Re: [Samba] Problems connecting win7 client to new Samba PDC
Here's some more information on my problem: smb.conf: --- begin smb.conf --- [global] workgroup = MYWORKGROUP server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon script = logon.cmd logon path = logon home = domain logons = Yes dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /srv/samba/netlogon guest ok = Yes [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers --- end smb.conf --- Here's the pdbedit -Lv spitout for my user: --- begin output--- Unix username:myadmin NT username: Account Flags:[U ] User SID: S-1-5-21-2762049607-2166809996-183419993-1000 Primary Group SID:S-1-5-21-2762049607-2166809996-183419993-513 Full Name: Home Directory: HomeDir Drive: Logon Script: logon.cmd Profile Path: Domain: MYWORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set:Wed, 08 Aug 2012 17:54:50 EDT Password can change: Wed, 08 Aug 2012 17:54:50 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- end output --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
did you make the appropriate registry changes on Win 7 as per http://wiki.samba.org/index.php/Windows7 Yes, I've downloaded the 3.6.3 script and ran it on the client, as well as manually checked that the settings were only the two described in the wiki article Have you tried adding a machine account for your CLIENTPC i.e. # pdbedit -a -m -u CLIENTPC Yes, I let the account be auto-generated when connecting to the domain. I should have specified that there are other users I didn't include in the print out. Here is the machine account from pdbedit (note that I changed the logon script in smb.conf from .cmd to .bat a few minutes ago, and the update can be seen here): --- Unix username:CLIENTPC$ NT username: Account Flags:[W ] User SID: S-1-5-21-2762049607-2166809996-183419993-1001 Primary Group SID:S-1-5-21-2762049607-2166809996-183419993-513 Full Name:CLIENTPC$ Home Directory: HomeDir Drive: Logon Script: logon.bat Profile Path: Domain: MYWORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set:Wed, 08 Aug 2012 13:44:36 EDT Password can change: Wed, 08 Aug 2012 13:44:36 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- Also, I've got a bit more information from the log.CLIENTPC: [2012/08/09 10:14:56.686577, 0] rpc_server/srv_pipe.c:500(pipe_schannel_auth_bind) pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2 [2012/08/09 10:14:56.794994, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CLIENTPC machine account CLIENTPC$ There are also a number of windows events: --- begin windows events paste --- The winlogon notification subscriber Profiles failed a critical notification event. Windows cannot copy file C:\Users\Default\NTUSER.DAT to location C:\Users\myadmin\NTUSER.DAT. This error may be caused by network problems or insufficient security rights. Windows cannot copy file \\?\C:\Users\Default\Videos to location \\?\C:\Users\myadmin\Videos. This error may be caused by network problems or insufficient security rights. Windows cannot copy file \\?\C:\Users\Default\Saved Games to location \\?\C:\Users\myadmin\Saved Games. This error may be caused by network problems or insufficient security rights. Note: To keep e-mail shorter I won't paste them all, but the last events repeat with a bunch of similar directories There are too many profile copy errors. Refer to the previous events for details. Windows will not log any additional copy errors for this copy process. Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Windows cannot copy file C:\Users\Default\NTUSER.DAT to location C:\Users\TEMP.MYWORKGROUP\NTUSER.DAT. This error may be caused by network problems or insufficient security rights. Note: This last event again repeats with a number of similar directories There are too many profile copy errors. Refer to the previous events for details. Windows will not log any additional copy errors for this copy process. Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. The winlogon notification subscriber Sens failed a notification event. --- end windows events paste --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
On 8/9/2012 10:58 AM, Gaiseric Vandal wrote: that looks OK. You should not need a login script defined for a computer account. This must have been generated from smb.conf, I didn't actually change anything. Are you able to login as the Domain Administrator? No. myadmin is supposed to be the domain administrator. I followed this guide for setting up domain admins (even though I'm running 12.04): https://help.ubuntu.com/11.04/serverguide/samba-dc.html # net rpc rights list -U myadmin Enter myadmin's password: SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares SeSecurityPrivilege System security Is this correct? Are your group mappings correct? I ask because it may be that the Domain Users is not properly recognized as a member of the Users group on the PC. Can you login as the domain (or local) admins and explicitly add domain users and domain groups to a local group? When I try to add MYWORKGROUP\myadmin to Users group from the local admin I get this: The following error occurred while using the user name and password you entered: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again. As far as I know, I don't have any other connections going with the server (except SSH). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
Are your group mappings correct? I ask because it may be that the Domain Users is not properly recognized as a member of the Users group on the PC. Can you login as the domain (or local) admins and explicitly add domain users and domain groups to a local group? An update to this: I was able to add domain users after a reboot. So I've added MYWORKGROUP\myadmin to my Users group on the local machine. I was also able to search my domain for users, and came up with a list of my users, a nobody user, and a Domain Admins group. I've added MYWORKGROUP\myadmin (user) and MYWORKGROUP\Domain Admins (group) to the User group on the local machine. I am still getting the same errors when logging on though. It seems to me like it's trying to pull a roaming profile when I have roaming profiles disabled (or I thought I did), and/or windows doesn't actually know the netbios name, based on the series of these events: Windows cannot copy file \\?\C:\Users\Default\Documents to location \\?\C:\Users\TEMP.MYWORKGROUP\Documents. This error may be caused by network problems or insufficient security rights. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems connecting win7 client to new Samba PDC
Hey, I'm running the latest Ubuntu 12.04 Samba 3.6.3, I just want a simple PDC for authentication. Client is win7 32 bit with latest updates. The client can join the domain, but I can't log in with any users, it gives me The User Profile Service service failed the logon. User profile cannot be loaded. Looking at the log, I've found this: [2012/08/08 17:08:39.747592, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CLIENTPC machine account CLIENTPC$ Any ideas on what the problem is? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Explorer not refreshing with SAMBA 3.5.x on Solaris 10 x64
I am experiencing a problem with Explorer not refreshing view correctly. The test case: (1)Map drive to SAMBA share and open drive in Explorer. (2)Create an empty file which displays correctly in Explorer, including the size. (3)Re-open this empty file and fill it with data. The size of the file does not increment as the file is increasing in size. Once the file update has been completed, the closed file size does not display through Explorer correctly until a F5 refresh is done. File creation, updating and viewing are all done from the same Windows PC, using the same mapped drive letter. Batch file used to reproduce the refresh problem: do-test.bat: @echo off set SOURCEFILE=c:\Windows\WindowsUpdate.log c:\Windows\explorer.exe /n,/e,E:\ copy /y nul E:\SMBtest-0-size.txt nul echo. echo Pausing Samba refresh test... ** pause echo. type %SOURCEFILE% E:\SMBtest-0-size.txt End-user clients: Windows XP Professional SP3 Windows 7 Enterprise SP1 Test server: OS: Solaris 10 x64 SAMBA releases: Refresh problem present: 3.5.8 (Bundled with Solaris 10 x64) 3.5.8, 3.5.9, 3.5.15 (Compiled on host system) Refresh works correctly: 3.2.3, 3.2.15 (compiled on host system) Of interesting note: The refresh works fine with SAMBA 3.5.8, 3.5.9, 3.5.15 on Linux host. Any help with this would be appreciated. We have an automated process that dumps data to a SAMBA share in production and the end-users rely on the refresh to know when the process stops - this is how we found this. Thanks Brandon [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Join a domain, Redhat 6, and servicePrincipalName
For a variety of reasons, our Redhat 6 boxes have primary DNS FQDNs that don't match our Win2008r2 AD deployment... the Linux boxes being in a variety of hostname.subdomain.ourdomain while the AD is ds.ourdomain. This surprisingly doesn't cause us that much grief, so long as we're diligent about keeping our servicePrincipalNames maintained on the computer accounts in AD. I'm working on a script, patterned after Sun's adjoin.sh, that automatically register and join our Redhat boxes to the domain. It creates the machine account via LDAP, and then joins the domain using net ads join, and I let Samba generate the /etc/krb5.keytab. Unfortunately, even if I pre-populate the servicePrincipalName when creating the machine account, net ads join will go in and replace it, putting in only the SPN corresponding to the domain and removing the HOST/hostname.FQDN already in there. Is there any way to tell Samba to leave that alone, or to include some extra SPNs? AD won't let me repair the SPNs afterward via LDAP calls. Redhat 6 comes with Samba 3.5.6 by default, it seems. As an alternative, I can join the machine to the domain myself, using kpasswd and ktutil to generate krb5.keytab. How essential is it that Samba do it itself? What extras get done? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help with configuring PAM
Hello, My company has a Windows file server that I attempting to setup a Samba server as an Active Directory domain member to replace. I have migrated one of the shares to the Samba server but am having some problems. I installed Ubuntu Server 10.04.1 LTS on a new server for the sole purpose of replacing the Windows file server. Our domain controller is running Windows Server 2003 SP2. I have set up smb.conf, the client side of Kerberos, Winbind, name service switch, and PAM according to some documentation I read. I believe the problems may be due to an improper PAM configuration, because one of the issues I have is getting prompted to enter my password more than once when I sudo or sign into the console. Another issue is if I do a useradd command to add a strictly local linux user, then run the passwd command to set a password for the local user, I get prompted to enter a current kerberos password. Would anyone that has replaced a Windows file server in an Active Directory environment be willing to share how they did their PAM configuration? Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] The filename of list of smbclient contains spaces
Hi, Please forgive me to disturb you all. We have attempted to make a patch to resolve the following problems. https://bugzilla.samba.org/show_bug.cgi?id=7700 https://bugzilla.samba.org/show_bug.cgi?id=7701 Please let me introduce one in detail. For the 1st problem that we found when we do the following command, $ smbclient //13.187.241.5/test -U test%123456 -c mkdir xxx the return value is always 0 regardless of the command is correct or incorrect. The commands, rd and rm have the same problem. We can obtain the returned value by calling this shell, $ echo $? after calling of smbclient. For the 2nd one, please to refer to the descriptions within the URL https://bugzilla.samba.org/show_bug.cgi?id=7701 Finally, we cloned the source from git://git.samba.org/samba.git, made a patch and attached it, for both bugs. We built the executable file under source3 successfully, and confirmed some features briefly, in our local PC. Would you like to review and commit, if it can be done, the patch for us please? Any help and suggestion will be appreciated. Thanks. Best Brandon. Wang 2010/10/28 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The filename of list of smbclient contains spaces
Thank you for your great suggestion. I have attached it to the bugzilla entries. Could you get it from the following URL, please? https://bugzilla.samba.org/attachment.cgi?id=6038action=edit or https://bugzilla.samba.org/show_bug.cgi?id=7701 Thank you very much! Brandon -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: 2010年10月28日 15:23 To: Wang, Brandon Cc: samba@lists.samba.org Subject: Re: [Samba] The filename of list of smbclient contains spaces On Thu, Oct 28, 2010 at 02:56:26PM +0800, Wang, Brandon wrote: Please forgive me to disturb you all. We have attempted to make a patch to resolve the following problems. https://bugzilla.samba.org/show_bug.cgi?idw00 https://bugzilla.samba.org/show_bug.cgi?idw01 Please let me introduce one in detail. For the 1st problem that we found when we do the following command, $ smbclient //13.187.241.5/test -U test%123456 -c mkdir xxx the return value is always 0 regardless of the command is correct or incorrect. The commands, rd and rm have the same problem. We can obtain the returned value by calling this shell, $ echo $? after calling of smbclient. For the 2nd one, please to refer to the descriptions within the URL https://bugzilla.samba.org/show_bug.cgi?idw01 Finally, we cloned the source from git://git.samba.org/samba.git, made a patch and attached it, for both bugs. We built the executable file under source3 successfully, and confirmed some features briefly, in our local PC. Would you like to review and commit, if it can be done, the patch for us please? Sure! The problem is that the samba-mailing list drops attachments. You could either upload the patches to some public git hoster like repo.or.cz or so, or attach them to the bugzilla entries. The latter would probably be simplest for you. Thanks, Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba question
i have a media player which is the one at this link: http://www.argosy.tw/product-detial.php?prod_id=154 they say i can use samba with this. my question is this, i already have a substantial amount of data stored on this hdd. if i were to install samba now would i lose my data? do i need to backup data elsewhere and install samba then migrate the data back after install or can i just install samba now without fear of losing any data? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACLs set in Windows not honored
12 Apr 24 12:32 test.txt [test...@sambatest test]$ getfacl testbky-from-windows.txt # file: testbky-from-windows.txt # owner: testbky # group: testbky user::rw- user:testbky:rwx group::rw- mask::rwx other::r-- I will note that in Windows Explorer, if I view security on the files, I can see both ACLs as well. One for the UNIX user testbky and one for the EXAMPLE01 domain user test...@example.org. So, that's the problem. Why are they being treated as different users? Is this normal/correct behavior? Have I missed some fundamental configuration that makes all this work as expected. I *expect* that if I set an ACL from Windows it should work *atleast* for the Windows user, from Windows, if not for both Windows and Linux users. I would really appreciate any insight into what I am misunderstanding, or might have missed in terms of configuration. Basically, where I am with this project is: as long as I manage ACLs from Linux, everything works great. New files inherit the UNIX permissions, and Windows users can interact with existing files where their UNIX permissions allow it. But, when I start manipulating the permissions from a Windows tool, things don't work right. Thanks in advance, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs set in Windows not honored
Silly me! My apologies ... the Samba server is CentOS 5.3 running Samba 3.0.33. I attached the smb.conf in my original post. On Fri, Apr 24, 2009 at 12:55 PM, Miguel Medalha miguelmeda...@sapo.pt wrote: It will be difficult to help you if you don't tell, at least, what version of Samba you are using... A look at your smb.conf would be helpful, too. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs set in Windows not honored
Aye aye aye. Alright, trying again. Thanks for your patience, everyone. Brandon On Fri, Apr 24, 2009 at 1:24 PM, John Drescher dresche...@gmail.com wrote: I attached the smb.conf in my original post. That did not work. I see no attachment on the mailing list email. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot login from windows
I've been reading all over and I think I've tried everything except the right way, but I cannot seem to login to my samba server from windows. I am using Samba 3.0.33 on Linux as the server, and have Linux, windows XP, and Windows Vista clients. I am only on a home network so I don't have a need for fancy stuff, I am just setting up a means for filesharing besides ssh. I can see all of the shares from my windows clients, and shares that are guest readable I am able to read, but I cannot login to read shares that are not readable by guest or to write. I have added user 'brandon003' with smbpasswd, I try logging in with that username and the correct password but I get a message in Windows saying that I do not have permissions. My smb.conf file is a bit messy since I have been trying many different variations, but here it is: [global] workgroup = 713HOUSE netbios name = bdon-samba encrypt passwords = yes printcap name = cups load printers = yes printing = cups printcap = cups log file = /var/log/samba/log.%m max log size = 150 log level = 3 hosts allow = 192.168.0. guest account = guest713 map to guest = Bad User security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Vista Compatibility client lanman auth = no client ntlmv2 auth = yes auth methods = guest wins support = yes #domain master = no [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes #writable = yes read only = yes printable = yes printer admin = root,brandon003 write list = root,brandon003 public = yes [homes] read only = no browseable = no [music] path = /media/music browseable = yes public = yes write list = sftp003,brandon003 guest ok = yes [videos] path = /media/videos browseable = yes public = yes write list = sftp003,brandon003 guest ok = yes [documents] path = /media/documents browseable = yes public = yes write list = sftp003,brandon003 guest ok = no [software] path = /media/software browseable = yes public = yes write list = sftp003,brandon003 guest ok = yes *** Here is the last bit of a log file of me getting rejected: [2009/02/24 17:02:49, 3] smbd/password.c:register_vuid(304) User name: guest713 Real name: [2009/02/24 17:02:49, 3] smbd/password.c:register_vuid(325) UNIX uid 1001 is UNIX user guest713, and will be vuid 105 [2009/02/24 17:02:49, 3] smbd/process.c:process_smb(1069) Transaction 23 of length 90 [2009/02/24 17:02:49, 3] smbd/process.c:switch_message(927) switch message SMBtconX (pid 4095) conn 0x0 [2009/02/24 17:02:49, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/02/24 17:02:49, 3] lib/access.c:check_access(312) check_access: no hostnames in host allow/deny list. [2009/02/24 17:02:49, 2] lib/access.c:check_access(323) Allowed connection from (192.168.0.103) [2009/02/24 17:02:49, 3] smbd/service.c:make_connection_snum(806) Connect path is '/tmp' for service [IPC$] [2009/02/24 17:02:49, 3] lib/util_seaccess.c:se_access_check(250) [2009/02/24 17:02:49, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2296279053-2380669162-4031805749-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 [2009/02/24 17:02:49, 3] smbd/vfs.c:vfs_init_default(95) Initialising default vfs hooks [2009/02/24 17:02:49, 3] smbd/vfs.c:vfs_init_custom(128) Initialising custom vfs hooks from [/[Default VFS]/] [2009/02/24 17:02:49, 3] lib/util_seaccess.c:se_access_check(250) [2009/02/24 17:02:49, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2296279053-2380669162-4031805749-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 [2009/02/24 17:02:49, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1001, 1004) - sec_ctx_stack_ndx = 0 [2009/02/24 17:02:49, 3] smbd/service.c:make_connection_snum(1033) brandon-htpc (192.168.0.103) connect to service IPC$ initially as user guest713 (uid=1001, gid=1004) (pid 4095) [2009/02/24 17:02:49, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/02/24 17:02:49, 3] smbd/reply.c:reply_tcon_and_X(574) tconX service=IPC$ [2009/02/24 17:02:49, 3] smbd/process.c:process_smb(1069) Transaction 24 of length 118 [2009/02/24 17:02:49, 3] smbd/process.c:switch_message(927) switch message SMBtrans2 (pid 4095) conn 0x7ff20f85c6d0 [2009/02/24 17:02:49, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1001, 1004) - sec_ctx_stack_ndx = 0 [2009/02/24 17:02:49, 3] smbd/msdfs.c:get_referred_path(636) get_referred_path: |documents| in dfs path \BDON-SAMBA\documents is not a dfs root. [2009/02/24 17:02:49, 3] smbd/error.c:error_packet_set(106) error packet at smbd/trans2.c(6307) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND [2009/02/24 17:02:49, 3] smbd/process.c:process_smb(1069) Transaction 25 of length 43 [2009/02/24 17:02:49, 3
Re: [Samba] Cannot login from windows
On Tue, Feb 24, 2009 at 9:32 PM, Michael Heydon micha...@jaswin.com.auwrote: I am using Samba 3.0.33 on Linux as the server, and have Linux, windows XP, and Windows Vista clients. I would suggest that until you have a basic working setup that you test using a Linux client (smbclient), it doesn't have all of the fancy stuff (cached credentials, etc) that will just confuse things. Are the XP and Vista clients home/pro/business/ultimate/etc? Home is a bit quirky under some circumstances. It's XP Pro and Vista Ultimate I have added user 'brandon003' with smbpasswd, I try logging in with that username and the correct password but I get a message in Windows saying that I do not have permissions. What do you mean logging in? Does the Windows machine have a user with the same name and password as the samba box? or are you prompted for credentials when browsing to the share? Oh, it would give me a pop-up window asking to log in. I have the user 'brandon003' on both the samba box and the Vista machine. ... set the password the same as my vista logon and it works fine. That was it. I was setting the password through smbpasswd to the password of 'brandon003' on the samba box, not the Vista box. I changed that and commented out nearly everything in my global section and now it works. :headsmack: Thanks Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with ADS idmap backend
I'm glad you posted this. I know a lot of other people have been having issues getting this to work. Some success and configs are now in the archives :) I know I tried this a long time ago and never got it working. I might give it another shot thanks to you! On 3/11/08, David Eisner [EMAIL PROTECTED] wrote: Solved! Summary: Change schema mode from sfu to rfc2307 in smb.conf: idmap config THEDOMAIN:schema_mode = rfc2307 Also, I'm an idiot: I didn't have Services For Unix installed; I was confusing that with Identity Management for Unix and Server for NIS, which I do have installed. I should note that I was initially having problems without any schema_mode line (before setting it to either sfu or rfc2307), but there may have been other problems that I fixed along the way that were responsible for this. Details: I had been watching winbindd activity in smbd.log, and realized I needed to look at log.winbindd-idmap, too. That's where I noticed this error: [2008/03/11 11:11:16, 2] nsswitch/idmap_ad.c:ad_idmap_cached_connection(152) ad_idmap_cached_connection: Failed to obtain schema details! It turns out that ads_get_attrnames_by_oids was searching the schema with this filter: [2008/03/11 11:58:30, 2] libads/ldap_schema.c:ads_get_attrnames_by_oids(65) ## : search expr: (|(attributeId=1.2.840.113556.1.6.18.1.310)(attributeId= 1.2.840.113556.1.6.18.1.311)(attributeId=1.2.840.113556.1.6.18.1.344 )(attributeId=1.2.840.113556.1.6.18.1.312)(attributeId= 1.2.840.113556.1.6.18.1.337)) and getting 0 results. These are the attribute IDs for attributes in the SFU schema extension. Using dsquery on the server, I could see that these attributes weren't in the schema at all. Thanks again for your help, and sorry for the bother. -David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Retry: Mapping AD domain users to UNIX users
About two months ago I actually tried setting up an enviornment in vmware with samba plus using active directory RFC 2307 schema extensions to get username information mapped properly between multiple nfs and samba servers. I failed because I think documentation at that time using idmap_nss was lacking. I found lots of winbind howtos and documentation, but very little regarding what I wanted to do. I would definately use the latest samba (3.0.25+), even though installing it on solaris is a nightmare, you'll be better off in the long run. Has anyone successfully done this? I got everything working including kerberos and joining the domains, except for a proper smb.conf file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sharing a shared folder
Hey, So, I have a Linux server that is mounting a CIFS share. The server then shares that share to everyone else. My question is does having it routed this way cause a major slow down? Do the files need to be copied to the mediator server before going out to the device that is requesting the file? Or is it able to forward the request to the other server to grab the files directly from there? I am curious about this because we have a big imaging server with a whole bunch of images on it and we are setting up this new server and don't want to move all the images over, thus we just mounted the images directory on the new server. What would you do? Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a shared folder
You know, thinking about it, this may be more of a imaging services change...but since the new server is running imaging services that dish out the image file that is mounted to the server then it is not really sharing the mounted file the samba client is just getting the file from the old server and then the new server is just pushing it out to the client...don't think there is much I can do about that. On 10/9/07, simo [EMAIL PROTECTED] wrote: On Tue, 2007-10-09 at 12:34 -0600, Brandon Pedersen wrote: Hey, So, I have a Linux server that is mounting a CIFS share. The server then shares that share to everyone else. My question is does having it routed this way cause a major slow down? Do the files need to be copied to the mediator server before going out to the device that is requesting the file? Or is it able to forward the request to the other server to grab the files directly from there? I am curious about this because we have a big imaging server with a whole bunch of images on it and we are setting up this new server and don't want to move all the images over, thus we just mounted the images directory on the new server. What would you do? Use a DFS Root, and redirect clients. Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Using Unix/LDAP Log in Credentials for Security = User Share Authentication
All, I'm new to Samba so this may be a very easy fix, but I've not been able to find it anywhere online or in the /Samba-3 By Example/ book. I'm currently testing Samba 3.0.23c with an OpenLDAP v3 backend on CentOS 5. I am able to get OpenLDAP installed and running for authentication and can get Samba installed and configured well enough to request and accept a LDAP user name/password when browsing to a share. However, I would like Samba to just use the user name/password that I've used as my login credentials for this step as well. Currently when I browse to the share I am met with a dialog box that states: You must log in to access [EMAIL PROTECTED]/test. The dialog has a spot for user name, domain, and password. The user name and domain are filled in with the correct information, but the password is not. When I enter my log in password it lets me into the share correctly. When I log into a Windows 2000 machine using the same credentials I am able to browse the share exactly as I would like to on the Linux box. Also, both the Windows 2000 and Linux box were able to join the domain TEST and have accounts in the LDAP directory. Below is a copy of my smb.conf file (copied and edited from /Samba-3 By Example)/: [global] unix charset= LOCALE workgroup= TEST netbios name= CENTOS security= user interfaces= eth0, lo bind interfaces only= Yes passdb backend= ldapsam:ldap://192.168.3.240 username map= /etc/samba/smbusers log level= 1 syslog= 0 log file= /var/log/samba/%m max log size= 50 smb ports= 139 445 name resolve order= wins bcast hosts time server= Yes show add printer wizard= No add user script= /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script= /var/lib/samba/sbin/smbldap-userdel.pl -a -m '%u' add group script= /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script= /var/lib/samba/sbin/smbldap-groupdel.pl -p '%g' add user to group script= /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script= /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script= /var/lib/samba/sbin/smbldap-groupmod.pl -g '%g' '%u' add machine script= /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon script= scripts\logon.bat logon path= \\%L\profiles\%U logon drive= W: domain logons= Yes wins support= Yes ldap suffix= dc=braysing,dc=com ldap machine suffix= ou=user ldap user suffix= ou=user ldap group suffix= ou=Groups ldap idmap suffix= ou=Idmap ldap admin dn= ldap base dn uid idmap backend= ldap:ldap://192.168.3.240 idmap uid= 1-2 idmap gid= 1-2 map acl inherit= Yes printing= cups [IPC$] path = /tmp hosts allow = 192.168.3., 127. hosts deny = 0.0.0.0/0 [homes] comment= Home Directories valid users= %S read only= No browseable= No [printers] comment= SMB Print Spool path= /var/spool/samba guest ok= Yes printable= Yes browseable= No [apps] comment= Application Files path= /apps admin users= Administrator read only= No [netlogon] comment= Network Logon Service path= /var/lib/samba/netlogon guest ok= Yes locking= No [profiles] comment= Profile Share path= /var/lib/samba/profiles read only= No profile acls= Yes [print$] comment= Printer Drivers path= /var/lib/samba/drivers browseable= Yes guest ok= No read only= Yes write list= Administrator [test] comment= Test Share path= /u1 browseable= Yes guest ok= No read only= No Thanks in advance for all of your help. Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC, WinXP and home shares...
Hello, Ive been trying to find a resolution to a problem Ive been having with users home shares. I have the latest version of samba (3.0.24) configured as a PDC with Windows XP client computers. Right now everything is very small scale and I am just doing setup and testing to see how things go. Im mostly setup now and authenticating correctly, have a working print queue, etc. etc. but something weird is going on with my home shares Basically, I log in (to winxp client) as user1 and browse to my server (\\servername) and I see my shares, which right now consist of the users home, a public folder and the one print queue. So I log off this user and log in as user2. I browse to my server again and this time I see all the normal stuff, but I also still see user1s home share. Now, I have setup the permissions correctly, because I cant get into it, but the fact that I am seeing it is what bothers me If I stop and start the samba services and refresh my view the share disappears and everything looks normal; but this only lasts until the next user logs in again. *sigh* Any ideas? Thanks in advance, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED
) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/06 11:34:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/06 11:34:51, 1] smbd/service.c:close_cnum(1141) annwn (192.168.1.90) closed connection to service media [2007/04/06 11:34:51, 3] smbd/connection.c:yield_connection(69) Yielding connection to media [2007/04/06 11:34:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/06 11:34:51, 3] smbd/process.c:timeout_processing(1359) timeout_processing: End of file from client (client has disconnected). [2007/04/06 11:34:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/06 11:34:51, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2007/04/06 11:34:51, 3] smbd/server.c:exit_server_common(675) Server exit (normal exit) I can see the line where the error is generated: [2007/04/06 11:34:46, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2007/04/06 11:34:46, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(1772) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED Does this tell me anything new? Also, see who the smbd process is running as You may get an unpleasant surprise. [EMAIL PROTECTED] RPMs]# ps -ef | grep smbd root 5501 1 0 Apr05 ?00:00:00 smbd -D root 5502 5501 0 Apr05 ?00:00:00 smbd -D root 30996 3882 0 11:05 pts/100:00:00 grep smbd What would be considered an unpleasant surprise here? (Incidentally, the Reply-To for this list is set up incorrectly. I have to manually type in the address of the list every time I send a reply.) -- Brandon Blackmoor [EMAIL PROTECTED] 2007-04-06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED
Okay, I am starting fresh. I made a new directory in the root directory, /media, and chmod'ed it 775 recursively. /media and everything in it has rwx for everyone in the media group: drwxrwxr-x 5 root media 4096 Oct 1 2006 media root, bblackmoor, and smbguest are all members of the media group. I deleted the old media share and created a new media share for the above directory, set it to guest access, set the guest as smbguest, and set samba to use SHARE permissions: [global] workgroup = MORTSHIRE server string = Samba Server security = SHARE guest account = smbguest log level = 3 log file = /var/log/samba/%m.log max log size = 50 os level = 33 preferred master = Yes local master = No domain master = Yes dns proxy = No wins support = Yes guest ok = Yes hosts allow = 192.168.1., 127.0.0.1 cups options = raw [media] comment = testing media share path = /media writeable = yes browseable = yes guest ok = yes So, according to what I have spent all week reading, I should be able to connect to this share as a guest and see what's in it. [EMAIL PROTECTED] /]# smbclient //annwn/media2 Password: Domain=[MORTSHIRE] OS=[Unix] Server=[Samba 3.0.23c-2] Server not using user level security and no password supplied. smb: \ dir NT_STATUS_ACCESS_DENIED listing \* 57237 blocks of size 4194304. 4170 blocks available I have tried this with the smbguest samba user having no assigned Windows name or password, and I have tried it with an assigned Windows name and password. The behavior is exactly the same. I am open to suggestions. Am I the only person who has ever had this problem? -- Brandon Blackmoor [EMAIL PROTECTED] 2007-04-06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED
Quoting Joshua M. Miller [EMAIL PROTECTED]: I would encourage you to simplify things even more at this point until you get the situation resolved. Okay, now I am truly baffled. I have replaced the current smb.conf as follows: [global] workgroup = MORTSHIRE security = SHARE netbios name = annwn restrict anonymous = 0 log file = /var/log/samba/%m.log max log size = 50 guest ok = yes [media] path = /media writeable = yes guest ok = yes [mediatest] path = /mediatest writeable = yes guest ok = yes I have deleted the previously created samba users, and created a new samba user smbguest with a blank password. There is also a smbguest unix user which belongs to the media group. I have moved my old /var/media directory to /mediatest (moving it out of /var to the root directory), and I have created a new, empty directory called /media (also in the root directory), and I have chown'd both directories to be owned by root:media, and chmod'd them both 775 recursively: drwxrwxr-x 2 root media 4096 Apr 6 13:31 media drwxrwxr-x 5 root media 4096 Oct 1 2006 mediatest I then copied all of the files from /mediatest (the old directory) to /media (the new directory). Both directories have the exact same unix owners and permissions (recursively). Both directories have the exact same samba permissions. Both directories have the exact same contents. As far as I can tell, the only difference between these two directories is the date each was created. And yet... [EMAIL PROTECTED] mediatest]# smbclient //annwn/media Password: Domain=[MORTSHIRE] OS=[Unix] Server=[Samba 3.0.23c-2] Server not using user level security and no password supplied. smb: \ dir . D0 Fri Apr 6 13:58:07 2007 .. D0 Fri Apr 6 13:31:18 2007 MP3 D0 Fri Apr 6 14:32:50 2007 images D0 Fri Apr 6 13:37:58 2007 video D0 Fri Apr 6 13:53:32 2007 57237 blocks of size 4194304. 4170 blocks available [EMAIL PROTECTED] mediatest]# smbclient //annwn/mediatest Password: Domain=[MORTSHIRE] OS=[Unix] Server=[Samba 3.0.23c-2] Server not using user level security and no password supplied. smb: \ dir NT_STATUS_ACCESS_DENIED listing \* 57237 blocks of size 4194304. 4170 blocks available What the hell? What am I missing here? -- Brandon Blackmoor [EMAIL PROTECTED] 2007-04-06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED and SELinux
Quoting Gary Dale [EMAIL PROTECTED]: Since you haven't specified a user = or guest account = for the share, I have no idea what user Samba is going to try to connect with. I took it out because a previous poster said that I should take out anything not critical. But here, I have put it back: guest account = smbguest Guest account defaults to nobody, which probably doesn't have access to the share. That does not explain why, with two directories/shares with the exact same system permissions, the exact same owners, the exact same samba permissions, and the exact same contents (also with the exact same permissions), I get NT_STATUS_ACCESS_DENIED with one but not the other. Aha! I just thought of something. Fedora Core 6 (which is what I am running, as I said earlier) comes with SELinux. Now, I know absolutely nothing about SELinux, and I have never needed to, but I thought it'd be worth investigating to see if that might have something to do with this. Here is a directory listing with the SELinux security context of each directory: [EMAIL PROTECTED] /]# ls -la --author -Z ... drwxrwxr-x root media root:object_r:root_t media drwxrwxr-x root media root:object_r:var_t mediatest ... So they are different! I have no clue what those differences mean, but at least it's a difference. So I used chcon to set the security context of /mediatest (which is giving me the NT_STATUS_ACCESS_DENIED error) to that of /media (which doesn't give me that error). [EMAIL PROTECTED] /]# chcon root:object_r:root_t mediatest [EMAIL PROTECTED] /]# ls -la --author -Z ... drwxrwxr-x root media root:object_r:root_t media drwxrwxr-x root media root:object_r:root_t mediatest ... Now I can access both shares and do a dir and they seem to work. However, I do not like changing settings that I do not understand. So until I read up on SELinux and how it works (or not) with Samba, I am disabling SELinux enforcement on Samba, like so: setsebool -P smbd_disable_trans 1 I got that command from a post by Yvon Dubinsky from this list in May of 2006: http://lists.samba.org/archive/samba/2006-May/120625.html Having made that change, I copied my /media directory back to /var/media, changed the samba config appropriately, set permissions to user, created the needed users, and now it seems to work the way all of the How-Tos and manuals say that it should. It would appear from the general bafflement this error caused that not many people run SELinux and Samba at the same time. Live and learn. Thanks for the attempts at helping me. -- Brandon Blackmoor [EMAIL PROTECTED] 2007-04-06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_ACCESS_DENIED
I am new to Samba, but not to Linux. I hope someone here can point me in the right direction. I have installed Samba and it appears to be working, at least as far as I have tested it. However, I have hit a snag in my testing. I have searched Google for several hours but I have not found a solution. On a Linux machine (named annwn) running Fedora Core 6, I have set up a share, using the least restrictive share type permissions (this is only for testing: once I get things working, I will lock things down more). The directory to be shared is /var/media: drwxrwxr-x 5 rootmedia 4096 Apr 5 11:22 media I have created a user called smbguest, and added this user to the media group. I have then set smbguest as the guest user, and created a media share for the /var/media directory: [global] workgroup = MORTSHIRE server string = Samba Server security = SHARE guest account = smbguest log file = /var/log/samba/%m.log max log size = 50 dns proxy = No wins support = Yes guest ok = Yes hosts allow = 192.168.1., 127.0.0.1 cups options = raw [media] comment = media on annwn.mortshire path = /var/media writeable = yes browseable = yes guest ok = yes testparm says that the smb.conf file is valid. Then I restarted samba. But when I test this share by running (on annwn, as root) smbclient, the share connects, but will not permit a dir command. It returns the error NT_STATUS_ACCESS_DENIED. [EMAIL PROTECTED] samba]# smbclient //annwn/media Password: Domain=[MORTSHIRE] OS=[Unix] Server=[Samba 3.0.23c-2] Server not using user level security and no password supplied. smb: \ dir NT_STATUS_ACCESS_DENIED listing \* 57237 blocks of size 4194304. 4158 blocks available I have gone so far as to chmod both /var and /var/media to 777, and chown them both to smbguest:smbguest, to see if that would make a difference. It didn't. I still get NT_STATUS_ACCESS_DENIED. Here is the service definition output from testparm: [global] workgroup = MORTSHIRE server string = Samba Server security = SHARE guest account = smbguest log file = /var/log/samba/%m.log max log size = 50 dns proxy = No wins support = Yes guest ok = Yes hosts allow = 192.168.1., 127.0.0.1 cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [media] comment = media on annwn.mortshire path = /var/media read only = No I have double and triple checked everything I can think of, and I am stumped. Does anyone have a clue they'd be willing to share? -- [EMAIL PROTECTED] 2007-04-05 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED
Quoting mikee [EMAIL PROTECTED]: Samba in the past worked with its own database of accounts populated and maintained with 'smbpasswd'. Your account must be in the smbpasswd file for you to authenticate, etc. Thanks for the clue, but no joy: [EMAIL PROTECTED] ~]# smbpasswd -a smbguest New SMB password: Retype new SMB password: [EMAIL PROTECTED] ~]# /etc/rc.d/init.d/smb restart Shutting down SMB services:[ OK ] Shutting down NMB services:[ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ] [EMAIL PROTECTED] ~]# smbclient //annwn/media Password: Domain=[MORTSHIRE] OS=[Unix] Server=[Samba 3.0.23c-2] Server not using user level security and no password supplied. smb: \ dir NT_STATUS_ACCESS_DENIED listing \* 57237 blocks of size 4194304. 4270 blocks available -- Brandon Blackmoor [EMAIL PROTECTED] 2007-04-05 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED
Quoting mikee [EMAIL PROTECTED]: Are the unix permissions right? I went as far as chmod'ing both /var and /var/media to 777, and chown'ing them both to smbclient:smbclient, and it made no difference. [EMAIL PROTECTED] samba]# smbclient //annwn/media Password: Domain=[MORTSHIRE] OS=[Unix] Server=[Samba 3.0.23c-2] Server not using user level security and no password supplied. smb: \ dir NT_STATUS_ACCESS_DENIED listing \* 57237 blocks of size 4194304. 4158 blocks available -- Brandon Blackmoor [EMAIL PROTECTED] 2007-04-05 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NT_STATUS_ACCESS_DENIED
Quoting Mark Hull-Richter [EMAIL PROTECTED]: You have your security set to SHARE. Don't do that if you want to use USER security. I wanted to get it working with SHARE (because I assumed that would be the easiest thing to get working), at which point I would lock it down further. However, switching it from SHARE to USER makes no difference: [EMAIL PROTECTED] html]# smbclient //annwn/media Password: Anonymous login successful Domain=[MORTSHIRE] OS=[Unix] Server=[Samba 3.0.23c-2] smb: \ dir NT_STATUS_ACCESS_DENIED listing \* 57237 blocks of size 4194304. 4171 blocks available -- Brandon Blackmoor [EMAIL PROTECTED] 2007-04-05 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED
Quoting Brandon Blackmoor [EMAIL PROTECTED]: Quoting mikee [EMAIL PROTECTED]: Are the unix permissions right? I went as far as chmod'ing both /var and /var/media to 777, and chown'ing them both to smbclient:smbclient, and it made no difference. I meant smbguest:smbguest, of course. -- Brandon Blackmoor [EMAIL PROTECTED] 2007-04-05 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Valid Users setting causing crash
Hey list, Having a strange issue on a new File server. This system is running the 64-bit version of Fedora 5 running kernel 2.6.20-1.2300.fc5 and version 3.0.24-1.fc5 of Samba. This system is functioning as a backup to a primary system that is configured the same way. Same OS, hardware, etc. After moving data over and setting up the users and groups, I moved over the smb.conf file as well. In the file under the primary share, I have the valid users line set up as follows: valid users = @cs,@it,@sales... Using this, I add the appropriate groups that I want to give access to. Has always worked before. On this new system, I set it up the same way. Give access to the same groups. Start up Samba and attempt to mount from a workstation (which are all running WinXP Home BTW). The drive mounting hangs and eventually fails with a permissions error. Looking at the error log on the server shows this: smbd[2792]: === smbd[2792]: [2007/03/21 14:55:53, 0] lib/fault.c:fault_report(42) smbd[2792]: INTERNAL ERROR: Signal 11 in pid 2792 (3.0.24-1.fc5) smbd[2792]: Please read the Trouble-Shooting section of the Samba3-HOWTO smbd[2792]: [2007/03/21 14:55:53, 0] lib/fault.c:fault_report(44) smbd[2792]: smbd[2792]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf smbd[2792]: [2007/03/21 14:55:53, 0] lib/fault.c:fault_report(45) smbd[2792]: === smbd[2792]: [2007/03/21 14:55:53, 0] lib/util.c:smb_panic(1621) smbd[2792]: PANIC (pid 2792): internal error smbd[2792]: [2007/03/21 14:55:53, 0] lib/util.c:log_stack_trace(1728) smbd[2792]: BACKTRACE: 20 stack frames: smbd[2792]:#0 smbd(log_stack_trace+0x1c) [0x557585dc] smbd[2792]:#1 smbd(smb_panic+0x43) [0x557586c3] smbd[2792]:#2 smbd [0x557468a2] smbd[2792]:#3 /lib64/libpthread.so.0 [0x2b8b60b0] smbd[2792]:#4 /lib64/libc.so.6(strlen+0x30) [0x2c324cb0] smbd[2792]:#5 /lib64/libc.so.6(__strdup+0x16) [0x2c3249e6] smbd[2792]:#6 /lib64/libnsl.so.1(nis_list+0x529) [0x2bf98469] smbd[2792]:#7 /lib64/libnss_nisplus.so.2(_nss_nisplus_setnetgrent+0x8a) [0x2aaab041703a] smbd[2792]:#8 /lib64/libc.so.6(innetgr+0xcf) [0x2c3993ff] smbd[2792]:#9 smbd(user_in_netgroup+0x6a) [0x555c604a] smbd[2792]:#10 smbd(token_contains_name_in_list+0x205) [0x555c85c5] smbd[2792]:#11 smbd(user_ok_token+0x84) [0x555c8994] smbd[2792]:#12 smbd [0x5561c123] smbd[2792]:#13 smbd(make_connection+0x168) [0x5561d358] smbd[2792]:#14 smbd(reply_tcon_and_X+0x1fe) [0x555e8f7e] smbd[2792]:#15 smbd [0x55618fe2] smbd[2792]:#16 smbd(smbd_process+0x720) [0x55619ff0] smbd[2792]:#17 smbd(main+0xa0b) [0x557ed44b] smbd[2792]:#18 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2c2cd784] [2792]:#19 smbd [0x555b1ca9] [2792]: [2007/03/21 14:55:53, 0] lib/fault.c:dump_core(173) smbd[2792]: dumping core in /var/log/samba/cores/smbd Every time something tries to connect, this entire string of errors shows up and the machine fails to map. After some trial and error, I changed the valid users line to comma separated names instead of groups. Restart Samba and try again and everything works fine. So now I'm a bit perplexed. I can't seem to control my shares by group, but instead need to add each and every user. Any ideas on what could be causing this problem? Our smb.conf file is only slightly modified from the default settings. Name changes of course, and the primary share is set up with the following settings: [Share] comment = Share path = /Share valid users = @Group dos filetimes = true writeable = yes printable = no create mask = 770 directory mask = 770 Again, changing the 'valid users = @Group' line to 'valid users = bob,george' fixes the problem, even though Bob and George and members of Group. Global options are all the default, but if need by I can post them up as well. There are only a bunch of WinXP Home systems that connect to it, so very little needs to be set up for things to work. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Clients unable to browse NTFS disk via samba
I have an NTFS drive from an old Windows XP computer that I am trying to share amongst Windows XP clients via a Samba server. The server is running Samba version 3.0.23c (just compiled today) on FreeBSD 5.5. Windows clients can access the share but cannot copy files off of it. Other shares work normally. The drive is mounted read-only as ntfs. The server can access the drive, copy files off of it onto other local drives, etc. WinXP Clients can see the share, whose path is a subdirectory of the drive (see smb.conf below). They can connect. However, directories appear as 0-byte files of unknown type. Double-clicking on a directory in an Explorer window brings up a Choose the program you want to use to open this file: dialog. If I cancel out of that, exit the directory, and return to it, the file I had clicked on earlier now appears as a directory, but its neighbors still appear as 0-byte files. Any subdirectories of the now-traversable directory, also, appear as 0-byte files. In addition, files within directories appear normally and I can see their attributes, change dates, size, etc. However, double-clicking on files, clicking and dragging, or copy-and-pasting, all fail with the message Could not find the specified file. Make sure you specify the correct path and file name. If I copy the files from the old disk to another local disk and into another samba share, the windows clients can see/read/delete/etc. normally. The Samba server doesn't log any of these attempts, which suggests to me that the windows client is voluntarily depriving itself of access, or else is getting confused somewhere. Any suggestions as to what is going wrong? Here is the relevant line from mount: $ mount | grep ntfs /dev/ad1s1 on /home/OLD-DISK (ntfs, local, read-only) Here is my smb.conf ('...' indicates nonrelevant share options deleted): [global] workgroup = LEDUC server string = Leduc Lab Samba Server security = user hosts allow = 192.168.111. load printers = yes printcap name = cups printing = cups log level = 1 guest account = leduc map to guest = Bad User log file = /var/log/samba/log.%m max log size = 500 socket options = TCP_NODELAY interfaces = xl0 domain master = yes preferred master = yes wins support = yes dns proxy = no [homes] ... [OLD-DISK] path=/home/OLD-DISK/Documents and Settings comment = Old Microscope Computer drive browseable = yes writable = no fstype = Samba force user = leduc [documentation] ... Thanks in advance, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permission Denied when all bits not set to r/w
Hello, I'm having trouble with permissions on Samba 3.0.21. It almost seems that the all bits are the only ones that Samba is obeying. For instance, I created this file remotely over a samba share: [EMAIL PROTECTED] ~/untitled folder $ ls -als total 17 0 drwx--S--- 3 brandon.dimcheff westpole 160 Jul 3 15:51 . 1 drwx-- 12 brandon.dimcheff westpole 816 Jul 3 15:51 .. 4 -rw-rw 1 brandon.dimcheff westpole4 Apr 12 17:41 test2 But when I try to access it, I get a permissions denied error and the logs produce the following. If I set the permissions of the file to 666, I can use the file just fine: [2006/07/03 15:51:45, 3] smbd/process.c:process_smb(1194) Transaction 321 of length 134 [2006/07/03 15:51:45, 3] smbd/process.c:switch_message(993) switch message SMBntcreateX (pid 22541) conn 0x803b73f8 [2006/07/03 15:51:45, 3] smbd/dosmode.c:unix_mode(121) unix_mode(untitled folder/test2) returning 0764 [2006/07/03 15:51:45, 3] smbd/open.c:open_file(276) Error opening file untitled folder/test2 (Permission denied) (local_flags=0) (flags=0) [2006/07/03 15:51:45, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2006/07/03 15:51:45, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2632) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED I'm running Samba with an LDAP backend and have ACL support compiled in, and the filesystem has ACLs enabled. Samba is serving as the PDC. I appreciate any suggestions. My smb.conf is attached. -- Brandon Dimcheff IT Consultant West Pole, Inc. - http://www.westpole.com 201 Nickels Arcade, Ann Arbor, MI 48104 - 734.995.6390 x21 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permission Denied when all bits not set to r/w
... Or my smb.conf is pasted here, since attachments are removed automatically ... [global] log level = 3 workgroup = WESTPOLE_BETA server string = Unity map to guest = Bad User smb passwd file = /etc/samba/private/smbpasswd passdb backend = ldapsam:ldap://unity.westpole.com/ log file = /var/log/samba3/log.%m max log size = 5000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups dns proxy = No add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap admin dn = cn=Manager,dc=westpole,dc=com ldap delete dn = Yes ldap group suffix = ou=Group ldap idmap suffix = ou=People ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=westpole,dc=com ldap ssl = start tls ldap user suffix = ou=People printer admin = @adm create mask = 0774 directory mask = 0775 domain logons = yes preferred master = yes domain master = yes os level = 65 hide dot files = yes load printers = yes printing = cups printcap name = cups security = user guest ok = no use client driver = no # For Samba 3.x. This enables ClamAV on access scanning. vfs object = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No writeable = No [brother_hl_2700cn] comment = Brother HL2700cn Network Printer printable = yes path = /var/spool/samba public = yes guest ok = yes printer admin = root [hp_laserjet_4000] comment = HP LaserJet 4000 Network Printer printable = yes path = /var/spool/samba public = yes guest ok = yes printer admin = root # Now we setup our print drivers information! [print$] comment = Printer Drivers path = /etc/samba/printer guest ok = yes browseable = yes read only = yes # Modify this to username,root if you don't want root to # be the only printer admin) write list = @adm,root [fileserver] comment = West Pole File Server path = /mnt/fileserver read only = No hide dot files = yes [backups] comment = West Pole File Server Daily Backups path = /mnt/dailies read only = Yes hide dot files = yes [netlogon] path = /var/lib/samba/netlogon guest ok = no read only = yes browseable = no [profiles] path = /var/lib/samba/profiles browseable = no writeable = yes default case = lower preserve case = no short preserve case = no case sensitive = no hide files = /desktop.ini/ntuser.ini/NTUSER.*/ write list = @smbusers @root @westpole create mask = 0600 directory mask = 0700 profile acls = no Thanks, -- Brandon Dimcheff IT Consultant West Pole, Inc. - http://www.westpole.com 201 Nickels Arcade, Ann Arbor, MI 48104 - 734.995.6390 x21 On Jul 5, 2006, at 10:11, Brandon Dimcheff wrote: Hello, I'm having trouble with permissions on Samba 3.0.21. It almost seems that the all bits are the only ones that Samba is obeying. For instance, I created this file remotely over a samba share: [EMAIL PROTECTED] ~/untitled folder $ ls -als total 17 0 drwx--S--- 3 brandon.dimcheff westpole 160 Jul 3 15:51 . 1 drwx-- 12 brandon.dimcheff westpole 816 Jul 3 15:51 .. 4 -rw-rw 1 brandon.dimcheff westpole4 Apr 12 17:41 test2 But when I try to access it, I get a permissions denied error and the logs produce the following. If I set the permissions of the file to 666, I can use the file just fine: [2006/07/03 15:51:45, 3] smbd/process.c:process_smb(1194) Transaction 321 of length 134 [2006/07/03 15:51:45, 3] smbd/process.c:switch_message(993) switch message SMBntcreateX (pid 22541) conn 0x803b73f8 [2006/07/03 15:51:45, 3] smbd
Re: [Samba] Permission Denied when all bits not set to r/w
Here's a dialog from smbclient that illustrates the problem. I've noticed that Samba doesn't map my UID and GID to an actual name... Could this be a symptom of a larger problem with UID/GID mappings or something? And under what circumstances would Samba return a NT_STATUS_ACCESS_DENIED error when the user the smbd process is running as has permissions to access the file? (it runs as UID 5000, the UID on the file is 5000, permissions are 600, therefore the smbd process can access the file) It seems to me that if the spawned process can access the file, then it should be working. Does Samba put additional restrictions on file access above and beyond those imposed by the underlying OS? --- smb: \User\Brandon\test\ ls . D0 Wed Jul 5 16:51:41 2006 .. D0 Mon Jul 3 16:06:45 2006 bar A 10 Mon Jul 3 16:09:54 2006 foo 5 Mon Jul 3 16:07:16 2006 61438 blocks of size 524288. 33649 blocks available smb: \User\Brandon\test\ get foo NT_STATUS_ACCESS_DENIED opening remote file \User\Brandon\test\foo smb: \User\Brandon\test\ stat foo File: \User\Brandon\test\foo Size: 5 Blocks: 8 regular file Inode: 17100Links: 1 Access: (0600/-rw---) Uid: 5000 Gid: 5000 Access: 2006-07-03 16:11:02 -0400 Modify: 2006-07-03 16:07:16 -0400 Change: 2006-07-05 09:58:33 -0400 smb: \User\Brandon\test\ get bar getting file \User\Brandon\test\bar of size 10 as bar (9.8 kb/s) (average 1.8 kb/s) smb: \User\Brandon\test\ stat bar File: \User\Brandon\test\bar Size: 10Blocks: 8 regular file Inode: 17101Links: 1 Access: (0764/-rwxrw-r--) Uid: 5000 Gid: 5000 Access: 2006-07-05 16:52:02 -0400 Modify: 2006-07-03 16:09:54 -0400 Change: 2006-07-05 09:58:33 -0400 smb: \User\Brandon\test\ put baz putting file baz as \User\Brandon\test\baz (3.9 kb/s) (average 0.6 kb/s) smb: \User\Brandon\test\ get baz getting file \User\Brandon\test\baz of size 4 as baz (3.9 kb/s) (average 1.9 kb/s) smb: \User\Brandon\test\ stat baz File: \User\Brandon\test\baz Size: 4 Blocks: 8 regular file Inode: 17099Links: 1 Access: (0764/-rwxrw-r--) Uid: 5000 Gid: 5000 Access: 2006-07-05 16:52:15 -0400 Modify: 2006-07-05 16:52:07 -0400 Change: 2006-07-05 16:52:07 -0400 smb: \User\Brandon\test\ chmod 0600 baz Pushing string of 'unlimited' length into non-SMB buffer! smb: \User\Brandon\test\ stat baz File: \User\Brandon\test\baz Size: 4 Blocks: 8 regular file Inode: 17099Links: 1 Access: (0600/-rw---) Uid: 5000 Gid: 5000 Access: 2006-07-05 16:52:15 -0400 Modify: 2006-07-05 16:52:07 -0400 Change: 2006-07-05 16:52:31 -0400 smb: \User\Brandon\test\ get baz NT_STATUS_ACCESS_DENIED opening remote file \User\Brandon\test\baz smb: \User\Brandon\test\ Thanks again, -- Brandon Dimcheff IT Consultant West Pole, Inc. - http://www.westpole.com 201 Nickels Arcade, Ann Arbor, MI 48104 - 734.995.6390 x21 On Jul 5, 2006, at 13:39, Brandon Dimcheff wrote: ... Or my smb.conf is pasted here, since attachments are removed automatically ... [global] log level = 3 workgroup = WESTPOLE_BETA server string = Unity map to guest = Bad User smb passwd file = /etc/samba/private/smbpasswd passdb backend = ldapsam:ldap://unity.westpole.com/ log file = /var/log/samba3/log.%m max log size = 5000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups dns proxy = No add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap admin dn = cn=Manager,dc=westpole,dc=com ldap delete dn = Yes ldap group suffix = ou=Group ldap idmap suffix = ou=People ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=westpole,dc=com ldap ssl = start tls ldap user suffix = ou=People printer admin = @adm create mask = 0774 directory mask = 0775 domain logons = yes preferred master = yes domain master = yes os level = 65 hide dot files = yes load printers = yes printing = cups printcap name = cups
RE: [Samba] Unable to use 'valid users' from Active Directory
Best Regards, Brandon Shelley From: Shelley, Brandon Sent: Tue 6/6/2006 12:22 PM To: Reese,Richard Stephen Subject: RE: [Samba] Unable to use 'valid users' from Active Directory Wow finally someone with my EXACT problem :) Though no posts here are remotely close to solving the problem. I have also tried every other recommendation in this posting, as well as many others. The problem is that even though the machine has been net joined to a Windows domain, it does not want to authenticate to the server. DOMAIN\User | Password and User | Password don't work... this says to me that is is an AD complication. Our system worked fine until an upgrade to SP1 on the DC, and soon thereafter, no one could authenticate to the samba server via an AD account any longer. If anyone has ideas other than you have to type net join etc. or upgrade to 3.0.14a (when I, anyway, am using 3.0.22), I, and I'm sure Richard would too, would sincerely appreciate it! Thanks in advance, Best Regards, Brandon Shelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.14a does not work with 2003-SP1
I recently upgraded my 2003 DCs to SP1. This broke Samba. I have tested and retested samba on FC4 using version 3.0.14a (which claims to have fixed the problems with SP1 and Samba) but to no avail. I then tried up upgrade to 3.0.22, but there are too many missing dependencies. If anyone knows how I can either get around/fix the dependency problem or reconfigure 3.0.14a to work with SP!, please let me know. Please feel free to reply to this post, or email me at [EMAIL PROTECTED] Thank you all for any help you can offer me. Required dependencies to upgrade to 3.0.22: -libc.so.6(GLIBC_2.4) -libgnutls.so.12 -liblber-2.3.so.0 -libldap-2.3.so.0 -libpam.so.0(LIBPAM_1.0) -samba-common = 0:3.0.22-2 Best Regards, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.0.14a does not work with 2003-SP1
To follow up, by broke I should clarify: I am unable to authenticate to the samba server any longer using a windows domain user account. I get a dialog box prompting me for user/pass and when I input the info, which just keeps reappearing. Working theory: SP1 does not view samba as a trusted object, therefore when it tries to authenticate to the DC, it gets dropped. TIA, Brandon Shelley From: [EMAIL PROTECTED] on behalf of Shelley, Brandon Sent: Wed 5/24/2006 3:01 PM To: samba@lists.samba.org Subject: [Samba] 3.0.14a does not work with 2003-SP1 I recently upgraded my 2003 DCs to SP1. This broke Samba. I have tested and retested samba on FC4 using version 3.0.14a (which claims to have fixed the problems with SP1 and Samba) but to no avail. I then tried up upgrade to 3.0.22, but there are too many missing dependencies. If anyone knows how I can either get around/fix the dependency problem or reconfigure 3.0.14a to work with SP!, please let me know. Please feel free to reply to this post, or email me at [EMAIL PROTECTED] Thank you all for any help you can offer me. Required dependencies to upgrade to 3.0.22: -libc.so.6(GLIBC_2.4) -libgnutls.so.12 -liblber-2.3.so.0 -libldap-2.3.so.0 -libpam.so.0(LIBPAM_1.0) -samba-common = 0:3.0.22-2 Best Regards, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] stale name lookup result SOLVED
On Mon, 19 Sep 2005, Brandon Kuczenski wrote: I am running a Samba 3.0.10 server on freeBSD and 3.0.10-Debian client. I just had a perplexing problem. The client is a laptop and moves about different samba networks. My home computer's name (Unix hostname and samba name) is 'ocean'. When I'm at home I run smbmount //ocean/mydir /mnt/samba/ocean/mydir -o options Normally this is fine. I've been running the same script to do this for about 2 years, without problems. But this morning when I tried to connect it kept telling me timeout connecting to NOT.MY.IP.ADDR:445 timeout connecting to NOT.MY.IP.ADDR:139 [NOT.MY.IP.ADDR is replaced by an actual IP address that I've never seen before, but belongs to a separate wireless network that I occasionally visit] Running nmblookup: # nmblookup ocean querying ocean on 192.168.0.255 -- this IS my network 192.168.0.5 ocean00 -- this IS the right IP address Ocean is right there in the next room -- AND it's acting as a WINS server -- AND nmblookup seems to find it just fine. Why is my laptop trying to connect to the wrong host? The last time I had connected to a wireless network, my client software created a file /etc/samba/dhcp.conf which had stale information. I deleted that file, and then deleted /var/run/samba/gencache.tdb, and that solved the problem. -Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] stale name lookup result
I am running a Samba 3.0.10 server on freeBSD and 3.0.10-Debian client. I just had a perplexing problem. The client is a laptop and moves about different samba networks. My home computer's name (Unix hostname and samba name) is 'ocean'. When I'm at home I run smbmount //ocean/mydir /mnt/samba/ocean/mydir -o options Normally this is fine. I've been running the same script to do this for about 2 years, without problems. But this morning when I tried to connect it kept telling me timeout connecting to NOT.MY.IP.ADDR:445 timeout connecting to NOT.MY.IP.ADDR:139 [NOT.MY.IP.ADDR is replaced by an actual IP address that I've never seen before, but belongs to a separate wireless network that I occasionally visit] Running nmblookup: # nmblookup ocean querying ocean on 192.168.0.255 -- this IS my network 192.168.0.5 ocean00 -- this IS the right IP address Ocean is right there in the next room -- AND it's acting as a WINS server -- AND nmblookup seems to find it just fine. Why is my laptop trying to connect to the wrong host? Thanks in advance, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to delete files on Samba share
Hey list, I'm seeing some strange behavior on a Samba server on a Fedora Core 2 system. What's happening is that a user, with full access to a folder, will delete a file through Windows explorer. The file will disappear, just like it was deleted. However, upon a refresh, the file is back again. Thus far, the only workaround I've found is to change the user to be the owner of the file/folder they're trying to delete. With an office full of people using and sharing files/folders, this is not an efficient way to go about doing things. Our shares are set up to give access by group, and these users all have full access to the folders they're trying to delete files out of. For some reason though, the file isn't being deleted. I've tried this on 2 file servers now, just to be sure. One is a Fedora Core 2 system running Samba 3.0.10-1.fc2, and the other is running Fedora Core 3 running Samba 3.0.11. Both systems show the same thing. All workstations connecting to these systems are running Windows XP Home with SP2 installed. The smb.conf file is quite simple, and looks like this: ** [global] workgroup = Production server string = Fileserver printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0600 directory mode = 0600 [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes [Share1] comment = Share1 path = /folder1 valid users = @accounting,@sales,@dataentry,@operations public = no writable = yes printable = no create mask = 3660 directory mask = 3770 ** Any suggestions on why this is happening? Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems saving Excel sheets using Office 97 on a Sambashare
Nathan, Thanks for the tips. Most of these settings were already in place, but the ones that were not already there I set up, with the exception of the 'force group' setting. I hesitate to try this simply because many of the subfolders under the shared volume are have their access controlled by group, and I didn't want to risk preventing others from accessing their files in the middle of the day. I'm not sure it would change much though, as this doesn't exactly seem to be a permisions issue, at least not a normal one. Each folder is set with a group, and the GID is set also so it stays. Each user in the group then has full access to all folders and files in that folder except for Excel files. These users can create new files and folders, delete them, and do anything they need, but if they try to save a file that they are not the owner of, they see the error in Excel when they try to save. Could it be that we're using such an old version of Excel? Would a newer version possibly save it's files differently? Thanks! Brandon Nathan Vidican 03/03/05 03:49PM Try something like the following: [some-share] path = /some/where/files/are valid users = @groupname write list = @groupname create mask = 0660 directory mask = 0770 force group = groupname end of snippet We utilize similar configurations; by forcing the group, it will be irrelevent as to which logon group a particular user belongs to, and still it will create/save files with the permissions as expressed (group read/write/[execute for dir]). Thereby allowing all members of 'groupname' to access any file put in the share by any other user in the same group. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmplt.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brandon Laing Sent: Thursday, March 03, 2005 3:48 PM To: samba@lists.samba.org Subject: [Samba] Problems saving Excel sheets using Office 97 on a Sambashare Hey all, We're having some trouble saving Excel documents on our Samba Fileserver. We are moving people over to our Samba box, and have moved most of our documents over. Now, we have people opening their Excel documents, but are unable to save them. When something is saved, we see this message: Your changes could not be saved to 'document.xls', but were saved to a temporary document named '349rgjh928'. Close the existing document, then open the temporary document and save it under a new name. Now, these users have full access to the folder in which they're trying to save these sheets. New documents can be created an deleted without any problem, so it doesn't appear to be a permissions problem. However, if I manually set the document owner to the user trying to save the document, it seems to save without a problem. Of course, this isn't a viable option, as we have multiple people accessing these documents all the time, and as a group, they have full access to these folders. So, I'm wondering what I can do on this system to resolve this issue. I know we're using an old version of Excel, but it still works for what we need. Our version of Samba is 3.0.10-1.fc2, and we are running on a Fedora Core 2 system. The clients connecting are using Windows XP Home, and have Excel 97 SR-2. Any ideas on what I can do to clear this up? I can post config files if needed, but as of right now, it's almost the default with just the share volume set up. Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems saving Excel sheets using Office 97 on a Samba share
Hey all, We're having some trouble saving Excel documents on our Samba Fileserver. We are moving people over to our Samba box, and have moved most of our documents over. Now, we have people opening their Excel documents, but are unable to save them. When something is saved, we see this message: Your changes could not be saved to 'document.xls', but were saved to a temporary document named '349rgjh928'. Close the existing document, then open the temporary document and save it under a new name. Now, these users have full access to the folder in which they're trying to save these sheets. New documents can be created an deleted without any problem, so it doesn't appear to be a permissions problem. However, if I manually set the document owner to the user trying to save the document, it seems to save without a problem. Of course, this isn't a viable option, as we have multiple people accessing these documents all the time, and as a group, they have full access to these folders. So, I'm wondering what I can do on this system to resolve this issue. I know we're using an old version of Excel, but it still works for what we need. Our version of Samba is 3.0.10-1.fc2, and we are running on a Fedora Core 2 system. The clients connecting are using Windows XP Home, and have Excel 97 SR-2. Any ideas on what I can do to clear this up? I can post config files if needed, but as of right now, it's almost the default with just the share volume set up. Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Following Samba 3 by example and getting errors.
Hi All, I'm having the exact same problem. Did anyone ever figure this out? Thanks! ~Brandon Luis G. Riera wrote: Hi, I'm following chapter 6 from samba-3 by example. I've SuSE 9.1 with OpenLDAP 2.2.6 and samba 3.0.4. I get four errors with this example. When I run the testparm -s test.confect and din't get get error. The 1th one error that I got was when I run the program smbclient -L localhost -U%. It didn't connect. However, when I run net getlocalsid do get the SID. The 2th error was in the smbldap conf.pm script. I made the following change to correct a Faillior that I got adding this item to the ldap directory; In the line $computersou = q(People); in: # Where are stored Computers # Ex: $computersdn = ou=Computers,$suffix; ... $computersou = q(People); $computersdn = ou=$computersou,$suffix; I have made the following change $computersou = q(Computers); : # Where are stored Computers # Ex: $computersdn = ou=Computers,$suffix; ... $computersou = q(Computers); $computersdn = ou=$computersou,$suffix; The 3th error is when run ldapadd -x -D cn=Manager,dc=example,dc=biz -w not24get /etc/openldap/idmap.LDIF I get the following error: ldapadd: update failed: ou=Idmap,dc=example,dc=biz ldap_add: Constraint violation (19) additional info: structuralObjectClass: no user modification allowed The last one of the errors is when I run the pdbedit -Lv chrisr that doesn't conect. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-to-Samba connection problems
Hey list, I'm still having some issues getting 2 Fedora machines running Samba 3.0.7 to stay connected for any length of time. My setup looks like this: 1 of the systems is set up as a Samba Server as the main fileserver. I have some Windows XP machines connecting to it just fine, nice and fast. However, I also have some FC2 systems that connect to it using the smbfs filesystem, and while they work initially after booting up, any amount of browsing through Nautilus or trying to run some programs off of the network will cause the system to hang. Not lock up, as I can force close windows, but the system will not respond to anything else. It definitely appears to be an issue with Samba however, and primarily when connecting from another FC2 system. Also, if the client system does hang while browsing the share, if I open a terminal window and try to do anything, I will sometimes get an error like this: error: failed to stat: /mnt: Input/output error Now, I'm thinking that this is only happening on the new version of Samba, 3.0.7-2.FC2 or 3.0.7-2.FC1. I noticed this started to happen around Sep 15th, after a system auto-updated to the newest version. Shortly after, other FC and FC2 boxes started having connection troubles. So, to test this, I set up a new system and didn't update samba on it. Sure enough, works perfectly, no hang ups. Ok, so I'll try the newest version directly from samba.org, 3.0.7-1 on the server. Hangs up within a minute of browsing on that one, same as the 3.0.7-2.FC2 release. Unfortunately, these are production boxes and I can't really wipe them out and reinstall to get the older version back. So, this really seems to be a bug in the most recent release of Samba. I've tried multiple, freshly installed servers and clients now, and can always reproduce this error. It's making things very difficult for us as well, as we have multiple servers that communicate via Samba that suddenly aren't working after they update. Luckily, Windows boxes are not affected by this and are connecting to Samba machines just fine. So, has anyone else experienced this, or know of any potential workarounds? I can post smb.conf files if need be, although I'm using pretty much all defaults and am just setting up simple shares. This setup has been working now for over a year without a hitch. Just to get things working on some critical boxes, I've had to set up NFS shares just to keep the connection alive, as using Samba it freeze up and lose the connection within a matter of hours. Any ideas? Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble connecting to Samba shares from other Linux boxes
Hey list, I'm having some problems with a few of my Fedora Core 2 boxes. 1 of the systems is set up as a Samba Server as the main fileserver. I have some Windows XP machines connecting to it just fine, nice and fast. However, I also have some FC2 systems that connect to it using the smbfs filesystem, and while they work initially after booting up, any amount of browsing through Nautilus or trying to run some programs off of the network will cause the system to hang. Not lock up, as I can force close windows, but the system will not respond to anything else. It definitely appears to be an issue with Samba however, and only when connecting from another FC2 system. Also, if the client system does hang while browsing the share, if I open a terminal window and try to do anything, I will sometimes get an error like this: error: failed to stat: /mnt: Input/output error Now, I'm thinking that this is only happening on the new version of Samba, 3.0.7-2.FC2 or 3.0.7-2.FC1. I noticed this started to happen last week on the 15th, after a system auto-updated to the newest version. Shortly after, other FC and FC2 boxes started having connection troubles. So, to test this, I set up a new system and didn't update samba on it. Sure enough, works perfectly, no hang ups. Ok, so I'll try the newest version directly from samba.org, 3.0.7-1 on the server. Hangs up within a minute of browsing on that one, same as the 3.0.7-2.FC2 release. So, this really seems to be a bug in the most recent release of Samba. I've tried multiple, freshly installed servers and clients now, and can always reproduce this error. It's making things very difficult for us as well, as we have multiple servers that communicate via Samba that suddenly aren't working after they update. Luckily, Windows boxes are not effected by this and are connecting to Samba machines just fine. So, has anyone else experienced this, or know of any potential workarounds? I can post smb.conf files if need be, although I'm using pretty much all defaults and am just setting up simple shares. This setup has been working now for over a year without a hitch. Any ideas? Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Groups
Admins, I am working on an issue with Rational Clearcase with Samba as a PDC. I am new to Samba and learning fast :) Could anyone help me with finding information on how Samba uses group(s) functionality with Unix and NT? I really am looking for information on how samba handles groups from the NT side. Thank you and I appreciate you supporting my learning. Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Rational ClearCase
Hello everyone, Getting to the point, we are running Samba on a solaris server, and using it as a PDC for our windows clients who we have installed ClearCase on. The groups and IDs exist for clearcase_albd on the UNIX domain and are functioning from a samba standpoint and we can login on the NT side with them; however when we try to start the atria license broker, it fails. We have tried mapping the unix id clearcase_albd to ccadm within samba and have tried adding those IDs locally on the pc, with no luck, it still fails to start and give the most generic error code for the service in the event viewer... no help there. Anyone with any pointers? Brandon This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Modifying accounts in User Manager disables account!
I've just posted this as bug 1320: If an administrator users Microsoft User Manager to modify a user account, the account becomes disabled. I have noticed that Samba 3.0.3 adds sambaKickoffTime: 0 to the LDAP account for the user. If you give the account a expiration date in the Account Information section of User Manager instead of 'Never' the account is ok. It seems when trying to make the account never expire, Samba 3.0.3 puts 0 for the sambaKickoffTime attribute instead of 2147483647. Previous versions did not modify/add this attribute. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.3: Still cant change password after KB828741
I just downloaded and installed Samba 3.0.3 and it still doesn't fix the problem caused by the windows update discussed in KB828741. Still getting the message You do not have permission to change your password on some boxes, or The system cannot change your password because the domain DOMAIN is not available on others. Uninstalling the update still works, however this is not an option for some, including us. Could someone please help to resolve this? Anyone know of a patch? I can't afford to wait until the next Samba release. Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] You do not have permission to change your password
Just an update. After reading others posts, I uninstalled Microsoft Cumulative Update MS04-012 (KB828741). Sure enough this fixed the problem. Hope Samba folks can correct this in Samba 3.0.3 so we don't have to uninstall this update on all computers. Brandon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brandon Turner Sent: Sunday, April 18, 2004 2:09 PM To: [EMAIL PROTECTED] Subject: [Samba] You do not have permission to change your password We recently migrated from WindowsNT to Samba 3.0.2a. After about two months, we have started to notice a weird problem. As user's passwords expire, they are prompted to change them. When they attempt to do so from Windows, they get a message saying You do not have permission to change your password. However, the password IS changed. Both the Samba and LDAP Linux passwords are changed correctly, as well as the samba attributes (such as sambaPasswordLastSet, etc.) Sometimes we notice the following entry in our Samba logs: [2004/04/17 18:13:26, 0] smbd/chgpasswd.c:check_oem_password(832) check_oem_password: incorrect password length (-800397408). However sometimes this message does not appear. When we first installed Samba, we forced users to change their passwords from Windows and this worked fine. However, now 2 months later as their passwords are beginning to expire, this error is occurring for ALL users. The password is ALWAYS changed however, so I am totally lost as to what is going on. We have not changed any settings (that we know of) since when password changing was working and when it stopped. I've seen a lot of posts in the past about the error message we are receiving, however nothing substantial. The password DOES change, so if the packet is being decrypted wrong (the common error of several posts) then how does Samba know what the new password is. If you have any idea what is going on, please help. Brandon Turner MSC Computer Operations Texas AM University -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] You do not have permission to change your password
Nope, even with 3.0.3rc1 it still did the error. Passwords were changed correctly just like before. I did notice once that it would let me log in with either my original password, or the password I just changed to. This stopped after rebooting the Windows client, but still weird. I also get the DOMAIN not available message sometimes, or the You don't have permission others. Brandon -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 6:35 PM To: Brandon Turner Cc: [EMAIL PROTECTED] Subject: RE: [Samba] You do not have permission to change your password On Fri, 2004-04-23 at 07:14, Brandon Turner wrote: Just an update. After reading others posts, I uninstalled Microsoft Cumulative Update MS04-012 (KB828741). Sure enough this fixed the problem. Hope Samba folks can correct this in Samba 3.0.3 so we don't have to uninstall this update on all computers. Can you try 3.0.3rc1? I made changes to ensure we do not use the LM password during the change, which might solve this issue. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] You do not have permission to change your password
We recently migrated from WindowsNT to Samba 3.0.2a. After about two months, we have started to notice a weird problem. As user's passwords expire, they are prompted to change them. When they attempt to do so from Windows, they get a message saying You do not have permission to change your password. However, the password IS changed. Both the Samba and LDAP Linux passwords are changed correctly, as well as the samba attributes (such as sambaPasswordLastSet, etc.) Sometimes we notice the following entry in our Samba logs: [2004/04/17 18:13:26, 0] smbd/chgpasswd.c:check_oem_password(832) check_oem_password: incorrect password length (-800397408). However sometimes this message does not appear. When we first installed Samba, we forced users to change their passwords from Windows and this worked fine. However, now 2 months later as their passwords are beginning to expire, this error is occurring for ALL users. The password is ALWAYS changed however, so I am totally lost as to what is going on. We have not changed any settings (that we know of) since when password changing was working and when it stopped. I've seen a lot of posts in the past about the error message we are receiving, however nothing substantial. The password DOES change, so if the packet is being decrypted wrong (the common error of several posts) then how does Samba know what the new password is. If you have any idea what is going on, please help. Brandon Turner MSC Computer Operations Texas AM University -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Long Directory Names and DOS
Hey list, I thought I'd try this one more time. I can't believe there isn't any way to get directory names to be listed properly under DOS 6.2. My original message was: I'm having some trouble getting Samba to properly display directory names for a DOS machine. Basically, I have a few old DOS 6.2 boxes mapped to a Samba box to drop some files into. The folder name on the Samba box is 'filerouter' (no quotes). Under the normal DOS filename structure, I would assume the name would be adjusted to filerou~1, or something similar, to fit with the 8.3 standard. Instead, I'm getting something very strange like FF8DZ9~C. I've been trying to find out if there is any way I can control this, or get Samba to properly display the directory name under DOS, but so far I haven't had much luck. I did try playing around a bit with the 'mangled names' option in the smb.conf file. If I force mangled names to be turned off, then I can't see any folders at all unless I create them from DOS, but then I lose some functionality from other programs that look to this folder. We have a bunch of DOS scripts set up though, looking for the folder name to include the ~ in the path, so I'm hoping there is a way to get this set up properly. Anyone have any advice? I don't see why Samba is doing this, or how it could be a good thing. If I had more than 1 folder that was longer than 8 characters, there is no way I'd be able to tell which folder was which with these strange, cryptic names. Other Linux boxes and Windows boxes see the folders just fine, just not DOS. How can I specify how I want these folder displayed? BTW, the Linux box is running Fedora Core 1 with all the latest updates installed. As an update since then, I've tried just about every mangled names option I can think of. I've tried specifying the DOS character set (CP850), none of which has made any difference. Any folder that I create that is more than 8 characters shows up as a very strange folder name. I can't think of anything else to try, except going through every script and program we have written and change the folder name to something that's 8 character or less, and folder names work fine then. I'd really rather not do that though, and I just can't believe that there isn't a way to make this work properly. Any suggestions, please? Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] DOS Long Directory names?
Hi list, Having some trouble getting Samba to properly display directory names for a DOS machine. Basically, I have a few old DOS 6.2 boxes mapped to a Samba box to drop some files into. The folder name on the Samba box is 'filerouter' (no quotes). Under the normal DOS filename structure, I would assume the name would be adjusted to filerou~1, or something similar, to fit with the 8.3 standard. Instead, I'm getting something very strange like FF8DZ9~C. I've been trying to find out if there is any way I can control this, or get Samba to properly display the directory name under DOS, but so far I haven't had much luck. I did try playing around a bit with the 'mangled names' option in the smb.conf file. If I force mangled names to be turned off, then I can't see any folders at all unless I create them from DOS, but then I lose some functionality from other programs that look to this folder. We have a bunch of DOS scripts set up though, looking for the folder name to include the ~ in the path, so I'm hoping there is a way to get this set up properly. Anyone have any advice? I don't see why Samba is doing this, or how it could be a good thing. If I had more than 1 folder that was longer than 8 characters, there is no way I'd be able to tell which folder was which with these strange, cryptic names. Other Linux boxes and Windows boxes see the folders just fine, just not DOS. How can I specify how I want these folder displayed? BTW, the Linux box is running Fedora Core 1 with all the latest updates installed. Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SOLVED: Roaming profiles not updating XP
After almost 40 hours of work and testing over 6 computers I have finally figured out the answer to my problem of Roaming profiles not updating. This has occurred with SAMBA versions 2.2.* and later up through and including 3.0.2a (completely clean install in each case, including rebuilding domain, users and groups and smb.conf from scratch). It does not appear to be a SAMBA issue but one with 3rd party products at least in my case. I am posting only to the SAMBA list because I found countless unanswered posts asking this exact question so I hope that at least one person finds this answer helpful. The problem appears to be in the NVIDIA reference drivers at least (perhaps earlier, haven't checked) version 56.64 and later (to 56.72 at least) win2k and XP versions and an NT service installed: NVIDIA Display Driver Service. It is used to assist in issues related to macrovision and other auxiliary helper display functions. I can reliably reproduce this result on a FRESHLY installed XP machine with only the reference driver installed immediately after first start up on the domain. The profile is properly copied from the SAMBA server to the client, but on subsequent logouts the profile is not updated on the server, though the client will update their profile as the server copy changes as expected. I have found this to occur on at least 3 cards with NVIDIA chipsets as of yet: Hercules GeForce2 GTS 64MB, Leadtek Geforce3 64MB, and MSI Geforce 5900XT 128MB. Short side of the story: if the service is enabled ON BOOT, the profiles do not update correctly, if disabled ON BOOT the profiles update correctly. If you change it, you MUST RESTART to see the effect. Also, even if the problem of not updating occurs because of this it APPEARS that just changing this option and rebooting fixes the issue. As a note, this installation is completely fresh. I joined the domain during the installation and did not even change the options in the Local Group Policy editor (mmc / gpedit.mmc). Also, this is pre SP1 so this is not affected by the check profiles for ... fix (which I did not do). If you have any questions, or a more suitable location for this post please let me know! Hopefully this helps someone. Sincerely, Brandon Franzke [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Linux-to-Linux permissions?
Hey list, I'm having some permissions problems with a couple of Linux boxes. I have 1 box set up running as a Samba server for our Windows boxes, which is working great. I also need to have a second Linux box connect to it to run some applications against it. So, I have everything set up in the fstab file to mount the shared drive. That part works great. However, the permissions are always set to 755, and the owner is always root, and the group is always root. This does not work for me, as I need other users to have write access to the share. I have set the permissions on the mount folders to 777 and changed the owner, but as soon as they are mouted they go right back to 755. If I try to do a chmod or chown, I get an Operation no permitted error. Through Gnome, if I try check the permissions I want set, they are unchecked on their own right away! So, I've set my smb.conf file up to force all files and folder to have 777 access by default. No difference. I've tried specifying the rw flag when I mount, the user flag, etc.. but nothing has made any difference. This seems a bit odd to me that there isn't any way at all to set the permissions up properly going between 2 almost identical machines! So, if there's just something I'm missing, or if this is a known limitation in Samba, I'd appreciate any advice on where to go from here. Both boxes are running Fedora Core 1 on ext3 filesystems. Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Any plans to fix Bug 1139 in 3.0.3?
I was wondering if anyone knows if there are any plans to fix Bug #1139 (reproduced below) in version 3.0.3. I haven't tried 3.0.3pre1 yet, but from what I read of the changes it doesn't look like this bug has been addressed. Is there some other work around? This bug is quite annoying as some of our users/administrators would like to use Windows to modify ACLs and we recently migrated SIDs from NT4. I've tried setting the Algorithmic mapping base higher but this doesn't seem to help. Any help would be appreciated. Brandon Turner MSC Computer Operations BUG #1139: How to reproduce that bug: After migrating users from NT4 to samba you get lots of RIDs that do not match the rid algorithm. As one such user, prefereably one with an odd RID, create a new file on some samba share with Linux ACL enabled. Now open the Properties-Security-??? dialog (Eigenschaften-Sicherheit-Berechtigungen in German) and change anything. Add write permission to everyone, for example. Now take a look at that file in the Linux filesystem, specially the ACL on that file. The owner has lost write permission and some group has got full access instead. The GID of this (possible not even existing) group is exactly the result of the RID algorithm calculation. What is happening?: My brief investigations indicate that the function create_canon_ace_lists() from posix_acls.c calls both sid_to_gid() and sid_to_uid() in turn with the same SID just to try if it matches in one case or the other. Unfortunately, sid_to_gid() falls back to algorithmic mapping and in the case shown above it succeeds to calculate a gid out of the migrated users RID. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Any plans to fix Bug 1139 in 3.0.3?
There was a thread from Feb 28 to Feb 29 between Sebastian and Andrew that discussed this in more detail. Basically, it seems that Samba uses algorithmic mapping even when an entry in LDAP indicates that a given SID is associated with an existing UID. Normally people don't experience this bug if they built their user databases from scratch, but if they migrated from NT keeping the old NT SIDs they begin to have correct SIDs and UIDs that don't follow the samba's algorithmic mapping. So it seems when someone trys to use the Windows ACL editor to change the ACLs on a file, Samba changes the Linux ACLs based upon the algorithmic mapping of SID-UID instead of looking the SID up in LDAP first. Hope that makes a little sense. Brandon -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, March 25, 2004 4:59 PM To: Brandon Turner Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Any plans to fix Bug 1139 in 3.0.3? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brandon Turner wrote: | I was wondering if anyone knows if there are any plans | to fix Bug #1139 (reproduced below) in version 3.0.3. I | haven't tried 3.0.3pre1 yet, but from what I read of | the changes it doesn't look like this bug has been | addressed. We'll do out best. The bug report sounds strange though. And we'll probably need to get some more information you at some point. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAY2QzIR7qMdg1EfYRAstHAKDXQQLsVhpZjBx419SBABjitsP8MgCeLpRH WHLsRLKhJx7zjK+WN5VtWZ8= =6Q1L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Log user log-offs
Does anyone know of a way to log when a user logs off using Samba as a PDC. I have Samba 3.0.2a and can log log-ons using root preexec on a share all users mount, however I do not know of a way to log log-offs. We need this data for record keeping purposes. We don't use roaming profiles, so using root postexec is not an option as shares disconnect when not in use. Thanks for any help, Brandon Turner MSC Computer Operations -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.2 Exchange 2003 / Active Directory?
We have semi-successfully set up Samba 3.0.2 and Exchange 2003. Exchange 2003 requires Active Directory, however we wanted to still use Samba as a PDC in our domain. We set up Exchange in a Windows2000 separate domain and then established a one-way trust between the exchange domain and the samba domain (where the samba domain is the trusted domain). We established our users on Exchange and corresponding users on the Samba PDC. Getting Exchange to authenticate off the Samba PDC was tricky but not impossible. In Exchange you must set the msExchMasterAccountSid variable in Active Directory to the Samba domain SID of the mailbox's owner. Microsoft has documented this procedure in KB article 27: http://support.microsoft.com/default.aspx?scid=kb;en-us;27 This procedure will make the Samba SID (account) the owner of the exchange mailbox; the corresponding account in the exchange domain becomes disabled. It is essential to set exchange up this way or else OWA, public folders, mailbox sharing, and other exchange features will not work correctly. It is not enough to just check the Associated External Rights box without following the steps to set the msExchMasterAccountSid variable. Failing to set this attribute will cause Exchange to randomly bounce emails and other features to work sporadically. To get Outlook Web Access to work properly with this setup you must disable Integrated Windows Authentication in IIs for the all virtual directories associated with exchange (exchange, public, exchweb). Instead use Basic Authentication where the domain name is the Samba domain. Be aware this sends the users password unencrypted so be sure you are using SSL when you authenticate a user. This solution will all Exchange to authenticate off the Samba PDC domain when using OWA. We ran into a little trouble when trying to set up the Samba-Windows2000 trusts. When trying two-way trusts, everything would work fine for a few hours, but then Windows2000 would stop letting us view the Samba PDC users (which we needed because we had to associate these accounts with mailboxes). Two-way windows2000 trusts aren't working too well yet it seems, however Exchange only needs a one way trust. The one-way trust solution (with Samba as the trusted domain) has been working fine. Associating Samba accounts with Exchange mailboxes using this procedure may not work for more then 100 or so accounts. I am sure there is a way to do it programmatically, such as KB article 322890: http://support.microsoft.com/default.aspx?scid=kb;en-us;322890 - Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.1
When Might Samba 3.0.1 be out? -- Brandon Lederer Linux Administrator Cashflow Billing Solutions (402) 898-2600 x334 **CONFIDENTIALITY STATEMENT** This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. It is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or agent responsible for delivering or copying of this communication, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please reply to the sender that you have received the message in error, then delete it. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ODD PAM ERROR
That did it, thanks much! John H Terpstra wrote: On Wed, 12 Nov 2003, Brandon Lederer wrote: I Have a nobody account. However I didn't have that line in there, or rather it was commented out. So, I uncommented it, restarted samba and winbind to no avail. No luck with the magic crystal this time. So that we have a clear distinct crystal, I will paste my smb.conf file. My bad. Comments removed. Ok. Much better info this time! :) You are configured to be a domain member, therefor you do not need tdbsam. Also, since you are not doing local authentication you should not specify obey pam restrictions. Both password chat and passwd bprogram are not relevant for a Domain Member. So, comment out the lines above and it should work. Cheers, John T. [global] workgroup = HMS server string = %h server (Samba %v) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = domain encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes guest account = nobody invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false winbind separator = + [data] path = /data public = yes John H Terpstra wrote: On Fri, 7 Nov 2003, Brandon Lederer wrote: I have set up winbind, made the nsswitch settings, joined the current NT Domain, got back the message that said Welcome to Domain. When I try to access the PC, it brings up IPC$ and wants a password. The log for that workstation says PAM: UNKNOWN PAM ERROR (9) during Account Management for User: Domain+USERNAME! Then it says PAM: Account Validation Failed - Rejecting User Domain+USERNAME! Does anyone have any helpful ideas? Brandon, You are asking us to exercise our worn-out crystal balls by not providing your smb.conf file, so here goes: My guess is that your UNIX system does NOT have an account called nobody. I guess also that given that your system does not have a nobody account, you also do not have the following entry in your smb.conf file [globals] section: guest account = 'a_valid_unix_account' So let me know, did my crystal ball work this time. Dang, it's been so unreliable lately! :) - John T. -- Brandon Lederer Linux Administrator Cashflow Billing Solutions (402) 898-2600 x334 **CONFIDENTIALITY STATEMENT** This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. It is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or agent responsible for delivering or copying of this communication, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please reply to the sender that you have received the message in error, then delete it. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ODD PAM ERROR
I Have a nobody account. However I didn't have that line in there, or rather it was commented out. So, I uncommented it, restarted samba and winbind to no avail. No luck with the magic crystal this time. So that we have a clear distinct crystal, I will paste my smb.conf file. My bad. Comments removed. [global] workgroup = HMS server string = %h server (Samba %v) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = domain encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes guest account = nobody invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false winbind separator = + [data] path = /data public = yes John H Terpstra wrote: On Fri, 7 Nov 2003, Brandon Lederer wrote: I have set up winbind, made the nsswitch settings, joined the current NT Domain, got back the message that said Welcome to Domain. When I try to access the PC, it brings up IPC$ and wants a password. The log for that workstation says PAM: UNKNOWN PAM ERROR (9) during Account Management for User: Domain+USERNAME! Then it says PAM: Account Validation Failed - Rejecting User Domain+USERNAME! Does anyone have any helpful ideas? Brandon, You are asking us to exercise our worn-out crystal balls by not providing your smb.conf file, so here goes: My guess is that your UNIX system does NOT have an account called nobody. I guess also that given that your system does not have a nobody account, you also do not have the following entry in your smb.conf file [globals] section: guest account = 'a_valid_unix_account' So let me know, did my crystal ball work this time. Dang, it's been so unreliable lately! :) - John T. -- Brandon Lederer Linux Administrator Cashflow Billing Solutions (402) 898-2600 x334 **CONFIDENTIALITY STATEMENT** This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. It is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or agent responsible for delivering or copying of this communication, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please reply to the sender that you have received the message in error, then delete it. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ODD PAM ERROR
I have set up winbind, made the nsswitch settings, joined the current NT Domain, got back the message that said Welcome to Domain. When I try to access the PC, it brings up IPC$ and wants a password. The log for that workstation says PAM: UNKNOWN PAM ERROR (9) during Account Management for User: Domain+USERNAME! Then it says PAM: Account Validation Failed - Rejecting User Domain+USERNAME! Does anyone have any helpful ideas? -- Brandon Lederer Linux Administrator Cashflow Billing Solutions (402) 898-2600 x334 **CONFIDENTIALITY STATEMENT** This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. It is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or agent responsible for delivering or copying of this communication, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please reply to the sender that you have received the message in error, then delete it. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Failed to compile Samba with SSL
Pavel Shmidt [EMAIL PROTECTED] writes: cd SSLeay-0.9.0b ./Configure linux-elf make make install cd ../samba-2.2.7/source ./configure --with-ssl ... Linking bin/smbd smbd/ssl.o: In function `sslutil_init': smbd/ssl.o(.text+0x2a5): undefined reference to `SSL_library_init' smbd/ssl.o(.text+0x2bb): undefined reference to `RAND_egd' smbd/ssl.o(.text+0x42b): undefined reference to `SSL_CTX_use_certificate_chain_file' smbd/ssl.o(.text+0x5f4): undefined reference to `SSL_CTX_set_tmp_rsa_callback' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 In the past I have generally found this kind of error to be either: the result of using a different version of a library that the one for which a program is designed (so you might want to check and see what particular version of what ssl library Samba needs), or the result of having old or incompatible .h files lying around - say, if I had once installed an older version of ssl and its .h files were the ones samba was picking up, the header files might refer to symbols no longer in ssl (so you might want to check the output of samba's ./configure call to see where it thinks it found the ssl header files, and if that's where your earlier make install really put them). -- Brandon Craig Rhodes http://www.rhodesmill.org/brandon Georgia Tech[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Configuration options used in compiling Debian Samba 3.0 packages
Vetter, Gary H. [EMAIL PROTECTED] writes: Sorry if this is more a Debian question than a Samba one. Are the Debian binary packages for Samba 3.0 on the Samba site compiled with active directory and kerberos support? Is there a general way to tell what options were used when compiling Debian packages? As I normal user, I make an empty temporary directory and run apt-get source samba which downloads the binary source package and unpacks it. I then visit the debian directory inside of the package source tree to see how things were compiled: cd samba-3.0.0final cd debian If you look at the rules file and search for configure you will see the big configure command they use. In the case of the samba package they seem to use neither the option for explicitly compiling ADS support, nor for krb5 support; but we can see that these are by default both built anyway by looking at samba's ./configure --help output: --with-ads Active Directory support (default auto) --with-krb5=base-dirLocate Kerberos 5 support (default=/usr) So the best answer I can give at the moment is: these are not configured explicitly, but, looking at samba-common's dependencies with aptitude it does look like it requires libkrb53, which strongly suggests the presence of Kerberos support. I wonder if there is a file or server somewhere that would show what the output of ./configure or make looked like when a Debian package was built? Then we could see for sure what packages ./configure was able to find and what features it could not support. -- Brandon Craig Rhodes http://www.rhodesmill.org/brandon Georgia Tech[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem with user level security using [homes]
[EMAIL PROTECTED] writes: [homes] ... only user = yes valid users = samba (*** I'd basically like to use %U ***) ... We use valid users = %S, as suggested in (among other places) the Why Can Users Access Home Directories of Other Users? section of the HOWTO at http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection.html Hope this works, -- Brandon Craig Rhodes http://www.rhodesmill.org/brandon Georgia Tech[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] newbie question concerning samba 3.0 and nt domains
I'm very new to the use of samba, I have samba 3.0 configured and running on a slackware 9.1 machine. I have also configured and have running winbind, but I'm confused on how the domain permissions gets set on the samba shares. I have the smb.conf security = domain, and wbinfo successfully grabs the network username and groups but how do I configure the permissions for the NT users and groups. This machine is not a PDC but is a domain member. I have probably confused everyone, but any help would be appreciated... thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 2.2.8a, printer driver download: need to use setdriver
This is the EXACT problem I had. Haven't fixed it either if I have 10 printers upload all the drivers.. for all the OS's... how do I tell which drivers go with which printer? -Original Message- From: Andreas [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:24 AM To: [EMAIL PROTECTED] Subject: [Samba] 2.2.8a, printer driver download: need to use setdriver Hello I'm setting up the automatic printer driver download feature, and it works nicelly except for one little thing: I have to use, on the samba machine, rpcclient's setdriver command to associate a printer with its driver. I didn't see this requirement in the Samba howto, it only mentions setdriver as a way to speed up large installations. Am I missing something? Should windows make this association automatically when it uploads the driver to the samba [print$] share? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 2.2.8a, printer driver download: need to use setdrive r
I used 2k XP to upload 9 drivers for 3 printers (3 OS's each). neither time did any PC auto download them. But any 2k and XP machine could see all 9 drivers on the server. -Original Message- From: Ryan Novosielski [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:51 AM To: Samba Mailing List Subject: Re: [Samba] 2.2.8a, printer driver download: need to use setdrive r How were you uploading drivers in the first place? There is a right and wrong way, apparently. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Thu, 26 Jun 2003, Andreas wrote: On Thu, Jun 26, 2003 at 09:27:32AM -0500, Brandon Lederer wrote: This is the EXACT problem I had. Haven't fixed it either if I have 10 printers upload all the drivers.. for all the OS's... how do I tell which drivers go with which printer? You use the setdriver command, it seems. What I wanted to know is if this is expected or if I'm missing something. Just to make myself clear: setdriver works :) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 2.2.8a, printer driver download: need to use setdrive r
That is exactly it! Now--- documentation on setdriver is where? Lets put this sweetie to a rest. -Original Message- From: Andreas [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:02 AM To: 'Samba Mailing List' Subject: Re: [Samba] 2.2.8a, printer driver download: need to use setdrive r On Thu, Jun 26, 2003 at 09:54:20AM -0500, Brandon Lederer wrote: I used 2k XP to upload 9 drivers for 3 printers (3 OS's each). neither time did any PC auto download them. But any 2k and XP machine could see all 9 drivers on the server. Exactly. XP and 2k can see the drivers (but I didn't try the auto-download feature with these OSs, I only used them for the upload), but when I tried to install a printer in a win98 machine, the automatic download feature only worked after I used the setdriver command on the samba machine. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 2.2.8a, printer driver download: need to use setdrive r
Exactly how I do it So setdriver is the answer wont have time to play with it today. -Original Message- From: Andreas [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:57 AM To: Samba Mailing List Subject: Re: [Samba] 2.2.8a, printer driver download: need to use setdrive r On Thu, Jun 26, 2003 at 10:50:57AM -0400, Ryan Novosielski wrote: How were you uploading drivers in the first place? There is a right and wrong way, apparently. win2k, my network places, find the samba machine, click on it, open the printers icon, right-click on an empty space in that windows, select properties, installed drivers, add new driver, select arch, etc. :) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 2.2.8a, printer driver download: need to use setdrive r
I was indeed talking about Samba2 as well. -Original Message- From: Andreas [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 11:15 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] 2.2.8a, printer driver download: need to use setdrive r On Thu, Jun 26, 2003 at 05:15:09PM +0200, Vizitiu, Ciprian wrote: You seem to be missing the right how-to. Try http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection -3.0-PrintingChapter-11th-draft.html This URL crashes my mozilla, I only have 128M of RAM :) Anyhow, I was talking about samba-2, not 3. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbind error
Did you join the domain successfully? -Original Message- From: Jim Adkins [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 1:10 PM To: [EMAIL PROTECTED] Subject: [Samba] winbind error Hello, I've been working on getting winbind set up and running for quite some time now. I've had absolutly no luck. I've tried mulitple tutorials, and I've always had the same problems. It seems that winbind runs, but doesn't DO anything. I've tried to use wbinfo to ping winbind, and it can't ping it. but by using ps -ea | grep winbindd, I get 15824 ?00:00:00 winbindd so it seems to be running, but just not doing anything. Why would it be running and wbinfo not be able to ping it or pull any info with it? Well, here's my smb.conf file, I've been using SWAT to manage it, and it seems to be working fine for everything else, but I want to be able to have my domain users and groups on my Linux box so that shares can have better security. # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2003/06/20 11:03:53 # Global parameters [global] workgroup = SBH netbios name = SG3 server string = Samba Server %v security = DOMAIN encrypt passwords = Yes map to guest = Bad User password server = MSS1 SERVER3 SBHMX password level = 3 username level = 3 unix password sync = Yes restrict anonymous = Yes log file = /var/log/samba/log.%m max log size = 50 keepalive = 100 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add user script = /usr/sbin/useradd %u delete user script = /usr/sbin/userdel %u logon path = preferred master = No domain master = No dns proxy = No winbind uid = 1-2 winbind gid = 1-2 template homedir = /home/winnt/%D/%U winbind separator = + printer admin = @adm profile acls = Yes printing = cups [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. browseable = No [print$] path = /var/lib/samba/printers write list = @adm root guest ok = Yes Please, can anyone help me out. I've been pulling my hair out for weeks with this. Thank you all in advance. -Jim _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ok, so oplocks: good or bad?
My comment/question leans towards Windows here I cant turn oplocks off in Windows (to my knowledge). Therefore they are always ON. If this is the case, And they dont cause any problems, then WHY do we have to turn them off in Samba? Do they not work properly? -Original Message- From: Mark Roach [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 2:40 PM To: John H Terpstra Cc: [EMAIL PROTECTED]; Jonathan Johnson Subject: Re: [Samba] ok, so oplocks: good or bad? On Fri, 2003-06-20 at 15:38, John H Terpstra wrote: On Fri, 20 Jun 2003, Jonathan Johnson wrote: OK, I don't have a strong understanding of oplocks, but I'm sure someone will correct me where I go wrong. Those interested in the whole OpLock story might benefit from reading chapter 14 'File and Record Locking of: http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.html From this coverage it should be obvious that file locking affects a complex interaction of Client and Server protocols and configuration settings. Please draw your own conclusions. Hi, John. I'm pretty sure I get what oplocks are for and why they are good, I guess my question would be more along the lines of do they work properly in samba? along with the error message that prompts the question. I think the question could be further distilled to Is this an example of oplocks not working properly, or is it something else entirely? I hope my question makes more sense worded that way. Thanks very much, Mark Roach -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Quickbooks revisited
Quickbooks is SO slow, we are having all of the same issues listed here. Our QB file is about 250 MB and is slow as a turtle. It is nearly unusable in a networked environment. If i put the file on the Local Machine, it is fine. It is only Slightly faster on a win2k server, i believe. Im not convinced its samba by any stretch. But can anyone reccomend a better product, cuz this product (QB) is terrible. -Original Message- From: Justin Kreger [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 12:04 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Quickbooks revisited -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Quickbooks revisited
Disabling Norton AV made no noticeable difference. -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 2:11 PM To: 'Brandon Lederer'; [EMAIL PROTECTED] Subject: RE: [Samba] Quickbooks revisited Another possible cause, from a windows newsgroup though.. http://tinyurl.com/er42 Go to google groups and type in 2 keywords: QuickBooks slow You will have a lot of reading to do...there are some good suggestions out there. Quickbooks is SO slow, we are having all of the same issues listed here. Our QB file is about 250 MB and is slow as a turtle. It is nearly unusable in a networked environment. If i put the file on the Local Machine, it is fine. It is only Slightly faster on a win2k server, i believe. Im not convinced its samba by any stretch. But can anyone reccomend a better product, cuz this product (QB) is terrible. -Original Message- From: Justin Kreger [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 12:04 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Quickbooks revisited -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Outlook .pst on a samba share; do or don't?
It's OK to put the .pst files in a user share, just remember that performance across the network is slower than to local hard disk. Are you serious? Hard disks are the slowest operating part of any computer. Unless your workstations have the Ultra320 Raid setups that your servers do I find that the performance is better when using the samba share. Just my experience. If you leave the .pst file in the desktop profile then the whole profile has to be copied across the network into a local profile cache, that can be VERY slow also. Here the greater slowdown is the time taken to log onto and off the network. Brandon Mercer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Outlook .pst on a samba share; do or don't?
Maintenance shouldve only been performed when everyone was out of the files. There is an easy way to see who is in what files. I dont care if its linux or windows, if you pull thge server while the file is open, the file will be corrupt. -Original Message- From: Florian Stahl [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 8:30 AM To: [EMAIL PROTECTED] Subject: RE: [Samba] Outlook .pst on a samba share; do or don't? I only would like to put into consideration that I corrupted my outlook.pst file and lost a lot of messages while I had outlook open and the client lost connection due to service maintenance on the linux server. And the Inbox-Repair-Tool from Microsoft didnt do a good job at all to resume the information. kind regardez Florian Stahl ([EMAIL PROTECTED]) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brandon Mercer Sent: Wednesday, June 11, 2003 2:58 PM To: John H Terpstra Cc: [EMAIL PROTECTED]; Vizitiu, Ciprian Subject: Re: [Samba] Outlook .pst on a samba share; do or don't? It's OK to put the .pst files in a user share, just remember that performance across the network is slower than to local hard disk. Are you serious? Hard disks are the slowest operating part of any computer. Unless your workstations have the Ultra320 Raid setups that your servers do I find that the performance is better when using the samba share. Just my experience. If you leave the .pst file in the desktop profile then the whole profile has to be copied across the network into a local profile cache, that can be VERY slow also. Here the greater slowdown is the time taken to log onto and off the network. Brandon Mercer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] win bind authentication
You guys got the encryption on? -Original Message- From: Tod B. Schmidt [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 12:38 PM To: [EMAIL PROTECTED] Subject: Re: [Samba] winbind authentication I am getting this same error when trying to authenticate. Very frustrating because everything else works, wbinfo, getent. I can login to Win2K server wth kerberos, but I always see NT_STATUS_NO_LOGON_SERVERS when trying to authenticate. [EMAIL PROTECTED] etc]# wbinfo -a user+password plaintext password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user user+password with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user user+password with challenge/response The only other thing that fails is wbinfo -t [EMAIL PROTECTED] etc]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_UNSUCCESSFUL (0xc001) Could not check secret I have joined the computer to the domain but am just beating my head against this issue. Any thoughts out there? TIA, T Schmidt I am having the same issue. I am running Samba 3 Alpha 24 trying to connect to a W2K3 Server with AD. If I getent or chown I can see all my domain users, but sshd, login, etc (PAM apps) cant see the accounts. When I try to login to the console as a AD user or SSH I get the following in /var/log/messages Jun 2 20:38:58 gonzo pam_winbind[1900]: request failed: No logon servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS The issue is when I do wbinfo I can see everything My config is as follows: [global] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OpenLDAP Administration for Samba3
I am looking for an LDAP client to manage the LDAP server that we are going to use when we switch to samba3. A Windows variety would be OK, a web interface would be even better. Just looking for suggestions to try. Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] I get the following error....
I believe you need to put a sharename after that -Original Message- From: Braden Orr [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 5:06 PM To: [EMAIL PROTECTED] Subject: [Samba] I get the following error When attempting to connect from whatever version comes standard with Mac OS X to Windows XP... I select which computer I wish to connect to in my network, a pop-up prompts me for my password, i enter it, and a 'Connecting To Server' box appears. it says Connecting to smb://IPaddy with a progress bar beneath it, yet abruptly cuts off short with the following message: An error has occurred (error = -5023). What the heck am I to do? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Quickbooks revisited
I did testing on generating this report from a 130 MB Quickbooks file. Locally, 15 seconds. Samba Server, 1:35. Shared off of my win98 Workstation, 2+ mins. I do not understand the reason it is SOO slow. I know it is a fairly large file. The only explanation I can come up with is the way QuickBooks is accessing the files. Maybe jumping all around the file, requiring many operations on the file. Can anyone explain this? Opening the Check Register is horrendously slow, generating reports is slow. Its all around SLOW. I Know QB is slow, but its not this bad. Thanks In advance, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Database Sharing
I have a small problem that when a shared database gets saved by someone in the group it sets the wrx bits to 700 or 766. This prevents the next person to use the database from having read access to the file or some such. Is there any way that I can set this share folder to save with the owner root.users and with the permissions 766. Every time one of the users in the group modifies the database and saves it, the file takes on that users owner and group... i.e. bmercer.bmercer rwx-rx-rx or somesuch. Thanks for the help Brandon Mercer -- Brandon Mercer [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Admin Please read RE: [Samba] Re: Submited (004756-3463)
Admin please remove this person. he keeps spamming the list -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 4:53 AM To: [EMAIL PROTECTED] Subject: [Samba] Re: Submited (004756-3463) Please see the attached file. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 Testing
I am trying to test Samba3 in our environment. I used to use smbpasswd -j domain to join the machine to the domain. Now I need to do net join something, but I am having difficulty figuring out what exactly I need to do to make it work. Thanks Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind crash (Samba 3)
Winbind Starts just fine, log as follows: [2003/06/06 15:39:01, 1] nsswitch/winbindd.c:main(802) winbindd version 2.999+3.0.alpha24-3 for Debian started. Copyright The Samba Team 2000-2003 [2003/06/06 15:39:01, 0] passdb/pdb_smbpasswd.c:pdb_init_smbpasswd(1562) idmap uid range defined, non unix accounts enabled [2003/06/06 15:39:01, 1] nsswitch/winbindd_util.c:rescan_trusted_domains(168) scanning trusted domain list But then, I wbinfo -g or a wbinfo -u, and it crashes: [2003/06/06 15:39:20, 1] nsswitch/winbindd_util.c:add_trusted_domain(140) Added domain HMS [2003/06/06 15:39:20, 1] nsswitch/winbindd_util.c:rescan_trusted_domains(168) scanning trusted domain list [2003/06/06 15:39:20, 0] lib/fault.c:fault_report(36) === [2003/06/06 15:39:20, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 15552 (2.999+3.0.alpha24-3 for Debian) Please read the appendix Bugs of the Samba HOWTO collection [2003/06/06 15:39:20, 0] lib/fault.c:fault_report(39) === [2003/06/06 15:39:20, 0] lib/util.c:smb_panic(1463) PANIC: internal error [2003/06/06 15:39:20, 0] lib/util.c:smb_panic(1470) BACKTRACE: 16 stack frames: #0 /usr/sbin/winbindd(smb_panic+0xc9) [0x80aa831] #1 /usr/sbin/winbindd [0x809c082] #2 /lib/libc.so.6 [0x4015c9c8] #3 /usr/sbin/winbindd(cm_get_lsa_handle+0x3e) [0x8075862] #4 /usr/sbin/winbindd [0x8077c4c] #5 /usr/sbin/winbindd [0x807228c] #6 /usr/sbin/winbindd(rescan_trusted_domains+0xc5) [0x806fcd9] #7 /usr/sbin/winbindd(init_domain_list+0xa9) [0x806fead] #8 /usr/sbin/winbindd(domain_list+0x19) [0x806f895] #9 /usr/sbin/winbindd(winbindd_list_users+0xa7) [0x806d123] #10 /usr/sbin/winbindd(ber_scanf+0x6e1) [0x806ae8d] #11 /usr/sbin/winbindd(winbind_process_packet+0x1d) [0x806b125] #12 /usr/sbin/winbindd(strftime+0x1c13) [0x806b91f] #13 /usr/sbin/winbindd(main+0x338) [0x806bdec] #14 /lib/libc.so.6(__libc_start_main+0xdd) [0x4014ba51] #15 /usr/sbin/winbindd(chroot+0x31) [0x806a81d] Any ideas? Thanks in advance. Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Oplocks
I have read that I need to turn oplocks off for QuickBooks. I think I understand what Oplocks are. I also believe I understand why I need to turn them off. But in Windows, where is this option? Are Oplocks always on in windows? If this is the case, I reiterate why do I need to turn them off in Samba? **CONFIDENTIALITY STATEMENT** This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. It is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or agent responsible for delivering or copying of this communication, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please reply to the sender that you have received the message in error, then delete it. Thank you -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Archive attribute
Our tape backup software (run through windows) backs up items based on whether the archive attribute is set or not. If it is set, then it needs to be backed up. Then it removes the attribute. When a user modifies a file, the attribute is again set. This is how it normally works. Samba will not allow the Archive Attribute to be unchecked. Is there anyway to allow this functionality. Samba 2.2.8a also is the option available in Samba3? **CONFIDENTIALITY STATEMENT** This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. It is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or agent responsible for delivering or copying of this communication, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please reply to the sender that you have received the message in error, then delete it. Thank you -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Archive attribute
Incremental backups is exactly what I am going after. I am not sure whether I will be able to accomplish this or not. -Original Message- From: Rick Segeberg [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 2:31 PM To: [EMAIL PROTECTED] Subject: RE: [Samba] Archive attribute I think this (below) is what you're looking for (from the smb.conf documentation). However, I don't think it will accomplish (I haven't tried it though) your goal. Sounds like you're trying to do incremental/differential backups. Since there are no archive bits for your windows backup server to look at, it doesn't know what's changed. You need software that keeps a database of what's been backed up when and can make decisions based on modified dates. There are several linux based backup packages that can do that, as well as some enterprise level backup software with linux agents/clients that do it also. Most are pretty expensive. The one I decided to to use is Novanet from Novastor, mostly due to price and it worked. I have to say it's not the fastest backup software I've used, but it gets the job done. Rick S. From smb.conf documentation: == map archive (S) This controls whether the DOS archive attribute should be mapped to the UNIX owner execute bit. The DOS archive bit is set when a file has been modified since its last backup. One motivation for this option it to keep Samba/your PC from making any file it touches from becoming executable under UNIX. This can be quite annoying for shared source code, documents, etc... Note that this requires the create mask parameter to be set such that owner execute bit is not masked out (i.e. it must include 100). See the parameter create mask for details. Default: map archive = yes === -Original Message- From: Brandon Lederer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 1:16 PM To: [EMAIL PROTECTED] Subject: [Samba] Archive attribute Our tape backup software (run through windows) backs up items based on whether the archive attribute is set or not. If it is set, then it needs to be backed up. Then it removes the attribute. When a user modifies a file, the attribute is again set. This is how it normally works. Samba will not allow the Archive Attribute to be unchecked. Is there anyway to allow this functionality. Samba 2.2.8a also is the option available in Samba3? **CONFIDENTIALITY STATEMENT** This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. It is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or agent responsible for delivering or copying of this communication, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please reply to the sender that you have received the message in error, then delete it. Thank you -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba * This e-mail may contain privileged or confidential material intended for the named recipient only. If you are not the named recipient, delete this message and all attachments. Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited. We reserve the right to monitor e-mail sent through our network. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Archive attribute
Setting up a test machine to do this on. Will make sure to report back Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Who is using the file?
smbstatus tells me someone is using file x with PID y. How do I find out who is using the file? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow performance with QuickBooks
I am also fairly confident that this organization IS outgrowing QuickBooks. However, I am using win9x machines to transfer to this server, and only able to see a few MB / second say 2 or 3 MB/sec (VIA FTP... eliminating Samba from the whole Picture). Samba is a little better than FTP speed wise, but not much. Win XP and FTP can transfer at 6-7,sometimes even 8 MB/sec. I swear I've checked everything. What could possibly be causing this. -Original Message- From: CLIFFORD ILKAY [mailto:[EMAIL PROTECTED] Sent: Sunday, June 01, 2003 4:26 PM To: [EMAIL PROTECTED] Subject: Re: [Samba] Slow performance with QuickBooks At 02:25 PM 28/05/2003 -0500, Brandon Lederer wrote: I have spent much of the day today researching performance tuning with samba. I have tried everything that I can find out about how to make performance faster. I checked disk performance with Bonnie, installed FTP and tested a transfer that way, achieving 6-7 MB / second. about 30 seconds for 150 MB file. I was finally able to achieve those speeds on a file transfer to the server through samba. But QuickBooks is still just as slow as it was. Its performance has not changed a bit. I am banging my head against the wall on this. I am going nuts. Please Help. I doubt it has anything to do with Samba. Have you tried to run QB on a Windows file server on the same or similar hardware? I suspect what you are running up against is an architectural limitation of QB. Many low end databases have abysmal performance in a multiuser situation and I doubt QB is any different. If you instrument your network, say with Ethereal, you will probably find that there is an incredible amount of network traffic as QB clients hit the QB data file on your Samba server. QB does not use a client/server architecture so even the simplest queries ship large data sets across the wire to the clients. It isn't just data but indexes as well that gets sent back to the client. Add a good measure of badly implemented locking in the database and you have a recipe for molasses slow network performance. Microsoft Access is also notorious for sluggish performance when you have more than a handful of clients accessing a .mdb file across the network so the problem is hardly unique to QB. Windows apps tend to like using opportunistic locking to improve perceived performance but the problem with that is the potential for database corruption. If you turn op locks off, which is the safe thing to do, performance will suffer. Many small businesses run blissfully ignorant of how vulnerable their data is in products like QuickBooks and Simply Accounting and many of them are lucky most of the time. However, when things blow up with these low end products, and they do on occasion, they blow up pretty spectacularly, particularly with larger accounting data files. Assuming further testing proves that Samba, something specific to your server, a bad networking component such as a driver, card, cable, jack, or switch is not the culprit and you conclude that it is after all an architectural limitation, if you cannot live with the poor network performance of QuickBooks, you may want to consider an accounting application that is better designed. I'm evaluating SQL Ledger http://www.sql-ledger.org which is an Open Source client/server product. Regards, Clifford Ilkay Dinamis Corporation 3266 Yonge Street, Suite 1419 Toronto, Ontario Canada M4N 3P6 Tel: 416-410-3326 mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Woo
The list is back up! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Inefficient Winbind behavior?
I believe you can tell when the server joins the domain what the PDC is (just make it the LOCAL BDC) also maybe an option in smb.conf. Sounds like the delay could be while winbind is updating. Have you done the getent passwd or getent group? how long does it take to pull through winbind? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2003 10:51 AM To: [EMAIL PROTECTED] Subject: [Samba] Inefficient Winbind behavior? Hello all, I'm having an issue with Winbind and I'm not sure if it's occurring by design or not. My Samba server resides in a Windows NT domain and uses winbindd to authenticate to a mixed-mode 2003 domain over a trust relationship. Everything works the way it ought to. However, every so often my users experience delays of anywhere from 30 to 60 seconds when connecting to a share, instead of the share being instantaneously available, as is normally the case. I've done some investigating and have found that winbindd queries WINS for a domain controller for the 2003 domain, which it finds just fine and is able to authenticate users against. However, the problem is that the server it's finding is on a different subnet, connected via a T1 WAN link. So it uses the remote server instead of a local 2003 DC, which is acting as a BDC, that resides on the same LAN as the Samba server. Shouldn't winbindd use the local DC? Can I configure it to do so? I'm fairly convinced that authenticating over the WAN link is causing the delays I'm experiencing. Any ideas are welcome. Thank you. Please include my e-mail address in all replies. Sven Ruth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Buffer sizes
What could possibly be my network problem (because I believe there may be) when a SO_SNDBUF=512 SO_RCVBUF=512 is the FASTEST??? This just isn't making any sense to me at all. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow performance with QuickBooks
I used an Excellent Loaded WINXP computer today. Samba is outspeeding FTP. Approaching 7 MB / sec on reads, 6 MB / sec on writes. Linux sees these speeds on FTP. Unable to test sambaclient on Linux. This isn't anything to complain about, albeit there is _better_. But a decent 98SE machine cant touch these speeds. Is there any explanation as to why? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Slow performance with QuickBooks
I have spent much of the day today researching performance tuning with samba. I have tried everything that I can find out about how to make performance faster. I checked disk performance with Bonnie, installed FTP and tested a transfer that way, achieving 6-7 MB / second. about 30 seconds for 150 MB file. I was finally able to achieve those speeds on a file transfer to the server through samba. But QuickBooks is still just as slow as it was. Its performance has not changed a bit. I am banging my head against the wall on this. I am going nuts. Please Help. Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba