -L succeeded even network is down

[David Roid]

Hello list,

Accidentally I found that when network is down "smbclient -L localhost -U%"
became slow however it still succeeded after like half a minute.

This is weird because my Samba server is running inside AD,

Q1. How can smbclient authenticate without talking to AD controller? I think
in this case smbclient at least tried to (reach AD controller),  otherwise
shouldn't take it so long.
Q2. Is there anyway I can suppress the authentication against AD controller
if I'm root?

Might be trivial questions, could anyone help?

Bests
-David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4 compile instructions

[Derek Lewis]

I am interested in compiling Samba 4 and trying the advanced features.  I
followed the instructions on samba.org to build and compile, though I get
the error: failed program.confdefs.h.  I have run into this error before,
and looking over config log, I see that the build does not see many of the
dependencies.

 

 

 

Can I modify the build to point to the required files, or at least trace the
source of the problem?

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] preserve windows create/modify dates

[Derek Lewis]

I have Samba 3.4.7 installed and running though I cannot get extended
attributes to work completely.

 

If this version of Samba will support it, I want to configure my shares to
preserve the create and modified date information for my Windows files.  At
present, create date is set to the modified; though the accessed date is
correct.

 

I have formatted my RAID in ext4 and enabled extended user attributes.  I
have checked the extended attribute functions with getattr and setattr
commands.

 

In the global section of my smb.conf file, I have the following set:

 

ea support = yes

store dos attributes = yes

map readonly = no

map archive = no

map system = no

map hidden = no

 

When I run testparm, only the map archive, and map readonly are listed for
some reason.

 

I have searched through numerous threads looking for a solution, and it
seemed this was not commonly used feature.

 

If there are workarounds, I would entertain them.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba compile docs

[Derek Lewis]

I am interested in compiling Samba 4 and trying the advanced features.  I
followed the instructions on samba.org to build and compile, though I get
the error: failed program.confdefs.h.  I have run into this error before,
and looking over config log, I see that the build does not see many of the
dependencies.

 

Can I modify the build to point to the required files, or at least trace the
source of the problem?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] what flag shows ldapsam is built in?

[grant little]

what  flag from smbd -b confirms ldapsam is built in?

I see:
# smbd -b | grep -i ldap
   HAVE_LDAP_H
   HAVE_LDAP
   HAVE_LDAP_ADD_RESULT_ENTRY
   HAVE_LDAP_INIT
   HAVE_LDAP_INITIALIZE
   HAVE_LDAP_SASL_WRAPPING
   HAVE_LDAP_SET_REBIND_PROC
   HAVE_LIBLDAP
   LDAP_SET_REBIND_PROC_ARGS
   idmap_ldap_init
pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_wbc_sam


I was expecting to see something with ldapsam in there say for instance
pdb_ldapsam or HAVE_LDAPSAM but I'm not sure what the flag is called and
haven't found a list of all the flags when searching samba.org

thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba for AD client?

[grant little]

On Mon, Sep 6, 2010 at 11:40 AM, Daniel Müller wrote:

> On Sun, 5 Sep 2010 20:14:03 -0400 (EDT), "Ken D'Ambrosio" 
> Pherhaps it helps: My Thread: HOWTO samba4 centos5.5 named dnsupdate drbd
> simple failover
> http://www.mail-archive.com/samba@lists.samba.org/msg109994.html
> Greetings
> Daniel
>
>
>
caveat: samba 4 is in alpha, not yet production

>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Standalone Samba and group permission

[Erik van Linstee]

Hi,

I have been experimenting and googling without finding so much as a hint to 
what I am doing wrong.

I have a Samba server (Ubuntu 10.04) set up for standalone usage.
I have Posix ACL's enabled on my filesystem, and a directory with the following 
permissions:

# file: beheer/
# owner: beheerder
# group: users
user::rwx
user:clamav:r-x
user:beheerder:rwx
group::---
group:users:---
mask::rwx
other::---
default:user::rwx
default:user:clamav:r-x
default:user:beheerder:rwx
default:group::---
default:mask::rwx
default:other::---

The intention is that only the owner can use this directory and no one else, 
not even group members. The ACL confirms that group members have no access, I 
have even explicitly named the owner group with no rights. Others have no 
rights either.

Yet, everyone who is a member of the group users can change to this directory 
and create files in it. It does not matter if they connect with a Windows 
machine or a Linux one.

Once I change the group owner to some group the other users are not a member 
of, their access is denied as expected, but when I make them a member of that 
group, they regain access, even though group owner access is still set to ---.

I must be overlooking something, but what?

Hope anyone can help.

regards,
Erik

---

  ir. E.J.P. (Erik) van Linstee

  Van Linstee ICT
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba for AD client?

[Daniel Müller]

On Sun, 5 Sep 2010 20:14:03 -0400 (EDT), "Ken D'Ambrosio" 
Pherhaps it helps: My Thread: HOWTO samba4 centos5.5 named dnsupdate drbd
simple failover
http://www.mail-archive.com/samba@lists.samba.org/msg109994.html
Greetings
Daniel



wrote:
> Hey, all.  I'm planning on migrating a W2K3 server to a Linux solution. 
> It needs to be AD-aware, support ACLs, etc.  This isn't something I'm
> doing Right Now(tm), so I can wait a little bit.  A couple questions:
> 
> 1) Are there any known issues with BTRFS?
> 2) Which version of Samba would be most appropriate for this?
> 3) AD integration: I've never really done it (with success); any
pointers?
>  [I've googled a bit, but bump into a zillion different HOWTO's and/or
> utilities, some of which seem to be mutually exclusive.)
> 
> Thanks!
> 
> -Ken
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SAMBA4 kinit fails

[Daniel Müller]

can your bind read from your krb5.conf??
-rwxrwxrwx 1 root named 389 11. Aug 14:33 /etc/krb5.conf



On Mon, 6 Sep 2010 09:01:45 -0400 (EDT), Neil Balchin 
wrote:
> unfortunately even with 
> ...
> [libdefaults]
> dns_lookup_realm = true
> dns_lookup_kdc = true
> ...
> in /etc/krb5.conf
> 
> I still get 
> 
> kinit: Cannot contact any KDC for realm 'NEILANDJO.COM' while getting
> initial credentials
> 
> 
> error
> 
> 
> - Original Message -
> From: "rajat swarup" 
> To: "Neil Balchin" 
> Cc: "Aaron Solochek" , samba@lists.samba.org
> Sent: Monday, 6 September, 2010 1:33:23 AM
> Subject: Re: [Samba] SAMBA4 kinit fails
> 
> On Mon, Sep 6, 2010 at 12:54 AM, Neil Balchin 
wrote:
>> I've tried that,  i ran
>>
>> cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
>>
>> contents of /etc/krb5.conf
>> are
>> ..
>>
>> [libdefaults]
>>        default_realm = MYDOMAIN.COM
>>        dns_lookup_realm = false
>>        dns_lookup_kdc = false
>>        ticket_lifetime = 24h
>>        forwardable = yes
>>
>> [realms]
>>        MYDOMAIN.COM = {
>>                kdc = pdc.mydomain.com:88
>>                admin_server = pdc.mydomain.com:749



>>                default_domain = mydomain.com
>>        }
>>
>> [domain_realm]
>>        .mydomain.com = MYDOMAIN.COM
>>        mydomain.com = MYDOMAIN.COM
>>
> 
> Change the contents of /etc/krb5.conf to
> [libdefaults]
> dns_lookup_realm = true
> dns_lookup_kdc = true
> 
> Even though the system is using DNS kerberos doesn't use DNS due to
> the settings that you've configured.
> 
> Hope this helps!
> -- 
> Rajat Swarup
> www.rajatswarup.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] valid users option

[grant little]

On Mon, Sep 6, 2010 at 12:39 AM, DUPEYRAT, PIERRE (PIERRE)** CTR ** <
pierre.dupey...@alcatel-lucent.com> wrote:

>  Hello,
>
>
>
> I am using NIS groups , so the nsswitch.conf  is configured as a NIS
> client.
>
> passwd files nis
>
> group files nis …
>
>
>
> With the same smb.conf , it works fine with the version 3.0.30 , but not
> with version 3.0.34 , perhaps a new option to set ?
>
>
>
> Regards.
>
>
>
> *
> *
>

I'm not familiar with what changed between those revs but you can find out
here:
http://www.samba.org/samba/history/

best of luck.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Audit problem

[Luiz Guilherme Nunes Fernandes]

Dear,
I am having the following issue

Logs generated by "realpath" enabled UPnP. How could I fix it?

Samba File:

/ Etc / samba / smb.conf

vfs objects = full_audit
full_audit: success = pwrite, rename, rmdir, unlink
full_audit: prefix =% u |% m |% I |% O
full_audit: failure = none
full_audit: facility = local7
full_audit: priority = notice
#

Syslog file:

/ Etc / syslog.conf

# Samba audit
local7.notice, local7.! warn / var / log / samba / audit.log

In option full_audit: success, not to insert the "realpath" because he is in
the log?
Thanks ...

Attn
Luiz Guilherme


-- 
<<<-->>>

   -=| A idéia de um fim que termina em um início. |=-

Att.
♪ ♫  Luiz Guilherme Nunes Fernandes  ♫ ♪

<<<-->>>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SAMBA4 kinit fails

[Neil Balchin]

unfortunately even with 
...
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
...
in /etc/krb5.conf

I still get 

kinit: Cannot contact any KDC for realm 'NEILANDJO.COM' while getting initial 
credentials


error


- Original Message -
From: "rajat swarup" 
To: "Neil Balchin" 
Cc: "Aaron Solochek" , samba@lists.samba.org
Sent: Monday, 6 September, 2010 1:33:23 AM
Subject: Re: [Samba] SAMBA4 kinit fails

On Mon, Sep 6, 2010 at 12:54 AM, Neil Balchin  wrote:
> I've tried that,  i ran
>
> cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
>
> contents of /etc/krb5.conf
> are
> ..
>
> [libdefaults]
>        default_realm = MYDOMAIN.COM
>        dns_lookup_realm = false
>        dns_lookup_kdc = false
>        ticket_lifetime = 24h
>        forwardable = yes
>
> [realms]
>        MYDOMAIN.COM = {
>                kdc = pdc.mydomain.com:88
>                admin_server = pdc.mydomain.com:749
>                default_domain = mydomain.com
>        }
>
> [domain_realm]
>        .mydomain.com = MYDOMAIN.COM
>        mydomain.com = MYDOMAIN.COM
>

Change the contents of /etc/krb5.conf to
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true

Even though the system is using DNS kerberos doesn't use DNS due to
the settings that you've configured.

Hope this helps!
-- 
Rajat Swarup
www.rajatswarup.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Drag and drop from gnome panel to samba shares

[Manu Baylac]

Hi all.

I have a samba 3.2.5 on debian lenny with ubuntu 9.10 an windows clients.
But I have a little problem with permissions.

[share]
  comment = cool
  path = /home/cool
  browseable = yes
  writeable = yes
  force group = cool
  create mask = 0660
  directory mask = 0770
  force create mode = 0660
  force directory mode = 0770

On my ubuntu clients, if I create a file or directory *directly* in the 
samba share with nautilus, no problem :


myserver:/home/myshare# ls -l
drwxrwx--- 2 user cool 4096 sep  6 13:27 testdir
-rw-rw 1 user cool0 sep  6 13:27 testfile.txt

But if I use drag & drop a local file from gnome panel to the samba share,

-rw-r--r-- 1 user cool 18432 jui 12 18:18 newtest

force group is ok but permissions aren't "forced".

How can I change that ?

Thanks in advance.

 -- 
Manu


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 samba3 installed and running

[Michael Wood]

On 6 September 2010 04:59, Eric  wrote:
> Bind won't start after implementing:
> Step 8 Configure DNS --from-- http://wiki.samba.org/index.php/Samba4/HOWTO
>
> Here are my System Logs:
> Sep  5 22:27:12 saturn named[4068]: loading configuration from
> '/etc/bind/named.conf'
> Sep  5 22:27:12 saturn named[4068]: /usr/local/samba/private/named.conf:14:
> open: /usr/local/samba/private/named.conf.update: permission denied
> Sep  5 22:27:12 saturn named[4068]: loading configuration: permission denied
> Sep  5 22:27:12 saturn named[4068]: exiting (due to fatal error)

It's probably Apparmor blocking access to /usr/local/samba/private/*
and /var/tmp/DNS_104.

I have this in my /etc/apparmor.d/usr.sbin.named file:

  # Support for Samba4
  /usr/local/samba/private/named.conf.update r,
  /usr/local/samba/private/dns.keytab kr,
  /var/tmp/DNS_104 w,

Run "invoke-rc.d apparmor reload" after changing that file.  I'm not
sure if the DNS_104 file will always be called that, but when I tried
it, that's what it was called.  I'm not sure what it's used for, but
something to do with GSSAPI it seems.

> I am using Ubuntu Lucid, all packages are uptodate.
>
> I have installed source4 and source3 with the goal of creating franky

I think that the plans for how to merge Samba3 and Samba4 have changed
a bit since the original "franky" plan.

I've CCed the samba-technical list in case someone there would like to
comment on this :)

> Here is some extra info:
> The first scan is with the include in my named.conf.local the second is
> without the include, as you can see BIND starts right back up again no
> problem
> I have changed group permissions to reflect group "bind" on named.conf and
> named.conf.update, because I thought that might be the issue... it did not
> seem to work, also group permissions for bind are read only.
> 
>
> nmap -sS -sV -O -T4 -n -v 192.168.1.103
>
> 192.168.1.103
> 80/tcp  open  http      Apache httpd 2.2.14 ((Ubuntu))
> 389/tcp open  ldap      OpenLDAP 2.2.X
> 464/tcp open  kpasswd5?
> 749/tcp open  rpcbind
> Device type: general purpose
> Running: Linux 2.6.X
> OS details: Linux 2.6.17 - 2.6.24
> Network Distance: 0 hops
> TCP Sequence Prediction: Difficulty=198 (Good luck!)
> IP ID Sequence Generation: All zeros
> Nmap done: 1 IP address (1 host up) scanned in 33.75 seconds
> 
> 
> 
>
> nmap -sS -sV -O -T4 -n -v 192.168.1.103
>
> 192.168.1.103
> 53/tcp    open  domain      ISC BIND 9.7.0-P1
> 80/tcp    open  http        Apache httpd 2.2.14 ((Ubuntu))
> 135/tcp   open  msrpc?
> 139/tcp   open  netbios-ssn Samba smbd 3.X (workgroup: SATURN)
> 389/tcp   open  ldap        OpenLDAP 2.2.X
> 445/tcp   open  netbios-ssn Samba smbd 3.X (workgroup: SATURN)
> 1024/tcp  open  kdm?
> 1/tcp open  http        Webmin httpd
> Device type: general purpose
> Running: Linux 2.6.X
> OS details: Linux 2.6.17 - 2.6.24
> Network Distance: 0 hops
> TCP Sequence Prediction: Difficulty=201 (Good luck!)
> IP ID Sequence Generation: All zeros
> Nmap done: 1 IP address (1 host up) scanned in 108.24 seconds
> 
>
> Thanks for any help,
> Eric

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.0.21b on Solaris 10 U5 : Error - checking configure summary ... configure: error: summary failure. Aborting config

[Björn Jacke]

On 2010-09-02 at 11:14 -0400 Gaiseric Vandal sent off:
> I found compiling Samba on Solaris to be quite a challenge.  I did
> get EVENTUALLY get 3.4.8 compiled but not 3.5.2.   I had to symlink
> /usr/ccs/bin/ld to gld.  I also used gcc not Sun cc.

http://build.samba.org/?function=View+Host;host=sunX;tree=samba_3_current;compiler=cc#sunX

shows that 3.4 and 3.5 build nice as well with cc and gcc. This should really
not be a challenge. What problems do you encounter?


> It seems pretty obvious to me that Sun will not be doing any more
> work with Samba since they have an alternative CIFS ("Windows")
> server product now.

Sun rarely did that, the Samba team and a number of contributors did that most
of the time.

Cheers
Björn
-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Time Server Problem

[Ian Stirling]

grant little  wrote in news:AANLkTinPWWXHq=pwQWn4a-
9vh_awv2vo81pdxz52e...@mail.gmail.com:

> Is this any help?
> http://www.mail-archive.com/samba@lists.samba.org/msg89260.html
> 

No I don't think it is - I had seen that before and it talks about having 
to be an administrator or be in certain groups before being allowed to 
update the time.   I am an administrator and I gave an example in my OP of 
it working to another Samba server.I think the problem is on my Samba 
server rather than the Windows system.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba