[Samba] PROBE domain

[Eugene M. Zheganin]

 Hi.

After an upgrade from 3.0.34 to 3.4.x or 3.5.x (I run samba on FreeBSD, 
and, ufortunately, 3.0.x branch was just removed from FreeBSD ports) I 
notices that I got a new domain PROBE, not referenced in any of my configs.


Previously it was only a BUILTIN domain, now there are two of them. As 
the number of predefined domains continues to grow - I want to ask, if 
there is any possibility to get rid of PROBE ? It keeps on  searching 
its controllers and complains in logs because cannot find any.


Thanks.
Eugene.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba 3.5.6, winbindd and getent/id

[Eugene M. Zheganin]

 Hi.

I'm using samba to authenticate squid users in Windows AD, and to 
provide 'em some statistics on the Internet usage. As this requires the 
existence of windows users in Unix environment, I use nsswitch.conf and 
nss_winbind.so to map users in Unix environment via samba as domain 
member (security = ads) and its winbindd daemon.


As of samba 3.5.6 I'm expiriencing some major problems with it. To be 
exact, neither id nor getent passwd don't work (allthough the squid 
authentication is working perfectly even for windows-only users). For 
providing some statistics I need them to work.


How can I debug this ? I'm using the same config on 3.0.x, 3.4.9 and on 
3.5.6.

wbinfo -t gives me all ok.
wbinfo -g / wbinfo -u give me empty list regardless of the setting 
"winbind enum group/users".


The only error I see in logs (except those about PROBE domain) is that 
winbindd cannot open /usr/local/lib/samba/passdb.so. Indeed, this file 
doesn't exist, but it also doesn't exist on 3.4.9 where all is fine.


Is my problem related to it ?

I dont' see any other errors in logfiles on debug level 10 ('grep -i 
error', 'grep -i failed' gives nothing).


Thanks.
Eugene.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] kerberos @ samba4 DC

[Jason Gerfen]

You really should be replying to the list as well as I may not have the 
answer but others monitoring the list might.


The smb.conf would be beneficial for review. Here is a copy of mine...

Of course it is sanitized so modification would need to be made. Also 
because you are using an upgraded version of NT to Win2k you may need to 
scour the logs to see what is taking place when you authenticate. Those 
errors may aid further.


[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = server.domain.com
netbios name = server

password server = *
encrypt passwords = true
security = ads

lanman auth = no
ntlm auth = no

os level = 20

allow trusted domains = yes
auth methods = winbind

interfaces = eth0, lo
bind interfaces only = yes
socket options = TCP_NODELAY

hosts allow = xxx.xxx.xxx.xxx/24
hosts deny = 0.0.0.0/0

log level = 40
log file = /var/log/samba/log.%m
max log size = 50

client signing = yes
client schannel = no
client use spnego = yes
client lanman auth = no
client NTLMv2 auth = yes
client plaintext auth = no

preferred master = no
local master = no
domain master = no
wins proxy = no
dns proxy = No

obey pam restrictions = yes

template shell = /bin/bash
nt acl support = yes
inherit permissions = yes
create mask = 0022
template homedir = /home/Authenticated Users/%U

winbind uid = 1000-200
winbind gid = 500-200
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind offline logon = true
winbind nss info = rfc2307

idmap uid = 1000-200
idmap gid = 500-200
idmap domains = DOMAIN
idmap config DOMAIN:backend = ad
idmap config DOMAIN:default = yes
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 1000 - 3



On 12/01/10 07:27, Rafa Toucedo wrote:

Finally I send the contents of my krb5.conf


thank you for your time, I remain at your disposal!


Rafael Toucedo
gtalk: rtouc...@gmail.com 

2010/12/1 Rafa Toucedo >


Hi, I'm using the latest alpha version of Samba (updated
yesterday) and I want to replace a server with Windows 2000 (AD),
the problem is that the server comes from a migration of NT4 and
"tricked" to continue the realm without extension
(dominio.extension) = (domain) for which the samba-tool I have to
launch with. next to the realm to avoid being interpreted as
dominio.extensión.

It runs all on a SuSE SLES 11 (64 bits).

a greeting and thank you very much

PS: I attached the full log.

Before I sent the email "incomplete" because I did it from the
phone and sometimes escapes me the finger ...


Thank you!


2010/12/1 Rafa Toucedo mailto:debian.v...@gmail.com>>


Thanks for your answer, but that happened I do, I follow the
manual of the "wiki" Samba 4, do the kinit, I put my password,
etc. etc. I play the part of the "dark side" (the windows
2000) the type of user, etc ...

I understand that the problem is the encryption type which
defined in krb5.conf



default_tkt_enctypes = arcfour-hmac-md5
default_tgs_enctypes = arcfour-hmac-md5
permited_enctypes = arcfour-hmac-md5



2010/12/1 Jason Gerfen mailto:jason.ger...@utah.edu>>

You need to first obtain a valid tgt. Use  kinit prior to
running net ads join

Jason Gerfen
jason.ger...@gmail.com 
http://phpDHCPAdmin.sourceforge.net
http://www.github.com/jas-

On Dec 1, 2010, at 4:23 AM, "Rafa Toucedo"
mailto:debian.v...@gmail.com>> wrote:

> Hello, when I try to put my SAMBA4 as DC from a domain
controller in windows
> 2000
>
> /usr/local/samba # bin/samba-tool join (WINDOWS 2000
DOMAIN). DC
> -U(USER)@(WINDOWS 2000 DOMAIN)%(PASSWORD)
--realm=(WINDOWS 2000 DOMAIN). -d5
>
> throws me the following error:
>
> Failed to get CCACHE for GSSAPI client: KDC has no
support for encryption
> type
> Aquiring initiator credentials failed: kinit for
admco...@domd4086 failed
> (KDC has no support for encryption type: KDC has no
support for encryption
> type)
> Failed to start GENSEC client mech gssapi_krb5:
NT_STATUS_UNS

[Samba] samba 3.5.6 authentication with AD 2008

[Tharanga Abeyseela (RGA)]

Hi guys,

I have installed samba with AD authentication. Ntlm_auth is working without any 
issue with the domain.
But if I connect using my windows pc, to the samba share, it gives following 
error.

Wbinfo -u  / wbinfo -g giving the correct output. And ntlm_auth also working 
without any issue.

If I try to connect from my windows PC to the samba share it gives following 
error.

[2010/12/01 15:25:25.988709,  3] 
winbindd/winbindd_pam.c:1839(winbindd_dual_pam_auth_crap)
  [ 3556]: pam auth crap domain: AXD user: tharanga
[2010/12/01 15:25:25.990456,  4] 
winbindd/winbindd_dual.c:1525(fork_domain_child)
  Finished processing child request 14
[2010/12/01 15:25:53.454154,  4] 
winbindd/winbindd_dual.c:1517(fork_domain_child)
  child daemon request 20
[2010/12/01 15:25:53.454232,  3] 
winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains)
  [ 3556]: list trusted domains
[2010/12/01 15:25:53.454257,  3] winbindd/winbindd_ads.c:1269(trusted_domains)
  ads: trusted_domains
[2010/12/01 15:25:53.455409,  4] 
winbindd/winbindd_dual.c:1525(fork_domain_child)
  Finished processing child request 20

Ntlm_auth gives NT_STATUS_OK: Success (0x0)

Iam using samba 3.5.6 latest version.

[global]
workgroup = AXD
realm = AXD.COM
password server = *
server string = Samba file and print server
security = ADS
encrypt passwords = yes
log level = 4
log file = /var/log/samba/%m
max log size = 50
#winbind separator = +
#client schannel = no
obey pam restrictions = yes
idmap uid = 1-2
idmap gid = 1-2
#winbind use default domain = yes
auth methods = winbind
nt acl support = yes
map acl inherit = yes
winbind enum users = yes
winbind enum groups = yes
#client ntlmv2 auth = yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind trusted domains only = no
allow trusted domains = yes

[BMS]
comment = BMS path
path = /pro/psd_apps/
valid users = @RAP\test
writable = yes
inherit acls = yes
inherit permissions = yes

/etc/nssswitch.conf
passwd: compat winbind
shadow: compat
group:  compat winbind

/etc/pam.d/samba

auth_required /lib/security/pam_winbind.so
account_required  /lib/security/pam_winbind.so

auth   required pam_nologin.so
auth   include  system-auth
accountinclude  system-auth
sessioninclude  system-auth
password   include  system-auth

I have crearted  following files.


cat /etc/pam.d/common-account
account sufficient  pam_winbind.so
account requiredpam_unix.so

cat /etc/pam.d/common-auth
authsufficient  pam_winbind.so
authrequiredpam_unix.so use_first_pass

 cat /etc/pam.d/common-session
session sufficient  pam_winbind.so
session requiredpam_unix.so



whats missing in my config ?

many thanks,
Tharanga
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] workgroup name length limitation in samba 3.5.6...

[S Krishnah, Vijay (Vijay)** CTR **]

Hi,
  I face problems trying to input workgroup name lengths more than 15 
characters in smb.conf and run nmbd. I am using samba 3.5.6 (source3 version of 
nmbd in 3.5.6 package).

  This was faced by a user earlier as per link 
http://www.mail-archive.com/samba@lists.samba.org/msg22773.html  and solution 
provided by Jeremy Allision as per link 
http://www.mail-archive.com/samba@lists.samba.org/msg22776.html  dated 2003.

 Yet in 3.5.6 version still the namelength restriction for workgroups seems 
to be there and nmbd can take only workgroups with name length upto 15 
characters.  Could somebody point out where I may be erring?


Thanking You and Regards,
Vijay

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba settings for public and HOME

[Jeenu V]

On Tue, Nov 30, 2010 at 12:33 PM, Daniel Müller  wrote:
> You are missing  the path= in your [homes]

Well the manual says: If no path was given, the path is set to the
user´s home directory.

-- 
Jeenu
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.5.6 valid users +wheel not working

[Kris Glynn]

Hi,

I have a fairly simple setup in samba authing users against AD (windows
2008 r2). I have two shares, "homes" and "test_share"

I have found that even though I (glynnk) am a member of "wheel" I can
not get into the "test_share" witch has "valid users = +wheel" although
I can get into my "homes" share.

Trying to access "test_share" just keeps prompting me for a password
over and over again. The only way I can access "test_share" is to
shutdown winbind and restart samba.

Why is this happening? It used to work prior to our Domain Controllers
being upgraded to 2008 r2? Shouldn't I be able to have winbind running
and still use unix groups for auth?

Here are my configs..

/etc/group
-
wheel:x:10:root,glynnk

RPMS INSTALLED
-
[r...@iskunxbldp01 var]# rpm -qa |grep samba
samba-common-3.5.6-1
samba-client-3.5.6-1
samba-3.5.6-1

SMB.CONF
-
# Global parameters
[global]
workgroup = VIRGIN
server string = Samba %v on (%h)
security = ADS
netbios name = ISKUNXBLDP01
realm = VIRGINBLUE.INTERNAL
encrypt passwords = Yes
password server = iskdc01
machine password timeout = 0
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
printing = lprng
interfaces = eth0
local master = no

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0774
directory mask = 0775
browseable = No

[test_share]
path = /usr/local/test_share
valid users = +wheel
read only = No
create mask = 0774
directory mask = 0775

KRB5.CONF
-
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = VIRGINBLUE.INTERNAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
VIRGINBLUE.INTERNAL = {
   admin_server = iskdc01.virginblue.internal:464
   admin_server = ldrwdc03.virginblue.internal:464
   admin_server = iskdc02.virginblue.internal:464
   admin_server = ldrwdc04.virginblue.internal:464
   default_domain = virginblue.internal
   kdc = iskdc01.virginblue.internal:88
   kdc = ldrwdc03.virginblue.internal:88
   kdc = iskdc02.virginblue.internal:88
   kdc = ldrwdc04.virginblue.internal:88
}

[domain_realm]
.virginblue.internal = VIRGINBLUE.INTERNAL
virginblue.internal = VIRGINBLUE.INTERNAL

[appdefaults]
pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
}

nsswitch.conf
-
passwd: files winbind
shadow: files winbind
group:  files winbind


 




The content of this e-mail, including any attachments, is a confidential 
communication between Virgin Blue, Pacific Blue or a related entity (or the 
sender if this email is a private communication) and the intended addressee and 
is for the sole use of that intended addressee. If you are not the intended 
addressee, any use, interference with, disclosure or copying of this material 
is unauthorized and prohibited. If you have received this e-mail in error 
please contact the sender immediately and then delete the message and any 
attachment(s). There is no warranty that this email is error, virus or defect 
free. This email is also subject to copyright. No part of it should be 
reproduced, adapted or communicated without the written consent of the 
copyright owner. If this is a private communication it does not represent the 
views of Virgin Blue, Pacific Blue or their related entities. Please be aware 
that the contents of any emails sent to or from Virgin Blue, Pacific Blue or 
their 
 related entities may be periodically monitored and reviewed. Virgin Blue, 
Pacific Blue and their related entities respect your privacy. Our privacy 
policy can be accessed from our website: www.virginblue.com.au
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] After host name change: Failed to add user ... with error: The account's primary group is invalid

[Holger Rauch]

Hi,

I've got Samba 3.5.6 (SerNet .deb packages) running as a standalone
file server on Debian Lenny. User information is stored in LDAP via
ldapsam:editposix. I had to change both the host name and the workgroup
name as I had to move the host to a new internal subnet.

I noticed that a new sambaDomainName entry was created (containing a new
sambaSID). Unfortunately, the Administrator user still contains both the old
sambaSID and the old sambaPrimaryGroupSID and thus does not have any rights.
I tried to perform the following steps:

net -U Administrator%myadminpass -I localhost rpc user add myuser

and got the error message mentioned in the subject line. Consequently, the
other steps failed:

net -U Administrator%myadminpass -I localhost sam createdomaingroup grmyuser
net -U Administrator%myadminpass -I localhost sam addmem grmyuser myuser

Even after I changed the relevant part of both the sambaSID and the
sambaPrimaryGroupSID in my LDAP DIT and restarting the Samba daemons smbd
and nmbd, I still get the error message mentioned error.

What else do I have to in addition to that (I want to avoid having to
recreate all my Samba accounts (starting from scratch) by running "net sam
provision"? Is there any way to get around this and reuse the already
existing configuration by making a few adjustments? 

What's the correct procedure to get the Administrator account working again
after a host name/workgroup name change so that I can continue to add more
users?

Thanks in advance for any hints & kind regards,

   Holger


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 problem accessing domain member samba serve r on different subnet

[d]

I actually uninstalled all the live components when I first set up
this machine, and the Windows 2008 servers never had the live
components installed.

Reading the thread you posted made this seem like the solution to my
problem. But there are no live components installed anywhere!

I have turned up debugging on the samba server and noticed this when I
try and access samba using the netbios name:

reply_spnego_negotiate: network misconfiguration, client sent us a
krb5 ticket and kerberos security not enablederror packet at
smbd/sesssetup.c(719) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE

The session setup seems to stop after this log. When I access samba by
IP address, the session seems to be set up okay.

And this only applies to servers on a different subnet from my
workstation. Samba servers on the same subnet work fine by both
netbios name and ip address.

I might have to try kerberizing one samba server for testing purposes.

Thanks,

Dan


On Thu, Dec 2, 2010 at 12:31 AM, Hoover, Tony  wrote:
> We recently ran into a similar issue.  If you have any microsoft "Live"
> components installed on your 7 box, samba servers must be contacted by
> numeric IP address rather than netbios (or even IP mnemonic) name.
>
> http://www.sevenforums.com/network-sharing/8303-cant-connect-samba-share-via
> -name-ip-works.html
>
>
>
>
> --
> Tony Hoover, Network Administrator
> KSU - Salina, College of Technology and Aviation
> (785) 826-2660
>
> "Don't Blend in..."
> --
>
> -Original Message-
> From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
> On Behalf Of d
> Sent: Tuesday, November 30, 2010 11:22 PM
> To: samba@lists.samba.org
> Subject: [Samba] Windows 7 problem accessing domain member samba server on
> different subnet
>
> Hi All,
>
> I have a problem accessing Samba 3.0.33 on some CentOS 5 machines on a
> different subnet from a Windows 7 computer.
>
> All servers and computers are joined to a Windows 2003 AD domain.
>
> I have identical samba machines on two subnets (CentOS/samba 3.0.33).
> The samba machines on the same subnet as my Win 7 computer are accessible
> both by the netbios name and ip address.
>
> The samba machines on another subnet are only accessible by IP address. If I
> attempt to access these samba servers using their netbios name, I get
> prompted for a password.
>
> This configuration has worked for some time, and all CentOS/samba machines
> are accessible by Windows XP and 2003 using the netbios name.
>
> I believe Windows 2008 servers have the same issues as Windows 7.
> Access can only be made by IP address and not netbios name.
>
> Is this a known issue, or something specific to my environment? I have been
> googling this for some time and I cannot find any issue identical to this.
>
> Some additional info:
>
> security = domain
> client use spnego = no
> encrypt passwords = yes
> ntlm auth = yes
> lanman auth = yes
> client ntlmv2 auth = yes
> remote browse sync = 10.0.0.255 10.0.0.0 remote announce = 10.0.0.255
> 10.0.0.0 local master = no wins server = ip of ad wins server
>
>  - Not using winbind but nss_ldap and AD schema extension to support POSIX
> attributes.
>  - There are no packet filters between subnets.
>  - The router is configured to dish out IPv6 addresses, and the Windows 7
> machine has an IPv6 address, as do all the samba/centos machines. However,
> the samba/centos machines don't have any  records, and samba 3.0 does
> not support IPv6.
>
> I'm fairly stumped. Any tips?
>
> Regards,
>
> Dan
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 2000 vs SAMBA 4

[Andrew Bartlett]

On Mon, 2010-11-29 at 12:36 +0100, Rafa Toucedo wrote:
> Hi all, is my first posting to the list, first of all thank the people of
> the project samba version 4 since it works very well with great power and
> stability.
> 
> My scenario is as follows. I have an older server running Windows 2000
> server with SP4, and a modern 4 working perfectly as SAMBA PDC. My goal is
> to pass the users, computers and security policies of Windows 2000 to
> SAMBA4. Is this possible? I have understood you have to do a "DCPROMO" in
> SAMBA can it be? thank you very much in advance.

We are working to enable support for Windows 2000 DCs as a target for a
'samba-tool join' (which will then do what our previous 'vampire' tool
did, and make Samba an additional DC in that domain). 

Some fixes for this were made yesterday, but we know that some other
issues remain.  Our automated testing infrastructure is being extended
to support this, and so we should be able to reliably handle this in the
near future. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Cisco Inc.


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Help with Samba4 running logon script

[Mark Sheppard]

Hi!

I am currently testing a Samba4 Alpha13 server with Windows Vista SPK2 
and I am not able
to run logon scripts. I am able to use both profiles and map Home 
folders without any
problems. I do not see any DOS window opening with the script running 
and I have tested
running this as both a user and administrator by hand by just clicking 
on the script .bat file
which runs just fine. Therefore, there appears to be no permissions 
problem when you run it.
I did also try inserting a net use command in the .bat just in case it 
was really working but
I don't see any mapped drive either. Maybe this is a problem with Vista 
and I need to change
a setting there? If you have any suggestions on what to check I would 
greatly appreciate it. Thanks.


Mark Sheppard

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Printer Driver Delivery - Printing Preferences Error

[Hoover, Tony]

The Xerox Work Centre print drivers do a LOT of server registry stuff
(during the print process).  I could never get them to function reliably on
a samba server.  However, using either the "HP universal drivers" for PCL
output or the CUPS driver for Postscript output, I was able to make the
Xerox print reliably. 

The coin-mech attached to the printer, however, could not be configured to
meet the requirements set by the department, so we no longer have a Xerox
Work Centre on campus.


--
Tony Hoover, Network Administrator
KSU - Salina, College of Technology and Aviation
(785) 826-2660

"Don't Blend in..."
--
 
-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Beau Sapach
Sent: Wednesday, December 01, 2010 2:40 PM
To: samba@lists.samba.org
Subject: [Samba] Printer Driver Delivery - Printing Preferences Error

Hello everyone,

I've got a Xerox Work Centre 5735 that I'm printing to via Samba.  When I
install the drivers on a client (using the right-click-Connect method) from
the samba shared printer then the install goes smoothly but I can't load the
Printing Preferences dialogue for that printer, I get an "Operation could
not be completed" error.  This same error does not occur when I install the
same printer on the same workstation - but this time from a Windows 2003
server instead of the Samba server.  Even when I have both the samba and
Windows Server 2003 printers side-by-side this problem exists for one but
not the other.

Upon further investigation I see that there are sub keys of:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan
Print Services\w2k3server\Printers\XeroxWorkCentre5735PS

Namely: PnPData, PrinterDriverData, PrintProcCacheData,

And these keys don't exist under the equivalent
\sambaserver\Printers\XeroxWorkCentre5735PS key.

I've tried merging the missing keys (and missing values from DsSpooler &
PrinterDriverData) from one to the other but the extra keys are blown away
as soon as I do anything with the samba server's printer.

Since the Xerox Printing Preferences dialogue looks pretty custom, I suspect
that there are classes, controls etc. that are registered by a Windows ->
Windows driver delivery that don't get done with a Samba -> Windows
delivery.  If anyone has any advice, a work around etc. any help would be
much appreciated.  Thanks!

Beau


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Printer Driver Delivery - Printing Preferences Error

[Beau Sapach]

Hello everyone,

I've got a Xerox Work Centre 5735 that I'm printing to via Samba.  When I 
install the drivers on a client (using the right-click-Connect method) from the 
samba shared printer then the install goes smoothly but I can't load the 
Printing Preferences dialogue for that printer, I get an "Operation could not 
be completed" error.  This same error does not occur when I install the same 
printer on the same workstation - but this time from a Windows 2003 server 
instead of the Samba server.  Even when I have both the samba and Windows 
Server 2003 printers side-by-side this problem exists for one but not the other.

Upon further investigation I see that there are sub keys of:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print 
Services\w2k3server\Printers\XeroxWorkCentre5735PS

Namely: PnPData, PrinterDriverData, PrintProcCacheData,

And these keys don't exist under the equivalent 
\sambaserver\Printers\XeroxWorkCentre5735PS key.

I've tried merging the missing keys (and missing values from DsSpooler & 
PrinterDriverData) from one to the other but the extra keys are blown away as 
soon as I do anything with the samba server's printer.

Since the Xerox Printing Preferences dialogue looks pretty custom, I suspect 
that there are classes, controls etc. that are registered by a Windows -> 
Windows driver delivery that don't get done with a Samba -> Windows delivery.  
If anyone has any advice, a work around etc. any help would be much 
appreciated.  Thanks!

Beau


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [Solved] Re: networking problem/Domain not available

[Joshua J. Kugler]

On Monday 29 November 2010, Robert S elucidated thus:
> On Monday, November 29, 2010 09:02:32 am Allen Chen wrote:
> > Did you power off and power on the other 2 old switches?
> >
> > Alllen
>
> Well, it appears Allen had the right solution, and I would have
> stumbled on it by accident. Over the holiday, we had a squirrel
> commit suicide on a transformer so everything got powered off and
> later back on. When I changed the cabling today to do the tests
> suggested by others, it worked! Thanks to all who tried to help me.

So, ARP cache problem?

j

-- 
Joshua Kugler
Part-Time System Admin/Programmer
http://www.eeinternet.com - Fairbanks, AK
PGP Key: http://pgp.mit.edu/  ID 0x73B13B6A
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How to backup/restore printer settings?

[Ryan Suarez]

Look at the tdbbackup utility included with samba.  Although, I had an 
incident once (corrupt tdbs) and restoring from this didn't work for me.


I've got a dedicated print server.  Finally resorted to stopping samba 
in the middle of the night (when no-one is using it) and backing-up the 
entire instance, to ensure a good clean backup.


tdb information is listed here:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/install.html#tdbdocs

On 10-11-29 05:54 PM, Rob Moser wrote:

Hello All,

We have a problem with our samba-based print server (a redhat EL
machine, running samba 3.2.8) occasionally getting corrupt
ntprinters.tdb files.  To combat it, I've been keeping nightly backups
of the file, and restoring the latest whenever it crashes.  This
_almost_ works.  When I restore the file, some of the printer settings -
such as which driver it is using - seem to restore fine.  But some
others - such as Printer Status Notification, to pick one at random from
the Device Settings tab - seem to reset to default values.

Are these settings stored in a different database?  When I make changes
to them through the Windows interface, the timestamp on the
ntprinters.tdb file changes, and not much else (other than files I'd
expect to change regularly anyways.)  Is there a way to save and restore
the printer settings (in some usefully programmatic way for a whole
bunch of printers, rather than manually wading through a bunch of clicky
windows re-doing them all one-by-one...)

Thanks for any assistance,

 - rob.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Getting no ticket cache from pam_winbind

[Assarsson, Emil]

Hi again,

According to the man files it should work but I don't even getting close to 
solving this issue :-/
I have maxed out logging but nothing seems to have anything to do with this.
I have tried to run "strace su - username" and on winbindd process and I can't 
see anything that even tries to write a krb5cc.

What part of the system should create to cc files?
Can anyone please give me a hint how I can trace this problem?


BR
Emil Assarsson


-Original Message-
From: Assarsson, Emil 
Sent: måndag den 29 november 2010 16:13
To: samba@lists.samba.org
Subject: Getting no ticket cache from pam_winbind

Hi all,

I'm trying to get pam_winbind to create ticket cache on login if the AD is 
available.

Please note that this is an Ubuntu Lucid system.

When trace this with wireshark it receives a TGT ticket for the user.
The current solution is to use pam_krb5 before attempting winbind. That gives 
me a ticket cache. 
The main problem is that if the user enters the wrong password it does two 
login attempts with 
the same credentials (or I have to do a messy config in pam).

- /etc/pam.d/common-auth -
# here are the per-package modules (the "Primary" block)
auth[success=2 default=ignore]  pam_unix.so nullok_secure
auth[success=1 default=ignore]  pam_winbind.so krb5_auth 
krb5_ccache_type=FILE cached_login try_first_pass
# here's the fallback if no module succeeds
authrequisite   pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
authrequiredpam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
auth[default=done]  pam_afs_session.so
--


Best regards

Emil Assarsson
Sony Ericsson Mobile Communications AB

"The information in this email, and attachment(s) thereto, is strictly 
confidential and may be legally privileged. It is intended solely for the named 
recipient(s), and access to this e-mail, or any attachment(s) thereto, by 
anyone else is unauthorized. Violations hereof may result in legal actions. Any 
attachment(s) to this e-mail has been checked for viruses, but please rely on 
your own virus-checker and procedures. If you contact us by e-mail, we will 
store your name and address to facilitate communications in the matter 
concerned. If you do not consent to us storing your name and address for above 
stated purpose, please notify the sender promptly. Also, if you are not the 
intended recipient please inform the sender by replying to this transmission, 
and delete the e-mail, its attachment(s), and any copies of it without, 
disclosing it."


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Permissions problem

[Bruno MACADRE]

Permissions for the share are the same in 3.3.0 and 3.5.6, like this :

drwxrwx--- 21 root info4096 2009-01-17 08:38 partinfo

thx,

Le 01/12/2010 12:14, George Mamalakis a écrit :

On 01/12/2010 11:38, Bruno MACADRE wrote:

Hello all,

I've got an old server running SAMBA 3.3.0. I've some shares on it.
All shares looks like this :

[partinfo]
path=/shares/partinfo
valid users = +info
force user = %U
force group = info
read only = No
create mask = 0660
directory mask = 0770

All works perfectly : When I create a file on this share other users
in the info group can modify it but nobody can delete it (exactly that
i want).

But, it's time to change our server and to put a newer version of
SAMBA (3.5.6). On the new server, the behaviour is totaly different
(with the same smb.conf file) : When I create a new file, other users
n the group info can modify it AND delete it (exactly that i don't
want) !!!

Worst ! When I put in this share (localy in root) a file like this :
# echo "Test" >/shares/partinfo/testfile
# chown root.root /shares/partinfo/testfile
# chmod 600 /shares/partinfo/testfile

When I return to my share (like above) with my user (not admin user) I
can delete the file 'testfile' without any problem !!!

I think this behaviour is not the 'normal' behaviour. What can I've
missed ? Does anyone have any tips ?

Regards,
Bruno.



Please, show as the /shares/partinfo permissions (which is responsible
for reading/writing content into it).

Thanx,

mamalos




--

Bruno MACADRE
---
 Ingénieur Systèmes et Réseau | Systems and Network Engineer
 Département Informatique | Department of computer science
 Responsable Réseau et Téléphonie | Telecom and Network Manager
 Université de Rouen  | University of Rouen
---
Coordonnées / Contact :
Université de Rouen
Faculté des Sciences et Techniques - Madrillet
Avenue de l'Université - BP12
76801 St Etienne du Rouvray CEDEX
FRANCE

Tél : +33 (0)2-32-95-51-86
Fax : +33 (0)2-32-95-51-87
---

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 problem accessing domain member samba serve r on different subnet

[Hoover, Tony]

We recently ran into a similar issue.  If you have any microsoft "Live"
components installed on your 7 box, samba servers must be contacted by
numeric IP address rather than netbios (or even IP mnemonic) name.

http://www.sevenforums.com/network-sharing/8303-cant-connect-samba-share-via
-name-ip-works.html




--
Tony Hoover, Network Administrator
KSU - Salina, College of Technology and Aviation
(785) 826-2660

"Don't Blend in..."
--
 
-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of d
Sent: Tuesday, November 30, 2010 11:22 PM
To: samba@lists.samba.org
Subject: [Samba] Windows 7 problem accessing domain member samba server on
different subnet

Hi All,

I have a problem accessing Samba 3.0.33 on some CentOS 5 machines on a
different subnet from a Windows 7 computer.

All servers and computers are joined to a Windows 2003 AD domain.

I have identical samba machines on two subnets (CentOS/samba 3.0.33).
The samba machines on the same subnet as my Win 7 computer are accessible
both by the netbios name and ip address.

The samba machines on another subnet are only accessible by IP address. If I
attempt to access these samba servers using their netbios name, I get
prompted for a password.

This configuration has worked for some time, and all CentOS/samba machines
are accessible by Windows XP and 2003 using the netbios name.

I believe Windows 2008 servers have the same issues as Windows 7.
Access can only be made by IP address and not netbios name.

Is this a known issue, or something specific to my environment? I have been
googling this for some time and I cannot find any issue identical to this.

Some additional info:

security = domain
client use spnego = no
encrypt passwords = yes
ntlm auth = yes
lanman auth = yes
client ntlmv2 auth = yes
remote browse sync = 10.0.0.255 10.0.0.0 remote announce = 10.0.0.255
10.0.0.0 local master = no wins server = ip of ad wins server

 - Not using winbind but nss_ldap and AD schema extension to support POSIX
attributes.
 - There are no packet filters between subnets.
 - The router is configured to dish out IPv6 addresses, and the Windows 7
machine has an IPv6 address, as do all the samba/centos machines. However,
the samba/centos machines don't have any  records, and samba 3.0 does
not support IPv6.

I'm fairly stumped. Any tips?

Regards,

Dan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Domain-name appended into username when "selecting users or groups"

[George Mamalakis]

Dear all,

I am facing a peculiar situation:
on my smb.conf  log level = 5, and on my windows machine I log on as a 
local administrator to add remote desktop users that are in fact domain 
users.
When my worgroup = SOMETHING, everything works fine. When I change my 
worgroup to: workgroup = example.com, and try to add a new remote 
desktop user, and set as an object name example.com\user and try to 
"check name", after a give the username and password I get the following 
error:


The following error occurred while using the user name 
(u...@example.com). and password you entered:

Logon failure: unknown user name or bad password.

Which is true, since on the samba server, on my machine log I get:
# grep -i user machine

 Got user=[u...@example.com] domain=[] workstation=[MACHINE] len1=24 
len2=24

  Mapping user []\[u...@example.com] from workstation [MACHINE]
  Mapped domain from [] to [EXAMPLE.COM] for user [u...@example.com] 
from workstation [MACHINE]

  attempting to make a user_info for u...@example.com (u...@example.com)
  making strings for u...@example.com's user_info struct
  making blobs for u...@example.com's user_info struct
  check_ntlm_password:  Checking password for unmapped user 
[]\[u...@example.com]@[MACHINE] with the new password interface
  check_ntlm_password:  mapped user is: 
[example.com]\[u...@example.com]@[MACHINE]
  smbldap_search_ext: base => [dc=ee,dc=auth,dc=gr], filter => 
[(&(uid=u...@example.com)(objectclass=sambaSamAccount))], scope => [2]

  ldapsam_getsampwnam: Unable to locate user [u...@example.com] count=0
  check_sam_security: Couldn't find user 'u...@example.com' in passdb.
  check_ntlm_password: sam authentication for user [u...@example.com] 
FAILED with error NT_STATUS_NO_SUCH_USER
  check_ntlm_password:  Authentication for user [u...@example.com] -> 
[u...@example.com] FAILED with error NT_STATUS_NO_SUCH_USER


which shows that domain=[] (it's empty), whereas in the normal case it 
should be: domain=[EXAMPLE.COM] (which is the case when I "simple login" 
from my client hosts).


To sum things up (and clarify them a bit):
- when workgroup = SOMETHING, login on to domain as well as "Select 
Users or Group" works like a charm.
- when workgroup = example.com, login on to domain works fine, "Select 
Users or Group" fails due to the aforementioned reason.


my server is a fbsd box (64bit):
# uname -a
FreeBSD filesrv.example.com 8.1-STABLE FreeBSD 8.1-STABLE #1: Mon Sep 20 
13:33:27 EEST 2010 
r...@filesrv.example.com:/usr/obj/usr/src/sys/FILESRV  amd64


and samba is installed from ports (version 3.4.9). Samba's backend is 
ldap, and both smb.conf's are *exactly* the same. The only difference is 
the workgroup directive (and the relevant directives in the 
smbldap-utils configuration file, which shouldn't make any difference).


I would be delighted if anyone could direct me to the right path.
I have not included my smb.conf files; if needed I will attach them "on 
demand" :) .


Thank you all for your time in advance,

mamalos

--
George Mamalakis

IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)

Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki

phone number : +30 (2310) 994379

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Permissions problem

[George Mamalakis]

On 01/12/2010 11:38, Bruno MACADRE wrote:

Hello all,

I've got an old server running SAMBA 3.3.0. I've some shares on 
it. All shares looks like this :


[partinfo]
path=/shares/partinfo
valid users = +info
force user = %U
force group = info
read only = No
create mask = 0660
directory mask = 0770

All works perfectly : When I create a file on this share other users 
in the info group can modify it but nobody can delete it (exactly that 
i want).


But, it's time to change our server and to put a newer version of 
SAMBA (3.5.6). On the new server, the behaviour is totaly different 
(with the same smb.conf file) : When I create a new file, other users 
n the group info can modify it AND delete it (exactly that i don't 
want) !!!


Worst ! When I put in this share (localy in root) a file like this :
# echo "Test" >/shares/partinfo/testfile
# chown root.root /shares/partinfo/testfile
# chmod 600 /shares/partinfo/testfile

When I return to my share (like above) with my user (not admin user) I 
can delete the file 'testfile' without any problem !!!


I think this behaviour is not the 'normal' behaviour. What can I've 
missed ? Does anyone have any tips ?


Regards,
Bruno.


Please, show as the /shares/partinfo permissions (which is responsible 
for reading/writing content into it).


Thanx,

mamalos

--
George Mamalakis

IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)

Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki

phone number : +30 (2310) 994379

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] kerberos @ samba4 DC

[Rafa Toucedo]

Hello, when I try to put my SAMBA4 as DC from a domain controller in windows
2000

/usr/local/samba # bin/samba-tool join (WINDOWS 2000 DOMAIN). DC
-U(USER)@(WINDOWS 2000 DOMAIN)%(PASSWORD) --realm=(WINDOWS 2000 DOMAIN). -d5

throws me the following error:

Failed to get CCACHE for GSSAPI client: KDC has no support for encryption
type
Aquiring initiator credentials failed: kinit for admco...@domd4086 failed
(KDC has no support for encryption type: KDC has no support for encryption
type)
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL


My krb5.conf is as follows:

[libdefaults]
default_realm = (WINDOWS 2000 DOMAIN)
dns_lookup_realm = true
dns_lookup_kdc = true
clockskew = 300
default_keytab_name  = FILE:/home/pilote/rafa.keytab
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc

[realms]
(WINDOWS 2000 DOMAIN) = {
kdc = (HOSTNAME).(WINDOWS 2000 DOMAIN):88
}

[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON

[appdefaults]
pam = {
debug = false
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
krb4_convert = false
proxiable = false
minimum_uid = 1
external = sshd
use_shmem = sshd
}


I'm desperate!
-- 
P Antes de imprimir este e-mail, piense si es necesario hacerlo. El medio
ambiente es cosa de todos.
Think twice before printing this e-mail. Environmental protection is in our
hands.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Files in samba share cannot be deleted after copying failed.

[Volker Lendecke]

On Tue, Nov 30, 2010 at 11:01:13AM +0100, Volker Lendecke wrote:
> Sure, that would be a possible reason. But something looks
> not right in your setup. After a failover, locking.tdb
> should be empty. When smbd is started on node2 after the
> failover is done, it will open the locking.tdb file with
> CLEAR_IF_FIRST. This means, all entries which are by
> definition empty are wiped out. Alternatively, if you are
> running ctdb, then smbd should have either been able to send
> the kill message to the other node, or the code should have
> discovered that process 12924 is not around anymore and it
> should have removed the conflicting entry from the
> locking.tdb entry.

Can you give a few more details about your setup? Do you
have ctdb running? Do you have "clustering=yes" set in your
smb.conf?

Thanks,

Volker Lendecke

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Permissions problem

[Bruno MACADRE]

Hello all,

	I've got an old server running SAMBA 3.3.0. I've some shares on it. All 
shares looks like this :


[partinfo]
path=/shares/partinfo
valid users = +info
force user = %U
force group = info
read only = No
create mask = 0660
directory mask = 0770

All works perfectly : When I create a file on this share other users in 
the info group can modify it but nobody can delete it (exactly that i want).


But, it's time to change our server and to put a newer version of SAMBA 
(3.5.6). On the new server, the behaviour is totaly different (with the 
same smb.conf file) : When I create a new file, other users n the group 
info can modify it AND delete it (exactly that i don't want) !!!


Worst ! When I put in this share (localy in root) a file like this :
# echo "Test" >/shares/partinfo/testfile
# chown root.root /shares/partinfo/testfile
# chmod 600 /shares/partinfo/testfile

When I return to my share (like above) with my user (not admin user) I 
can delete the file 'testfile' without any problem !!!


I think this behaviour is not the 'normal' behaviour. What can I've 
missed ? Does anyone have any tips ?


Regards,
Bruno.


--

Bruno MACADRE
---
 Ingénieur Systèmes et Réseau | Systems and Network Engineer
 Département Informatique | Department of computer science
 Responsable Réseau et Téléphonie | Telecom and Network Manager
 Université de Rouen  | University of Rouen
---
Coordonnées / Contact :
Université de Rouen
Faculté des Sciences et Techniques - Madrillet
Avenue de l'Université - BP12
76801 St Etienne du Rouvray CEDEX
FRANCE

Tél : +33 (0)2-32-95-51-86
Fax : +33 (0)2-32-95-51-87
---

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] oplocks failed if user is not the owner of the file?

[Georg Weickelt]

Maybe, my last question was to short, but I would like to clear this:

Some users are faster than other users, I think because of caching the files on 
the client.

I have some identical windows 7 clients. All connected to Samba 
3.5.6-4.1-2450-SUSE-SL11.2-x86_64
Samba is acting as a domain-master.
This is a part of smb.conf:

[global]
 workgroup = Firma
 map to guest = Bad User
 passdb backend = tdbsam:/etc/samba/passdb.tdb
 time server = Yes
 socket options = TCP_NODELAY  IPTOS_LOWDELAY
 printcap name = cups
 add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false 
-M %u
 logon script = netlogon.cmd
 logon path = \\%L\profiles\.msprofile
 logon drive = h:
 logon home = \\%L\%U\.9xprofile
 domain logons = Yes
 os level = 65
 preferred master = Yes
 domain master = Yes
 wins support = Yes
 ldap ssl = no
 cups options = raw

[public]
 comment = Datenverzeichnis
 path = /daten/public
 read only = No
 create mask = 0770
 directory mask = 0770


If they  the owner of the files, smbstatus shows me:
Pid  UidDenyMode   Access  R/WOplock   
SharePath   Name   Time
149551000   DENY_NONE  0x2019f RDWR   EXCLUSIVE+BATCH  
/daten/public   CARD80/DHD-ORT2/ProData/DOM00105.MDX   Wed Dec  1 10:09:02 2010

If the don't own the file:
Pid  UidDenyMode   Access  R/WOplock   
SharePath   Name   Time
5582 1002   DENY_NONE  0x2019f RDWR   NONE 
/daten/public   CARD80/DHD-ORT2/ProData/DOM00105.MDX   Wed Dec  1 10:12:06 2010

It means on my opinion, for file-owners the file get cached- and for others not.
What is the reason for this? And how can I change this?

The path /daten/public is located on a ext3 filesystem, mounted with 
acl,user_xattr

Thanks in advance

Georg Weickelt
___
WEB.DE DSL Doppel-Flat ab 19,99 €/mtl.! Jetzt auch mit 
gratis Notebook-Flat! http://produkte.web.de/go/DSL_Doppel_Flatrate/2
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] ACLs, NT_STATUS_ACCESS_DENIED, etc.

[Ken D'Ambrosio]

Hey, all.  I've got some irksome issues, and would love it if someone
could show me where I'm going wrong.

First and foremost, I can access the folders, create new ones, etc.  But
copying stuff from an existing Windows share (with ACLs), not so much. 
Likewise when I try to assign permissions.  I wind up with stuff like


[2010/12/01 02:56:34,  0] libsmb/ntlmssp_sign.c:208(ntlmssp_check_packet)
  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2010/12/01 02:56:34,  0] rpc_server/srv_pipe_hnd.c:395(process_request_pdu)
  process_request_pdu: failed to do auth processing.
[2010/12/01 02:56:34,  0] rpc_server/srv_pipe_hnd.c:396(process_request_pdu)
  process_request_pdu: error was NT_STATUS_ACCESS_DENIED.

Googling this stuff has been to pretty much no avail.  I'm running Ubuntu
10.04's Samba, v. 3.4.7~dfsg-1ubuntu3.2.  (I did try upgrading to 10.10's
Samba -- same problems, different errors.  Downgraded.)

Here's my smb.conf (I apologize for its messiness; t-shooting does that):


[global]
workgroup = SEGWAY
realm = SEGWAY.LOCAL
netbios name = bed_fs1
server string = %h server (Samba %v, Ubuntu)
security = ADS
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
domain master = No
dns proxy = No
usershare allow guests = Yes
allow trusted domains = yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 1000-2
idmap gid = 1000-2
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes

#[homes]
#comment = Home Directories
#browseable = yes
#valid users = %S
#writable = yes


[man_fs2]
path = /servers/man_fs2
valid users = @"SEGWAY+Domain Admins" , @"SEGWAY+Domain Users" ,
@"SEGWAY+Segway Team"
admin users = @"SEGWAY+Domain Admins" , root
write list = @"SEGWAY+Segway Team" , @"SEGWAY+Domain Admins" ,
@"SEGWAY+Domain Users"
directory mask = 0700
create mode = 0700
force create mode = 0700
force directory mode = 0700
read only = no
writeable = yes
available = yes
browseable = yes
public = yes
guest ok = yes
nt acl support = yes
#map archive = No
#map hidden = No
#map system = No
#map readonly = No


Thanks kindly!


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba