Re: [Samba] locking limit errors with Peachtree
Jeremy Allison wrote: On Thu, Feb 17, 2005 at 03:40:26PM -0600, Andrew Gaffney wrote: In the samba domain I admin, one of the computers runs the Peachtree accounting software. Today, McAfee antivirus was installed on that box (not my doing) and now Peachtree keeps giving Locking table limit reached errors. Is this an error from samba, Windows, or Peachtree? Is there a limit to the number of file locks samba can grant at one time? What version of Samba, what server OS platform. A little more info would help. Samba 3.0.7 running on Linux with a 2.4 kernel. Samba is acting as a PDC for a NT-style domain (non-AD). smb.conf for that share is: [skylinef] path = /share/skylinef valid users = @accounting,rgetter read only = No create mask = 0777 directory mask = 0777 Nothing in the global section is relevant (all domain related). The Windows box is running XP Pro SP2. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] locking limit errors with Peachtree
In the samba domain I admin, one of the computers runs the Peachtree accounting software. Today, McAfee antivirus was installed on that box (not my doing) and now Peachtree keeps giving Locking table limit reached errors. Is this an error from samba, Windows, or Peachtree? Is there a limit to the number of file locks samba can grant at one time? -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain authentication from a samba server in a samba domain
I have a box running 3.0.7 that is running my domain. I added another samba server at another location to host a few shares for that building. I successfully joined the second machine to the domain and set the 'password server' option correctly. In order to get the second machine to give me anything other than NT_STATUS_LOGIN_FAILURE, I have to create a dummy UNIX account for the domain user and 'smbpasswd -a' it. After this, it will use domain authentication correctly for that user only. I know it is doing domain auth because I set the password with 'smbpasswd -a' to something different than the domain password. The domain password works and the local one doesn't. While this is a workaround, I don't want to have to add dummy UNIX accounts on the 2nd machine for every domain user that should have access to this particular share. How can I set this up so I don't have to do that? I don't really care about the permissions on the share (multiple domain users accessing as the same UNIX user is okay). -- Andrew Gaffney Gentoo Linux Developer Installer Project -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] forcing filenames to lowercase
As a...courtesy...to my boss, I make our web server's htdocs directory available to him via a samba share in our domain. As much as I tell him otherwise, he continues to create files with spaces in the name (that's another issue) and files that are similar to Some Random Pic.JPG and it annoys the hell out of me. What I want to do is force the filenames to lowercase on the Samba side. This server runs multiple shares (most of the others contain Word, Excel, Access, etc. files that I don't care about the naming of), so I'd like to restrict it to just this one share. How can I do this? BTW, this is samba 3.0.7. -- Andrew Gaffney Gentoo Linux Developer Installer Project -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] using samba through a VPN
Adam Tauno Williams wrote: The thing to use is a DHCP server that also provides clients with the IP address of the PDC through the netbios-name-servers option in the ISC DHCP server. Yep, whether this is DHCP or not depends on your VPN technology of choise, but you need to get that information (WINS server) down to the client. Also best to set the clients node type to be WINS only and not use broadcast, but that is always true. How do I do tell the workstations not to broadcast? -- Andrew Gaffney Gentoo Linux Developer Installer Project -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] using samba through a VPN
I already have an existing network that is managed by a samba PDC. In the next few days, I will be linking another small LAN to the existing one over the internet using openvpn. I've been told that samba (through no fault of its own) doesn't work very well through a VPN. For the new network, there will be a box with 2 NICs: one for the internet and one for the LAN. This box will use openvpn and iptables to allow the entire LAN direct access to the PDC (which provides other services also) through the VPN tunnel. I want the workstations in the new network to be able to logon to the domain and access the file shares hosted by the samba PDC in the first network. Will I be able to do this? Easily? :) -- Andrew Gaffney Gentoo Linux Developer Installer Project -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] using samba through a VPN
Shawn Henderson wrote: I am running a similiar setup. I have a main office running a T1 with a linux firewall and a samba pdc/dhcp server behind it. On my satelite office Im running a dsl connection with a dlink router with a samba pdc/firewall/dhcp server behind it. (I never trust those little dsl routers). I am using openvpn for this. I set the main pdc accross the T1 as a wins server and point the satelite office to it.. I am able to browse both networks and share files with no problem. The usernames and passwords are the same with both servers and I can use cygwin and ultra vnc to remotely manage by computer name . I would worry about speed if you gonna authenticate across the vpn. Especially if you plan on using roaming profiles.. This is generally the same answer I've been getting. I'm glad to know that the person I originally talked to (before posting) was wrong :) Thanks to everyone who responsed on- and off-list. -- Andrew Gaffney Gentoo Linux Developer Installer Project -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] machine accounts not found with 3.0.8
Last night, I upgraded from 3.0.7 to 3.0.8. This morning, I got the call that most (not all) of the machine couldn't logon to the domain. This was in the logs for those workstations that couldn't login: [2004/11/12 07:04:02, 0, pid=3088, effective(65534, 65534), real(65534, 0)] rpc_server/srv_netlog_nt.c:get_md4pw(244) get_md4pw: Workstation SKYLINE-MIKEG$: no account in domain I stopped smbd, downgraded to 3.0.7, and started it back up, and all of the workstations were immediately able to log back in. There were no changes to my secrets.tdb, smbpasswd, /etc/passwd, or /etc/shadow. Does anyone have any idea why this happened? -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer name changed in samba 3.0.7
Cavanaugh, Mike F wrote: We have a strange problem when using samba 3.0.7 where a printer's name is changed to the name of the printer driver. We use samba to share out printers from a fedora core 1 system. On a windows client they initially show up accurately. When adding the windows driver from a windows client for a new shared printer the driver files get transferred just fine. However, the printer name in the Printer and Faxes folder suddenly gets changed to the name of the printer driver just uploaded after clicking the final OK in the windows dialog box. The name can be changed back to its original name and the printer works fine and the properties can be set. This did not happen in previous versions of samba. Would anyone know the cause of this? This isn't just a 3.0.7 thing. I noticed the same thing last night with 3.0.6 when adding print drivers to the samba PDC from an XP box. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] printer giving Access Denied
I have 2 printer queues setup on my samba 3.0.6 NT4-style PDC. About a month ago, one of them stopped working due to an issue with CUPS. After restarting CUPS, printing to that share was giving Access Denied. From a windows box, I was able to add drivers and set default print settings as a domain administrator but I still couldn't print. I created a new printer share pointing at the same CUPS printer with the same configuration and the new one worked. In my smb.conf snippet below, the non-working printer share had the same settings as 'jetdirect' but with the printer of 'minimike'. 'jetdirect' has never given me a problem and 'minimike' worked from the moment I created the share. The current 'minimike' settings are scaled down from what it was when I first created it. Can anyone think of a reason why this would happen? [jetdirect] printer = jetdirect comment = Hallway printer printable = yes writeable = yes public = yes printer admin = @domainadmins guest ok = yes [minimike] printer = hp4200 printable = yes read only = no printer admin = @domainadmins -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Avoiding the desktop.ini notepad popup on startup, and other hidden files.
Samuel Partida wrote: Hi there, we had some problems with that issue, i know it is covered and i solved it with veto file = /*ktop.ini/ etc... But now i'm thinking about it again, it's because Windows XP saves some metainformation in some hidden files, one of them is desktop.ini, which is very annoying because notepad is opened on every user session, but, there is another file, thumbs.db, it becomes visible on remote shares and roaming profiles. The following line is from one of the emails from the thread the other day regarding this. I don't recall anyone saying to use 'veto file'. hide files = /desktop.ini/ntuser.ini/NTUSER.*/ -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] (no subject)
Proteus (Anton) wrote: How long am I still going to wait to be unsubscribed? I've been trying for at least 3 months now! If, as I suspect your server is running on Linux, I start getting a bad feeling about either the OS or your professionalism Did you follow the directions at the bottom of every email posted to this list? Go to http://lists.samba.org/mailman/listinfo/samba, enter your subscribed email address in the text box at the bottom of the page and hit the button. Click the 'Unsubscribe' button on the next page. Reply to the email that is sent to you. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] best settings for share with databases
I have a Slackware box set up with Samba 2.2.4. One of the shares holds a bunch of .DAT database (I don't know what kind) files that are used by multiple users at once with the PCLaw application, and we've been experiencing some minor corruption. What are the ideal settings for a share with databases like this? Also, if a newer version handles this kind of thing better, I have no problem with upgrading to a 3.0.x version. Thanks for any help. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XP Pro is fast and XP Home is slow
I run a small network with 3 computers: 2 XP Home, 1 XP Pro. All 3 run a program called PCLaw that access a bunch of different databases on a Slackware server running Samba. I was running Samba 2.2.4 earlier I just upgraded to 3.0.4. Even with the upgrade, the XP Pro machine is nice and fast when accessing and manipulating the databases. Both of the XP Home machines are very, very slow. They are all on a 100base-T network hooked to the same router. They are all running the same version of the PCLaw application. Can anyone think of any ideas why the Pro box would be speedy and the Home boxes not? One of the XP Home boxes has a 2.4GHz P4 processor, so that is not the problem. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] iptables and samba
azeem ahmad wrote: hi i m using the script below - iptables -F iptables -t nat -F iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT - i have two shares on samba server Soft and linux in these shares there are many folders. whenever i run the above script and then i open the share it takes atleast 4 minutes to open the share. but it doesnt take time while browsing inside share. mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 when i double click on soft it takes atleast 4 minutes but after that when i click on adobe then acrobat then acrobat6 it takes now time it just browse them normally. same problem is with the other share named linux. but if i dont run this script then all shares work fine with no delay this problem only occures first time. mean when i browse the share next time it doesnt occur This is a complete shot in the dark. Windows 2000 (probably) and XP (definately) will look for a SMB server on port 445 first by default. Since you have '-j DROP', the requests to 445 don't get a response. It takes a little bit to timeout and then Windows probably tries to connect again. I bet if you add the following iptables rule, the problem will go away: iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] iptables and samba
Tom Skeren wrote: Andrew Gaffney wrote: azeem ahmad wrote: hi i m using the script below - iptables -F iptables -t nat -F iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT - i have two shares on samba server Soft and linux in these shares there are many folders. whenever i run the above script and then i open the share it takes atleast 4 minutes to open the share. but it doesnt take time while browsing inside share. mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 when i double click on soft it takes atleast 4 minutes but after that when i click on adobe then acrobat then acrobat6 it takes now time it just browse them normally. same problem is with the other share named linux. but if i dont run this script then all shares work fine with no delay this problem only occures first time. mean when i browse the share next time it doesnt occur This is a complete shot in the dark. Windows 2000 (probably) and XP (definately) will look for a SMB server on port 445 first by default. Since you have '-j DROP', the requests to 445 don't get a response. It takes a little bit to timeout and then Windows probably tries to connect again. I bet if you add the following iptables rule, the problem will go away: iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT If you have Samba 3.x it will share on port 445. Okay, so you can change that REJECT to ACCEPT. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Wan shares
tms3 wrote: Here's a puzzler. I know that in winblowz you can map network drive \\ip addy\share, however you cannot do this with smbfs. Yes you can. Try smbmount '\\netbios name\share' /mnt/point -o ip=IPADDR. This will contact the server via IP and then verify that that machine is 'netbios name'. OK so I create a local DNS record such that server resolves to this ip addy. Winblowz will mount that way, but smbfs won't. Oh yeah, this share is located at an IP addy at a sattelite office over the internet. Is this simply not doable? -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to get logon.bat run with Administrator rights in domain logons?
Urs Rau wrote: On win XP Pro workstations it would be so convenient if the domain logon script which is stored on the samba pdc could be made to run with Administrative (or System) privileges. I know that I can interactively run another security context by choosing run as user but how could I achieve this non-interactively and domain wide whilst a limited account is loggin in? I asked this same question on this list a while back. There is no way to interactively run a script as a higher user, otherwise virus writers could take advantage of this (as opposed to them currently taking advantage of stupid users and MS's stupid policy of making users Administrators by default). The logon.bat runs as the currently logged on user. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] Fyodor terminates SCO nmap rights -- how about Samba?
Michael Brown wrote: As you all may know Fyodor of nmap fame has terminated SCO's rights to distribute namp with its products. See: http://www.smh.com.au/articles/2004/02/27/1077676955381.html Fyodor, whose Nmap (network mapper) security scanner is extremely popular among geeks and even featured in the latest film of the Matrix series Where in Matrix: Revolutions in nmap used? I'm going to have to watch that movie a little closer. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] prevent smbclient from trying 445?
David Wuertele wrote: When I use smbclient to access an IOMEGA NAS server, smbclient tries to access port 445 for a full five minutes before timing out: [2004/02/20 17:48:24, 10] lib/gencache.c:gencache_get(262) Returning valid cache entry: key = NBT/NAS_120_1#20, value = 192.168.123.161:0, timeout = Fri Feb 20 17:53:22 2004 [2004/02/20 17:48:24, 5] libsmb/namecache.c:namecache_fetch(201) name nas_120_1#20 found. [2004/02/20 17:48:24, 3] lib/util_sock.c:open_socket_out(698) Connecting to 192.168.123.161 at port 445 [2004/02/20 17:51:38, 2] lib/util_sock.c:open_socket_out(733) error connecting to 192.168.123.161:445 (Connection timed out) Next, smbclient goes on to contact it on port 139, and all works great right away. Can I direct smbclient to not use 445? Anyone have an idea why smbclient is getting stuck in this tar pit for five minutes? From 'man smbclient': -p port This number is the TCP port number that will be used when making connections to the server. The standard (well-known) TCP port number for an SMB/CIFS server is 139, which is the default. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Pop-up messages to domain members?
I wrote a small script for doing this very thing and posted it here about a month or two back:
#!/usr/bin/perl
my $msg = shift;
open PIPE, smbstatus |;
foreach $line (PIPE) {
if($line =~ /\d+\s+(\S+)\s+\S+\s+(\S+)\s+\((.+)\)/) {
system echo '$msg' | smbclient -M $2 -I $3;
}
}
Michael Brown wrote:
I don't believe you can send a message to a whole domain using smbclient (please someone correct me if I'm wrong), I think you will have to do it one at a time, or write a script:
$ smbclient -M host
then will prompt for message
Hope this helps.
Michael Brown
On Thu, 12 Feb 2004 15:07:19 +0100
Anders Norrbring [EMAIL PROTECTED] wrote:
Is it possible to send a pop-up message to all connected Windows stations in a
whole domain via one command, or is it necessary to send one message per
command to each station? It must be a command line utility since X isn't
running on the server.
Anders Norrbring
--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Borwser Problem with VMWare on linux host
Nouqrat wrote: Hi I use VMWare on linux host (windows 2000 as guest operating system) and i have some problems to visit the google-site . can any1 help me First of all, this doesn't have *anything* to do with Samba, so it shouldn't have been posted to this list. Second, is google.com the only site you have trouble getting to? -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Accessing files with different permissions.
Alex wrote: If a folder has no read or write permissiions for group or other can it be accessed by changing the settings in smb.conf? I am getting access is denied? Even though Samba runs as root, it still obeys file permissions. You have to modify the permissions on the *NIX side before you can access it on the Windows side. -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WARNING. You tried to send a potential virus or unauthorised code
Joe Cipale wrote: TIZIE, Francois wrote: I guess this email is sent to any subscriber. As far as I am concerned, I have never sent anything, because until today I did not have any time to send responses or requests for help, etc. Please do consider the content of your email which can sometimes be ambiguous. Regards François T. SAP GLOBAL IT FRANCE SAP Internal IT Support T +33 1 55 30 23 57 (internal 2357) M +33 6 03 53 03 95 (internal 62357) F +33 1 55 30 20 33 mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: mardi 27 janvier 2004 12:40 To: [EMAIL PROTECTED] Subject: [Samba] WARNING. You tried to send a potential virus or unauthorised code The Star Internet anti-virus service, powered by MessageLabs, discovered a possible virus or unauthorised code (such as a joke program or trojan) in an email sent by you. My guess is that someone in the group is using a winblows machine (i.e. Outhouse Express) mail client. They have now become infected. The virus is accessing the address book and sending out spew-o-grams on a routine basis. If you look at the McAfee website, this virus that is making the rounds has the potential to create a 'backdoor' for hackers. Yeah, but this is one of those viruses that could be *good* to get. Note the part about the DOS attack on sco.com http://vil.nai.com/vil/content/v_100983.htm -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] weird NT error codes
Andrew Bartlett wrote: On Thu, 2004-01-22 at 16:28, Andrew Gaffney wrote: This isn't necessarily a samba problem, but its happening on my domain with a Samba PDC. Which version? 3.0.1? Thy 3.0.0 or 3.0.2 (in rc at the moment) as there were some issues that apparently causes these kind of errors in 3.0.1. It is 3.0.1 as a matter of fact. I'll try upgrading or downgrading to see if that resolves the problem. Would this also cause the problem when trying to view shares from another domain member that is a Windows box? -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] weird NT error codes
Andrew Gaffney wrote: Andrew Bartlett wrote: On Thu, 2004-01-22 at 16:28, Andrew Gaffney wrote: This isn't necessarily a samba problem, but its happening on my domain with a Samba PDC. Which version? 3.0.1? Thy 3.0.0 or 3.0.2 (in rc at the moment) as there were some issues that apparently causes these kind of errors in 3.0.1. It is 3.0.1 as a matter of fact. I'll try upgrading or downgrading to see if that resolves the problem. Would this also cause the problem when trying to view shares from another domain member that is a Windows box? Apparently that would since downgrading to 3.0.0 fixed my problem. Just curious, what caused this bug? -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] weird NT error codes
This isn't necessarily a samba problem, but its happening on my domain with a Samba PDC. I have 2 computers running XP Pro that I can only connect to intermittently. All 3 of these machines are joined to the domain and can access domain resources when logged in as a domain user through the Samba PDC. SHIPPING1 always seems to work. SHOP1 and SHOP2 are the ones that allow intermittent access. Each box always gives the same error codes. I can't access the shares on either of them from another Windows box either when its acting up. Also, both SHOP1 (not working) and SHIPPING1 (working) had a fresh install of Windows XP with all the same software and network/domain settings on the same day. Below, the user I'm using is 'root' which is in the 'Domain Admins' group, although the results are the same with any user. I have google'd on those error codes and turned up nothing. Simple file sharing is enabled on all 3 machines, also. Can anyone give me any hints? skyline root # smbclient -L shop1 Password: session setup failed: NT code 0x8feb6e2d skyline root # smbclient -L shop2 Password: session setup failed: NT code 0xd057d1fc skyline root # smbclient -L shipping1 Password: Sharename Type Comment - --- snip IPC$ IPC Remote IPC print$ Disk Printer Drivers snip -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding printers from netlogon script
John H Terpstra wrote: On Tue, 13 Jan 2004 [EMAIL PROTECTED] wrote: I don't know the final answer BUT if you have something simmilar to a cyber-cafe LAN (I mean, users use all the computers, and maybe some users come back to login with the same name) then you have to install a printer only once in a computer, loging as the administrator and installing drivers. Then what users will have to do is JUST add the printer without installing. I know that it's possible to add a printer (already installed) in this kind of LAN, because I've seen it (not because of any Micro$oft KB). SO if you have the printer already installed you would have only got to put something like this line: net use \\printerserver\printer but not this one because I've not really tried and I know it's not this exact command for sure. Correct. So long as the drive is already installed users can map printers on logon. So, does anyone what the command to just map the printer is? The driver is already installed on these computers. This is a JetDirect device that was setup on all the boxes. I changed it around so that the computers map to a printer share on my Samba PDC that connects to the JetDirect. My command was giving me the Access denied. -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding printers from netlogon script
Uwe Laverenz wrote: Andrew Gaffney schrieb: Is there no way to add printers from a netlogon script without the user being a Power User or higher? Of course there is: we do this with the tool con2prt.exe from the Zero Admin Kit from M$: http://www.microsoft.com/windows/zak/ You should install the con2prt.exe somewhere on the Windows client machine to a location that is included in $PATH. In your login script you simply call the programm like this: con2prt /f /cd \\servername\printername Possible options for con2prt: /? - displays usage. /h - displays usage. /f - deletes all existing printer connections. /c - connects to \\printserver\share printer. /cd - connects to \\printserver\share printer and sets it as the default printer. Oh: could you please stop top-posting and full-quoting when writing to this mailing list? Thank you. That looks very interesting. I'll check it out. As for the top-posting, I normally bottom-post, but someone started top-posting very early in the thread and I *hate* mixing botton- and top-posting. As for the full quoting...I was sending most of the emails late at night ;) -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding printers from netlogon script
Kurt Pfeifle wrote: [Samba] adding printers from netlogon script Andrew Gaffney agaffney at technaut.darktalker.net Tue Dec 9 20:10:07 GMT 2003 While this doesn't relate specifically to Samba, I need to do this in a netlogon .bat file in a Samba domain. In my network, I have a printer hooked to a JetDirect so that it is a TCP/IP printer. Is there a way I can automatically have this printer mapped/added when the user is logged on? Test this command from a DOS box: rundll32 printui.dll,PrintUIEntry /in /n \\printerserver\printersharename If it works, it can go into the logon script. (Of course printersharename needs to exist on printerserver and must have printer driver deposited on the server's [print$]-share for point'n'print download...). And: rundll32 printui.dll,PrintUIEntriy /? will show up a full man page (hehe...) See also http://de.samba.org/samba/docs/man/printing.html#id2931140 I used the above and some other references and pieced togethere a few commands to auto-map network printers at logon: REM rundll32 printui.dll,PrintUIEntry /ia /m Ricoh Aficio 200/250 PCL /h Intel /v Windows 2000 /f %windir%\inf\ntprint.inf rundll32 printui.dll,PrintUIEntry /if /b Hallway Printer /f %windir%\inf\ntprint.inf /r \\skyline\jetdirect /m Ricoh Aficio 200/250 PCL These work just fine...as long as the user is an administrator. If the user logging on is a regular user, which most are, it give me Access denied when trying to map the printer, on the same computer. These commands are being run from the netlogon.bat script that runs at logon. Am I missing something? -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding printers from netlogon script
John H Terpstra wrote: On Tue, 13 Jan 2004, Andrew Gaffney wrote: Kurt Pfeifle wrote: [Samba] adding printers from netlogon script Andrew Gaffney agaffney at technaut.darktalker.net Tue Dec 9 20:10:07 GMT 2003 While this doesn't relate specifically to Samba, I need to do this in a netlogon .bat file in a Samba domain. In my network, I have a printer hooked to a JetDirect so that it is a TCP/IP printer. Is there a way I can automatically have this printer mapped/added when the user is logged on? Test this command from a DOS box: rundll32 printui.dll,PrintUIEntry /in /n \\printerserver\printersharename If it works, it can go into the logon script. (Of course printersharename needs to exist on printerserver and must have printer driver deposited on the server's [print$]-share for point'n'print download...). And: rundll32 printui.dll,PrintUIEntriy /? will show up a full man page (hehe...) See also http://de.samba.org/samba/docs/man/printing.html#id2931140 I used the above and some other references and pieced togethere a few commands to auto-map network printers at logon: REM rundll32 printui.dll,PrintUIEntry /ia /m Ricoh Aficio 200/250 PCL /h Intel /v Windows 2000 /f %windir%\inf\ntprint.inf rundll32 printui.dll,PrintUIEntry /if /b Hallway Printer /f %windir%\inf\ntprint.inf /r \\skyline\jetdirect /m Ricoh Aficio 200/250 PCL These work just fine...as long as the user is an administrator. If the user logging on is a regular user, which most are, it give me Access denied when trying to map the printer, on the same computer. These commands are being run from the netlogon.bat script that runs at logon. Am I missing something? Indeed you are. Windows NT/200x/XP requires you to explicitly give the user the rights to make changes. If I am not mistaken, you can get around this by adding the Domain Users group to the Local Power Users group on each workstation. What rights does a normal user have by default? Can they map a network drive? -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding printers from netlogon script
John H Terpstra wrote: On Tue, 13 Jan 2004, Andrew Gaffney wrote: John H Terpstra wrote: On Tue, 13 Jan 2004, Andrew Gaffney wrote: Kurt Pfeifle wrote: [Samba] adding printers from netlogon script Andrew Gaffney agaffney at technaut.darktalker.net Tue Dec 9 20:10:07 GMT 2003 While this doesn't relate specifically to Samba, I need to do this in a netlogon .bat file in a Samba domain. In my network, I have a printer hooked to a JetDirect so that it is a TCP/IP printer. Is there a way I can automatically have this printer mapped/added when the user is logged on? Test this command from a DOS box: rundll32 printui.dll,PrintUIEntry /in /n \\printerserver\printersharename If it works, it can go into the logon script. (Of course printersharename needs to exist on printerserver and must have printer driver deposited on the server's [print$]-share for point'n'print download...). And: rundll32 printui.dll,PrintUIEntriy /? will show up a full man page (hehe...) See also http://de.samba.org/samba/docs/man/printing.html#id2931140 I used the above and some other references and pieced togethere a few commands to auto-map network printers at logon: REM rundll32 printui.dll,PrintUIEntry /ia /m Ricoh Aficio 200/250 PCL /h Intel /v Windows 2000 /f %windir%\inf\ntprint.inf rundll32 printui.dll,PrintUIEntry /if /b Hallway Printer /f %windir%\inf\ntprint.inf /r \\skyline\jetdirect /m Ricoh Aficio 200/250 PCL These work just fine...as long as the user is an administrator. If the user logging on is a regular user, which most are, it give me Access denied when trying to map the printer, on the same computer. These commands are being run from the netlogon.bat script that runs at logon. Am I missing something? Indeed you are. Windows NT/200x/XP requires you to explicitly give the user the rights to make changes. If I am not mistaken, you can get around this by adding the Domain Users group to the Local Power Users group on each workstation. What rights does a normal user have by default? Can they map a network drive? Default rights do not permit the user to change any system settings, not even the time. Once logged in an authenticated network user can map a drive if he/she has access to the target resouce. Since printers require installation of driver files, this is not permitted by default user settings. Is there no way to add printers from a netlogon script without the user being a Power User or higher? -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding printers from netlogon script
John H Terpstra wrote: On Tue, 13 Jan 2004, Andrew Gaffney wrote: John H Terpstra wrote: On Tue, 13 Jan 2004, Andrew Gaffney wrote: John H Terpstra wrote: On Tue, 13 Jan 2004, Andrew Gaffney wrote: Kurt Pfeifle wrote: [Samba] adding printers from netlogon script Andrew Gaffney agaffney at technaut.darktalker.net Tue Dec 9 20:10:07 GMT 2003 While this doesn't relate specifically to Samba, I need to do this in a netlogon .bat file in a Samba domain. In my network, I have a printer hooked to a JetDirect so that it is a TCP/IP printer. Is there a way I can automatically have this printer mapped/added when the user is logged on? Test this command from a DOS box: rundll32 printui.dll,PrintUIEntry /in /n \\printerserver\printersharename If it works, it can go into the logon script. (Of course printersharename needs to exist on printerserver and must have printer driver deposited on the server's [print$]-share for point'n'print download...). And: rundll32 printui.dll,PrintUIEntriy /? will show up a full man page (hehe...) See also http://de.samba.org/samba/docs/man/printing.html#id2931140 I used the above and some other references and pieced togethere a few commands to auto-map network printers at logon: REM rundll32 printui.dll,PrintUIEntry /ia /m Ricoh Aficio 200/250 PCL /h Intel /v Windows 2000 /f %windir%\inf\ntprint.inf rundll32 printui.dll,PrintUIEntry /if /b Hallway Printer /f %windir%\inf\ntprint.inf /r \\skyline\jetdirect /m Ricoh Aficio 200/250 PCL These work just fine...as long as the user is an administrator. If the user logging on is a regular user, which most are, it give me Access denied when trying to map the printer, on the same computer. These commands are being run from the netlogon.bat script that runs at logon. Am I missing something? Indeed you are. Windows NT/200x/XP requires you to explicitly give the user the rights to make changes. If I am not mistaken, you can get around this by adding the Domain Users group to the Local Power Users group on each workstation. What rights does a normal user have by default? Can they map a network drive? Default rights do not permit the user to change any system settings, not even the time. Once logged in an authenticated network user can map a drive if he/she has access to the target resouce. Since printers require installation of driver files, this is not permitted by default user settings. Is there no way to add printers from a netlogon script without the user being a Power User or higher? That question is best answered by Microsoft. Have you checked the Microsoft Knowledge Base? My interpretation of your question is, Is there no way to give users a privilege they do not have without giving them the privilege they need? Logically, my answer is - No. No way. But my logic is flawed, so do not take my answer as gospel. I hadn't even thought about consulting the MS KB, even though this problem isn't technically Samba related and is definately MS related and involves using their tools ;) -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user management tool
I guess its been a while since I looked at the Samba Webmin module John H. wrote: like samba as a PDC on a windows network? that's what i'm using it for(for the configuration part). what else are you looking to do? it can also easily map things like Domain Power Users and Domain Admins to unix groups. --- On Wed 01/07, Andrew Gaffney [EMAIL PROTECTED] wrote: From: Andrew Gaffney [mailto: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Date: Wed, 07 Jan 2004 17:44:18 -0600 Subject: Re: [Samba] user management tool Let me rephrase. This tool would be for management of Samba-based NT-style domains.brbrJohn H. wrote:br webminbr www.webmin.combr has EXCELLENT samba tools for managing users. it's really nice how it will bind samba users to unix users for you(change unix user, and samba user is changed). I recently moved a small company over to a linux server and webmin was key for them so they could understand how to do things themselves. it even has a swat interface to get things just right.brbr-- brAndrew GaffneybrSystem AdministratorbrSkyline Aeronautics, LLC.br776 North Bell AvenuebrChesterfield, MO 63005br636-357-1548brbr ___ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] user management tool
There was talk a few weeks ago about the possibility of a Tk-based user management tool that never happened. I'm planning on trying to do this myself. What features were to be in the one that never materialized? What features might people want in it? To begin, the program will only be able to do things that can be done straight through the existing command line tools (net, smbpasswd, etc.). Thoughts, questions, comments? -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user management tool
Let me rephrase. This tool would be for management of Samba-based NT-style domains. John H. wrote: webmin www.webmin.com has EXCELLENT samba tools for managing users. it's really nice how it will bind samba users to unix users for you(change unix user, and samba user is changed). I recently moved a small company over to a linux server and webmin was key for them so they could understand how to do things themselves. it even has a swat interface to get things just right. -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Spam in the list.
Brent Ellis wrote: There is an inordinate amount of spam going to the Samba list lately. Is there anything that can be done about that? I was wondering about that. It looks like someone is trying to see what does and doesn't get through spam filters. -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] upgrade from 2.2.x to 3.0.0
Andrew Judge wrote: I upgraded (a side by side migration) from RH 7.3 to RH EN v.3 and one of the packages was samba acting as a PDC. Was working beautifully, but now some XP machines don't see the new server at login. Password are cached so not a huge problem. One machine didn't cache the password. I deleted the machine account from the samba PDC, put it into a workgroup. I then tried to add it to the domain and I get can not find user as root. root is there and valid. When I use a bad password for root, it says that I am using a bad password - so it sees the user? Nothing unusual in the logs and event viewer. I migrated by: 1. copying passwd, shadow, group 2. copying smbpasswd 3. creating the ntadmin group 4. modifying the smb.conf file I ran into this same problem. There is one more thing you need to do: net groupmap modify ntgroup=Domain Admins unixgroup=ntadmin -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to apply 3.0.1 Patch???
mjynht wrote: Can somebody tell me how to apply the 3.0.1 patch of samba??? I'm running samba 3.0.0. Most likely, the patch is to patch the 3.0.0 source to 3.0.1 instead of downloading a new 3.0.1 tarball. If you don't know how to apply patches, it is probably easier for you to just go download the 3.0.1 tarball. -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to send a domain wide message with smbclient?
From a quick glance at the script, it does the same thing as the script that I posted.
Travis L. Bean wrote:
I found a working script to send a domain wide message:
http://www.netsys.com/sunmgr/1998-10/msg00122.html. This is a modified
version of the /examples/misc/wall.perl included in the Samba 3.x.x
distribution. The wall.perl script in the Samba distribution appears to
be broken, because it does not send a message unless a host name is
provided. Perhaps someone on the samba team would be so kind as to view
the differences between these two scripts and incorporate these
modifications into the wall.perl script that is included in the Samba
distribution.
Thanks,
Travis
-Original Message-
From: Andrew Gaffney [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 28, 2003 6:05 AM
To: Travis L. Bean
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] How to send a domain wide message with smbclient?
Travis L. Bean wrote:
Is there a way to send a message to all users currently logged into a
Samba domain controller? The reason why I ask is that I have a Samba
3.x.x primary/backup domain controller setup and as soon as the system
monitor detects that the primary domain controller is offline I would
like to execute a command to send a domain wide message telling all
domain users to save their work to the local machine, log off the pdc
and log back in to the bdc. Is there a way to accomplish this with
smbclient or another open source software solution?
You can send a message with a command such as 'echo Testing |
smbclient -M machine'. I
don't know if there is a way to send a message to all clients. You could
try to do it
yourself. If you have any bash/sed/awk or perl abilities, you could
write a script that
parses the output of 'smbstatus' to determine which clients are
currently logged on to the
domain. It could then go through a loop and send the message to every
client. In perl:
#!/usr/bin/perl
open PIPE, smbstatus |;
foreach $line (PIPE) {
if($line =~ /\d+\s+(\S+)\s+\S+\s+(\S+)\s+\((.+)\)/) {
system echo 'Attention user $1! PDC is down. Please save all work
to local disk,
logout, and log back in on the BDC.' | smbclient -M $2 -I $3;
}
}
I ran a brief test on this and it appears to work correctly with 3.0.1.
--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installing gui interfaces for samba
kent E. wrote: i've browse the web and found 'Smb4K - An SMB share browser for KDE' since this is something similar like a windows sharing this would be safer for our newbie(unix) users but i have problem installing the package === checking for Qt... configure: error: Qt (= Qt 3.1 (20021021)) (headers and libraries) not found. Please check your installation! For more details about this problem, look at the end of config.log. i already installed the qt ver 3.1++ [EMAIL PROTECTED] smb4k-0.3.1]# rpm -qa qt qt-3.1.1-6 You might want to try to find an RPM for your distro for that program. Another good SMB browser I've found is Xfsamba. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to send a domain wide message with smbclient?
Travis L. Bean wrote:
Is there a way to send a message to all users currently logged into a
Samba domain controller? The reason why I ask is that I have a Samba
3.x.x primary/backup domain controller setup and as soon as the system
monitor detects that the primary domain controller is offline I would
like to execute a command to send a domain wide message telling all
domain users to save their work to the local machine, log off the pdc
and log back in to the bdc. Is there a way to accomplish this with
smbclient or another open source software solution?
You can send a message with a command such as 'echo Testing | smbclient -M machine'. I
don't know if there is a way to send a message to all clients. You could try to do it
yourself. If you have any bash/sed/awk or perl abilities, you could write a script that
parses the output of 'smbstatus' to determine which clients are currently logged on to the
domain. It could then go through a loop and send the message to every client. In perl:
#!/usr/bin/perl
open PIPE, smbstatus |;
foreach $line (PIPE) {
if($line =~ /\d+\s+(\S+)\s+\S+\s+(\S+)\s+\((.+)\)/) {
system echo 'Attention user $1! PDC is down. Please save all work to local disk,
logout, and log back in on the BDC.' | smbclient -M $2 -I $3;
}
}
I ran a brief test on this and it appears to work correctly with 3.0.1.
--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] uncovering groupmap problems
Craig White wrote: Should I delete them first? net groupmap list Domain Admins (S-1-5-21-3186189368-1246494298-1334198317-512) - Domain Admins #NOTE - listed only one for clarity# # net groupmap modify sid=S-1-5-21-3186189368-1246494298-1334198317-512 unixgroup=root type=domain [2003/12/21 20:05:22, 0] passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954) ldapsam_update_group_mapping_entry: No group to modify! Could not update group database Have you tried using 'ntgroup' instead of 'sid' such as 'net groupmap modify ntgroup=Domain Admins unixgroup=root type=domain'? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] uncovering groupmap problems
Craig White wrote: On Sun, 2003-12-21 at 20:14, Andrew Gaffney wrote: Craig White wrote: Should I delete them first? net groupmap list Domain Admins (S-1-5-21-3186189368-1246494298-1334198317-512) - Domain Admins #NOTE - listed only one for clarity# # net groupmap modify sid=S-1-5-21-3186189368-1246494298-1334198317-512 unixgroup=root type=domain [2003/12/21 20:05:22, 0] passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954) ldapsam_update_group_mapping_entry: No group to modify! Could not update group database Have you tried using 'ntgroup' instead of 'sid' such as 'net groupmap modify ntgroup=Domain Admins unixgroup=root type=domain'? yeah - sorry, sloppy with copy paste from terminal ;-) tested again...taken from command line and not shell script... net groupmap modify sid=S-1-5-21-3186189368-1246494298-1334198317-512 ntgroup=Domain Admins unixgroup=root type=domain [2003/12/21 20:23:06, 0] passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954) ldapsam_update_group_mapping_entry: No group to modify! Could not update group database Try it without the 'sid' parameter completely. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] enabling remote desktop
I have found a bit easier way to do this. Create a file called rdesktop.reg (or whatever you feel like calling it): Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] fDenyTSConnections=dword: Then, in your netlogon script, add the line: regedit /s \\where\the\reg\file\is\rdesktop.reg Voila, the next time that a user logs in on that XP workstation, Remote Desktop Sharing will magically be enabled. Behold the power of Google! James Harper wrote: Me too!!! I've never done this before, but this might be worth a try if nothing else works: 1. run gpedit.msc on an xp machine and find the policy you want to enable. 2. search for that policy in the .adm files (c:\windows\inf\*.adm) to find out the registry setting that should be set. They are just text files. 3. get a machine with the policy set how you want it and export that registry entry to a file in your netlogon share 4. in your startup script, import that file into the registry. Not sure how to do that 'silently' but there is probably a way. 5. enjoy There may be a problem with persistence though, something else may override your registry entries. If this is true and you also have to reboot for the registry entries to take effect, then it won't work. If you find a better way then please share it as I'd like a tidy solution too. Hth. James -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Andrew Gaffney Sent: Friday, 19 December 2003 13:36 To: [EMAIL PROTECTED] Subject: [Samba] enabling remote desktop Is there a way to automatically enable Remote Desktop from a NETLOGON script? I want to enable Remote Desktop on *a lot* of machines, but I don't want to do it manually. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] enabling remote desktop
Is there a way to automatically enable Remote Desktop from a NETLOGON script? I want to enable Remote Desktop on *a lot* of machines, but I don't want to do it manually. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Not seeing Samba Server from My Network Places
Mike Tutaj wrote: Using RedHAT 9.0 and Samba that came with it.. Samba states it is up and running..Here is the current samba.conf file.. I can browse from the linux box and get into the window shares. Can ping the address of the linux server.. See the workgroup from windows, but no machine or folders available.. Is your config file actually named samba.conf? If so, this is where your problem probably lies. The config file that samba will look for is called smb.conf. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] migrating local user profiles to roaming domain profiles
I have a network of 2K and XP clients that I am migrating to a domain using Samba 3 as a PDC. I have the domain working quite well after quite a bit of tweaking. My problem is that I want people to logon to the domain, but I also want them to keep their profiles from their local users. How can I go about this? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating local user profiles to roaming domain profiles
Craig Jackson wrote: On Tue, 2003-12-16 at 22:17, Andrew Gaffney wrote: I have a network of 2K and XP clients that I am migrating to a domain using Samba 3 as a PDC. I have the domain working quite well after quite a bit of tweaking. My problem is that I want people to logon to the domain, but I also want them to keep their profiles from their local users. How can I go about this? -- Andrew Gaffney Here's a nice howto http://www.badmagicnumber.com/linotes/samba.html Its entirely possible that I just missed it, but I didn't see any information relevant to my question. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba
Gillian Hay wrote: Dear sir/Madam, I understand that SAMBA is used when converting UNIX systems - Microsoft systems. I am currently studying at university and as part of my module, we were given a hypothetical situation which we were to solve.This hypothetical company are currently using the UNIX operating system and we were wanting to change them to Microsoft. We understand that they could lose their work due to this change. Even hypothetical, a company that *WANTS* to switch to MSdoes this not make sense to anyone else? ;) Could you please inform me of the cost of this transversion for one PC and any training that would be required. Samba is really used to integrate a UNIX system into an existing MS network. If you are moving to an all MS network, there is no reason for Samba. You could use Samba if you planned a slow transition and wanted to still store your data on UNIX servers and have it accessible by people using Windows workstations. The cost of this transition on one PC would be about $300 for the Windows license ;) As for training, the only people that would need to learn to use Samba are the System Administrators. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] making file hidden
I'm running Samba 3.0.0. I have some files in a directory that is shared by Samba that I want to appear hidden to Windows. How can I do this from the Linux side? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] adding machines to the domain with Samba 3.0.0
Is there something special I need to do to let root add computers to the domain in 3.0? When I try to add the workstation I get an error about 'user not found' even though I can logon to a workstation joined to the domain as 'root'. I was able to add computers to the domain with 2.2.8 with an 'add user command' entry and 'domain admin group = root' in my smb.conf I have root in the 'Domain Admins' group: skyline samba # net groupmap list System Operators (S-1-5-32-549) - -1 Dispatch (S-1-5-21-12416-2847287174-2328787173-1831) - dispatch Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Mechanics (S-1-5-21-12416-2847287174-2328787173-1827) - mech Instructors (S-1-5-21-12416-2847287174-2328787173-1837) - instructors Accounting (S-1-5-21-12416-2847287174-2328787173-1829) - accounting Domain Admins (S-1-5-21-12416-2847287174-2328787173-512) - domainadmins Domain Guests (S-1-5-21-12416-2847287174-2328787173-514) - domainguests Domain Users (S-1-5-21-12416-2847287174-2328787173-513) - domainusers Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - domainadmins Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 skyline samba # cat /etc/group | grep domainadmins domainadmins:x:412:root I tried to use 'User Manager for Domains' to grant 'Domain Admins' the right to 'Add workstations to the domain' but I got an error when I hit OK that said something about not being able to take away local logon right to the local Administrators group. I tried mapping the existing 'Administrators' group to the unix group 'domainadmins' and then specifically granting the 'Administrators' group the right to Logon Locally, but I still get the error. Can anyone help? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: adding machines to the domain with Samba 3.0.0
WinXperts wrote: domain admins group is not supported in samba 3, you will need to map windows groups to linux/unix groups using the NET command. I know. I said that was how I had it working in 2.2.8. Below that, I had the results of 'net groupmap list' which showed both 'Domain Admins' and 'Administrators' mapped to the 'domainadmins' group which contained 'root'. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: adding machines to the domain with Samba 3.0.0
[EMAIL PROTECTED] wrote: Try using the following attribute in the smb.conf: admin users (S) This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root). You should use this option very carefully, as any user in this list will be able to do anything they like on the share, irrespective of file permissions. Default: no admin users Example: admin users = jason You may want to use: admin users = @domainadmins This will allow any user in the domainadmins group join machines to the domain. You've got the wrong option. That option allows the specified users to connect as if they were root on that share. It is not the same as the 'domain admin group' option in 2.2.x. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 password change with smbpasswd - login problem
David Wilson wrote: Hello, Any ideas on this one ? Hopefully not being too pesky ? :) --- Hi guys, How are you ? My setup is as follows: Samba-3.0.0 PDC on a Slackware-9.0 box, with mixed N.T. and Windows 2000 clients. Everything has been running perfectly for months however now, it seems I've picked up a bit of a weird problem when changing a users password via smbpasswd. This problem only appears to affect users who log onto the Samba domain using a Windows 2000 PC. i.e If I change a password for an N.T. 4.0 user the user merely has to log out of N.T. and log back on with his new password, everything works perfectly. If I change a password for a Windows 2000 user, the user logs off Windows 2000, tries to login again, but receives and incorrect username/password error. Ever come across this before ? Any assistance would be greatly appreciated. This is a longshot, but maybe the Win2K box is caching the old password and it sees that the new one doesn't match before it even tries to authenticate against the PDC. Can you restart the Win2K machine and have the new password work? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Paradox+Samba
[EMAIL PROTECTED] wrote: Hi all... Last monday i migrated form novell 4.0 to Samba 3.0 PDC. The server acts as a file server for 30 workstations (Win2000) using an aplicattion that combines clipper (with .dbf files) and delphi (uses paradox .px and .db). Its perfomance has been very poor since i changed the server. PLEASE HELP ME, since its in production and i really don know what to do. First of all, if you are only doing file sharing, you don't need a PDC setup. Second, I assume that your current Samba server is a different box than your old Novell server. If this is the case, is the new server a lot less powerful than the old? Is it on a different network segment? Are you using a 10base-T NIC where you were using a 100base-T? Also, what OS is running on your Samba box? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] session timeout
Andrew Gaffney wrote: Is there a way to setup my domain so that any client logging onto the Samba domain will be logged out after 20 minutes of inactivity? To clarify: if I log into the domain on a workstation and then walk away, can I have it automatically logoff after 20 minutes? I've seen this done before using Remote Desktop on a Windows 2000 machine. Can it be done using Samba? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group mappings pitfalls in samba 3
I have recently run across this problem and would like to warn people about it. I had an already established domain running under Samba 2.2.8. I then upgraded to 3.0. I removed the 'domain admin users = root' line from my smb.conf because certain tools complained about it being there. After the upgrade, I followed the Samba 3 HOWTO docs on samba.org. I created my domadm, domguests, and domusers groups. I used the command 'net groupmap add ntgroup=Domain Admins UNIXgroup=domadm' to map the groups together. This should have had the same effect as having the 'domain admin users = root' line in 2.2.8, but whenever I would logon to any computer in the domain with the user 'root', the user would be a regular restricted user. I got output like this from 'net groupmap list': System Operators (S-1-5-32-549) - -1 Dispatch (S-1-5-21-12416-2847287174-2328787173-1831) - dispatch Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Users (S-1-5-21-12416-2847287174-2328787173-1833) - domusers Domain Admins (S-1-5-21-12416-2847287174-2328787173-1825) - domadm Domain Guests (S-1-5-21-12416-2847287174-2328787173-1835) - domguests Mechanics (S-1-5-21-12416-2847287174-2328787173-1827) - mech Instructors (S-1-5-21-12416-2847287174-2328787173-1837) - instructors Accounting (S-1-5-21-12416-2847287174-2328787173-1829) - accounting Domain Admins (S-1-5-21-12416-2847287174-2328787173-512) - -1 Domain Guests (S-1-5-21-12416-2847287174-2328787173-514) - -1 Domain Users (S-1-5-21-12416-2847287174-2328787173-513) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Apparently, the default groups already existed, but were not used in the mapping. Instead, new groups with the same name (but not the same GID) were created and mapped. So, my user was in the Domain Admins group but not THE Domain Admins group. I'm not quite sure if this is a flaw in the HOWTO or if this only happens when upgrading from 2.2.x. I was able to fix this problem by deleting the group mappings and remapping with 'net groupmap modify ntgroup=Domain Admins UNIXgroup=domadm'. I just made these changes, but I am not on site to test if they worked, but I have a hunch that they did. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon script generation
Can anyone point me to a doc or a script that shows how to generate netlogon script on the fly and supports users having multiple groups? I tried the Perl script referenced at http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I believe it only supports the user being a member of one group. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon script generation
This was the script I was refering to that didn't work for me. I ended up re-writing
almost completely from scratch to support multiple groups.
#!/usr/bin/perl
my ($user) = @ARGV;
my $drives = {F = NET USE F: SKYLINE\\SKYLINEF\r\n,
H = NET USE H: SKYLINE\\SHARE\r\n,
I = NET USE I: SHIPPING1\\INVENTORY\r\n,
M = NET USE M: SKYLINE\\SKYLINEM\r\n,
S = NET USE S: SHIPPING1\\SHOP\r\n,
Y = NET USE Y: ACCOUNTING\\FLTSCHOOL\r\n,
Z = NET USE Z: ACCOUNTING\\MAINT\r\n};
my $which = {accounting = F H I M S Y Z, mech = I M S Z, dispatch = M,
instructors = M};
my $groups = `cat /etc/group | grep ${user} | cut -d ':' -f 1`;
$groups =~ s/\n/\:/sg;
# Start generating logon script
#open LOGON, /usr/local/samba/netlogon/${user}.bat;
open LOGON, /tmp/${user}.bat;
print LOGON [EMAIL PROTECTED] OFF\r\n;
foreach $group (split /:/, $groups) {
foreach $drive (split / /, $which-{$group}) {
print LOGON $drives-{$drive};
}
}
close LOGON;
system cat /tmp/${user}.bat | sort -u /usr/local/samba/netlogon/${user}.bat;
rruegner wrote:
Hi, here is an example start this script with root prexec in the netlogon
share
it will create netlogon bat files for users and groups which can
the orginal file is genlogon.pl
which is part of samba, read the doku, all other stuff is done by netlogon
bat files ( there are several examples in the web )
Best Regards
#!/usr/bin/perl
#
# login.pl
# creation on the fly logon scripts by [EMAIL PROTECTED] inspired by
genlogon.pl
# Log client connection
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
open LOG, /smbmonitor/user/netlogon.txt;
print LOG $mon/$mday/$year $hour:$min:$sec - User $ARGV[0] Group $ARGV[1]\n
from $ARGV[2] in $ARGV[3];
close LOG;
# Start generating logon script for user
open LOGON, /var/lib/samba/netlogon/$ARGV[0].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n echo %USERNAME%\r\n call send.bat\r\n;
# Start generating logon script for machine for different security
monitoring
open LOGON, /var/lib/samba/netlogon/$ARGV[2].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n call chkdir.bat\r\n call listapp.bat
$ARGV[3]\\smbmonitor\\machines\\$ARGV[2]\\software\\$A$
# Start generating logon script for group
open LOGON, /var/lib/samba/netlogon/$ARGV[1].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n;
# Connect shares for group users
if ($ARGV[1] eq users)
{
print LOGON NET USE X: $ARGV[3]\\files\r\n;
}
# Connect shares for group ntadmin
if ($ARGV[1] eq ntadmin)
{
print LOGON NET USE Y: $ARGV[3]\\smbmonitor\r\n;
}
- Original Message -
From: Andrew Gaffney [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 6:02 PM
Subject: [Samba] netlogon script generation
Can anyone point me to a doc or a script that shows how to generate
netlogon script on the
fly and supports users having multiple groups? I tried the Perl script
referenced at
http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I
believe it only
supports the user being a member of one group.
--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon script generation
Mike Rambo wrote: On Tue, 2003-12-09 at 12:02, Andrew Gaffney wrote: Can anyone point me to a doc or a script that shows how to generate netlogon script on the fly and supports users having multiple groups? I tried the Perl script referenced at http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I believe it only supports the user being a member of one group. Deryk Robosson wrote some scripts that I modified to parse group membership (based upon /etc/group which may or may not be best). If you want to try them you can get them at http://scnc.lsd.k12.mi.us/~mrambo/netlogon-0.2.tar.gz I had planned on sending the group updates back to Deryk to see if he wanted to incorporate them into his release but I never got the preexec stuff to work so I never sent him the updates. You're welcome to give them a whirl. We are using the scripts daily but not in the way which was originally envisioned (much to my chagrin). If you can get the root preexec stuff to work I'd love to know how you do it. I tried repeatedly, even with some help from Deryk, and asked a least a couple of different times on this list for help but I can't get the root preexec to work for nothing. I got the 'root preexec' to work without a problem: [netlogon] comment = The domain logon service path = /usr/local/samba/netlogon public = no writeable = no root preexec = /etc/samba/genlogon.pl %U I already posted my script in this thread. It also parses /etc/group to determine what groups a specific user is in. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding printers from netlogon script
Kurt Pfeifle wrote: [Samba] adding printers from netlogon script Andrew Gaffney agaffney at technaut.darktalker.net Tue Dec 9 20:10:07 GMT 2003 While this doesn't relate specifically to Samba, I need to do this in a netlogon .bat file in a Samba domain. In my network, I have a printer hooked to a JetDirect so that it is a TCP/IP printer. Is there a way I can automatically have this printer mapped/added when the user is logged on? Test this command from a DOS box: rundll32 printui.dll,PrintUIEntry /in /n \\printerserver\printersharename If it works, it can go into the logon script. (Of course printersharename needs to exist on printerserver and must have printer driver deposited on the server's [print$]-share for point'n'print download...). And: rundll32 printui.dll,PrintUIEntriy /? will show up a full man page (hehe...) See also http://de.samba.org/samba/docs/man/printing.html#id2931140 Will this same method work to add a TCP/IP printer instead of a SMB printer? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How does WinXP pass username/password?: NT_STATUS_WRONG_PASSWORD
GhodMode wrote: I have a small network that includes two Linux computers and one Windows XP Pro computer. I'm trying to get share my Linux resources properly with the Windows computer. If I set it for share level security and set a user name for each share, along with guest ok, then I can get in as whichever user I've set... even root. I've tried a few scenarios with a basic smb.conf and I have plenty of log output when --debuglevel=2, but I thought it would be more than everyone would want to see on this list. The workgroup of the Windows XP computer is HOME. The user name and password I use on the Windows XP computer is the same as an account on the Linux computer. The log entry which looks most meaningful to me says NT_STATUS_WRONG_PASSWORD. So, that makes me wonder what NT is passing, even when I type the password. Did you add your user to the Samba passwd db by doing 'smbpasswd -a user'? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] session timeout
Is there a way to setup my domain so that any client logging onto the Samba domain will be logged out after 20 minutes of inactivity? To clarify: if I log into the domain on a workstation and then walk away, can I have it automatically logoff after 20 minutes? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems using Roaming Profiles on Win2k
Rui Santos wrote: I have set up a Samba 2.2.7a to work as a PDC for my Win2k boxes. They can join the domain suplied by samba, and all the users can log on to their domain but, the roaming profiles just won't work. I'm using win2k SP4 and my smb.conf is as described bellow: I ran into this same problem when I setup my Samba domain. In my case, my profiles dir had the permissions 755, which of course denied write permission to anyone except root. I just made my profiles dir 766 which allows the user's profile dirs to be created. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Machine Accounts
Roberto Mason wrote: I've added the seal registry patch and modified the script to include add machine script. I also added root to the smbpasswd and enabled the user, and still I get unknown user or password. There's something still missing. I seem to remember having this same problem and solving it by rebooting the box that was giving me this error. Rebooting really is the universal solution to any problem in Windows :) -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
[EMAIL PROTECTED] wrote: I have the following situation: a network with 30 Windows NT Server on different sites, 800 clients with Windows XP; I want to migrate to Samba instead of Windows 2003 Server, but I have the effort to manage group policies, domain policies and workstation policies on the XP Clients; is there a way to solve this without Active Directory e.g. Samba with LDAP?? Do you really want to apply the XP registry hack to 800 clients? Although, it may no longer be necessary if you're using 3.0. Does anyone know? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
kyle wrote: On Sat, 06 Dec 2003 15:47:32 -0600 Andrew Gaffney wrote: [EMAIL PROTECTED] wrote: I have the following situation: a network with 30 Windows NT Server on different sites, 800 clients with Windows XP; I want to migrate to Samba instead of Windows 2003 Server, but I have the effort to manage group policies, domain policies and workstation policies on the XP Clients; Do you really want to apply the XP registry hack to 800 clients? Although, it may no longer be necessary if you're using 3.0. Does anyone know? what hack are you talking about? (I'm really interested in doing this since I've posted several questions on this same list before). My approach was like this : - Samba 3 server - Windows XP client machines - Roaming profiles stored on the server - The client machines execute a script on logon that tries to load a specially customized .reg file, but fails doing it because the user that logs won't have priviledges enough to modify the registry (entries con hkey_current_user - HKU or similar) this didn't work... any ideas? :-) The hack I'm refering to involves turning off the 'Sign or Seal' option in the registry of Windows XP because Samba 2.2.x didn't support this feature. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] setting domain user types on all workstations
I have a domain I recently setup with 15 2000/XP clients. I have one account I want to be an admin on any workstation I login to, a few accounts I want to be power users, and the rest I want to be regular users. Can I automate this or do I have to go around to each client and add the domain users in 'Users Accounts' control panel and set their user types? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] users and groups in a samba domain
I'm currently running Samba 2.2.8a as a NT-style domain server. I have a few different questions regarding this setup. First, how can I add samba users to groups so that I can specify 'DOMAIN\Group' in the permissions for a particular share on an XP machine attached to the domain? Also, how can I set account types other than admin and not-admin for use when logging in under Windows? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] users and groups in a samba domain
Andrew Gaffney wrote: I'm currently running Samba 2.2.8a as a NT-style domain server. I have a few different questions regarding this setup. First, how can I add samba users to groups so that I can specify 'DOMAIN\Group' in the permissions for a particular share on an XP machine attached to the domain? Also, how can I set account types other than admin and not-admin for use when logging in under Windows? I have a much easier related question. I have 3 UNIX users (testa, testb, testc) which are all in the UNIX group 'test'. If I use 'smbpasswd -a' on each of the users to add them to samba, can i use 'DOMAIN\test' for permissions somewhere in the domain and have it refer to testa, testb, and testc? Does this not work? Is it more difficult that this? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection to a Remote XP Box
Joseph A Nagy Jr wrote: Win98 SE (F) Disk mount -t smbfs -o username=somename,password=somepass //s.o.m.e.i.p/F /chris/ 21287: session request to s.o.m.e.i.p. failed (Called name not present) 21287: session request to s failed (Called name not present) 21287: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) SMB connection failed I think this is a fairly easy problem. The name of the share is not 'F' but 'Win98 SE (F)' if I'm not mistaken. That is why you are getting the error about no such share. -- Um, can you repeat the part of the stuff where you said all about the things? - Homer Simpson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: SWAT not working, can't authenticate
you should just need to do smbpasswd -a root Wieprecht, Karen M. wrote: Did you make sure localhost resolves? Also, depending on your /etc/resolv.conf, you may have to fully qualify the host's name including the DNS domain. I seem to rember having problems with this, and some combination of using localhost or hostname.domain.edu or using the actual IP address of the host cleared up the problem. Karen Wieprecht -Original Message- From: Noel Kelly [mailto:nkelly;citrusnetworks.net] Sent: Thursday, November 07, 2002 4:48 PM To: 'Jim Myers'; [EMAIL PROTECTED] Subject: RE: [Samba] RE: SWAT not working, can't authenticate I have had this problem before. Never really got to the bottom of it but if you want to get on then just add '-a' to your swat command to disable authentication. -Original Message- From: Jim Myers [mailto:myersjj;us.ibm.com] Sent: 07 November 2002 21:08 To: [EMAIL PROTECTED] Subject: RE: [Samba] RE: SWAT not working, can't authenticate I had already done that, so it must be something more subtle... Jim Myers IBM Almaden Research Center B3-239, 408-927-2013 Irving Carrion [EMAIL PROTECTED] 11/07/2002 12:16 PM To: Jim Myers/Almaden/IBM@IBMUS, [EMAIL PROTECTED] cc: Subject:RE: [Samba] RE: SWAT not working, can't authenticate Not to sure, but I think you may need to add the root account to Samba. smbpasswd -a root -Original Message- From: [EMAIL PROTECTED] [mailto:samba-admin;lists.samba.org] On Behalf Of Jim Myers Sent: Thursday, November 07, 2002 3:08 PM To: [EMAIL PROTECTED] Subject: [Samba] RE: SWAT not working, can't authenticate I have Samba 3.0 alpha20 installed on Linux RedHat 7.3 and all works fine except for SWAT. I have /etc/xinetd.d/swat defined properly (I think) and port 901 is active and starts SWAT OK. When I try to log in to SWAT either locally or from remote browser, the authentication fails. I'm logging in as user=root with the correct password, but the authentication still fails. Is there some special password file that SWAT uses? Jim Myers IBM Almaden Research Center B3-239, 408-927-2013 -- Um, can you repeat the part of the stuff where you said all about the things? - Homer Simpson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles problem - loading failure
I got the error again. This is the exact text in Windows: Windows cannot copy file \\omega\profiles\test\Cookies\index.dat to location C:\Documents and Settings\test\Cookies\index.dat. Contact your network administrator. DETAIL - The process cannot access the file because it is being used by another process. I can't seem to find any errors in my logfiles. It looks like its a Windows 2000 problem. It happens every few days or so and is usually a different file. Anybody have any ideas? I had just logged off as the domain user administrator before I tried to logon as the domain user test. [EMAIL PROTECTED] wrote: On Tue, Nov 05, 2002 at 08:48:42AM -0600, Andrew Gaffney wrote: I have been having this same problem. There is nothing in 2.2.6 that fixes it. I still have no idea what's causing it. Peter Polkinghorne wrote: I have a samba 2.2.4 PDC which acts as the repository of roaming profiles. Just recently some of our users have experienced failure to load roaming profiles. The clients are on a pair of Windows 2000 terminal servers. The failure does not seem to be confined to one server and only affects some people. The error given takes place during the loading profile stage: Windows can not copy: \\Samba server\profiles\aaa\Application Data\Microsoft\Outlook\FAVF.tmp to C:\Documents and Settings\aaa.KINGSFORDS\Application Data\Microsoft\Outlook\FAVF.tmp DETAIL - Access is denied More details please, a packet sniff or log file extract Jeremy. -- Um, can you repeat the part of the stuff where you said all about the things? - Homer Simpson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles problem - loading failure
would turning off client side caching help with this problem? Freeman, Peter (ERHS) wrote: DETAIL - The process cannot access the file because it is being used by another process. This error is different to the Access Denied message as posted earlier in this thread. I've recently (last week) set up a Samba PDC with 2.2.6 and roaming profiles. Clients are all Win2k (SP2 SP3 mix). We had this error occasionally when a user logged on concurrently, it happens at random but as we don't have many users logging on concurrently its not a major issue. I didn't have time to debug it beyond this, but when I get the chance I'll check some logs on this if no one has any solutions to this one. -- Um, can you repeat the part of the stuff where you said all about the things? - Homer Simpson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] remote admin of win2k boxes via samba
Is there a way to use samba to remotely add users, change passwords, set permissions, etc. on a win2k box? -- Um, can you repeat the part of the stuff where you said all about the things? - Homer Simpson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles problem - loading failure
I have been having this same problem. There is nothing in 2.2.6 that fixes it. I still have no idea what's causing it. Peter Polkinghorne wrote: I have a samba 2.2.4 PDC which acts as the repository of roaming profiles. Just recently some of our users have experienced failure to load roaming profiles. The clients are on a pair of Windows 2000 terminal servers. The failure does not seem to be confined to one server and only affects some people. The error given takes place during the loading profile stage: Windows can not copy: \\Samba server\profiles\aaa\Application Data\Microsoft\Outlook\FAVF.tmp to C:\Documents and Settings\aaa.KINGSFORDS\Application Data\Microsoft\Outlook\FAVF.tmp DETAIL - Access is denied Then it says: Windows could not load the profile and is logging you on with a temporary profile. My profiles part of smb.conf is: # Profiles [profiles] path = /home/ntprofile writeable = yes create mask = 0600 directory mask = 0700 nt acl support = no csc policy = disable ... the last 2 lines being added during the day, but with no effect. I have checked the source file and apart from being 0 length it looks perfectly accessible. Anyone else seen this? Or any hints as to what to do? I am contemplating upgrading to 2.2.6 - but the WHATSNEW gives no hint that this might be a fixed problem. Of course it might be a problem with the Windows 2000 servers - not sure what SP level we are at - Windows manager away. -- Um, can you repeat the part of the stuff where you said all about the things? - Homer Simpson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] concerning smbmount
Mikhail Lapine wrote:
Hello!
Sorry for a probably stupid question, but
what is implied under service in the smbmount synopsis
smbmount {service} {mount-point} ... ?
I didn't find anything in man pages!
smbmount //server/sharename /mount-point
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: AW: [Samba] user root is not accepted anymore
[EMAIL PROTECTED] wrote: Hi, for me it looks not like a configuration problem. After a new reinstallation of samba i found the message smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root ! in log.smbd Any more ideas? try 'smbpasswd -a root'. Since it said that the user root didn't exist in the smbpasswd file, try adding it back -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unstable Samba PDC
I set up Samba 2.2.6rc3 (also tried 2.2.4 and 2.2.5 with same effect) as a PDC. It works just fine most of the time. But once every few logons or logoffs I get errors about not being able to write files because a process is currently using them when its updating the roaming profile or a message about not being able to find the roaming profile when logging on. This happens a lot less often than the first error. Has anyone come across this before? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
