Re: [Samba] Samba printing fails for Windows clients, was working, now fails...
On Wednesday 21 December 2005 12:55, activity superstore wrote: Hi all The printing via Samba+Cups has stopped working. I'm using Mandrake 10.0 Official as a Samba server for file sharing and printing on a Windows network. Printing from a WindowsXP client to the Samba server now fails and I don't know why it has suddenly stopped, it used to work. File sharing still works okay. There are on no errors logged on the Linux Samba box, the Windows application you try to print from just says not responding. I have used Knoppix as a client and the printing works from Samba, so it is just a Windows client to Linux Samba issue, but I can't figure it out. Any ideas? Samba version samba-server-3.0.2a-3mdk Last update available for 10.0 was 3.0.10. Kernel 2.6.3-4mdk Mandrake 10.0 official Which is no longer supported by security updates, please consider upgrading. Regards, Buchan -- Buchan Milne B.Eng,RHCE(803004789010797),LPIC-2(LPI74592) pgp86HjDjYb21.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21 Available for Download
On Tuesday 20 December 2005 22:45, Gerald (Jerry) Carter wrote: === Done with Fish. -- John Laroche (Adaptation) === Release Announcements = This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. Please read the following important changes in this release. Common bugs fixed in 3.0.21 include: o Missing groups in a user's token when logging in via kerberos o Incompatibilities with newer MS Windows hotfixes and embedded OS platforms o Portability and crash bugs. o Performance issues in winbindd. New features introduced in Samba 3.0.21 include: o Complete NTLMv2 support by consolidating authentication mechanism used at the CIFS and RPC layers. o The capability to manage Unix services using the Win32 Service Control API. o The capability to view external Unix log files via the Microsoft Event Viewer. o New libmsrpc share library for application developers. o Rewrite of CIFS oplock implementation. o Performance Counter external daemon. o Winbindd auto-detection query methods when communicating with a domain controller. o The ability to enumerate long share names in libsmbclient applications. Download Details The uncompressed tarball and patch files have been signed using GnuPG (ID 157BC95E). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.21.html Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Packages for Mandrake 10.1 (i586), Mandriva 2005le (i586 and x86_64) and Mandriva 2006 (i586 and x86_64) are available from http://anorien.csc.warwick.ac.uk/mirrors/buchan/samba/ . These packages are not officially supported by Mandriva (and I haven't been able to do much testing yet), so please send any feedback to me directly. Regards, Buchan -- Buchan Milne B.Eng,RHCE(803004789010797),LPIC-2(LPI74592) pgpJatos9j5MA.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as a domain controller for Linux workstations?
On Mon, 29 Aug 2005, Nathan Vidican wrote: If one were to standardize on a specific window manager/desktop environment, one could accomplish much of the same effect as 'windows domain control', including some control over the desktop environment/settings. Given the following example for kde: Typical Linux Desktop: /home mounted via NFS - user homedirs exist in NFS share /home/kde - either simlink'd or configured at compile time to the equivelent of /usr/local/share/kde, (kde 'default'/'master' settings) Kiosk would be better for this. Users, groups, passwords, MTA aliases, etc.. stored in LDAP, accessed using pam_ldap nss_ldap combined. Poof! - You've got yourself a 'linux domain controller', assuming the end-user never has root access, you could with a little work really tweak what they can and cannot access using a given window manager/desktop environment by write-protecting config files, etc. Well, assuming KDE ... you may also be able to have KDE settings in LDAP: http://bugs.kde.org/show_bug.cgi?id=101716 Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Printer driver auto upload.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
|
| I have a third party file manager that I use to get Administrator access
| to XP just like you can with konqeror. It is called FileAnt and it
| totally rocks... but I digress.
|
| I've noticed that I can't browse to my print$ share despite the
| following settings:
|
| | [printers]
| | comment = All Printers
| | path = /var/spool/samba
| | printer admin = root
| | guest ok = Yes
| | printable = Yes
| | browseable = No
| |
| | [print$]
| | comment = Printer Drivers
| | path = /var/lib/samba/printers
| | read only = No
|
| Here is what is especially strange. If I click on the printer icon with
| FileAnt I get this:
|
| \\Enigma\::{2227A280-3AEA-1069-A2DE-08002B30309D}
|
| Enigma is the name of my server but what is the SID type info for?
It's a class id, not a SID.
| If I paste it into an explorer box I get the printers subdirectory also.
|
| Q: Is the printers subdirectory synonymous with \\Enigma\printer$ ? If
| this is the case than I am actually browseing it however I can still not
| create a directory despite the settings above.
|
| I've also noticed something else strange with the perms:
|
| | [EMAIL PROTECTED] 0 samba]$ ls -l printers
| | total 20
| | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 W32ALPHA
| | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 W32MIPS
| | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 W32PPC
| | drwxrwsr-x 3 root adm 4096 Dec 6 19:33 W32X86
| | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 WIN40
| | [EMAIL PROTECTED] 0 samba]$
|
| What is the S for?
setgid
| Somehow I doubt it is supposed to be there.
How else would you sure that the group ownership of the files will
*always* stay correct (access controls should always be applied at the
filesystem level if possible, rather than the share definition).
Anyway, you could check with 'rpm -V' and see that they are as packaged.
Regards,
Buchan
- --
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.EngRHCE (803004789010797)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBtxJkrJK6UGDSBKcRAqr3AJ40HuM61Z0mGYW0FRdg6NOfjjV1IQCfUxI6
IL5gkX+ykBgxXy4XadStT9o=
=vqvZ
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] join domain - ou=people searched for machine accounts?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Subject: | [Samba] join domain - ou=people searched for machine accounts? | From: | jo / ak [EMAIL PROTECTED] | Date: | Sun, 15 Aug 2004 22:12:19 +0200 | To: | [EMAIL PROTECTED] | | When I try to join a domain from a win2k client to a samba 3.0.5 | PDC, I get the message User not found. I use ldapsam, which | works fine in all other respects. | | The strange thing is that the smbldap-useradd scripts terminates | with 0, the machine account is created under ou=systems in the | ldap database - all looks fine. Then a ldap search is triggered | with a base ou=people, nothing is found, and the error | occurs. | | As workaround, I used smbldap-useradd without the -w. The | entry | is created under ou=people, and the join is finished | sucessfully. | | | [2004/08/15 21:29:27, 3] | rpc_server/srv_samr_nt.c:_samr_create_user(2245) | _samr_create_user: Running the command | `/usr/local/sbin/smbldap-useradd -w at-4$' gave 0 | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam(293) | Finding user at-4$ | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(223) | Trying _Get_Pwnam(), username as lowercase is at-4$ | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(239) | Trying _Get_Pwnam(), username as uppercase is AT-4$ | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(247) | Checking combinations of 0 uppercase letters in at-4$ | [2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(251) | Get_Pwnam_internals didn't find user [at-4$]! | | | | Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 BIND | dn=CN=SAMBA MANAGER,OU=SAMBA,DC=AKWEB,DC=DE method=128 | Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 RESULT tag=97 | err=0 text= | Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 ADD | dn=UID=AT-4$,OU=SYSTEMS,DC=AKWEB,DC=DE | Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 RESULT tag=105 | err=0 text= | Aug 15 21:29:27 at-12 slapd[2881]: conn=1393 op=2 UNBIND | Aug 15 21:29:27 at-12 slapd[2881]: conn=-1 fd=35 closed | Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SRCH | base=ou=People,dc=akweb,dc=de scope=1 | filter=((objectClass=posixAccount)(uid= | at-4$)) | Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SEARCH RESULT | tag=101 err=0 text= | Aug 15 21:29:27 at-12 slapd[3817]: conn=1392 op=1 UNBIND | Aug 15 21:29:27 at-12 slapd[3817]: conn=-1 fd=36 closed | Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SRCH | base=ou=People,dc=akweb,dc=de scope=1 | filter=((objectClass=posixAccount)(uid= | AT-4$)) | Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SEARCH RESULT | tag=101 err=0 text= | Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=31 closed | Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=32 closed | This is nss_ldap trying to do the equivalent of 'getent passwd AT-4$', since that is what samba asked (samba needs to have a uid for the machine at present). | from smb.conf | | passdb backend = ldapsam:ldap://at-12 | add user script = /usr/local/sbin/smbldap-useradd -a -m | %u | add machine script = /usr/local/sbin/smbldap-useradd -w | %u | ldap suffix = dc=akweb,dc=de | ldap machine suffix = ou=Systems | ldap user suffix = ou=People | ldap group suffix = ou=Groups At present, you need to configure your nss_ldap that it searches in both the user suffix and the machine suffix for user accounts ... with your current directory layout, the only option (AFAIK) is to have a suffix of dc=akweb,dc=de and a scope of sub in your nss_ldap ldap.conf. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBIPdhrJK6UGDSBKcRAnBBAKCmFv1cASFI/88waYKNzqok4r1CKQCfYYwA qoLZd7nywbnenIczeq4mdZI= =+hrb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't locate Net/LDAP.pm in @INC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Subject: | Re: [Samba] Can't locate Net/LDAP.pm in @INC | From: | Paul Gienger [EMAIL PROTECTED] | Date: | Thu, 12 Aug 2004 14:36:34 -0500 | To: | Sp0oKeR Labs [EMAIL PROTECTED] | CC: | [EMAIL PROTECTED], Pari [EMAIL PROTECTED] | | Sp0oKeR Labs wrote: | | Try | #perl -MCPAN -e 'install Net::LDAP' | | | Perhaps a more universal answer for posterity... | | The smbldap-tools package requires that you have LDAP support in your | perl installation. If you are using an RPM based linux distribution | you could try to search your RPM repository for a perl-ldap package | (Fedora Core 2 has one, that's the only linux distro I have on hand | ATM) since it's better to use rpm whenever you can in a rpm system. | This will also make sure that you get the module where the system | wants it as apparently you may be having a problem there. If the answer wil lbe for posterity: 1)Mandrake has included the smbldap-tools as part of samba since about 2.2.5 2)perl-ldap has been in main since about Mandrake 9.1 3)samba-ldap mostly works out-the-box since 10.0 (which is when samba3 moved to main),since perl-ldap is required by samba-server. Just uncomment the sample configurations in the provided smb.conf, change the values in /etc/samba/smbldap_conf.pm to your liking, run smbpasswd - -w $password, and smbldap-populate. Look for more features in the new version of Mandrake Corporate server ... 4)Fedora 2's perl-ldap packages seem not to have SSL support (since some perl SSL modules are not provided), meaning a wonderful security hole unless you install the required packages manually. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBHO4drJK6UGDSBKcRAgVNAKDKStjBm57/k+fTVFFsiuAWOw2CHQCeJkzj /Ci8giNdbXasR8fiWRrFa2Q= =ZrgA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba/LDAP/PDC Questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Gienger wrote: | | | 1. In what situtation do I need People group as the group for | | machines? | | In the case where you use: | nss_base_passwdou=Users,dc=ab,dc=com?one | | If you use: | nss_base_passwddc=ab,dc=com?sub | | | | Would people please stop suggesting this without explaining the | ramifications? When people stop giving the other reply (that it is impossible). | If you do this, you are going to (theoretically)(1) | severely harm the performance on your server. Yes, for only the LDAP clients which are samba servers. | Setting the nss library | to do a search on the 'entire' directory every time it needs to look up | user information is asinine to put it in a word. That really depends on the structure of your LDAP server. And, you are also ignoring the fact that nss_ldap will use a search fileter for the specific user - and doing a search for ((objectclass=posixAccount)(uid=)) isn't going to be much slower for most small implentations. Then of course, there's always nscd ... If you've tuned your LDAP server, it should be getting most of the entries out of cache anyway. | It's like doing this | in DNS terms... rather than looking for a machine named | 'something.else.com' in the dns servers for else.com you go ask .com who | then goes in and asks else.com by proxy. Doing the first example (the | one searching with ?one) you are restricting searches to a respectable | scope, doing the second you are searching all OUs which may be numerous | and deep (in our LDAP tree we have 10 OUs, two of which are at least 3 | levels deep). If your OUs are so deep, you should be able to have a deeper search filter. I suggested reducing the depth of the search by one level and increasing the scope. If there was already a huge and complex DIT, that still would not have made a big impact. | You would be better served by defining ou=Computers and ou=People under | something like ou=Accounts (which would give you DNs of | ou=Computers,ou=Accounts,dc=ab,dc=com and | ou=People,ou=Accounts,dc=ab,dc=com) | Sure, but the user *first* wanted to get something working ... he didn't ask on the generic LDAP list how to structure his directory for efficient searching (the samba list is the wrong place to ask these questions anyway). | and then then set: | nss_base_passwdou=Accounts,dc=ab,dc=com?sub | | | Note that I'm not saying that doing a sub search is necessarily bad, | just when you are searching your entire ldap DIT, especially for | something that happens as often as passwd lookups. If your LDAP server is tuned and indexed well enough, queries that happen so often should cost nothing. | (1) I say theoretically because I've never tried it, it's a Bad Idea(C) | from the word go. There are a lot of other things that I haven't tried | that are bad ideas but I can safely say they are also dangerous, such as | sticking forks in my eyes and jumping off cliffs. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBAP8orJK6UGDSBKcRAvOlAJwOXIGWe5YzmtVIO+AFJg5Vn37idQCgrDTG KqZ1ZXGDjLyPeN49b8CY2fw= =qvFj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba/LDAP/PDC Questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Subject: | [Samba] Samba/LDAP/PDC Questions | From: | [EMAIL PROTECTED] | Date: | Mon, 19 Jul 2004 21:10:29 + (UTC) | To: | [EMAIL PROTECTED] | | Greetings! | | I created a Samba/OpenLDAP/smbldap-tools Primary Domain Controller. So far | I am able to do the folowing: | 1. Using USRMGR,EXE to administrating users and groups. | 2. Adding Windows 2000, XP workstation on the fly. | 3. PDBEDIT/SMBLDAP-TOOLS/GQ all works as they suppose to. | 4. LDAP autheticate unix accounts. | | However, I am not able to to the following: | 1. Cannot joint an NT machine (SP6a) into the domwin. It keeps | saying that the Machine account is not available or not accessible even | if I manually added the machine account manually using smbldap-useradd | NT$. | 2. Cannot use SRVMGR.EXE to add machine to domain. It complains | Access Denied, though I can do other things like change the permission | of a share etc. | 3. Cannot join an existing domain after I configure it as a BDC | with the PDC's SID. It complains Failed to setup BDC creds. | | It looks like the communication between samba and openldap is OK since I | can managing user/group with USRMGR.EXE. However, a few questions puzzles | me: | 1. In what situtation do I need People group as the group for | machines? In the case where you use: nss_base_passwdou=Users,dc=ab,dc=com?one If you use: nss_base_passwddc=ab,dc=com?sub then you can have machine accounts anywhere you like under dc=ab,dc=com Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA/lscrJK6UGDSBKcRAlmKAJ4z1HLpysdmbleQbv3+lW7IHblOvACeJ5nn FSzpemqu+CZdgaFGwhmXNII= =tlrI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [EXPERIENCES] with OpenLDAP and Samba and Redundancy ???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | hi | | i'm looking for hints/experiences concering samba v3, openldap AND redundancy | | my setup is: | | Samba PDC with LDAP Master | Samba BDC with LDAP Slave | Samba Member Server, contacting first PDC, then BDC if the first fails | | if all instances are working properly, everything is okay | replication is also fine (from Master - Slave) | | and now imagine: | | LDAP Master dies | all smbd are contacting LDAP Slave and make their changes in the Slave directory They won't be making changes, since you can't make changes against a slave. The slave will return an error and a referral to the master (which is down), so your changes will fail, but existing accounts will work. | cause replication only works from Master-Slave, if Master comes up again, i have inconsistency in my LDAP Backends No you don't, unless your slave is misconfigured. | e.g. a machine changes its machine password in Slave directory and can't logon anymore cause the password change isn't replicated on Master | It's password change attempt will fail. | we also tried to setup slurpd (LDAP replication) on both LDAP Servers - - if both are up, everything is okay, if one is down, changes are made in one directory, samba tells me it fails (e.g. changing passwords), allthough it changes the attributes and so on | Your configuration is broken. | so the problem is: if Slave dies, everything should go on working, because PDC/BDC use at first LDAP Master | if slave comes up, replication is done properly | | but if Master dies, i get an inconsistent domain | You have a serious problem if your slave is accepting changes. | how do you get redundancy in your LDAP backend? | PDC/BDC redundancy works well, the single-point-of-failure is LDAP Only if you've mis-configured it. Note that these questions don't really have anything to do with samba, you may want to ask on the openldap list. Do you *really* need such a waste-of-bandwidth sig? | | Matrix - more than a vision | | ** | Michael Gasch | |- Central IT Department - | | Max Planck Institute for Evolutionary Anthropology | Deutscher Platz 6 | 04103 Leipzig | | Germany | ** | | Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA0xWYrJK6UGDSBKcRAglDAJwL/+Rvr9c6LB4V7U2+cr7tHAHH0QCgg7Jd SfcAdrspn+ut+YJuhO/ZWpQ= =XRV3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sharing users home dirs for Win2003 and linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | | I've setup a linux box with winbind as a member in Win2003 AD and | everything works fine. | I want to share the Win2003 users home dirs with the linux box, i.e. | when a user logs into the linux box, after he's authenticated through | winbind, he should have his home dir from the Windows box, how can I do | that?? Using a CIFS share (especially CIFS without unix extensions) for a linux home directory is most likely not going to be the best option. It would be easier to use one Linux server to serve the home directories via NFS. | Obviously I have to use CIFS to mount the dirs, but how do I maintain | file and dirs ownerships and permissions?? If you are keeping the homes on the win2k3 box (which you should not assume will get you a working linux desktop - console logins work fine but most desktop environments made assumptions about the filesystems of the users home), this is no issue. You just ensure (ie via pam_mount) that the CIFS/smb share is mounted with the uid/gid of the user logging in (easy enough with a single configuration line for pam_mount). If you are using a unix server via NFS, you use the ldap idmap backend, and point all the winbind clients at the same LDAP server (with at least one having write access to it). Then, SID-uid/gui mappings will be consistent. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFArNbkrJK6UGDSBKcRAnetAKCGijJNFYjk4MUQ0pI+Hs1rK+VqgQCfTLIy DdvT3Ri7waaSl3e6U7k8QLw= =9Im2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba-server-3.0.4-2mdk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robin M. wrote: | On Mon, 17 May 2004, Tim Jordan wrote: | | |I'm hoping to find time for configuration against the Openldap server I |built. I really can't believe the Mandrake doc's got me up and running |so quickly. I even created accounts in ldap for fellow staff memebers, |including the boss, and had them log in. Love the pam_mkhomedir |module! | | | [OT] can you explain how you have integrated pam_mkhomedir with and | example of your pam conf files. | I have tried using this a while back but it would not work. Mebbe I will | take another shot at it. This *really* is off-topic, for both samba and openldap lists (but it is useful for people running winbind or nss_ldap), but all you need is (on systems with pam_stack and most files in /etc/pam.d/ setup to stack /etc/pam.d/system-auth) something like the following line in /etc/pam.d/system-auth: session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 The articles Tim is referring to may be of interest (but I really need to get around to updating them ...), and can be found at http://mandrakesecure.net Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAqOSvrJK6UGDSBKcRAlAxAJ9Q2nysfD4CjqpNYbaFFTtROdOTxgCcDeo0 AcVK5Zm35eepRwt3N0aSZK4= =TMXv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind ADS Issues w/ *TONS* of Pre-Research
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Samba Team, | | I've been trying to get my Samba server to authenticate users against a | Windows 2000 Active Directory domain controller, and it just doesn't work. | I've encountered a TREMENDOUS amount of postings from people who have run | into the same issue, and there's never any responses with a resolution. | I must have viewed more than 500 postings over the course of the day. | | I have a seemingly valid Samba configuration file. All of the `wbinfo | -u`, `wbinfo -g`, `getent passwd`, and `getent group` commands work just | fine. Howver, `wbinfo -t` and `wbinfo -a` don't work, and I can't | authenticate users against the domain controller. As an example: | | [EMAIL PROTECTED] samba]# net ads join -U Administrator | Administrator's password: | [2004/05/13 17:49:30, 0] libads/ldap.c:ads_add_machine_acct(1006) | Host account for nasone already exists - modifying old account | Using short domain name -- ECHUDSON | Joined 'NASONE' to realm 'HUDSON-OFFICE.ECEDIINC.COM' | [EMAIL PROTECTED] samba]# net rpc join -U Administrator | Password: | Joined domain ECHUDSON. ^^^ Surely this is redundant? | [EMAIL PROTECTED] samba]# wbinfo -t | checking the trust secret via RPC calls failed | error code was NT_STATUS_UNSUCCESSFUL (0xc001) | Could not check secret | [EMAIL PROTECTED] samba]# | | After trying to do the `wbinfo -t`, I see the following in 'winbindd.log': | | [2004/05/13 17:49:41, 2] | libsmb/cliconnect.c:cli_session_setup_kerberos(535) | Doing kerberos session setup | [2004/05/13 17:49:41, 0] rpc_client/cli_pipe.c:rpc_auth_pipe(336) | rpc_auth_pipe: wrong schannel auth len 24 This looks like https://bugzilla.samba.org/show_bug.cgi?id=1315, where you will find a patch that fixed it for everyone who has tried (including me). The patch is also in the 3.0.4-2mdk packages in Mandrake cooker (and the RPMS for Mandrake 9.1-10 that hopefully should be available soon on the samba mirrors). Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFApNawrJK6UGDSBKcRAm1kAKC4oVmdGXxgDIKPehnslAEG0eED9ACfcXJe LDeLPWp3/Y/fafXfcVMwPmY= =byBX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2 terabyte filesystem limitation on linux client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Hi all. | | I have recently introduced two 5.5TB XFS filesystems to our storage | backend. I export the filesystem via samba 3.0.3 on Fedora core 2. | Linux clients that mount the share show only 2TB available. Windows | clients show the full capacity. Before I put these filesystems into | production I'd like to find out if the reported filesystem size is going | to cause a problem. Is SMB actually limited to 2TB? If so, why do | Windows clients see the full capacity? Is this a limitation of the | samba client software on the linux side? Well, only if you are using samba client software (ie smbclient, but *not* smbmount or mount.cifs). Are you smbmount'ing the share? If so, this may be a limitation in the smbfs filesystem driver in the kernel. You may want to try using the cifs driver (mounting with mount.cifs which is part of samba), which is available in the 2.4 kernels of some distros (ie Mandrake 9.2 and later), and 2.6 kernels for others. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFApNejrJK6UGDSBKcRAvHAAKCYkYBvOgsauwjwQeikqw/sD2cG9QCglUSt 0bOrbI9PtrHGTjs7YpHIzZI= =PvT6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem setting up a Domain with Smb-ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Hi everybody: | | I´m using Samba 3.0.2 (Suse 9.1) with LDAP, and everything works | fine...for workgroups, but when I try to build up a Domain, I do set | up the controller, etc but the Windows machine gives me the log that | appear down under, everything seems ok but I think the problem lies in | these two lines (apprxoimately in the middle) | |Returning domain sid for domain FMDV - S-1-5-21-78767638-71612024-1917398797 |_samr_open_domain: ACCESS DENIED (requested: 0x0211) | Returning domain sid for domain FMDV - | S-1-5-21-78767638-71612024-1917398797 _samr_create_user: | ACCESS DENIED (granted: 0x0201; required: 0x0010) | | But I haven´t find anything in google, so , would anyone be so kind to | help me? thanks in advance Looks like the LDAP dn samba is using does not have permission to create ~ entries where you have told it to create entries in your LDAP tree. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFApNhgrJK6UGDSBKcRAgRQAJ4n136nVyeAk2dIZw+1Un1rQ/YfcACgw/8V amGAgvTkDKCleS/chTiTtvw= =HdsZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] preexec script problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
|
| hi all
|
| i'm running into a little problem when using preexec scripts for the
creation
| of dir's on my samba server
|
| script
| ---
| #! /bin/sh
| name=`getent passwd | grep %U | awk -F: '{print $5}'`
| mkdir /samba/test/$name
| ---
|
| snip of smb.conf
| ---
| [test]
| path = /samba/test
| preexec = /root/script
| browseable = Yes
| writeable = Yes
| valid users = @mygroup
| force group = @mygroup
| create mask = 0770
| force create mode = 770
| ---
|
| anyone have any idea why the dir is not created under /samba/test ?
|
Your users don't have permission to run the scrippt /root/script, and/or
they don't have permission to run create files in /samba/test (or both).
You could just do:
public=no
preexec = mkdir /samba/test %U
or, if you don't want arbitrary users to create arbitrary directories in
/samba/test, rather do:
root preexec = mkdir /samba/test/%U chown %U:%G /samba/test/%U
(it's a waste writing an external script for something that fits into
samba's 256 character limit on configuration entries ...).
Regards,
Buchan
P.S. you should also consider using 'getent passwd $USER' instead of
'getent passwd|grep $USER', the former is faster, will only return one
entry, and won't return any incorrect entries ...
- --
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.EngRHCE (803004789010797)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAokkVrJK6UGDSBKcRAgEgAJ4+4LzW0UHgQtOpHSo/v30bnEDNRACeNkEK
/BsCDKolQBWb9zxyjkancds=
=HOMD
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Digest list - Why are they attached?
On Mon, 10 May 2004, Charles Marcus wrote: I really don't understand this... Virtually *none* of the other email lists I am on send all of the messages as separate attachments - they are forwarded inline. The only other ones that do this are the Openoffice.org lists, and I have the same problem with them. Well, when using pine,it allows me to reply to an individual message in the digest, rather than having to cut-n-paste etc as on other digests. I use Thunderbird, which shows the attachments at the bottom of the window pane (this is not an option), and does *not* allow me to collapse the attachment section. So, this is a Thunderbird bug, that will affect you in many other situations. File a bug on Thunderbird (and at the same time,file one on better support for MIME digests, like the support pine ahs). (Yes, this issue in Thunderbird bothers me too ... and it is *not* present, or a problem, in Mozilla-mail). Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] schannel issue on samba 3.0.3
On Tue, 11 May 2004, Thomas Munck Steenholdt wrote: Ralf Tomczak wrote: Hi there, I've seen a strange thing not reported yet AFAIK. We have W2K DCs with SP3 with Samba 3.0.2a everything works fine in regard to winbind, but with Samba 3.0.3 winbind produces schannel len 24 errors and 'wbinfo -t' and 'id DOMAIN\userid' doesn't work. Note that wbinfo -u|g works well and a join was successful as well. I tried to tune my krb5.conf but in the end I disabled 'client schannel' in smb.conf. Does anyone know what is going wrong exactly? Is there a reasonable security risk? Please take a look at this, add additional info if required. Also not tht 3.0.4 has been released with some winbindd changes among other things, this might be resolved already! https://bugzilla.samba.org/show_bug.cgi?id=1315 No, it's still broken. Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.8a - winbind do I need ACL for letting users change their file permissions?
On Tue, 11 May 2004, Stefano Ciccarelli wrote: Hi, I have a working installation of Samba 2.2.8a on Mandrake 9.2 - kernel 2.4.20 connected to a Win NT 4.0 sp6 via pam/winbind. IIRC, Mandrake 9.2 shipped with a 2.4.22 kernel? If you'vekep up with updates, you should be running 2.4.22-30mdk. Everything works fine except that I cannot give the NT user administrator administrative rights on samba and users cannot change samba file permissions from Win2k/WinXP You could use the admin users per-share parameter to give someusers root access. Here follows my smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2004/04/28 11:35:22 Hmm, another SWAT-mangled smb.conf. Please look at the provided example winbind samba configuration file, /etc/samba/smb-winbind.conf for some examplesfor use with winbind. # Global parameters [global] workgroup = DOMAIN netbios name = SAMBA server string = Samba Server %v security = DOMAIN encrypt passwords = Yes obey pam restrictions = Yes password server = * log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 character set = ISO8859-15 os level = 18 local master = No dns proxy = No winbind uid = 1-2 winbind gid = 1-2 template homedir = /users/%D/home/%U template shell = /bin/bash winbind separator = / winbind use default domain = Yes path = /home admin users = Administrator [homes] path = /users/DOMAIN/home read only = No create mask = 0600 directory mask = 0700 browseable = No wide links = No This share definition is broken. The homes share is special. Please take a look at the one in the example. [felles] path = /users/DOMAIN/felles read only = No valid users = @Domain Users, at Domain_Ansatte,@Domain Admins force create mode = 0775 force directory mode = 0775 I was wondering if there is a simple solution to this problem or if I have to apply the ACL patch to kernel 2.4.20 IIRC, the 9.2 kernels should have ACL support already (at least on ext2/ext3), 9.1 had support for ACLs on XFS/ext2/ext3, 9.0 had support on XFS, and 8.2 had support on XFS. But, if permissions aren't working (users should be able to modify the permissions of files they own), then ACLs won't help you much (as only the owner or root can change ACLs). Of course, also ensure that your permissions changes aren't being prevented by your share definitions. Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] W2k joining a domain controlled by samba 3.0.2a (PDC)
On Tue, 11 May 2004, Rafal Pietrak wrote: Hi all, I've just setup a samba(PDC)+ldap-(no)winbind and it works OK for W98 client, but W2K client isn't able to join the domain. my checklist: 1. ldap works: example$ ldapsearch -LL -x -b 'ou=KAROWA' -s sub '((objectclass=*)(uid=lenec))' **ldap* dn: uid=lenec,ou=People,ou=KAROWA **ldap* uid: lenec **ldap* objectClass: sambaSamAccount **ldap* objectClass: posixAccount **ldap* objectClass: account **ldap* sambaAcctFlags: [U ] **ldap* sambaSID: S-1-5-21-3658755377-320826499-3197562212-1081 **ldap* sambaPrimaryGroupSID: S-1-5-21-3658755377-320826499-3197562212-512 2. libnss-ldap works: example$ getent passwd ; getent group **pass* lenec:x:1081:513:User Lenec:/home/lenec:/bin/false **pass* MORIA$:x:121:65534:Komputer MORIA:/root:/bin/false **group* domainadmins:x:512:lenec **group* domainguests:x:514:501 **group* domainusers:x:513: 3. pam-ldap works: user 'lenec' can access samba shares AND can change his password from a W98 client machine while logged-in to 'domain' (a tree-field login window when loggin into W98). Now, when I test this with W2K: selecting My_Comp- (right-click)Propert- Network_ident- (second-button-from-top)Properties -(lower-box/I-select)Domain=WORKGROUP; I'm asked then for a domain administrator login and password. So, the questions are: (I) Who is this? It needs to be someone who can create accounts via your 'add user' etc scripts. Where in SAMBA configration I tell samba that THIS is domain administrator (capable of doing the above)? (In my 'best gues', I have made user lenec a member of domainadmins with rid=512, but may be it has nothing to do with admin priviledges?). Well, if you use the smbldap-tools, then you would ensure that the group domainadmins has read permissonon the smldap_conf.pmand execute+read rights on the smbldap-scripts and module. And, of course, the LDAP dn in the smbldap_conf.pm needs to have sufficient access to the LDAP server. (II) Then, in samba logfiles (at the end of the e-mail - exerpts, the whole thing is 1MB) I can see, that samba at certain points fails to accept 'somebodies' credencials. I cannot figure out whos credencials they are, and how to change it :(. But, I also tried to add the workstation account directly at samba BEFORE I try to execute the above at the workstation itself. The result is: example$ getent passwd WYDAWNIC-LDC0LG\$ **pass* WYDAWNIC-LDC0LG$:x:6:65534:Komputer \ WYDAWNIC-LDC0LG:/home/hosts: to no avail - the W2K still gets decline from samba. Any clue what's wrong here? Samba needs to be able to change the workstations trust account password ... Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.3 Available for Download
On Thu, 6 May 2004, Chris Garrigues wrote: From: Gerald \(Jerry\) Carter [EMAIL PROTECTED] Date: Thu, 29 Apr 2004 08:27:56 -0500 This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. There have been several issues fixes since the 3.0.2a release and new features have been added as well. See the Changes section for details on exact updates. ... Binary packages are available at ~ http://download.samba.org/samba/ftp/Binary_Packages/ Any idea when we might see Mandrake RPMs here for 3.0.3? As soon as I find out why 3.0.3 breaks winbind on my installation (and vscan doesn't seem to work either). Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Winbind ?
On Thu, 6 May 2004, Talwar, Puneet (NIH/NIAID) wrote: I have a question about Samba and Winbind setup. I have successfully setup Samba, Winbind and Kerberos w/out any problems and I am even able to pull all the info from the AD user list running the wbinfo -u, and -g and the getent passwd as well. The question I have is when it comes time to login to the Linux box from via console using my AD account and password it for some reason fail to do so, so I was wondering do I need to create a local account the linux which has the same username in the passwd file? No, you just forgot to do the pam section of the setup. Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] groupmap not working correctly
On Thu, 6 May 2004, Stephen Touset wrote: Currently, my company is trying to deploy a Samba 3.0 server with an LDAP back end, for domain authentication. Everything's going extremely well so far except for one facet: net groupmap doesn't seem to play well with LDAP. I can make the mappings just fine: hank:/var# net groupmap list Domain Users (S-1-5-21-616220168-3974143565-3883354751-513) - users Domain Admins (S-1-5-21-616220168-3974143565-3883354751-512) - wheel However, when it comes to actually giving these users the permissions, it isn't done. Members of wheel aren't given Administrative privilege on Domain Member machines. And I can't seem to figure out if there's a way to view the membership of a group through Windows dialogs, so I can verify whether or not the correct users are indeed members. Has anyone else had a problem similar to this, or can give me pointers as to where to proceed from here? You need to ensure that the unix group memberships are correct on the domain controller (ie 'groups $user'). Especially since you are re-using pre-existing unix groups (which can cause confusion on the part of the nss service if the groups exist both in local files and in LDAP). I would suggest that you use new unix groups (or be very careful with your nss set up etc). Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 PDC + OpenLDAP + Mandrake 10.0
On Thu, 29 Apr 2004, Wisudanto C Suntoyo wrote: Hi all Need Urgent Help :( Sorry for my late reply, I have been quite busy catching up on package maintenance and on a project on a tight schedule. I' m new to this List... I'm trying to setup a new Samba 3 PDC + OpenLDAP on a Mandrake 10.0 to replace an older server... Cause I need an LDAP Backend for a BDC planned on a remote site, and Samba 3 came along. So I'm following this Doc http://au1.samba.org/samba/docs/man/guide/happy.html This document has a number of errors, and does not address a number of issues that have been taken care of for you in the Mandrake packages of openldap and samba. Additionally, it shows a *very* convoluted method of getting network authentication for unix clients working against unix servers (via wnbind??). Although I haven't had time to update the articles at mandrakesecure.net for OpenLDAP-2.1 and samba3, I think they would still be a better startingpoint. http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php 1. I fail once I get to this step 18 of initialization and creation [EMAIL PROTECTED] root]# net rpc join -U Administrator%My_Pa555 The username or password was not correct. This is the ridiculous part, it's not necessary to run winbind on unix clients when you have a unix LDAP server, so you don't need to join unix clients to the domain. The method I suggest is to add an LDAP account for 'root, for example by using the openldap-migration package. Then, you will be able to set this root user's smb password (via smbpasswd -a), and use that account to join machines to the domain. Additionally, if you have users who are members of the adm group with smb passwords, they should also be able to join machines to the domain. I've Tried changing the pass a few times with the smbldap-passwd tool nothing changed 2. I also cant seem to authenticate my Administrator user (uid=0) to add Machine accounts... an unknown username or bad password error comes up Any Ideas Regards Wisu LDAP log --- From the LDAP log, it seems you are having samba bind as your OpenLDAP rootdn, which is a bad practice. You should instead add an account for the machine (exampes such as those shown in the mandrakesecure.net articles should work), and add that dn to the cn=Domain Controllers group (it should not be a posixGroup ... so delete the one the smb-populate makes for you, andmake it a groupofnames: $ ldapsearch -x (cn=Domain Controllers) -LLL dn: cn=Domain Controllers,ou=Group,dc=ranger,dc=dnsalias,dc=com objectClass: groupOfNames objectClass: top cn: Domain Controllers member: cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com ) (BTW, this only applies if you are using the Mandrake packages, if you've compiled from source, you've lost a lot of good configuration). Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How do I get pam_mkhomedir to work
On 3 Feb 2004, Tim Simpson wrote: Message follows this disclaimer -- This email and any files transmitted with it is confidential and intended solely for the person or organisation to whom it is addressed. This mail is not addressed to me, may I read it? ;-) Sorry if this is a simple question but I have been struggling for many days trying to samba-3.0.2rc2 working with a win2k AD wbinfo -t works wbinfo -u works wbinfo -g works getent passwd username works sharing dirs works in fact everything seems to work with the exception of a users directory being created using pam_mkhomedir.so I am running on Redhat 9 with Samba 3.0.2rc2 Samba was built using the following options configure --with-quotas --with-pam I presume it is something wrong with my pam config which follows #%PAM-1.0 auth required pam_securetty.so #auth requiredpam_stack.so service=system-auth auth required pam_nologin.so auth sufficient pam_winbind.so auth required pam_env.so auth required pam_unix.so nullok use_first_pass accountsufficient pam_winbind.so accountrequired pam_unix.so #accountrequiredpam_stack.so service=system-auth #password requiredpam_stack.so service=system-auth #sessionrequiredpam_stack.so service=system-auth #sessionoptionalpam_console.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 password required pam_unix.so nullok obscure min=4 max=8 session required pam_unix.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard noenv I have tried many varations of this file from various postings but all to no avail the relevant part of smb.conf follow # Global parameters [global] workgroup = LEARNINGDOMAIN realm = LEARNINGDOMAIN.ORG server string = %L running Samba %v security = ADS obey pam restrictions = Yes password server = pdc.learningdomain.org passwd program = /usr/bin/passwd %u unix password sync = Yes log level = 3 log file = /var/log/samba/log.%m preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%D/%U template shell = /bin/bash winbind separator = + [shares] force create mode = 0660 force directory mode = 0770 [homes] path = /home/%D/%U browseable = no read only = no create mask = 0600 directory mask = 0700 writable = yes if I try su - DOMAIN+Username from a shell prompt I get the following reply [EMAIL PROTECTED] pam.d]# su - LEARNINGDOMAIN+Administrator su: warning: cannot change directory to /home/LEARNINGDOMAIN/Administrator: No such file or directory -bash-2.05b$ pam_mkhomedir doesn't make deep directories ... does /home/LEARNINGDOMAIN exist? And, you don't mention which pam config file you are editing, but it is most likely more useful to do this in system-auth, then if you set 'obey pam restrictions = yes' in smb.conf, samba will even make the home directories (or any app pam application with session support ... Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems mapping winbind/kerberos usernames and groups to Linux user and groups.
On Wed, 28 Jan 2004, Dirk Broer wrote: Samba 3.0.1 on Mandrake 9.1ish Kerberos version seems to match latest stable MIT build. I can log in via Kerberos authentication and/or winbind. A couple of problems though. 1) telnet with the domain username and password and the telnet session doesnt reader /etc/bashrc. Telnet with local username and it does. bash is the shell for both accounts. How are you creating home directories? If you use pam_mkhomedir, it should work, if not, you might not be copying a correct ~/.bashrc from /etc/skel. 2) The group account is Domain User with a guid of 1. That matches the winbind settings but I would like to have a group that both local and domain users can belong to. So I dont have to open all shared directories with chmod 777. You should be able to create a local group entry (you don't say where Linux users exist ...), or if you are using XFS you can use ACLs instead. But, it may not be the best idea to have local and winbind accounts that must have overlapping group memberships ... I have tried setting up a username map, but the moment I either map a domain name to a unix name _or_ have a unix username that is the same as a domain name, that user can no longer access the server. template primary group = users. This seems to have no affect. I have a CVS directory that for an internal project that I want to protect and I dont want to set permissions to 777. I would also have to set the default directory permissions for all the CVS users to 777 as well or they will add directories that only same group members can access. Should I just change the guid map to point everyone to 100? (guid users=100) Yes, if you can't use ACLs (ie on XFS), that may work. Samba was configured with the following options: --with-acl-support --with-automount --with-smbmount --with-libsmbclient --with-sendfile-support --with-smbwrapper --with-winbind Hmm, you may rather want to try rebuilding the source release against your Kerberos install with the rpm tools, just: $ cd packaging/Mandrake $ sh makerpms.sh PAM wasnt compiled in. # Samba config file created using SWAT # from 192.168.0.85 (192.168.0.85) # Date: 2004/01/28 17:07:49 # Global parameters [global] workgroup = MYWORKGROUP realm = MYWORKGROUP.COM security = DOMAIN obey pam restrictions = Yes log level = 2 add user script = /usr/sbin/useradd -s /bin/bash -g 100 %u delete user script = /usr/sbin/userdel %u preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template primary group = users template shell = /bin/bash use sendfile = Yes case sensitive = Yes hide dot files = No [homes] comment = Home directory read only = No browseable = No [dirk] path = /home/dirk valid users = dirk read only = No guest ok = Yes Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Client Software for Windows
On Tue, 27 Jan 2004, Markus Feldmann wrote: Hallo, is there a Client Software for Windows that offers a possibility to take a different Username to mount Samba shares at the Startup of Windows, like the Netware Client for WIndows. THe whole point of samba is to provide file-sharing, print-serving and authentiction services to Windows clients without additional software. For Example: In our Manufacture all Clients have got one User, this is Administrator. Unless you have chnaged the rights of Administrator, this is bad practice, and a security risk. But to mount a share from our Linux Server it should be a different User. Therefor the Worker shall only write a other Username in the Login-Window at Startup although the Workstation shall take the local Profil from the Administrator. This is like the Netware Client for Windows if you know this. The Reason for this is that every Worker may work on any Workstation he want to and we do not want to create 20 Profils on every Windows Client. Why not use roaming profiles instead, with domain user accounts? Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbmount won't work connecting to W2K on Samba 3
On Tue, 20 Jan 2004, Jon Hardy wrote: Anybody know why smbmount won't mount a Windows share on my (Fedora) machine? Keep getting: 27009: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed HOWEVER, using smbclient , I CAN connect to the share, so the problem is not password encryption, access rights, etc. Any help greatly appreciated. it all worked fine with Samba 2.2 on Mandrake 9.2. Beginning to regret moving to Fedora/ Samba 3. Especially considering Mandrake 9.2 ships with samba-3.0.0 (parallel-installable with no pain - you an remove samba-client-2.2.8a* and samba3-client-3.0.0-2mdk binaries will be used for all client functions) and mount.cifs for both samba and samba3. Maybe your Windows 2000 server requires signing/sealing or has been upgraded to 2003, in which case you should try mount.cifs (since smbclient in 3.0.0 suppots it, but smbfs does not, this most likely your problem). But, then I don't know if Fedora ships a kernel with cifs, so you'll likely have to compile it yourself. Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating user home dirs elsewhere?
On Wed, 21 Jan 2004, Geoff wrote: Hi - I'm using the mk_homedir.so module to create user directories using samba 3.0.1 in a Windows 2000 PDC environment. The samba server is acting as a domain member. I'm wondering if there is a way to specify the location of the user's home directories other than under /home. I'd really like the user directories to be created under /home/users. If you're using Winbind (you don't say), just edit 'template homedi' (at least, that's what it is on 2.2.x, can't remember now if it has changed. pam_mkhomedir will just make the directory returned with 'getent passwd username'. Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 3 mandrake rpms...feedback
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim Jordan wrote: Hello again, I'm just getting back to testing your rpm builds for samba. Question: What kerberoes package are you using with your build? The packages that ship with the specific distro (otherwise I would have to provide them too ...). On 9.2, it's 1.3.x. I'm doing a wbinfo -u and getting all users in domains that my AD domain trusts and the local account but none from the domain I'm a Domain Member Server of. Have you tried without the winbind use default domain? It might have an effect ... I get the same result with getent passwd | grep /username/ And 'getent passwd' shows the domain users of the trusted domains? If so, then winbind is working, so it may be a samba bug, you may want to file a bug in samba bugzilla. I do have a kerberoes ticket for my domain. I can log into a smb share on an XP workstation and 2K server... Here is my current smb.conf: #=== Global Settings = [global] # 1. Server Naming Options: workgroup = LABOR realm = LABOR.AK server string = Samba Server %v # 2. Printing Options: printcap name = cups load printers = yes printing = cups # This should work well for winbind: printer admin = @Domain Admins # 3. Logging Options: log file = /var/log/samba3/log.%m max log size = 50 log level = 3 # 4. Security and Domain Membership Options: security = ads password server = /IP OF PDC/ encrypt passwords = yes # 5. Winbind winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = yes template homedir = /home/%D/%U ; obey pam restrictions = yes template shell = /bin/bash # 5. Browser Control and Networking Options: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 0 domain master = no preferred master = no # 6. Domain Control Options: domain logons = no add user script = /usr/sbin/useradd -s /bin/false '%u' idmap uid = 1-2 idmap gid = 1-2 # 7. Name Resolution Options: name resolve order = wins lmhosts bcast wins server = IP OF WINS SERVER dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba3 browseable = no # to allow user 'guest account' to print. guest ok = yes writable = no printable = yes create mode = 0700 # = # print command: see above for details. # = print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. [print$] path = /var/lib/samba3/printers browseable = yes read only = yes write list = @adm root guest ok = yes [pdf-generator] path = /var/tmp guest ok = No printable = Yes comment = PDF Generator (only valid users) #print command = /usr/share/samba3/scripts/print-pdf file path win_path recipient IP print command = /usr/share/samba3/scripts/print-pdf %s ~%u //%L/%u %m %I %J It looks fine, but I don't have a production network to test on at present (I have a production box in a win2k network, but it's running 2.2.x and I won't be able to try samba3 on it any time soon). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/1iKYrJK6UGDSBKcRAguiAKCqNAD1NGt+jsmFW6dOLEcm4A2GygCdEZWR pxgY6wiNwS5GFANRSZ3yARA= =skI4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3 mandrake rpms...where is net tool?
On Fri, 5 Dec 2003, Tim Jordan wrote: Hello, I have installed the latest samba rpms from your site. I verified that winbind works properly and the getent issue is resolved. Great! After starting the samba server I can browse out against the Windows network. The samba server is a member server of an Active Directory domain. Problem: windows clients on network can not browse to samba server. I can ping, do dns lookups, and can see the box in network neighborhood from a windows client. The samba server wants credentials to display shares. I have tried root credentials, domain credentials, and local unix acct. credentials with no success. I understand a guest account is used in this situation, which I have added to the local unix accounts. Can you advise? # Global parameters [global] workgroup = LABOR realm = LABOR.AK server string = Samba Server %v security = ADS This line should be ok, but you may want to try without it: obey pam restrictions = Yes smb passwd file = /etc/samba/smbpasswd guest account = guest log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = 192.168.1.20 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash Please try commenting this line out: winbind use default domain = Yes printer admin = @Domain Admins printing = cups [homes] comment = Home Directories read only = No browseable = yes THis should not be necessary: guest ok = yes [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. browseable = No [print$] path = /var/lib/samba/printers write list = @adm, root guest ok = Yes The rest looks ok. Unfortunately I currently don't have a test network, so I can't verify working settings. You may want to turn logging up (level 3 or 4) which should allow you to see what the problem is. Regards, Buchan 2003-12-02 at 23:21, Buchan Milne wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim Jordan wrote: Hello, I took your advice and installed Mandrake 9.2 then pulled down the rpms from your site. I have joined our Active Directory Domain with no problem. Kerberoes is working. I can use wbinfo3 -g -u to query domain groups and users but I can't seem to use getent for domain groups and users. Do I need to change a pam file to enable this? I checked everything I know like verifying the nsswitch.conf is correct, libnss_winbind.so libnss_winbind.so.2, is present... I have the following in my smb.conf idmap uid idmap gid winbind enum users winbind enum groups template homedir template shell winbind use default domain When viewing my samba server from a windows workstation it wants a username and password. I take it this is because I'm missing something??? Can you advise? I think this is due to one error, the renaming of libnss_winbind.so and libnss_winbind.so.2 to libnss_winbind3.so and libnss_winbind3.so.2 (which should work AFAIK). Others have reported that just linking libnss_winbind.so.2 to libnss_winbin3.so.2, and changing all occurences of winbind3 in /etc/nsswitch.conf to winbind should do the trick. I have adjusted this in the new packages of 3.0.1pre3: rpm -qlp public_html/mandrake/9.2/samba-3.0.1/samba3-winbind-3.0.1-0.pre3.2mdk.i586.rpm /etc/pam.d/system-auth-winbind /etc/rc.d/init.d/winbind /lib/libnss_winbind.so /lib/libnss_winbind.so.2 /lib/security/pam_winbind.so /usr/bin/wbinfo /usr/sbin/winbind /usr/sbin/winbindd /usr/share/man/man1/wbinfo.1.bz2 /usr/share/man/man8/winbindd.8.bz2 So, this should not be necessary in future builds for Mandrake 9.2 and older (in Mandrake 10 and on - as is the case in Mandrake cooker already, samba-3.0.x will be called samba, and samba-2.2.x will be called samba2 if we still ship it). It may be easier just to use these packages (and feedback on them would be good ...) http://ranger.dnsalias.com/mandrake/9.2/samba-3.0.1/ Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive
Re: [Samba] Samba 2.2.8 doesn't allow to write to group share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 18 Date: Mon, 1 Dec 2003 14:59:16 -0600 From: Eric Geater 11/26/03 [EMAIL PROTECTED] Subject: [Samba] Samba 2.2.8 doesn't allow to write to group share To: 'Samba Mailing List' [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Two issues, and I'll discuss them both: I created on my NT4 domain a group called branch99. They're a local group as far as NT is concerned, and it has two members; myself, and another fellow down the hall. My end quest is to create a share on a Mandrake 9.2 box running Samba 2.2.8, and have it permit or deny file access based on NT's typical discretions. Using a recipe found in Linux for Windows Administrators, I set up the following smb.conf file: Hmm, you trust a Windows book more than the default configuration file, which should give you many more, and better hints, than an outdated Windows-centric book ... [global] name resolve order = wins lmhosts bcast wins server = 172.16.128.1 wins support = no domain master = no local master = no os level = 10 preferred master = no workgroup = MARTIN server string = ZEKEJAX Test netbios name = ZEKEJAX security = domain password server = * encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd The group in question is this: [branch99test] comment = Branch 99's Test Share path = /home/branch99 valid users = @branch99 browseable = yes read only = no create mode = 0660 directory mode = 0770 I have already successfully joined the domain. Are you running winbind? If so, then, you (with the absence of 'winbind use default domain = yes') should have groups named something like MARTIN\branch99 (you an check with 'wbinfo -g'), so your 'valid users' line should be something like: valid users = @MARTIN\branch99 (the quotes may not be necessary in this case, but for other Windows groups they may be). There is another (liberal rules) share that I can get to with no problems at all. I can even double-click the branch99test share, and see the file that appears (a single text file created from the Mandrake box; even my Windows box can open it). But I can't write (create) in the directory. Can anyone postulate as to why? I don't mind if kstovall (not a member of branch99) can't do it, but I'm in that group, and I can't do it from an XP or 98 box joined to the domain. Without seeing your share definition and/or the permissions of the directory in question, it's difficult to postulate. But, in general, here is some advice: 1)Whenever possible, use the filesystem to store access controls, rather than configuration files. Next month you may give a user ssh access, and then they may have greater or lesser access to the files than you allowed with samba. If you use the filesystem permissions, they will be identical. Mandrake supports Posix-ACLs (not quite NT ACLs, but good enough for most applications) on XFS (and has since Mandrake 8.1). 2)Please have a look at the default smb.conf (or maybe you still have an intact /etc/samba/smb-winbind.conf to peruse), it would probably have saved you a lot of hassle (IMHO). 3)You can setup winbind authentication during installation (at least for Windows NT domains), which should do most things quite well for you. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/zLkYrJK6UGDSBKcRAlOIAKCIlQrlsieeckebRmEx9b/Tb55E1gCfcOcG OeLQqaMfD394OGc7drI53jQ= =zSO0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3 mandrake rpms...where is net tool?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 51 Date: Wed, 26 Nov 2003 14:22:59 -0900 From: Tim Jordan [EMAIL PROTECTED] Subject: [Samba] samba 3 mandrake rpms...where is net tool? To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain I installed the RPMS from samba web site for Mandrake 9.1. Configuration is weird as things are labeled smbd3 or winbind3... Yes, that's so you can install samba-2.2.x in parallel with samba3 (there are some situations where this is really necessary), and so that someone running 'urpmi --auto-select' on the samba urpmi medium doesn't have a nasty surprise ... If you want samba3 packaged to replace samba-2.2.x, either rebuild the SRPM: $ rpm --rebuild samba-3.0.0-2mdk.src.rpm --with system or grab packages here: http://ranger.dnsalias.com/mandrake/9.1/samba-3.0.0/ Testparm runs against /etc/samba/smb.conf yet swat configures the smb.conf in a different location...hmm Try testparm3 But really my problem is joining the AD domain as a member server. I can't locate the net tool. How is this done? With net3. How does testparm know to test against /etc/samba3/smb.conf instead of /etc/samba/smb.conf? No, testparm is for samba-2.2.x, testparm3 is for samba-3.0.0. Every single binary you are going to use (if you are only using samba-3.0.0) will have a 3 suffix. Perhaps there are two versions of samba here? $ rpm -q samba-server $ rpm -q samba3-server $ rpm -ql samba-common $ rpm -ql samba3-common I loaded a clean mandrake 9.1 install and then loaded the RPM's. Should I scrap this idea and compile from scratch on Mandrake? You could, but it would be much easier to: 1)use them as is (net3, testparm3, service smb3 start etc ...) 2)rebuild the SRPM 3)Use the packages I have made available 4)Convince me that for samba-3.0.1 the packages on the samba FTP mirrors should be build with '--with system', possibly wiping out some user's installations. 5)Wait for Mandrake 10.0 (we have just switched samba to 3.0.1 in Mandrake cooker, samba-2.2.x is now called samba2). BTW, you may also want to consider using Mandrake 9.2 instead, since 9.2 has Kerberos MIT 1.3.x, which will make life a bit easier for Winbind/AD. Also, 9.2 uses alternatives for samba-client/samba3-client which makes some other things more convenient. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/yxlorJK6UGDSBKcRAgaBAKCCojflQg5Api2ENzVH75yBm8VXSgCdG14T GMEuFDDAEvPBvOyhZrUPVxs= =TmaD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd and SSH (just disconnects after login)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 7 Date: Fri, 21 Nov 2003 09:06:50 -0600 From: sambalists [EMAIL PROTECTED] Subject: [Samba] Winbindd and SSH (just disconnects after login) To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 It looks like I've gotten the majority of things working in regards to Winbind. Users are being authenticated by the NT4 PDC when connecting to shares, but I can't seem to get things set up correctly to allow logging in via SSH(OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090702f). It appears as though I'm successfully authenticated by the PDC, but then the connection is immediately closed. (I'm running Mandrake Linux v9.2 and Samba Version 3.0.1pre3.) [EMAIL PROTECTED] testuser]$ ssh -lTESTDOM.COM\\testuser linuxsmb [EMAIL PROTECTED]'s password: Last login: Fri Nov 21 08:40:09 2003 from linuxsmb.TESTDOM.COM Connection to linuxsmb closed. [EMAIL PROTECTED] testuser]$ ssh -lTESTDOM.COM\\testuser linuxsmb [EMAIL PROTECTED]'s password: Last login: Fri Nov 21 08:40:44 2003 from linuxsmb.TESTDOM.COM Connection to linuxsmb closed. Here you can see by the Last Login: that is displayed, that I am being authenticated when I try connecting via ssh 2 times back to back: Here's a smbclient session being authenticated via the NT PDC: [EMAIL PROTECTED] testuser]$ smbclient //linuxsmb/testuser -UTESTDOM.COM\\testuser -c 'ls *.txt' Password: SSD55287.txt 41401 Fri Nov 7 04:36:57 2003 New Text Document.txt A0 Thu Nov 20 15:08:26 2003 64860 blocks of size 32768. 63759 blocks available So it appears that things are working ?? When I try connecting via SSH, no dice. *sigh* Here's a snippet from my /var/log/auth.log Nov 21 08:34:52 linuxsmb pam_winbind[2842]: request failed: Wrong Password, PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD Nov 21 08:34:52 linuxsmb pam_winbind[2842]: user `TESTDOM.COM\testuser' denied access (incorrect password) Nov 21 08:34:52 linuxsmb sshd(pam_unix)[2842]: check pass; user unknown Nov 21 08:34:52 linuxsmb sshd(pam_unix)[2842]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=linuxsmb.TESTDOM.COM Nov 21 08:34:57 linuxsmb pam_winbind[2842]: user 'TESTDOM.COM\testuser' granted acces Nov 21 08:34:57 linuxsmb pam_winbind[2842]: user 'TESTDOM.COM\testuser' granted acces Nov 21 08:34:57 linuxsmb sshd[2842]: Accepted password for TESTDOM.COM\\testuser from 198.246.197.240 port 32810 ssh2 /etc/pam.d/sshd auth required pam_nologin.so auth sufficient pam_winbind.so auth required pam_unix.so use_first_pass shadow Change this line to try_first_pass. auth required pam_env.so # [1] accountsufficient pam_winbind.so accountrequired pam_unix.so use_first_pass You might need try_first_pass here too. sessionsufficient pam_mkhomedir.so skel=/etc/skel umask=0022 sessionrequired pam_unix.so sessionoptional pam_lastlog.so # [1] sessionoptional pam_motd.so # [1] sessionoptional pam_mail.so standard noenv # [1] sessionrequired pam_limits.so password required pam_unix.so What am I missing here or doing wrong? Not sure if any other settings are relevant, and hate blasting the list with a bunch of useless/unwanted text. openssh's approach to solving the longer delay for a valid user account (account discovery bug) was to give a pam authentication failure first for any connection (as I understand this). So, your use_first_pass is getting a bad password, and you aren't allowing it to prompt for a 2nd attempt. BTW, you don't see this with public key authentication ... so the default /etc/pam.d/system-auth is broken for ssh too if you use drakauth to setup winbind :-(. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/w0j+rJK6UGDSBKcRAthMAJ4/eA659ONifoMt1Fh5DTk8+WXIIQCeLL1R WiHMdIr4PIvrXEMno3XfYaM= =aJGl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba 3 stable for Mandrake 9.2?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 31 Date: Mon, 24 Nov 2003 12:49:54 -0600 From: Eric Geater 11/18/03 [EMAIL PROTECTED] Subject: [Samba] Is Samba 3 stable for Mandrake 9.2? To: 'Samba Mailing List' [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Not to be the annoying child, but I have found myself uniquely annoyed that I can't update RPMs that include Samba 3, and I'm not certain if that's because it's even ready for Mandrake 9.2. Does anyone have a bead on this? Should I just go back to 2.2.8 and wait for the stable, or can someone point out a URL that has a stable 3.0 on it? OK, let's just cover the samba issue on Mandrake 9.2 quickly. 1)samba-3.0.0 final was not available before main for 9.2 froze, so we have 2.2.8a in main, and samba3-3.0.0 in contrib (contrib freezes much later than main), which are parallel installable. The client tools use alternatives, so if you have only samba3-client, smbclient will point to smbclient3. One reason for this is so that you can also easily migrate samba versions (and just 'service smb stop;service smb3 start;chkconfig smb off;chkconfig smb3 on' once you are done). 2)There were a number of small issues with 3.0.0, you may want to wait for 3.0.1 for production. 3)There are a number of options available when you rebuild the SRPM, such as you can make it replace the samba-2.2.x RPMS if you so wish, by rebuilding with the --with system option: $ rpm --rebuild --with system samba3-3.0.0-2mdk.src.rpm Most of these issues are covered in the README file in the Mandrake directory on the mirrors. You can also find samba packages built with different options on my site (ie http://ranger.dnsalias.com/mandrake/9.2). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/w0vdrJK6UGDSBKcRAghaAJ9fKwl/HM4yzIwIWixELb4KZlxlRQCeLEm8 Na8e2WiUovMsckuLPY5uUW4= =CAxS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 from samba.org shows bgmilne as username
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 35 Date: Mon, 24 Nov 2003 12:58:32 -0600 From: Eric Geater 11/18/03 [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.1 from samba.org shows bgmilne as username To: 'Samba Mailing List' [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii When I attempted to rpm -i samba3-3.0.0-1.1mdk.src.rpm this morning on my Mandrake 9.2 box, I got an unusual message that doesn't make sense. It said, over and over (thirteen times total): WARNING: user bgmilne does not exist - using root This is normal (ok, it started appearing since rpm-4.2) when you install a SRPM on a machine which doesn't have the account (mine in this case) which owned the sources in the SRPM when it was built. When it went back to root prompt, I did an updatedb, but nothing for samba-3 is found when I did the urpmi request. Any ideas? Installing an SRPM only installs the sources into the directory pointed to by the %_sourcedir directory, and the spec file to the directory pointed to by the %_specdir directory. You probably rather want to do: rpm --rebuild samba3-3.0.0-1.1mdk.src.rpm But this may require a few more packages, firstly the package to allow you to build RPMS, secondly the buildrequires of the package. You can achieve this with: # urpmi rpm-build # urpmi --src samba3-3.0.0-1.1mdk.src.rpm Note however that urpmi won't know about the packages you have just built. But, rebuilding the package will basically give you packages identical to those in contrib for 9.2. Jerry has uploaded my 3.0.1pre3 packages to the FTP mirrors, so you can get 3.0.1pre3 with urpmi from your favourite samba mirror, using something like this: # urpmi.addmedia samba \ http://master.samba.org/samba/ftp/Binary_Packages/Mandrake/RPMS/test/9.2/\ with hdlist.cz # urpmi samba3-server BTW, I'm open to suggestions (from users who use the Mandrake urpmi medium on the samba FTP mirrors) as to whether I should build samba3 for 8.2-9.2 with the '--with system' switch, which will replace samba-2.2.x packages (intead of install in parallel as at present). I currently think it should stay as is (not give users on samba-2.2.x any nasty surprises), but if you have a motivation why it should change, please mail me in person. I wrote an email that bounced to Mr Milne, and don't know what else to investigate My apologies, my inbox overflowed last night. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/w09MrJK6UGDSBKcRAnpYAJ9KEk2gW7UYusQANaDRy+k8bYEtmACfV1f6 wK3Sz5Fl+vwxiRmAkNOnQBM= =R/Jx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Should User Manager for Domains work as non-root Domain Admin?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a test network that I have been running samba3 on for a while (currently 3.0.1pre3) as a Domain Controller on LDAP backend, and I was under the impression that the User Manager for Domains (from the tools for NT4) should work as a non-root Domain Admin, but it doesn't. I seem to have a correct setup, members of my Domain Admin group can join machines to the domain, and have admin rights on domain members (ie can create local users etc). If I log in as root on a domain member, I can use User Manager for Domains to view and change the properties of users and groups. However, I can't as a non-root Domain Admin view the properties of a group or user in User Manager for Domains, or make any changes. If I double-click a user, I get a permission denied-type message. Now, I have in the past made logs of this, but I don't know if it's worthwhile debugging or posting a bug if it's not currently intended to work. Everything else (automatic machine account creation, group mapping etc etc) seems to work fine, so I don't see that it can be a configuration problem (unless I missed some documentation ..). Regards, Buchan P.S. I am subscribed in digest, so CC's will reach me faster. - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/w4v2rJK6UGDSBKcRAjgjAKCAsD+lgsJdC+ir0eMCj0O275eNdQCgrexr HFMTklcl6jyesGEWYZmxTEc= =gVSO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how legal is samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 29 Date: Fri, 21 Nov 2003 09:32:07 + (GMT) From: Tom Crummey [EMAIL PROTECTED] Subject: Re: [Samba] how legal is samba To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: TEXT/plain; charset=us-ascii Hello Ed, My understanding of the licensing issue is that *any* client that uses a windows server, whether directly, or indirectly via Samba requires a Client Access license. AFAIK this was the case with NT4. And AFAIK they changed it in win2k so that you had no CAL licensing incentive to install samba servers into a win2k domain, so now you need a CAL for each client that *authenticates* to a Windows 2000 server. Thus, if you run a samba domain, your clients all authenticate to a samba domain controller, and no CALs are needed for Windows 2000 member servers (as respecting file/print service - you still need CALs for other services such as MSSQL etc). Of course, you should read the EULAs etc yourself and/or ask your legal representative for their opinion. IMHO, better to avoid agreeing to the EULAs in the first place, then they have no legal basis to audit your premises. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/vkFxrJK6UGDSBKcRAguTAJ9VYq2iZu2bgeh2G82SOl2HmkPC2ACfTjG4 irUWsWExSxrNJyTcHYTG07Y= =zrZm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] UNIX paths vs UNC names in [profile]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 48 Date: Mon, 17 Nov 2003 11:42:18 -0500 From: Jeff Gardiner [EMAIL PROTECTED] Subject: [Samba] UNIX paths vs UNC names in [profile] To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Alright, I can be a bit thick sometimes, but by RTFM or other documentation I've solved a problem. ISSUE I had been having problems with profiles, I use using the following profile: edited [global] preferred master = yes domain master = yes local master = yes security = user domain logons = yes logon path = \\%N\%u\profiles logon drive = H: logon home = \\%L\%U logon script = startup.bat [netlogon] path = /var/lib/samba/netlogon read only = yes write list = ntadmin [profiles] path = \\%N\%U\profile read only = no create mask = 0600 directory mask = 0700 Then, and after much frustration, I came across John, Terpstra's email: http://www.mail-archive.com/[EMAIL PROTECTED]/msg26709.html John clearly says Samba share specs read UNIX paths - not Windows UNC names. (Thanks John) Ok that was the issue then - yet it seemed to work. QUESTION My question therefore is this - I have multiple /home/subdomain directories, like /home/disk1 /home/disk2 /home/backupdisk3b ... etc How do I store the profile in the users home dir. My rationale is that as all of my OSX users, and Unix/Linux users have to adhere to a quota - I'd rather force my windows users to adhere to the same quota by storing their profile in /home/disk?/user/profile and I could do that using \\%L\%U\profile. You should not place profiles in another share that may contains files you don't want others to access (since Windows keeps connections open to the profiles share after the previous user has logged off, and so it may still be connected when the next user logs in). Now one solution is to apply the quote to say /var/lib/samba/profile/%U but I'd rather keep the profile in or off of the home dir anyway. resolving /home/disk?/user/profil using Unix path names is difficult because I have so many disks with home dirs. Why not do something like: [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700 root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -L $PROFILE ];\ then mkdir -pm700 ~%u/.profile; chown %u.%g ~%u/.profile; ln -s ~%u/.profile $PROFILE;fi Then, you keep the profiles share as is, but the profiles live in the user's home, but you avoid any other issues. BTW, the reason for /var/lib/samba/profiles (at least on Mandrake - this config looks suspiciously like the Mandrake default config ;-)) is to ensure that samba has a place to write by default, since we can't make any assumptions about /home etc (specifically being writable by root in the case of root-squashed NFS etc). However, there's no problem changing it. On our production network, we actually use 'logon path = /home/users/profiles/%u', and /home/users is a large (LVM on hardware RAID5) partition which also contains the users home directories (thus quotas are in effect on the profiles). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ud2TrJK6UGDSBKcRArSnAJ9jQuOre6m50LpCmWiLLvSnYnglGgCfXuDH 6TybOPaYwgNIO9rmduL2xUY= =kef3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1pre1 winbind / getent problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Wed, 5 Nov 2003 21:48:18 +0100 From: Thomas Sillard [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.1pre1 winbind / getent problems To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi, I've got some problems with winbind and ADS Domain Membership stuff. I've joined the domain without problems with kinit [EMAIL PROTECTED] and net ads join, i can see the machine account in AD with ldapbrowser. Klist give me three tickets, as say in the documentation, OK. I created the idmap entry in my openldap (with samba3 schema), OK. I've set the ldap admin password in the secrets.tdb, OK (ldap idmap). Starting service smb3, OK. Starting service winbind3, OK. wbinfo -u and wbinfo - g give me the list of users and groups correctly, wbinfo -a user%passord works fine, OK. BUT When i try a getent passwd or getent group, i don't have the windows users. I can't see or connect to the shares on the linux box with windows file explorer (it prompts me a user/password). It works fine with samba 2.2.7a. I've installed the samba3 mandrake package, wich suffixes all libs and executables with the samba version's number (eg. for libnss_winbind.so - libnss_winbind3.so, smbpasswd - smbpasswd3). Only the default packages. Since you're running on 9.1, you either are running cooker packages on 9.1 (not suggested, since cooker/9.2 have openldap-2.1.x and kerberos 1.3.x) or you rebuilt the SRPM. If you rebuilt the SRPM, you might as well add the '--with system' switch when you build it, and you will get 'samba-3.0.1' packages without suffixes. What's the problem ? Where is my error ? Is the mdk version suffixing can be the source of the problem ? I am quite sure I tested this, and that it worked, but that was quite a while ago, and I didn't have much time availble to test it then. If it doesn't work for you, I can introduce alternatives for the winbind files (as we have on 9.2 for the client binaries). Unfortunately I don't have a production AD network to test on, so any feedback on improvements to the Mandrake packages with regard to winbind would be appreciated (and any other aspects, but I have two samba+ldap networks, one currently running 2.2.8a and one running 3.0.1pre1). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7iSrJK6UGDSBKcRAo/iAKCX3vLJUzKqvk/+PoqjSNV/dGbygwCeITy0 5D6rU06FJbb4ZtaxEsZhdMU= =mz26 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Integrating a Linux desktop into a Windows Domain environment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 35 Date: Wed, 5 Nov 2003 15:33:27 -0600 (CST) From: Distribution Lists [EMAIL PROTECTED] Subject: [Samba] Integrating a Linux desktop into a Windows Domain environment To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain;charset=iso-8859-1 Can someone give me some pointers to documentation, concepts on how to integrate Linux desktop into a Windows domain environment to access shared drives / printers. I wonder what other peoples experiences were as well. If possible I want to setup Linux/Samba in such to replicate what an Windows workstation does, authenticate with a domain controller then be able to seamlessly access shares. You may want to take a look at this paper I presented a while ago, on integrating Mandrake 9.0 into a Windows domain (only the basics of winbind setup). http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf Mandrake supports winbind authentication during installation since 9.0, and since 9.2 you can configure it after installation using 'drakauth'. This doesn't currently support AD, however it should in the next release when we have samba3 in main (in contrib for 9.2). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7mqrJK6UGDSBKcRAmkvAJsHojkkwCqk/TM6mfsVaWMAtPt43gCfYNS4 D9pBUnLv9duBT6etCx/QEyM= =VPoS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 28 Date: Wed, 05 Nov 2003 20:52:44 +0100 From: G?mes G?za [EMAIL PROTECTED] Subject: Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam To: Sebasti?n Abate [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi I did something like this, Mandrake 9.1, the steps to the success where: 1. edit /etc/samba3/smb.conf to suit your old setup: Workgroup, Netbios name, shares, ldap settings etc 2. stop samba-2 3. copy /etc/samba/secrets.tdb to /etc/samba3 4. start samba-3 5. run net3 getlocalsid, and save the result to a file 6. stop samba-3 7. remove /etc/samba3/secrets.tdb 8. start samba-3 9. run net3 setlocalsid previously saved SID Instead of steps 2-9, you can extract the SID using smbpasswd -X domain, and import it with 'net3 setlocalsid SID' 10. run smbpasswd3 -w password, just like you did with samba-2 You could say, that steps 6-10 are needless, maybe you are right, but I felt more comfortable using a samba3 generated tdb file. 11. dump your ldap database to ldif format 12. run /usr/share/samba3/scripts/convertSambaAccount --input your-old-ldif-file --output your-modified-ldif-file --sid your-previously saved domain SID 13. comment out samba schema from /etc/openldap/slapd.conf, and include the new samba3 schema 14. stop ldap 15. delete everything from /var/lib/ldap, making a backup would be advisable 16. start ldap 17. import your-modified-ldif-file to ldap Instead of steps 11-17, you can instead: /usr/share/samba3/scripts/convertSambaAccount --input \ your-old-ldif-file --output your-modified-ldif-file --sid \ your-previously saved domain SID --changetype modify # ldapmodify -x -D ldap admin dn -W -ZZ -f your-modified-ldif-file This method allows you to have changes propogated to slave servers, and allows you to have less down time. Also, once you have done this, you will need to add group mappings for all the primary groups of your users etc. Note, I haven't migrated our production network, only done it on my test network ... Feedback welcome as always, and you guys might want to add some notes on the Mandrake community wiki at http://mandrake.vmlinuz.ca Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7vfrJK6UGDSBKcRAu8nAKCpDOkRGg02zOmq+L0FfiECR6J6zQCfS9Qh OvjkBeAIJgRt5i0rEW3YI+g= =q6fl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + LDAP - PDC (i.e. workgroup)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 9 Date: Wed, 5 Nov 2003 00:58:21 -0800 (PST) From: peter pan [EMAIL PROTECTED] Subject: [Samba] Samba + LDAP - PDC (i.e. workgroup) To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii There's lots of howtos and mailling list posts about creating a PDC with samba and LDAP. What I want to do is to continue with workgroup operation (at least until all our clients are NT). A domain is really only of relevance to machines that have joined the domain. For machines that aren't domain members, it looks like a workgroup with passwords sync'ed between servers that are domain members. All I essentially want to do is to move the smbpasswd file on our 30 or so servers to LDAP (after sorting out nss and PAM). Can I do this? Yes. But best by turning some of your servers into domain controllers, but this largely has no effect on clients (unless you join them to the domain). Also we have a replicated LDAP directory provided by our openldap servers - one master updating 29 slaves. The slaves (running samba) our not allowed to update the master server. Is this is a problem for samba/LDAP operation? Not necessarily. Obviously account and password changes need to be done on the master server but this is desirable for us. I think the PDC + LDAP solution means that the LDAP directory is written to by samba upon each user login I don't think this is true, why would this be necessary? - this wouldn't be desirable for us as 30 servers on slow WAN links would be updated every user login. The local smbpasswd file doesn't seem to be updated at the moment when someone logs in - so I'm assuming a workgroup + LDAP solution wouldn't be a problem for us in this regard. Neither would an LDAP+domain. Also - is there any way to use a custom schema or perform schema mapping? Could you be more specific? I'm using samba 2.2.8a on the 29 slave servers - I prefer not to update to samba 3 if it's not required. It may be better to migrate to samba3. With samba-2.2.8a you need to install a different binary for LDAP support, whereas samba3 can be configured at run-time. Plus, when you do evetually join machines to the domain, you will have domain groups available. Migrating from samba-2.2.x+ldap to samba3+ldap is probably more challenging than migrating from samba-2.2.x to samba3+ldap, and migrating from samba-2.2.x to samba-2.2.x+ldap is probably about the same, so overall you win by going straight to samba3 (if you do your homework). You can see what it would take to go from samba-2.2.x to samba-2.2.x+ldap at http://mandrakesecure.net Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qRuGrJK6UGDSBKcRAkIzAJ4xNt1j2t6Qq+DLvO7xV6P9b3hETACglukN sRrtTEJNrQnPqjb3U3P4lw8= =AykG -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a buffer or cache setting in samba?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 18 Date: Wed, 5 Nov 2003 06:21:04 EST From: [EMAIL PROTECTED] Subject: [Samba] Is there a buffer or cache setting in samba? To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII Hi. Can anyone tell me if samba has any settings that determine how much data gets cached or buffered in RAM before being written to the computer's hard drives? I'm having a strange problem and I suspect that the explanation has to do with that kind of setting. I am using a Linux system (P4-3.06 Ghz, 1 GB RAM, 2.4.22 kernel, samba 2.2.8a) to store video and audio files that can be accesssed by a group of Windows-based video editing systems. I got the whole system up and running a week ago and it was working perfectly (my storage devices, by the way, are a series of firewire drives arranged into a RAID 10 array) When I tested the system with disk testing program on the Windows side, I got a transfer rate of 22 MB/sec for a 1 GB test. And in real life, I could sustain a rate of at least 18 MB/second for 20 minutes over my gigabit network. That's what is required for my application -- digitizing uncompressed video. But now things have suddenly fallen apart. Yesterday I had to reinstall Mandrake 9.2 because I had been moving firewire and ethernet cards around to different PCI slots to optimize the system and I just messed things up too much. Hmmm, reinstalling is normally not a good solution on unix, and if you do, it's advisable to at least backup all configuration files (tar -cjvf /some/safe/place/etc`date +%Y%m%d`.tar.bz2 /etc). BTW, Mandrake 9.2 has a parallel-installable version of samba-3.0.0 available in contrib: # urpmi samba3-server (assuming you have a contrib urpmi medium available, see http://plf.zarb.org/~nanardon if you don't know how to do this) Samba3 may perform better than 2.2.x (possibly mainly since sendfile is enabled by default). Just be careful to only run one at a time (unless you have been even more careful to set them up to run in parallel). So I reinstalled and went back to the same card configuration I had when I got the 18 MB/second. And now it doesn't work. I know that I am using a DIFFERENT smb.conf file now compared to before. I don't think I have the old one that I had made with SWAT. The one I'm using right now is very simple and it forces a user and group name on all files written to the Linux share. Looking at a Linux monitoring program -- I believe it's called XOSVIEW - -- I think I can see the problem. Yesterday when I tested the system I saw that all the RAM had to fill up completely (took about 40 seconds at 18 MB/sec) before Linux started writing to the hard drives. And shortly after that my Windows video program would abort, telling me the data wasn't getting transferred fast. Last week, when things were working -- and I was using the same monitoring program --Linux would start writing to the drives after about just a few seconds rather than buffering or caching so much data in RAM. And I could see in the monitoring program that there was more RAM free. There must be a setting in samba that determines how much data is cached or buffered in RAM before writing it to the drives. Do you know anything about this? The only thing (AFAIK) samba does regarding caching is calling sync, see the 'strict sync' and 'sync always' options). But, this may harm performance (as the kernel normally has a better idea about when it should write what to disk than a client program does), but it's worth a shot. You probably want to try 'strict sync = yes'. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qSI2rJK6UGDSBKcRApAoAJ91xsYEP7loSTx1vYgn9nalGPUx1gCgutkh jAW6YOkUUNeRoVXOS3d1DTM= =bGaS -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: swatlib?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 3 Date: Tue, 21 Oct 2003 11:39:35 +0800 From: Alex [EMAIL PROTECTED] Subject: [Samba] Re: swatlib? To: Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed Hi John, Well... that's a tough one. I'm under the gun to do some php thing with samba's config. Either template based, or something off of loadparm.c. It just strikes me that the guts of the config file loading, saving and parsing are already implemented in C, yet are only used in cgi.c by swat. My C is VERY rusty (haven't coded a good solid app in about 8+ years)... On the other hand, getting a php module out of that code would be pretty sweet and make a lot of people's life easier. So what I'm gonna do is 2 things. First, make a little parser bridge for testparm's output (php-ize the output and use that for constraints checking), and try to make a loadparm lib.. it won't be a try swat replacement, just something to deal with samba's config file.. I'll give a stab at it.. nothing official. Unless it a success. Before you go totally down this road, you may want to at least look at libconf: http://savannah.nongnu.org/projects/libconf The smb.conf parsing is working well enough that there is a perl-GTK2 gui available (work in progress). A php or html frontend should also be possible. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ll0lrJK6UGDSBKcRAsIgAJ9+eTAcUODD3v9B0JalyY4S3Ap2sACgsnFF woqhDy/t26fG809ELjAaD7g= =5mql -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting a list of all possible smb mounts (and bug report on smbtree)
= False) Adding chars 0x41 0x0 (l-u = False) (u-l = False) Adding chars 0x42 0x0 (l-u = False) (u-l = False) Adding chars 0x43 0x0 (l-u = False) (u-l = False) Adding chars 0x44 0x0 (l-u = False) (u-l = False) Adding chars 0x45 0x0 (l-u = False) (u-l = False) Adding chars 0x46 0x0 (l-u = False) (u-l = False) Adding chars 0x47 0x0 (l-u = False) (u-l = False) Adding chars 0x48 0x0 (l-u = False) (u-l = False) Adding chars 0x49 0x0 (l-u = False) (u-l = False) Adding chars 0x4a 0x0 (l-u = False) (u-l = False) Adding chars 0x4b 0x0 (l-u = False) (u-l = False) Adding chars 0x4c 0x0 (l-u = False) (u-l = False) Adding chars 0x4d 0x0 (l-u = False) (u-l = False) Adding chars 0x4e 0x0 (l-u = False) (u-l = False) Adding chars 0x4f 0x0 (l-u = False) (u-l = False) Adding chars 0x50 0x0 (l-u = False) (u-l = False) Adding chars 0x51 0x0 (l-u = False) (u-l = False) Adding chars 0x52 0x0 (l-u = False) (u-l = False) Adding chars 0x53 0x0 (l-u = False) (u-l = False) Adding chars 0x54 0x0 (l-u = False) (u-l = False) Adding chars 0x55 0x0 (l-u = False) (u-l = False) Adding chars 0x56 0x0 (l-u = False) (u-l = False) Adding chars 0x57 0x0 (l-u = False) (u-l = False) Adding chars 0x58 0x0 (l-u = False) (u-l = False) Adding chars 0x59 0x0 (l-u = False) (u-l = False) Adding chars 0x5a 0x0 (l-u = False) (u-l = False) Adding chars 0x5e 0x0 (l-u = False) (u-l = False) Adding chars 0x5f 0x0 (l-u = False) (u-l = False) Adding chars 0x60 0x0 (l-u = False) (u-l = False) Adding chars 0x61 0x0 (l-u = False) (u-l = False) Adding chars 0x62 0x0 (l-u = False) (u-l = False) Adding chars 0x63 0x0 (l-u = False) (u-l = False) Adding chars 0x64 0x0 (l-u = False) (u-l = False) Adding chars 0x65 0x0 (l-u = False) (u-l = False) Adding chars 0x66 0x0 (l-u = False) (u-l = False) Adding chars 0x67 0x0 (l-u = False) (u-l = False) Adding chars 0x68 0x0 (l-u = False) (u-l = False) Adding chars 0x69 0x0 (l-u = False) (u-l = False) Adding chars 0x6a 0x0 (l-u = False) (u-l = False) Adding chars 0x6b 0x0 (l-u = False) (u-l = False) Adding chars 0x6c 0x0 (l-u = False) (u-l = False) Adding chars 0x6d 0x0 (l-u = False) (u-l = False) Adding chars 0x6e 0x0 (l-u = False) (u-l = False) Adding chars 0x6f 0x0 (l-u = False) (u-l = False) Adding chars 0x70 0x0 (l-u = False) (u-l = False) Adding chars 0x71 0x0 (l-u = False) (u-l = False) Adding chars 0x72 0x0 (l-u = False) (u-l = False) Adding chars 0x73 0x0 (l-u = False) (u-l = False) Adding chars 0x74 0x0 (l-u = False) (u-l = False) Adding chars 0x75 0x0 (l-u = False) (u-l = False) Adding chars 0x76 0x0 (l-u = False) (u-l = False) Adding chars 0x77 0x0 (l-u = False) (u-l = False) Adding chars 0x78 0x0 (l-u = False) (u-l = False) Adding chars 0x79 0x0 (l-u = False) (u-l = False) Adding chars 0x7a 0x0 (l-u = False) (u-l = False) Adding chars 0x7b 0x0 (l-u = False) (u-l = False) Adding chars 0x7d 0x0 (l-u = False) (u-l = False) Adding chars 0x7e 0x0 (l-u = False) (u-l = False) Segmentation fault (core dumped) (core files available on request) Normal operation on samba-3.0.0 looks like this $ smbtree3 Password: CAE \\PRINT Samba Server 2.2.8a \\PRINT\bgmilne Home Directories \\PRINT\canongp \\PRINT\dj1120 \\PRINT\dj970 \\PRINT\hp2100 \\PRINT\hp5l \\PRINT\ADMIN$ IPC Service (Samba Server 2.2.8a) \\PRINT\IPC$IPC Service (Samba Server 2.2.8a) \\PRINT\print$ \\PRINT\hp1200_ps Special print share to print from programs that output Postscript (ie Wave) \\PRINT\hp2100_ps Special print share to print from programs that output Postscript (ie Wave) \\PRINT\webpagesWebpages hosted on this machine (intranet, alpha, beta) \\HERMESSamba Server 3.0.0 \\HERMES\bgmilneHome Directories \\HERMES\hp5l No Information Available \\HERMES\hp2100 Hewlett Packard HP2100 Laserjet \\HERMES\dj970 HP Colour Printer \\HERMES\dj1120 HP Colour Printer \\HERMES\canongpGP200-225PCL \\HERMES\ADMIN$ IPC Service (Samba Server 3.0.0) \\HERMES\IPC$ IPC Service (Samba Server 3.0.0) etc.. where CAE is the workgroup name in this case, and PRINT and HERMES are two netbios names of samba servers (windows machines were also listed). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1
Re: [Samba] Migrating /etc/shadow passwords to LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Thu, 16 Oct 2003 12:25:48 +0200 (CEST) From: Dani Pardo [EMAIL PROTECTED] Subject: [Samba] Migrating /etc/shadow passwords to LDAP To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: TEXT/PLAIN; charset=US-ASCII Hi!. Since now, I was using a Workgroup with samba 2.2, and samba was using /etc/passwd for user accounts (plain text passwords). Now I'm migrating to LDAP, and I'm looking for a way to migrate the passwords without every user typing the password again.. It seems that idealix's scripts (smbldap-migrate-accounts.pl) will migrate from a previous NT based PDC.. but it's not my case. Any suggestion? Thanks! If you're running samba-2.2.x compiled with LDAP support, you probably want to read this article: http://www.mandrakesecure.net/en/docs/samba-pdc.php The next article (http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php) also has some tricks to make life easier, so read it before you start ... Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/j9earJK6UGDSBKcRAsVKAKCX/OnZi2SQCCTyKSKNaplxQeP+aACbBciC jnfJO1M5T67Giff+lUjy838= =05bW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a domain without using root or administrator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Mon, 13 Oct 2003 11:00:15 +0200 From: J. Strohschnitter [EMAIL PROTECTED] Subject: [Samba] Joining a domain without using root or administrator To: samba-liste [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII HI there, is it possible to join a samba 2.2.8 domain with a win2000/xp client without using the local administrator account of windows and the root user of linux ? For win2k/xp, you need: - -to be logged in to the machine as a user with administrative rights to change domain membership (not necessarily Administrator). - -to join the domain as a user with rights to change the machine's trust account password. This means either you must use the root account (and the root smbpasswd, but it can differ from root's unix password of course), or if you are using LDAP you can set it up so that members of the domain admin group can do so using their samba password. Just like adding a the trusted account via console on the linux-machine ? Only with Windows NT4 clients. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/i8S8rJK6UGDSBKcRAsZeAJ9segT2GXGGc7BqtkMtrydZb880iACfQwJP h15mVOwwfNLnLbutkc4B4hs= =fAgW -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba server browsing? (help!)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Sun, 12 Oct 2003 19:44:06 +0700 From: Roy Koswaramulya [EMAIL PROTECTED] Subject: [Samba] samba server browsing? (help!) To: Samba Mail [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Dear all. I have install samba 2.2.7a in mandrake 9.1 and success access by client, but there is a problem about it. Server samba is giving an ip address 192.11.11.xxx and client is having ip address 192.11.11.xxx and 192.11.12.xxx. in computer client (windows NT, Win2k, and win98) which have an ip address 192.11.11.xxx server can access straightly from network neighborhood (without searching computer), but for client who have an ip address 192.11.12.xxx that samba server must searching first to get an access. What I mast do so that comp client with an ip address 192.11.12.xxx can look that samba server in network neighborhood? (Note: I can't change all an ip address to 192.11.11.xxx because its not allow from my company) I have to try change a subnet mask to 255.255.0.0 in client computer and it doesn't work. For information I use winnt wins server and have 2 gateway for computer with an ip address 192.11.11.xxx and 192.11.12.xxx. Without any additional information to go on (such as extracts from your smb.conf) I would guess you need to add a line such as: wins server = 192.11.11.xxx to the global section of your smb.conf, and restart samba Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ipfHrJK6UGDSBKcRAmEHAJ92DJ9J3tsxx54GPEZGf8xMloHRygCgnPYl pu+MNtkDf6ynK8rEFZg6Xtg= =frRW -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 PDC + LDAP + winbindd?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 15 Date: Wed, 8 Oct 2003 10:15:51 -0400 From: Jake Dalton [EMAIL PROTECTED] Subject: [Samba] Samba3 PDC + LDAP + winbindd? To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi, I'm trying to set up a single sign-on system across both linux and windows with a Samba3 PDC and OpenLDAP backend. I've been trying to follow the documentation included with Samba3 but I don't seem to be having much success. The basic idea is to use nss_ldap/pam_ldap/NFS on the linux clients, and authenticate the Windows machines to samba. There is no reason your linux clients need to know anything about samba (unless they are service files to windows clients, but then all you need to do is join them to the domain). So I have few questions. #1: What services are necessary for this to work? I know smbd, nmbd and slapd are for sure required. But I can't figure out whether winbindd should be running with this system or not. As far as I understand, it is. It will provide the ability for domain users to log into linux systems with their domain credentials. Winbind is there to map identities present on Windows Domain Controllers to Unix uids and gids. Since samba already does this (well, ther reverse), you don't need winbind. Winbind is primarily useful when you *aren't* using samba as a domain controller, and would be run on the client systems. #2: How do the idmap mappings get created? I have the ldap idmap suffix option set to a valid location but I've never seen any entries get put in there. You don't need this. #3: What constitutes a domain group in ldapsam? From what I can tell, the sambaGroupMapping object class indicates a domain group. But every domain group needs to map to a posixGroup objectclass entry. So if every domain group has a one-to-one mapping to a group gid, why is there a need for winbindd to generate mappings for domain groups? There isn't. nss_ldap will give you the groups as they are in LDAP. #4: Is there an easy way to test the smbd+slapd configuration? I want to make sure that those two are configured and working correctly before I start expanding the configuration to adding other machines to the domain. Join one machine to the domain, and test things like ACLs on the client. #5: When I run wbinfo -u or wbinfo -g both return with Error looking up domain [users|groups] but if I tried wbinfo -n testuser I actually get a SID back. What could cause this? But you don't need this to work. Any help would be appreciated. If someone has samba3 PDC + OpenLDAP system set up, a dump in ldif format (with sensitive info removed) of the ldap directory would be a great help, as well as sample smb.conf's or any other suggestions. I think you're probably more in need on docs on the nss_ldap/pam_ldap side, please see the documents at http://mandrakesecure.net which cover a few issues which may be of interest (but don't cover samba3 yet ...) Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/hUGirJK6UGDSBKcRAlTfAJ95WPICQVSJ64maD8Eg3g6wNZdvegCeNx+W WybrP8jRaQyJ2oLryz3eEm8= =cPTQ -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3.0.0 packages for Mandrake 8.2-9.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gémes Géza wrote: Therebly sorry for this question, but I couldn't found what Sambaldap is for? Sambaldap is the name of a urpmi medium at http://plf.zarb.org/~nanardon/?minor=1, which is for the Mandrake samba packages on the samba FTP server which have ldap support (ie samba-server-ldap-2.2.8a-2mdk.i586.rpm and samba3-server-3.0.0-1.1mdk.i586.rpm). , is it a configuration patch to samba3, or what? Since I always instaled from SRPM , downloading, from various mirrors, I haven't meet it. Sorry for my stupidity ;-) . Well, if the packages provided are sufficient for you, you could do it all with urpmi instead. Set up a source of your choice at http://plf.zarb.org/~nanardon/?minor=1, and use 'urpmi samba3-server' or similar to install the packages you want. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/fU5drJK6UGDSBKcRAvyYAJ0UItDybemVVXjfORxIQBKwbERTEwCguxFF IyLJeIWPYpnFRyq59Navm/w= =42Jp -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Automatically mounting home dir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 2 Date: Thu, 02 Oct 2003 15:28:51 +0300 From: Budai Laszlo [EMAIL PROTECTED] Subject: Re: [Samba] Automatically mounting home dir To: Ow Mun Heng [EMAIL PROTECTED], [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hello, I think I wasn't that clear as I should. We have dual boot PCs in laboratories where students have access. We have active directory for windows, and we would like to be able to authenticate to linux as vell using the same username/password. If I join a computer running linux to the domain using the tools provided by samba 3, it will rewrite the computer's entry in the directory, so the next time I boot windows on the same computer I cannot login using domain accounts. Is there a possibility to join a computer to the AD without changing the computer account information in the AD? Not really, since the machines also change their own passwords, so even if you can sync them once, you would have problems sync'ing the later. Or how can I use both windows and linux on the same computer and authenticate in the AD? Join the linux installations seperately. To answer the question in your title, you can automatically mout the shares from the server at login time, using pam_mount. However, you cannot use a Windows share as the home directory if you want to use KDE or GNOME. You can't even (at present) use a samba server for this, even using the cifs driver on the client. You still would need NFS, and that would require that your winbind mappings are shared (ie in AD or some other LDAP server, but I haven't done this myself ..). It's easier to server heterogenous clients using Linux/Samba/OpenLDAP/NFS IMHO ... Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/fVcprJK6UGDSBKcRAu55AJ9zjRaucMLx0TmlBF5pHUHq1k7jyACfdnWy 07Z7Iq2m86ubxpcHpUv9d8E= =QqNl -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Samba-3.0.0 packages for Mandrake 8.2-9.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 RPMs of samba3 for Mandrake were uploaded to the samba FTP mirrors on Saturday. For those who have urpmi media setup for your favourite samba mirror, all you need to do to get samba3 is (assuming you have setup the Sambaldap source such as at http://plf.zarb.org/~nanardon/?minor=1): # urpmi.update Sambaldap # urpmi samba3-server Please note that by default the samba3 packages are built to install in parallel with the samba-2.2.x packages, allowing an easier transition from samba2 to samba3 (especially for those on LDAP). However, it is very easy to rebuild the SRPM to build packages that replace the 2.2.x packages. This, and a number of other aspects are covered in the README on the mirrors (which for some reason does not show up on all the mirrors): http://download.samba.org/samba/ftp/Binary_Packages/Mandrake/README.txt Builds that will replace the 2.2.x packages are also available from http://ranger.dnsalias.com/mandrake (for example http://ranger.dnsalias.com/mandrake/9.1/samba-3.0.0/) For 9.2, samba3 will be available in contrib (although updated packages may appear on the samba ftp mirrors), and on 9.2 the client binaries use alternatives (so the version of your choice is available as the unversioned binary). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/fA3YrJK6UGDSBKcRAlaEAKC+S3rCZtv+/kYnvGOTDKQXQIPu/ACgqLw6 Oj8mtGPI1jkl4+Irde7isqA= =/uvD -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. *
[Samba] Samba-3.0.0 packages for Mandrake 8.2-9.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 RPMs of samba3 for Mandrake were uploaded to the samba FTP mirrors on Saturday. For those who have urpmi media setup for your favourite samba mirror, all you need to do to get samba3 is (assuming you have setup the Sambaldap source such as at http://plf.zarb.org/~nanardon/?minor=1): # urpmi.update Sambaldap # urpmi samba3-server Please note that by default the samba3 packages are built to install in parallel with the samba-2.2.x packages, allowing an easier transition from samba2 to samba3 (especially for those on LDAP). However, it is very easy to rebuild the SRPM to build packages that replace the 2.2.x packages. This, and a number of other aspects are covered in the README on the mirrors (which for some reason does not show up on all the mirrors): http://download.samba.org/samba/ftp/Binary_Packages/Mandrake/README.txt Builds that will replace the 2.2.x packages are also available from http://ranger.dnsalias.com/mandrake (for example http://ranger.dnsalias.com/mandrake/9.1/samba-3.0.0/) For 9.2, samba3 will be available in contrib (although updated packages may appear on the samba ftp mirrors), and on 9.2 the client binaries use alternatives (so the version of your choice is available as the unversioned binary). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/fA3YrJK6UGDSBKcRAlaEAKC+S3rCZtv+/kYnvGOTDKQXQIPu/ACgqLw6 Oj8mtGPI1jkl4+Irde7isqA= =/uvD -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: S3+CUPS+PDF pseudo printer : print command not functional on service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 14 Date: Fri, 26 Sep 2003 17:45:11 +0200 From: J?r?me Fenal [EMAIL PROTECTED] Subject: [Samba] S3+CUPS+PDF pseudo printer : print command not functional on service To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hi all, I've just set up a Samba 3.0.0 PDC (LDAP+nss) on FreeBSD 5.1, with CUPS as default print stack, which begins to work nicely. I'm configuring a PDF pseudo printer, with the following share : [pdfwriter] comment = Imprimante PDF : génère un fichier PDF printing = bsd path = /var/tmp printable = Yes print command = /usr/local/bin/printpdf -u %U -h %M %s 2/dev/null lpq command = This very same config (except that %u is replaced here by %U) used to work nicely on Samba 2.2.7a, with cups on stock RH9. The print command was used, and CUPS would not see anything concerning 'pdfwriter'. No more on S3, I have in the log : [2003/09/26 15:30:19, 0] printing/print_cups.c:cups_job_submit(756) Unable to print file to pdfwriter - server-error-not-accepting-jobs So I think that S3 does not honor any more the 'print command' when specified in printable share when using CUPS. Can anyone confirm this is a bug, or point me to my error ? You can't use 'print command' if you have 'printcap name = cups' in the global section. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/eDturJK6UGDSBKcRAntjAKCcsJWdeNtgPoJh/wAp4aNR6uicRgCfdn1R ri2qMx1MAu2t0eT4tFIQ5ko= =Pybh -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [SLE] Any way to do Linux User home directories via Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 15 Date: Mon, 08 Sep 2003 09:29:41 -0500 From: Jason Joines [EMAIL PROTECTED] Subject: [Samba] Re: [SLE] Any way to do Linux User home directories via Samba To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sébastien Taylor wrote: The way we handle this at my office is by sharing over samba to the windows clients, and by nfs to the linux clients. The nfs exports the same data as smb so it's identical, but nfs is better suited for unix. Jason Joines a écrit: All of our user authentication is done via LDAP. We have an all Linux backend and tons of windows desktops. We've just started getting a few people to move to Linux on the desktop. Is there any way that I can have their home directory automatically mounted via Samba when they log in? The problem isn't monting the home directories (this can be done easily with pam_mount, assuming the LDAP password and samba password are in sync). The problem is that you can't start KDE with smbfs/cifs-mounted home directories, and although you can get GNOME working, gconf is broken (which may also break font display). Other less advanced desktops, such as WindowMaker, fluxbox etc do work ok though (even mozilla runs fine). Maybe someone else has got KDE/GNOME to work with smbfs/cifs-mounted homes? Thanks, Jason Joines Open Source = Open Mind I use NFS for my Linux desktop. However, our users have root access to their desktops and I'm concerned about the security of the server in that situation. Well, don't give them root access on their desktops. They should never need it, and if they do need to run certain things as root, you should setup sudo instead. There are way too many issues with users having root, NFS is only one problem. Store automount maps in your LDAP server, and NFS becomes trivial to use (no client side configuration needed). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/XbkarJK6UGDSBKcRAmbmAKCoo70/2iGoRvxhpecDHltB1GZ2YwCfS2Os 1OTVFpBkR/q1uyWsqSZxz6A= =Iimc -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mandrake RPMs of RC3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Packages are currenlty available for Mandrake 9.0 at http://ranger.dnsalias.com/mandrake/9.0/samba-3.0.0rc3/ Packages for 9.1, 8.2, and possibly 8.1 will become available later. SRPM is available here: http://www.cae.sun.ac.za/~bgmilne/mandrake/samba/SRPMS/samba3-3.0.0-0.rc3.2mdk.src.rpm (please use this one and not the SRPM in cooker, otherwise you will get alternative support which you don't want unless you have a more recent samba-2.2.x package built with the right options). Which does build well on 9.1 (but my 9.1 box I built on has openldap-2.1, I will build packages on a clean box later) and cooker. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/Xi26rJK6UGDSBKcRAvJzAJ425JAIZSRsVAbavRbWyZs2OqeFagCgwKur afZkDcml162tzmhb3a17sBY= =HE75 -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mandrake packages of RC2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Packages of RC2 are available for Mandrake 8.2, 9.0 and 9.1. Please beware these have not been tested very much (as I have been working more on the packages for the upcoming 9.2 - which also explains why they are so late ...). As always, samba3 packages for Mandrake are parallel-installable with the 2.2.x packages (and useable in parallel with careful configuration). In Cooker/9.2, alternatives are used for the client package (since 3.0.0-0.rc2.2), so you can have samba3-client with an otherwise samba-2.2.x system, and smbclient, smbmount, smbspool etc will be samba3 versions, or samba-2.2.x versions if you install samba-client-2.2.x. mount.cifs is included in all the packages, however only very recent Mandrake kernel packages (all flavours in Mandrake cooker except the marcelo kernel) have the required cifs filesystem driver. Packaging bugs are mine, the samba team seems to claim the rest ;-). http://ranger.dnsalias.com/mandrake/samba Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/WNdzrJK6UGDSBKcRAqFZAKCxJRw2bhIS6lrOlQyO/TDhHVSsCgCfURuC KGyYMpPxdbWNFy3zycjA9UM= =Ml2I -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mount automaticly with samba for file server in ms machine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 44 Date: Tue, 2 Sep 2003 12:19:44 -0700 (WIT) From: [EMAIL PROTECTED] Subject: [Samba] mount automaticly with samba for file server in ms machine To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain;charset=iso-8859-1 i want automatic mount file server in microsoft machine here is detail : file server microsoft : 172.18.13.111 name share : Home file server microsoft join to winnt pdc ( i have create user , exsample =shareduser ) linux ws wan to automatic mount that file server ( 172.18 .13.111/home) with user shareduser . i try like this : [EMAIL PROTECTED] root]# smbclient //172.18.13.111/home -U sharedusers -P 12345 added interface ip=172.18.18.14 bcast=172.18.255.255 nmask=255.255.0.0 session request to 172.18.13.111 failed (Called name not present) session request to 172 failed (Called name not present) This means that you have tried to access the machine by a name it does not recognise. Use the netbios name instead. Password: Domain=[UB-NET] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] smb: \ , how to set automount every boot , always mount . Depends on if you want to leave your password in clear text on the machine, if so you can add the entry to fstab with a credentials file. If you only want the share to be mounted when you log in, use pam_mount instead. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/VJkgrJK6UGDSBKcRAoceAKCtNUhn/fHisdSt7m3ZZZRzgUsAMACfdLXp +BkqWrPbHipeFZCJGc69v34= =QO66 -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.8 and domain logons
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 3 Date: Sun, 31 Aug 2003 21:54:20 +0530 From: Govindarajan [EMAIL PROTECTED] Subject: [Samba] Samba 2.2.8 and domain logons To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi all, We have around 15 computers (win2k+sp4) and a Linux samba server(mandrake). Samba is configured for domain logons. I have included the domain admin group parameter in smb.conf and the group is called admin. Till yesterday things were OK, everyone was able to login to the domain. Today, out of the blue, domain logins are not happening. Log files do not give a clue as to what's happening. The windows clients throw out an error message saying Unable to load your roaming profile logging in with your local profile. Does this mean that authentication is going OK and that only the roaming profile is not being loaded? You can check by looking at the LOGONSERVER variable in Windows, start a command prompt, and type (C:\ indicated the prompt): C:\echo %LOGONSERVER% If it is the name of the local machine, chances are you are having name resolution issues, and the only reason your users can log in is cached credentials. The easiest way to overcome this is to run a WINS server on your domain controller (if you don't yet), and tell your Windows machines where the DC is via DHCP. I checked the perminssions on the profile folders and everything seems to be OK. Where do I need to look? I'll be glad if someone could point me in the right direction. You might want to turn logging up (ex 'log level = 3' in smb.conf), and see if the clients actually authenticate or not If any further information is needed to troubleshoot this issue please let me know. Also, I'll email the smb.conf in a day as I am at home right now. BTW I followed the procedure as described in the IBM samba document. IIRC the IBM document gives a worse configuration in the end than the default /etc/samba/smb.conf if you read it through once and uncomment all the relevany domain controller options according to the comments. Also, please see the documents at: http://mandrake.vmlinuz.ca/bin/view/Main/SambaDomainController Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/U0zKrJK6UGDSBKcRAuhWAJ4zbHI4/3Nf5kDDb9SSY58z4Ugo6wCfaS3v y2xogRdZVp3zw8Cp7WVQ7aY= =4cRy -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Why are the binaries so huge?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 38 Date: Fri, 29 Aug 2003 08:53:00 +1200 From: Paul Eggleton [EMAIL PROTECTED] Subject: RE: [Samba] Why are the binaries so huge? To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Wayne Rasmussen wrote on Friday, 29 August 2003 7:46 a.m.: After you configure, in the source/Makefile change the line: CFLAGS= -g -O2 to: CFLAGS= -O2 One would assume that this option is included in the beta/RC releases to allow debugging. If you wish to report any crash-type bugs I suggest you leave this option in. But gcc-3.3 generates *huge* binaries with debuggind enabled, on my 800 Duron, gcc-3.3 would take close on half an hour just to relink the binaries, whereas with earlier versions of gcc (even 3.2.1), I could do a complete build from scratch in the same time. In my case, I didn't have 600MB free on the partition the binaries were intended to be on ... so in some cases building with debug flags actually prevents testing ... best to build without debugging enabled, and if you find a bug, just relink the offending binary with debugging enabled. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/T0PprJK6UGDSBKcRAiojAJ4oAG6oI+FleTZpLR9AxsZoV7dclQCfWXN6 xxcFc0GC9zvZb8ON1ZLUzKk= =rm5d -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
MS Word creates new files (was Re [Samba] Samba creates User-ACL's)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 2 Date: Tue, 19 Aug 2003 14:05:40 +0200 From: [EMAIL PROTECTED] (Peter Koch) Subject: [Samba] Samba creates User-ACL's To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Dear Readers: I'm using Samba 2.2.8a with ACL-support and noticed the following behaviour. If a MS-word document with owner u1, group g1 and permissions 660 is edited by user u2 wich belongs to group g1, the owner of the file will be changed to u2 and an ACL will be created for u1 Technically, the ACL/owner is *not* changed. You have a new file ... the old one with the original ACLs was deleted. This is very annoying since a) we don't need this ACLs (u1, u2, u3 are all members of g1) b) if users are removed from group g1 we don't want them to have write-Access to the files. But thea still have write-access to some files, namely those they have changed ian our case group g1 contains all user that should have write-permission to the file and if one user is removed from group g1 he should no longer have write permissions. But after a user has been removed from group g1 he can still change all files the were changed ba him at least once. Here's an example: -rw-rw u1 g1 example.doc Now example.doc is changed by u2: -rw-rwxr--+ u2 g1 example.doc # file: example.doc # owner: u2 # group: g1 user::rw- user:u1:rw- #effective:rw- group::rw- #effective:rw- mask:rwx other:--- Now example.doc is changed by u3: -rw-rwxr--+ u3 g1 example.doc # file: example.doc # owner: u3 # group: g1 user::rw- user:u1:rw- #effective:rw- user:u2:rw- #effective:rw- group::rw- #effective:rw- mask:rwx other:--- Any ideas how to prevent this !! Try with a non-microsoft product, and you will see there is no problem. Your problem is that MS Word creates a new file when the original file is edited, and when the edited file is saved, MS Word copies it over the old file. It thus retains the permissions of the *new* file. File a bug with MS, or use good defaults on your shares. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/Q2+MrJK6UGDSBKcRAiijAJ9oDnOCLUmWLj5/RpZ1hot+H06n4wCeILrl FdeB1O56Dx99XycakEbkekE= =SRFh -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0rc1 and 2 servers - PDC and homes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 15 Date: Sun, 17 Aug 2003 19:03:39 -0500 From: Marlys Nelson [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.0rc1 and 2 servers - PDC and homes To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed I have Samba 3.0.0rc1 installed on a linux server DC-01 and it's configured as a PDC. The only share it has is netlogon. Users are stored in an LDAP passdb. All our users' home directories are on a second linux server, FS-01. It's been joined to the domain (command sudo net join -U Administrator, which is the name of the root account). And here's a snippet from it's smb.conf: [..] If I logon to the domain from an XP machine and pull up the properties|security on one of my files, it shows the following in the Group or user names box: * Group icon for Everyone * User? icon with a SID listed * Group icon with the name of my group listed Why do I get the User? icon with the SID showing? The SID appears to be the localsid for FS-01 (where the homes share is located). From FS-01: bash-2.05$ sudo net getlocalsid CAMPUS SID for domain CAMPUS is: S-1-5-21-1347140671-2256076281-2964443892 bash-2.05$ sudo net getlocalsid SID for domain FS-01 is: S-1-5-21-3124996394-1784840607-3979961563 The User? SID is S-1-5-21-3124996394-1784840607-3979961563-10808 I was expecting the User icon with my login name since this is supposed to be a single domain with single users/groups. If I look at a file on \\DC-01\netlogon, I see my name and group. Is there some step I've missed in setting up the homes server? This looks exactly like what I am seeing with a samba-3.0.0rc1 member in a samba-2.2.8a domain, and seems to be this bug: https://bugzilla.samba.org/show_bug.cgi?id=245 With samba-2.2.x (instead of 3.0.0rc1) on the (same) member server, the SID is resolved correctly, and Win2ksp3 shows the username/gecos correctly. Jerry asked for level 10 logs for this, I will be sending him some shortly ... Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/QSCYrJK6UGDSBKcRAmpeAJ9DNAuyVK5YnF7qiS4G9c+njiXofACgqkyB B3AzgS7VI/y1FkwL/pCnZvg= =NJzk -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.8 PDC + LDAP - import_smbpasswd.pl does
not work X-Enigmail-Version: 0.76.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 5 Date: Mon, 11 Aug 2003 15:46:04 +0200 From: Kopmann, Goetz [EMAIL PROTECTED] Subject: [Samba] Samba 2.2.8 PDC + LDAP - import_smbpasswd.pl does not work To: Samba (E-Mail) [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 Hi All, I'm trying to change the autentification method of our users from smbpasswd to an OpenLDAP-Server. To set it up, i used the information from idealix. The next step is to import the user-database fromout of the smbpasswd file via import_smbpasswd.pl into the LDAP-schema. Unfortunately this does not work. The script does work ... $ cat smbpasswd | perl import_smbpasswd.pl produces the output: Adding [uid=root,ou=Users,dc=cimpa,dc=corp] Adding [uid=thc1gk,ou=Users,dc=cimpa,dc=corp] Adding [uid=cimpa36$,ou=Users,dc=cimpa,dc=corp] Adding [uid=th15gw,ou=Users,dc=cimpa,dc=corp] Adding [uid=cimsrv01$,ou=Users,dc=cimpa,dc=corp] Adding [uid=thb1wa,ou=Users,dc=cimpa,dc=corp] . Adding [uid=th15on,ou=Users,dc=cimpa,dc=corp] Adding [uid=cimsrv03$,ou=Users,dc=cimpa,dc=corp] Adding [uid=thc1ak,ou=Users,dc=cimpa,dc=corp] Hmmm, I would use the LDAP migration tools to get accounts imported first, and then the script will only modify existing accounts, and not add accounts and miss some information you may want to add (which ldap-migration adds for you). $ ... but no user has been added. Then most likely the DN you have specified in the top of the script (in the $DN variable) either does not have write access to the entries, or the password is incorrect. Can anyone help me with that ? Distribution is: SuSE 8.2 mandrakesecure.net is unfortunately down at the moment, but the articles there on LDAP/Samba are pretty good, and cover issues such as this. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/OOtprJK6UGDSBKcRAjMEAJ9d7bMMwHrNecmswUWwfNVJsCy+owCgoVss SMptxrUHI1TD8XIvvFf+V2Q= =WDNM -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Howto released: Using OpenLDAP on Debian Woody to serveLinux and Samba users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 33 Date: Tue, 12 Aug 2003 01:17:35 +0200 From: Markus Amersdorfer [EMAIL PROTECTED] Subject: [Samba] Howto released: Using OpenLDAP on Debian Woody to serve Linux and Samba users To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII Hi everyone! I'd like to finally announce version 1.0 of my (unofficial) LDAP-Howto Using OpenLDAP on Debian Woody to serve Linux and Samba users: http://homex.subnet.at/~max/ldap/ I hope it may be of help to somebody. Of course, I'm always glad to hear about your opinion, additions, corrections or any other kind of add-ons. I notice that you do reference the mandrakesecure.net articles (since it's down, you may want to link to my personal copy, which may however be slightly out-of-date, my last edits were sent as diffs ... but is accessible here: http://ranger.dnsalias.com/samba-ldap-advanced.php There are a number of issues I addressed which you missed (even though you pulled some things straight from it) ... - -it is possible to set it up that machine accounts are created on the fly, in fact it can be setup such that non-root users can do join machines and have accounts added, which is how we default on Mandrake (by good file permissions). It was not covered in detail, since the packages are setup to work out-the-box. - -you should not need to edit the files from migration-tools (http://ranger.dnsalias.com/samba-ldap-advanced.php#initldap) - -I would seriously reccomend samba-2.2.8a over previous releases, since password changes from a BDC work (this only started working in 2.2.8 IIRC), but of course Debian doesn't have packages :-/ Anyway, I think it would be better to improve the samba docs in respect to LDAP setup, unfortunately I won't have time to do anything myself for at least 6 weeks. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/OPDwrJK6UGDSBKcRAhdIAJ44kthrPY8F0L5VPByH5ty0CLgF8QCfaV2L c7fCYNXzOrWroqlRiZ7lxls= =4W1a -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Where is mysql support?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 40 Date: Sat, 02 Aug 2003 09:54:30 +0100 (BST) From: Howard Miller [EMAIL PROTECTED] Subject: Re: [Samba] Where is mysql support? To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 Bad plan, obviously I found the problem... sort of... I didn't notice the experimental module switch to ./configure. That should have been a clue Next the mysql test application wouldn't compile, but there is a switch to disable that, so that got mysql support past the configure stage. Then of course the mysql modules wouldn't compile! So, I am taking experimental to mean that it doesn't work at all! It does compile, my packages for Mandrake 8.2-9.1 and in cooker contrib have the mysql plugin. I had to disable the test application for configure (since it doesn't seem to work for mysql 4.x or later), but it does compile if you have the relevant development files installed (ie libmysql-devel on Mandrake, MySQL-devel on Redhat etc). http://ranger.dnsalias.com/mandrake/9.1/samba-3.0.0beta3/ (note the xml and mysql passdb plugins are in subpackages) Oh well LDAP suffering and brain damage here we come What's wrong with LDAP? Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/LlQVrJK6UGDSBKcRAkmIAKCvMIS8h7QeN05bMFTzqZK/9X3HYACgxeHN ErNNOOAOv+CiNjWBxoHraIk= =IRSQ -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind, pam_stack and debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 53 Date: 01 Aug 2003 11:27:32 +1200 From: Brent Addis [EMAIL PROTECTED] Subject: [Samba] winbind, pam_stack and debian To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain Hey all Im trying to get a samba pc reading passwords off a windows pdc for authorising user shares. The howtos all say to use pam_stack.so for this however it does not exist in debian (its a redhat thing). No, not really, pam_stack is now distributed as part of pam, many parts of which were contributed to by Redhat. Most distros have pam_stack. is there a workaround for this? Yes, instead of adding winbind support to one pam file, you have to add the winbind auth and account lines to all the pam file for each service you want to use winbind for. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/KnezrJK6UGDSBKcRAukQAKCmzv3BCOseHbQQod9CpJXggWZOhwCgi17W ItvMPfBX0abm4mA51ie4DjQ= =sTo9 -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Mdk 9.1,samba-LDAP 2.2.8a/3.0b3 (LDAP) can't print to z53
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dragan Krnic wrote: https://bugzilla.samba.org/show_bug.cgi?id=82 Which doesn't: a)Have any attachments b)link to a cvs diff c)Give any information that would be useful in tracking down the patch (I have looked, the first time you posted this link). All my printer driver uploads have worked correctly on our 2.2.8a packages, (I did one last week on 9.0/2.2.8a-2mdk). So, unless I see an official patch list for 2.2.8a (or there is a new release, maybe also fixing the problem with cups printers not appearing without a restart of smbd) or a transparent way of finding which patches should be applied, I won't rebuild packages for 5 releases. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/KSWSrJK6UGDSBKcRArHzAKC/czTo41Vu1Px2FjICy+pXdmCf8gCfbwNB i11AKJ/0SOmk0O6k+nF4QbA= =ZPFk -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Mdk 9.1,samba-LDAP 2.2.8a/3.0b3 (LDAP) can't print to z53
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dragan Krnic wrote: Which doesn't: a)Have any attachments Thanks. The maintainer closed the bug as fixed. I didn't see the need to supply further information. So I left it at that. I've just posted attachment #62 to bug #82 containing the patch diff text I use to incorporate changes in my 2.2.8a. b)link to a cvs diff Huh? Something like this: http://cvs.samba.org/cgi-bin/cvsweb/samba/source/lib/util_unistr.c.diff?r1=1.45.2.27r2=1.45.2.28only_with_tag=SAMBA_2_2 Which according to the cvs log: http://cvs.samba.org/cgi-bin/cvsweb/samba/source/lib/util_unistr.c.diff?r1=1.45.2.27r2=1.45.2.28only_with_tag=SAMBA_2_2 Fixes this. But I don't see a patch in cvs to source/rpc_server/srv_spoolss_nt.c that relates to this. So is the fix above sufficient? c)Give any information that would be useful in tracking down the patch (I have looked, the first time you posted this link). All my printer driver uploads have worked correctly on our 2.2.8a packages, (I did one last week on 9.0/2.2.8a-2mdk). Which is really interesting. Can you look up the section cited in my patch file to see whether Mandrake patched it on their own or the patch is already in cvs without a link to it in bugzilla? No, we didn't have a patch for this (although you can check for yourself in cvs at http://cvs.mandrakesoft.com/cgi-bin/cvsweb.cgi/SPECS/samba/) So, unless I see an official patch list for 2.2.8a (or there is a new release, maybe also fixing the problem with cups printers not appearing without a restart of smbd) or a transparent way of finding which patches should be applied, I won't rebuild packages for 5 releases. You're under no obligation to do anything, especially if you don't have the problem. Your name just popped up in a thread I shared with Jim for some reason and I didn't remove it from later correspondence. Well, I maintain samba/samba3 in Mandrake, and a number of people have implied that there are patches for 2.2.8a which should be applied (and I would like to see the one for the cups printer list myself) ... but there is no list available of those that should be applied ... so distributors must guess from cvs logs what should be applied (which IMHO is not the ideal situation for the samba team if they want their software to work out-the-box on the majority of deployments). And with a potential switch to samba-3.0.0 just before the upcoming 9.2, I would prefer not to have to go chasing after patches for 2.2.8a (I have enough to test with samba3). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/KU5rrJK6UGDSBKcRAonxAJ9O2gtX27t8BSYcrx8MNZE0tuaYvwCcCRnD rQfFdZtmDgj4ejCo4OuHt0Q= =fVd1 -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 3.0 and Active Directory Replication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 1 Date: Sat, 19 Jul 2003 09:05:44 -0400 From: Jamrock [EMAIL PROTECTED] Subject: [Samba] Re: Samba 3.0 and Active Directory Replication To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Hi Paul, you may have read the docu but... anyway replacing /etc/passwd is achieved by a different NSS source (could be ldap, nis, whatever). If you gonna use LDAP as SAM backend you don't need /etc/samba/smbpasswd anymore. (you need nss_ldap and possibly pam_ldap from padl.com) Fine. I am currently going through the 385 page Samba manual. Where can I find more info. about the other NSS sources? What are the advantages/disadvantages of using another one? This is probably one of the better documents on LDAP available at present: http://www.mandrakesecure.net/en/docs/ldap-auth2.php BTW, NIS is mostly of academic value now, people still running NIS will likely be looking to migrate to LDAP in the future. With Samba 2.x we need to create the user in two places. I was just checking to see if we could now create the user in just one. This is not entirely true ... http://www.mandrakesecure.net/en/docs/samba-pdc.php This one may also be interesting: http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/G8WtrJK6UGDSBKcRAlF+AJsGDqp43RE/9QMy9ls2Jxo4boLZHwCeJ6i1 knisFMYUp47szyMezu3TIVs= =oSN8 -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Packages of beta3 for Mandrake Linux (8.1 through 9.1)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have built RPMs of samba3.0.0beta3, which are parallel-installable with samba-2.2.x (for easy testing, though you can change that by rebuilding the srpm with other options) for Mandrake 8.1 through 9.1, which are available on my site. I hope to get these up on the samba ftp servers soon, but if you desperatly need packages, grab them from the locations below: http://ranger.dnsalias.com/mandrake/8.1/samba-3.0.0beta3/ http://ranger.dnsalias.com/mandrake/8.2/samba-3.0.0beta3/ http://ranger.dnsalias.com/mandrake/9.0/samba-3.0.0beta3/ http://ranger.dnsalias.com/mandrake/9.1/samba-3.0.0beta3/ (I seem to have built the 8.1 packages without winbind or nss_wins support by mistake). Note that the srpm has a lot of options available at build time, run: $ rpm -ba --with options samba3-3.0.0-0.beta3.2mdk.src.rpm An SRPM is here: http://ranger.dnsalias.com/mandrake/9.1/samba-3.0.0beta3/samba3-3.0.0-0.beta3.2mdk.src.rpm to see what they are. For some reason the vscan modules don't build at present though. Packages will be in cooker very soon also. I have done minimal testing of the 9.0 and cooker packages, and most things seem to work .. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/GCuVrJK6UGDSBKcRAmvJAJoD72zNCF+wDhSNpL+3w7V4wKO0JwCbBgqV F1nSs9Z/LI3hWo6hbYmk69g= =A1WI -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. **
[Samba] Packages of beta3 for Mandrake Linux (8.1 through 9.1)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have built RPMs of samba3.0.0beta3, which are parallel-installable with samba-2.2.x (for easy testing, though you can change that by rebuilding the srpm with other options) for Mandrake 8.1 through 9.1, which are available on my site. I hope to get these up on the samba ftp servers soon, but if you desperatly need packages, grab them from the locations below: http://ranger.dnsalias.com/mandrake/8.1/samba-3.0.0beta3/ http://ranger.dnsalias.com/mandrake/8.2/samba-3.0.0beta3/ http://ranger.dnsalias.com/mandrake/9.0/samba-3.0.0beta3/ http://ranger.dnsalias.com/mandrake/9.1/samba-3.0.0beta3/ (I seem to have built the 8.1 packages without winbind or nss_wins support by mistake). Note that the srpm has a lot of options available at build time, run: $ rpm -ba --with options samba3-3.0.0-0.beta3.2mdk.src.rpm An SRPM is here: http://ranger.dnsalias.com/mandrake/9.1/samba-3.0.0beta3/samba3-3.0.0-0.beta3.2mdk.src.rpm to see what they are. For some reason the vscan modules don't build at present though. Packages will be in cooker very soon also. I have done minimal testing of the 9.0 and cooker packages, and most things seem to work .. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/GCuVrJK6UGDSBKcRAmvJAJoD72zNCF+wDhSNpL+3w7V4wKO0JwCbBgqV F1nSs9Z/LI3hWo6hbYmk69g= =A1WI -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Join linux to win Nt pdc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 14 Date: Fri, 11 Jul 2003 13:29:39 +0700 (WIT) From: [EMAIL PROTECTED] Subject: [Samba] Join linux to win Nt pdc To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain;charset=iso-8859-1 dear milist i'm newbie , i try to join my linux box to win nt pdc , i try follow documention in samba.org but still not working here the conditional of my server . server win nt PDC = 192.168.0.1 linux workstation = 192.168.0.10( linux mandrake 9.1+ samba ) in win nt PDc have been add win nt workstation with name linux ( linux ws) here my samba.conf [global] netbios name = linux server string = linux-inside encrypt passwords = Yes security = domain workgroup = linux-net Is your Windows NT server's domain name linux-net ? password server = * map to guest = Bad User log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 then i try to join with command. #smbpasswd -j linux-net -r 192.168.0.1 -D 3 -U Administrator%pass I am not sure if Windows NT servers will take connections with an IP address, have you tried -r server's netbios name instead of -r ip address? Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0 Connecting to 192.168.0.1 at port 445 error connecting to 192.168.0.1:445 (Connection refused) Connecting to 192.168.0.1 at port 139 failed session request Error connecting to 192.168.0.1 Unable to join domain linux-net. Can you access the Windows NT server with smbclient from the linux machine: $ smbclient -L servers netbios name -I 192.168.0.1 -U Administrator If you can't get a connection, you have to fix that first. Do you have any firewalls running? You may want to try: # service shorewall clear if you aren't sure. that error log i get , any body can help me , because my planing to change microsoft workstation with linux and join to win nt pdc , now use win nt pdc for temperory , later after finish change workstation win nt pdc will change with samba pdc . thank's I see you have no winbind configuration in your config file. Winbind will allow you to use the usernames from your Windows domain under linux. Mandrake 9.1 has support for winbind, in fact you can set it up during installation (use the Advanced button in the screen where you enter the root password). Depending on how many Windows workstations you have, it may be simpler to migrate the server to linux first, then you don't have to mess with winbind at all, you can use LDAP instead. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/E9PgrJK6UGDSBKcRAipwAKCc9iVdxvjZHZ8+FYLvEqe/dkvvsQCdGx+D /GdtImpIgfPFb6Mu6QfVGNI= =CBdP -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [homes]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 10 Date: Fri, 11 Jul 2003 06:39:23 -0700 From: Jim C [EMAIL PROTECTED] Subject: Re: [Samba] [homes] To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Andrew Bartlett wrote: You only need this if your home directory in /etc/passwd isn't already set approprately. The idea of [homes] is exactly that - wherever the home directory is, make it appear at that share. Andrew Bartlett Is it /etc/passwd or is it smbpasswd? Neither. Probably getpwent(), which does something similar to 'getent passwd username', so it works on machines which don't have entries in passwd (NIS/LDAP/Winbind) or smbpasswd (domain member server). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/E9SzrJK6UGDSBKcRAl3AAJ4yF6icE/SQV2UhEybxRvittduuzACfa6qz CgrTWh1z9Q0sqXwbOhnsvLI= =UTyf -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cant ceate home directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 18 Date: Mon, 14 Jul 2003 12:41:53 -0300 From: LabCeitba [EMAIL PROTECTED] Subject: [Samba] cant ceate home directory To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hi, im from argentina. Im working for a local University who has many lab`s. One of them has 30 machines with dual boot, nt workstation and Linux Mandrake 9.0, and a PDC nt server 4.0. I`d installed samba on my Mandrake`s, and work just fine, but when i try to create a local home directory for the users, a message pop`s, and says cant ceate home directory /home/user_name. Permissions on that directory are fine... I configured smb.conf just like all books and Samba book seed, and nothing happens. The rest of the config seems to be fine, because the user can logging to the PDC. Is anyway i can solve my problem??. Or any documentation can you help me?? Tanks a lot for all...!! Without details of your configuration (smb.conf, pam configuration etc), it's difficult to know where the problem would come from, but: Mandrake 9.0 has support for authenticating against a windows domain, using Winbind, which you can setup during installation. See: http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks-handouts.pdf If you follow the steps there, on first boot you should be able to login with a domain account, and your user's home directory will be created on the first login attempt. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/E/oErJK6UGDSBKcRAsyQAJ924vgqGMs0AZUsSJJ0DsKMWvzYywCgr6G1 X/d4ftUqXVDs8Jwioa4/MaE= =C3eg -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using PAM - Logging into Linux using an NT Domain account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 20 Date: Mon, 7 Jul 2003 19:35:01 +0100 From: Ian Clancy [EMAIL PROTECTED] Subject: [Samba] Using PAM - Logging into Linux using an NT Domain account To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hello Samba Users, I work for the IT Department of a small company and we've already replaced our NT4 File Servers with Linux servers running Samba. We'd like to replace some of our windows workstations also. It would be really cool if employee's could log into the Linux workstations using their existing NT accounts ! Has anybody had much luck using winbind and PAM to allow log on to Linux worksataions using a windows NT Domain acount ?. Any info, or past experiences shared will be helpful and much appriciated Ian Clancy Please note that since 9.0, Mandrake Linux allows you to set this up during installation (in expert mode in 9.0, in 9.1 use the 'advanced' button in the screen where you set the root password). On your first bootup you should be able to log in with a domain account. There may be small complications if you have a Windows 2000 domain, NT domain will work with no problems. For more detail on this, see http://ranger.dnsalias.com/mandrake/samba Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/CsXirJK6UGDSBKcRAgPLAKCeF796HFMkb5oOy8VstpPIjuhAlgCfUC5O fHviBGdgY3VPjhcUJ3SURWE= =llrX -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap pdc and rejoining domains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 14 Date: Mon, 07 Jul 2003 17:30:23 +0100 From: Duncan Brannen [EMAIL PROTECTED] Subject: [Samba] ldap pdc and rejoining domains To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed Afternoon all, I've got a problem I hope somebody can help me with. We've got samba working as a PDC to windows 2000 machines with LDAP as the backend. It's fine until we start distributing the load over multiple LDAP servers. I've changed the configuration in the pam ldap stuff (on Solaris using padl) to point at a slave LDAP server (replacing /etc/passwd) What I'm not clear on is what happens when we rebuild a machine. We reinstall the machine try to create a new domain account. That fails because it already exists Machine then tries to rejoin domain setting up new SID/password (???) smb.conf points at the ldap-slave smbldap_tools stuff points at ldap master pam.conf stuff points at ldap slave which one is samba using to rejoin the domain. I guess it's smb.conf or pam.conf since before I had referrals working properly changes were being made to the slave. If it's smb.conf, does it understand referrals? If not, is it possible to use a slave ldap server with samba? Depends which version of samba. IIRC, referral support was added in 2.2.8 or 2.2.8a, although there are patches available for 2.2.7a (Mandrake packages had it since 2.2.7a-3mdk for example, so current update packages have it). If you have a recent samba, it should all work without problems, except when actually joining to a BDC (but I think there is a workaround in the webpage I link to below). Sorry if I seem confused - it's cos I am BTW, I have covered some aspects which aren't really well documented in other places here: http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/CsefrJK6UGDSBKcRAn58AKC81WSafYS0lbGkBeNbwnFmmx9K1ACfbP79 eu4wqUoGSSLgn+fy72uMLVg= =44pk -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] sid-username conversion on beta2 as a domain member in asamba domain?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We run a samba-2.2.x+LDAP domain, and I have been experimenting with samba3 as a member server on one of our production servers (when it has no open connections). I also have samba-2.2.x on it, which works fine. However, beta2 seems to not resolve sids to usernames, so the security tab in the file properties dialog from a windows box shows the sid, and not the username. 2.2.x shows the username. Since we use ACLs quite a bit, this is enough to prevent me running beta2 full-time, I haven't even tested if file permissions/ACLs work on beta2 for user-based access controls. Anyone else seen this? I can provide logs if necessary, but can't spend the time now to investigate (maybe tomorrow). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/CctMrJK6UGDSBKcRAnYHAJ9bLdXz1bjbexzKbNN9V0p9tLTt6QCfR9YV DVMvrqkDelgVCrvkXHdzR3A= =rpTd -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to authenticate to CVS via Winbind?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 11 Date: Tue, 1 Jul 2003 16:29:17 +0200 From: Tobias Mueller [EMAIL PROTECTED] Subject: [Samba] How to authenticate to CVS via Winbind? To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hi! As a Samba newbie I have a big problem getting my Win2000 Server PDC users to authenticate to CVS/SSH on my samba 2.2.3a-12.3 debian woody machine. The linux server is member of the Windows Domain, and users can login via the network neighbourhood and their domain passwords (style: DOMAIN\user). What do you mean by log in? Do you mean access via samba (which only the nss bits of winbind, not the pam bits), or do you mean via console login or similar? Testing with ssh is probably not the best, get it working with console login or similar first, then try ssh. Also, you may want to investigate abusing 'winbind use default domain' (which is only available on later versions of samba, and can apparently mess with some aspects of samba use, so I would only suggest it if you are hosting other services and not samba). wbinfo -u gives me all the known Domain users, so I think winbind is working correctly... That is one of 3 things which must work ... Is there a detailled documentation out there showing how to fix these problems? Use google a lot, but didn't find appropriate solutions for my environment. As far as I understood, one has to use the pam_winbind.so module (in /etc/nsswitch.for example) which is installed on my system. No, for pam winbind, you need to configure your /etc/pam.d/ files I would be very thankful if somebody could give me a hint. Thanks a lot in advance, Example configs for RH and Mandrake that should get this working (I demo'ed cvs in the talk after live installation of Mandrake 9.0): http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz BTW, this kind of application should work mostly out-the-box on Mandrake 9.1 if you configure Windows Domain authentication during installation. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/AuIkrJK6UGDSBKcRAqeWAKCW9y+U2V5BnaGjhtr/NnY+yjX6rACgpSti NjImQe5yefSCLPJK3PCHgqg= =DlBa -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't sync passwd with ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 9 Date: Mon, 30 Jun 2003 03:27:18 +0100 (BST) From: tin tinny [EMAIL PROTECTED] Subject: [Samba] Can't sync passwd with ldap To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hi, I use samba+ldap as pdc no rh8. I config parameter [global] unix password sync = yes I changed password with w2k pro. Password in attb ntPassword and /etc/shadow were same password. But attb userPassword in ldap was not changed. How can I sync it? Thank you. This may help you: http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php#passwd Note that in both cases (passwd program or pam password change), you need to ensure that you can change the user's ldap password from the commandline with 'passwd username'. If you can't, go and look at the unix/ldap side: http://www.mandrakesecure.net/en/docs/ldap-auth2.php Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ADrMrJK6UGDSBKcRAqCfAKCNr1O2oEPqcHdTC6kAKsfTnjH+EgCfVh3E FtqmhAd/tK6blQ0SRumRWpk= =jge6 -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-ldap and password expiration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 11 Date: Thu, 26 Jun 2003 15:20:14 +0200 (CEST) From: J?r?me Tournier [EMAIL PROTECTED] Subject: [Samba] samba-ldap and password expiration To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hello every body, i am using samba (2.2.8a) with ldap support. In the samba.schema, there are special attributes relatives to the user passord: pwdMustChange, pwdCanChange, kickoffTime, logoffTime, logonTime and pwdLastSet. All the samba's documentations i can found described those attributes as currently unused, execpt the last one that represent the time modification since 1970. But what do the others attributes are for ? Can they be used and how ? For example, i found that pwdMustChange can be used to force user to change his password. It seems that if i set pwdMustChange to epoch time+20, the user will have to change his password in 20s. And again in 20s ... So can i force a user to change his password in n secondes, but more later ? The problem is that samba doesn't unexpire passwords, and it is difficult to unexpire them via a script, since samba reads all the attributes before a password change, runs which ever password change mechanism you have if you are using password synchronisation (either pam or passwd program), and then makes its changes in LDAP (overwriting any samba attributes that may have been changed by passwd program). It may be possible to store the password change times in a seperate file, and post-process them via a cron job, but I haven't had time to implement this. AFAIK, samba3 will fully support password age/changing restrictions. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+/C5nrJK6UGDSBKcRAlgBAJ9C8VNxYi8CsE7ik7nTisvwr26H2wCglBY6 QgpdcUFbg+ZcSkVkDzjnRiM= =wnyj -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Has anybody used the mysql passdb backend in samba3-beta1?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 13 Date: Tue, 24 Jun 2003 13:12:45 +0200 From: Patrik Gustavsson PS Sweden Senior Technical Consultant [EMAIL PROTECTED] Subject: [Samba] Has anybody used the mysql passdb backend in samba 3-beta1 ? To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed Any hints for compiling with mysql passdb backend. I set MYSQL_CONFIG to /usr/local/mysql/bin/mysql_config have tried with run configure with --with-mysql-prefix=/usr/local/mysql --with-expsam=mysql The result in config.log was configure:28942: checking how to build pdb_mysql configure:28971: result: not Haven't used it, but have compiled it. IIRC you need MySQL = 4, for any other details you can see our spec file: http://cvs.mandrakesoft.com/cgi-bin/cvsweb.cgi/contrib-SPECS/samba3/ Build output (good for diff'ing) is avaiable: http://eijk.homelinux.org/build/contrib/i586/OK/samba3-3.0.0-0.beta1.3mdk (we don't build with mysql on the alpha yet, sparc64 build output not available at present ...). I assume you have all the necessary include files, libraries etc installed? Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE++EqwrJK6UGDSBKcRAtr/AKCr6uT3Mwfdze+xnyaiXLbNfAeCDACfVxWA Vs66zZdpKlV5SGQsuv9ek3I= =6JH0 -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Doubts about Winbindd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 35 Date: Sat, 21 Jun 2003 15:42:41 -0300 From: Roberto Samarone Araujo (RSA) [EMAIL PROTECTED] Subject: [Samba] Doubts about Winbindd To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hi, I'm trying to set up a PDC using Samba on a Linux server. I need to the linux clients, using KDE desktop, log in the PDC using the KDE login box. I think I could use the 'winbindd' to do what I need but, I still have some questions: No!!! Don't do this, you lose some features which are currently available for other network authentication setups for unix. 1. Do I need to set up winbindd on each Linux client to log on the Linux PDC ? Yes, but you won't (unless you run samba3 cvs on all the clients) be able to use NFS (or anything else that relies on uid's being consistent) between clients. I would not suggest trying winbind against a samba PDC unless you have a lot of samba experience ... 2. Do I need to set up winbindd on the Linux PDC server too ? No. 3. Using winbindd could I have only a password file on Linux PDC server where the Linux clients will autenticate ? Yes, but there are many other ways of getting a single authentication source (either samba + pam_smb, or ldap, or nis etc). 4. Could Win2000/XP clients be autenticate to a Linux PDC server without I need to add the users on the Win2000/XP clients ? How ? Yes, with any samba setup supporting domain logins, just need to join the machines to the domain. But, winbind will only work against samba3, and using winbind from samba-2.2.x will mean that you will get random uid's for each user, so anything that uses uid's will not work between machines. A much better option is to implement LDAP authentication on your linux boxes, in which case you can put your samba passwords in LDAP also, in which case you can have a PDC also. Using LDAP means: - -uid's will be consistent across all your linux machines (so you can use NFS) - -you don't need to have machine accounts for desktops - -you can use things like automount maps stored in LDAP, so you have to do absolutely no client-side setup or changes for network file access (you change it in ldap, and the next time the mount point is access after being idle for more than the idle timeout it will mount the new one). - -you can route email via ldap - -you can have a shared address book accessible by any mail client (most support ldap) - -replication of your user database (aka like PDC/BDC relationships on NT) - -independant settigs for the user's shell (with winbind all use the same shell) - -being able to use disconnected authentication For information on setting up the unix side of LDAP authentication, see: http://www.mandrakesecure.net/en/docs/ldap-auth2.php For adding Windows authentication, see: http://www.mandrakesecure.net/en/docs/samba-pdc.php (but don't implement until you at least read the next one) For implementing disconnected authentication, ldap slaves, BDCs etc, see: http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php (also has links to documents on how to setup the windows clients etc) We basically have the kind of setup documented by the last document, with a few LDAP slave's (including BDC, mail server) and so far one laptop with ldap slave for disconnected authentication. We just added automount maps to our LDAP server today, and it really is very impressive! Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+9zwPrJK6UGDSBKcRAlDfAKCB+vmBa7KJ9a273Umvo4GTpAaRCACfRpjp I9K7XBGVui8Ff2vuyKG11ZU= =MrIZ -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'Little' problems with Samba v2.2.3a-12.3 (Debian Woody)and PRINTERS !!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Farget Vincent wrote:
Le Jeudi 19 Juin 2003 17:15, vous avez écrit :
But you have not read the samba-howto-collection.pdf, which has a
chapter on this, which tells you *exactly* not to do this.
I have read the 6th chapter of theSamba-HOWTO-Collection paper and
above all
the 6.2.2th chapter named 'Setting Drivers for Existing Printers'.
First of all, I remove all the files which was under my :
'\\MYSRV\print$\W32X86' directory and also do :
MYSRV:~# rpcclient MYSRV -U root%ROOTPASSWD -c setdriver nss.rdc NULL
You should possible also then remove the printing-related tdb files
(ntprinters.tdb, ntdrivers.tdb etc.)
After that I start to follow the 6.2.2th chapter process :
1.)
From a Windows 2000 Pro, trying to view the 'nss.rdc' properties
throught the
'Network Neighborhood', result in an error message :
'Device settings cannot be displayed. The driver for the specified
printer is
not installed, only spooler properties will be displayed. Do you want to
install the driver now ?'
2.)
I answered 'No' to this question. The 'Printer properties window'
appeared.
3.)
I clicked on the 'Advanced' tab and on the 'New driver...' button.
4.)
I gave the axact directory where is the 'HP4050PS.INF' which
correspond to
the driver I want to upload to the server.
All worked well. No other errors appeared.
I looked at my server to see if the driver's files were well upload.
And as I
can see a new directory ('2') in the '\\MYSRV\print$\W32X86' with all the
driver's files I can say that all was well done.
But when I use the rpcclient's command, I can see that there were
something
always missing.
MYSRV:~# rpcclient MYSRV -U root%ROOTPASSWD -c enumdrivers
gave me an empty answer.
And there is nothing else in the Samba-HOWTO-Collection
Well, it should work, and I have done this with versions since 2.2.2,
but there were some releases that were problematic.
MYSRV:~# rpcclient MYSRV -U root%ROOTPASSWD -c enumprinters
gave me the following answer :
INFO: Debug class all level = 1 (pid 23218 from pid 23218)
session setup ok
Domain=[MYDOM] OS=[Unix] Server=[Samba 2.2.3a-12.3 for Debian]
cmd = enumprinters
enumprinters
flags:[0x80]
name:[\\MYSRV\nss.rdc]
description:[MYSRV\\MYSRV\nss.rdc,HP LaserJet 4050 Series
PS,Partage
imprimante HP4050N (1er etage)]
comment:[Partage imprimante HP4050N (1er etage)]
flags:[0x80]
name:[\\MYSRV\nss.1er]
description:[MYSRV\\MYSRV\nss.1er,HP LaserJet 4000 Series PCL
6,Partage imprimante HP4000N (2eme etage)]
comment:[Partage imprimante HP4000N (2eme etage)]
Looks like you have confused samba a bit, which may be most easily fixed
(at this stage) by removing the tdb files.
I have screenshots of the right method, but haven't had the time to get
them together properly.
Well, since the files are there, you should now be able to set the
driver with rpclient, but if you do it the right way, you don't need to
do anything.
Are you talking about the setdriver rpcclient'c command ?
Or are you talking of another rpcclient's command ?
Yes, setdriver should work, but it's the same as setting the driver via
the advanced tab in the printer dialog (which will probably show as
empty at this stage.
You should not need this, well, at least I have never needed it, but we
use CUPS on all our print servers.
Yes, but I think the problem is a samba problem, not an LPRng or CUPS
problem.
Yes, if removing the tdb files and starting again does not work, I would
suspect your ancient samba release.
You are spending too much time working around problems, instead of
reading the documentation.
Yes, but I have readen the Samba-HOWTO-Collection documentation and
there is
no solution for my little problem.
In fact, I don't really know if it is a problem, as all works well :
UPLOADING drivers to the server, DOWNLOADING driver from the server
but there are some things that don't work as it do.
Well, if your samba server doesn't know what drivers it has, it can't
tell the clients which one to download.
Maybe you should ask on a Debian list, since no-one else runs such
ancient versions of samba.
Regards,
Buchan
- --
|--Another happy Mandrake Club member--|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+8w4nrJK6UGDSBKcRAkWaAJ9TAu80oFfbSrKARcttSXvjVYTvZwCgvYs5
T022PUIMM/+PfBg5rBI5FpI=
=c818
-END PGP SIGNATURE-
**
Please click
Re: [Samba] LAN Browsing shows IP Addresses instead of Computer Names.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mega Spaz wrote: hmm looks like I'm gonna do it how I did it before and just add the ip address and computer name pairs in /etc/hosts and have my router assign static ip addresses. Thanks for all the suggestions. you guys are great. Try nss_wins first, it *should* work. Although, I'd still like to know how MS Network Neighborhood does it. I don't want to set up my linux box as a server of any type since it's a laptop and is often taken out of the network when I travel. I mean let's just say for the sake of argument, that i've got a linux machine and a windows 98SE computer. How does Network Neighborhood get the computer name of my linux machine? Since I'm know I didn't set up the windows computer with any DNS or WINS server. but i'll go with what works for both. Any thoughts, please feel free to post 'em. =) Well, considering Windows started out without requiring TCP/IP, it's pretty obvious they needed something else for name resolution. It's kind of like asking why Unix machines work so well with DNS ... WINS was developed by MS to mitigate problems with their bad DNS support and the inability to browse large networks via broadcast. IMHO, the problem is actually with Lisa/kio_lan, it doesn't do the right things, since windows9x boxes shouldn't be connected to by their dns hostname, but their netbios name, doesn't query the master browser, doesn't show workgroups, and doesn't support WINS ... file bug reports in KDE bugzilla against lisa and kio_lan, this is not a samba problem. Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+8Ya/rJK6UGDSBKcRAltIAJ4nMmkrg5iG/OUYU4+eR7GvS3VBTwCeJlGQ mulkhbyV75WRNgr/Znvkgc4= =6DCw -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'Little' problems with Samba v2.2.3a-12.3 (Debian Woody)and PRINTERS !!)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 1 Date: Wed, 18 Jun 2003 14:16:57 +0200 From: Farget Vincent [EMAIL PROTECTED] Subject: [Samba] 'Little' problems with Samba v2.2.3a-12.3 (Debian Woody) and PRINTERS !! To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hi, I am using Samba (v2.2.3a-12.3 on stable Debian Woody) on a bi-cpu server (named MYSRV) acting as a primary domain controller. All works well except for printers where I have severals little problems. I use LPRng (v3.8.10-1.2 on stable Debian Woody) as my linux lpd spooler on my server. I have 2 printers : one HP LaserJet 4000N (named nss.1er) and one HP LaserJet 4050N (named nss.rdc). I have configured the 2 printers on the server using 'printtool'. I choosed the 'Remote Unix (lpd) Queue'. As both HP4000N and HP4050N can understand postcript documents, I choose '*auto* - Postscript' as my input filter for the two printers. All works well (samba : PDC, printers) except that I have problems with uploading and downloading printers driver on my samba server. You need to upload printer drivers from a Windows (NT/2k/XP) machine as a user who is a member of printer admin, and has write access to the directories. This is covered in the samba-howto-collection, which your distribution should provide you with. Also, note that many changes have been made in the printing code since 2.2.3a, you may want to consider not running an ancient release of samba (but I have had this working in 2.2.2). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+8Y+CrJK6UGDSBKcRAghXAJ4/R+HcSUH2FKbD3WJgq7haNUXjPwCgwUCK Bj1jcHWK+cULTu5lRvd/pOk= =88rO -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LAN Browsing shows IP Addresses instead of Computer Names.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 7 Date: Sat, 14 Jun 2003 23:35:42 -0700 From: Mega Spaz [EMAIL PROTECTED] Subject: [Samba] LAN Browsing shows IP Addresses instead of Computer Names. To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; format=flowed I'm trying to figure out how I can have my lan browser display computer names instead of IP Addresses. I think the ip addresses are generated by my router since if I add a new computer, the ip addresses will be different for each computer. anyway let me give you the specs first. Running Samba 2.2.8a-1 on Red Hat 7.3. I have not set up WINS or DNS at all. That's your problem, reverse lookups need to work, either via DNS or nss_wins (apparently it works without a WINS server, in which case it used broadcasts). I don't know is RH ships with a working nss_wins, if they do, it should work by adding wins to the hosts line of your /etc/nsswitch.conf file. BTW, setting up working reverse DNS would be a better solution, for services that don't use get*ent, but direct DNS lookups. I have set up lisarc to use nmblookup. I'm assuming that my network is using broadcasting to get computers in my LAN since i have not set up any computer names in hosts or lmhosts. The current set up works right now in that computers come up and can be browsed independant of the ip addresses assigned to the computers. ie. if computer Tron is up on the network, and then I boot up Sark, Sark will show up at the first next broadcast. but the computers show up in konqueror as ip addresses, not as Tron and Sark. My very old first setup attempt had me manually adding ip addresses and names manually in the /etc/hosts file. but that would mess up the lan browsing if another new computer was added to the network. So if Sark is 192.168.0.2 and Tron is 192.168.0.3 and let's say my brother brings his laptop and i put his laptop on the network, the ip addresses on the network will change to something like Sark = 192.168.0.3, Tron = 192.168.0.2 and my brother's laptop maybe something like Bros_comp = 192.168.0.4. but the /etc/hosts file will have the old assignments which really messes up the browsing part. Anyway right now i think i have it set up almost right since i can browse the network and the computers on the network will be found no matter the time they are actually booted up, but ip addresses in the lan browsing isn't very useful and I would like to see the computer names displayed in the lan browsing in konqueror. thank you for your patience, time, and any help you can provide. - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+7vYlrJK6UGDSBKcRAtEQAJ9WoGfA34SrYpFl/IwkVOXUPpbyAQCeLrtG ASziSnkS4UvBQE6GxW9YB1E= =TamT -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC/Roving Profiles/and Password Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan Kador wrote: Buchan, So you're saying that it IS possible for my setup to work? Yes, with some minor changes. I'll definitely give those guides a read through and maybe I'll be able to work through them. I want to be sure I understand you correctly, though - I can enable password encryption on the samba server, keep password encryption OFF on the clients Password encryption will have to be on on the clients to join the domain. and use the LDAP database and migrate the passwords stored there to the samba server? You will have to migrate passwords into samba while it is using clear-text passwords (see 'update encrypted'), on a local file, then once you have had your accounts migrated into smbpasswd file, you can migrate them into LDAP easily. You need to have encrypted passwords stored somewhere for this to work, but that doesn't mean you can put everything in LDAP. Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+3kAlrJK6UGDSBKcRAkGRAKCD3JhjGekF4uv/9zeb5Ml4OgDBlwCdGo5E CoWdzl/Zy2Aa4PSA7eQe7PM= =JbHp -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC/Roving Profiles/and Password Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 8 Date: Tue, 3 Jun 2003 07:11:15 -0700 (PDT) From: Dan Kador [EMAIL PROTECTED] Subject: [Samba] PDC/Roving Profiles/and Password Encryption To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi All, Well, despite my general idiocy I've managed to get PDC and roving profiles working perfectly in my test situation. Obviously, this isn't good enough since computers are the devil, so I've run into some more problems. Fortunately for the Samba team, this isn't a problem with Samba - I think it's more a problem with how our network is set up here. Basically, I'm wondering if there's a way to enable PDC and roving profiles using UNencrypted passwords. No, no Windows clients will join a domain with clear-text passwords. I have it working WITH encrypted passwords, but this presents a problem as we're using an LDAP database that takes unencrypted passwords, and then when we actually login to a server (say the student server), the actual student server does the password hashing. I'm not sure if that explanation makes sense, but the important thing is that each client computer MUST have cleartext passwords enabled or they cannot login to the student server. Not totally true, you can have samba authenticate against the NT password has stored in LDAP, and use synchronisation tools to keep the unix hash and the NT hash in sync. As far as I can tell, this is what happens when I login to the domain from my 2K box using unencrypted passwords. I get into the domain just fine - if I have a profile path declared, I get an error saying that the profile cannot be loaded. This stems from the client not getting a true PDC authentication with the server, as the server's shares are not viewable until I run a NET USE command that includes a valid username and password. Once that is done, I can view any of the shares fine. Well, you won't be able to join new machines to the domain either. If there's a way to circumvent this problem or if I've managed to screw yet another thing up, let me know. And a preemptive thanks to John - you've been a lot of help See http://www.mandrakesecure.net/en/docs/samba-pdc.php for details in getting samba running on an LDAP backend the easy way, and http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php (not totally complete yet) for adding in some cool features. Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+3dJxrJK6UGDSBKcRAia0AJ4sqR+pjH+cu9f1YVtuKCgXqMe4iwCeOS99 yMeZmFDPQvMY134Ye1UOY5E= =63VC -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Making winbindd and pam_mount play nice together (2nd try)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 38 Date: Thu, 29 May 2003 17:33:14 -0500 From: Bradley Wendelboe [EMAIL PROTECTED] Subject: RE: [Samba] Making winbindd and pam_mount play nice together (2nd try) To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain Yes, I'm going to individual shares. It seems that pam_mount is not getting the password information from the PAM system. I've contacted the author of pam_mount and will share any results. So far: Several people are trying to get pam_mount working with winbind. I don't have a winbind setup myself, so it is difficult for me to debug. Please be patient. The only hypothesis I have at this point revolves around pam_mounts use of functions like getpwnam to retrieve information about a user's account. Theoretically, if one configures /etc/nsswitch.conf correctly, getpwnam can use services besides /etc/passwd (ie: winbind) to answer questions about a user. Pam_mount uses getpwnam to do the following: 1. Determine where ~/.pam_mount.conf is. 2. Determine the UID and GID that should own a mount point created by pam_mount. 3. Determine the UID and GID that should own a user's session count file (/var/run/pam_mount/user). 4. Ensure a user owns mount points and volumes for volumes defined by ~/.pam_mount.conf. The only other suspect action I can think of is pam_mount's retrieval of a user's password from the PAM system. I don't think this should be an issue if you use pam_winbind to authenticate users. Do any of these hints help? I don't have a winbind system available to test on, but I maintain pam_mount packages in Mandrake, and so have a test setup, using accounts only in LDAP via pam_ldap. I have no problems, currently using pam_mount 0.5.14. I haven't tried pam_mount with winbind since it added the ~ token (which I needed), but it did work ... Have you tried pam_mount with local accounts to ensure that it's not winbind that is the problem? BTW, I have had trouble using pam_mount via a stacked pam file (like /etc/pam.d/system-auth) before, so my test setup uses it in /etc/pam.d/login directly. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+1ycTrJK6UGDSBKcRAiRiAJwLvVUb7+54ipP/O6ugCOMEossUgQCeLcbk +czGA66Li9IttDGBejRb0OE= =HJXq -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] load password users in Ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -- Message: 13 Date: Fri, 30 May 2003 12:06:28 +0200 From: Jose Antonio G?mez Mu?oz [EMAIL PROTECTED] Subject: [Samba] load password users in Ldap To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hello, I'm new in Samba Ldap. I use samba-2.2.3a and openldap2-2.1.4-46. Please use a newer version of samba, firstly 2.2.3a is vulnerable to a remote root exploit, secondly, a lot of changes required for good LDAP operation are only available in later (ie 2.2.7a or later) releases. I am going to load in Ldap a lot of users in a ldif file as it is shown below. But I don't know how to put samba password. I can use: smbpasswd juan1 and then the fields lmPassword and ntPassword are changed. In this way, after load all users in Ldap I would need a script to do a smbpasswd for each user automatically, without prompt me for each one. ¿ How can I do to avoid prompting me ? See the mkntpwd program in examples/LDAP/smbldap-tools/mkntpwd for a tool that will create LM and NT hashes for you from a clear-text password. If you already have samba passwords in an smbpasswd file, see import_smbpasswd.pl in examples/LDAP, If you have users in passwd files, you can also import a lot of the information using the migration tools. I think it is better to put the real password in lmPassword and ntPassword but it doesn't work. Which is the easiest method to put the samba password in the load process? ldif file == dn: uid=juan1, ou=smb, dc=Colegio Oficial de Arquitectos de Madrid, dc=es cn: juan1 objectClass: sambaAccount objectClass: posixAccount uid: juan1 pwdLastSet: 0 logonTime: 0 logoffTime: 2147483647 kickoffTime: 2147483647 pwdCanChange: 0 pwdMustChange: 2147483647 userPassword: hola lmPassword: 37D5B8AB8069F5B8AB5B8AB8B8AB8069 ntPassword: 5B8AB8B8AB85B8A5B8AB8B8AB82BE319 acctFlags: [UX ] uidNumber: 1020 gidNumber: 1001 loginShell: /bin/bash rid: 3040 primaryGroupID: 513 homeDirectory: /dev/null /etc/samba/smb.conf ldap server = localhost ldap port = 389 ldap suffix = ou=smb, dc=Colegio Oficial de Arquitectos de Madrid, dc=es ldap admin dn = cn=Manager, dc=Colegio Oficial de Arquitectos de Madrid, dc=es Your suffix implies that you own the domain Colegio Oficial de Arquitectos de Madrid.es (dc means domain component), you may want to rather use o=Colegio Oficial de Arquitectos de Madrid,c=es instead, or a real domain-type suffix. BTW, you may want to review these documents, which cover a lot of the issues: http://www.mandrakesecure.net/en/docs/samba-pdc.php http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php (note, some minor modifications may occur to these documents still ...) Since you are using openldap-2.1, you should also look at this document: http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#AUXILIARY (at this stage, openldap-2.0.x may be a better choice, just because it is understood better, and all the available schemas work with it). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+11KJrJK6UGDSBKcRApjTAJ9QL5MbtkMx1uZIygPnXwxYLXexTgCfUX7/ 6gLzfRnhEgmjsBk9DKvHXX8= =JPIb -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Machines/profiles/migration issues
On Wed, 2 Apr 2003, Jim Wharton wrote: Would it be possible to use this tool (profile3) to copy an NT4 profile to a 2000 box? It must be possible to do it since MS can do it during an upgrade. Does anyone know of a tool for this. You can do it from the NT Control Panel-System-Profiles. The reason I suggested using the profiles tool from samba3 is that the previous poster had a problem with SIDs on his existing profiles on his domain controller. In this case, you will probably want to have the current profile retained. While you could go around to each workstation, and guess on which workstation each user most recently logged into, and copy that profile to the server, I think it would be a lot less effort, and more reliable to do this on the server. Note that the tool is only called profiles3 the Mandrake samba3 packages, where we use the major version suffix to prevent clashes with the binaries from the standard samba (2.2.x) packages to allow simultaneous installation. It's normal name should be 'profiles' Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Machines/profiles/migration issues
On Sat, 5 Apr 2003, John H Terpstra wrote: On Sat, 5 Apr 2003, Buchan Milne wrote: On Wed, 2 Apr 2003, Jim Wharton wrote: Would it be possible to use this tool (profile3) to copy an NT4 profile to a 2000 box? It must be possible to do it since MS can do it during an upgrade. Does anyone know of a tool for this. NT4 profiles are ver different from Windows 200x/XP profiles. The MS Windows 200x Server resource kit contains a tool for migrating of NT4 to Win2K type profiles. It might be worth just checking this out to avoid side effects from profile migration from NT4 to Win2K. Ahh, I had assumed this was to be for further use by WinNT4 clients served by the 2k server ... A more specific description of the ultimate goal would be better ... -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Windows XP SP1 Client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Fri, 28 Mar 2003 15:08:17 +0100 From: Andrea Durante [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Problem with Windows XP SP1 Client Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: list Message: 6 Hi, i've tried to configure samba 2.2.7 + winbind on a Mandrake 9.0 linux system, and all work fine, but i've only a problem: when i connect with any Windows XP Client the system ask to me the Username/password=20 (the computer is in a NT 4 domain) and in the syslog i can see this = line: rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(406) cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD smbd/password.c:domain_client_validate(1621) domain_client_validate: unable to validate password for user Admin in = domain METRO_MILANO to Domain controller *. Error was NT_STATUS_WRONG_PASSWORD. but my password is correct otherwise i can't connect to the server! What happens with: # wbinfo -t # wbinfo -u # getent passwd # wbinfo -a user%password BTW, you may also need to apply a registry change to Windows XP: [EMAIL PROTECTED] bgmilne]$ rpm -ql samba-doc|grep reg|grep XP /usr/share/doc/samba-doc-2.2.7a/docs/Registry/WinXP_SignOrSeal.reg Also, please update to 2.2.7a-8.1mdk (with MandrakeUpdate) as soon as you have it working, there is a security vulnerability in previous versions of samba. Here is my smb.conf: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/03/28 14:54:54 # Global parameters [global] client code page =3D 852 workgroup =3D EDIZIONI_METRO netbios name =3D SUPPORT server string =3D Support Server for IT security =3D DOMAIN encrypt passwords =3D Yes update encrypted =3D Yes password server =3D * ssl CA certDir =3D /etc/ssl/certs log file =3D /var/log/samba.%m max log size =3D 50 domain admin group =3D Administrators preferred master =3D No dns proxy =3D No wins server =3D 192.168.10.1 winbind uid =3D 1-2 winbind gid =3D 1-2 winbind separator =3D + winbind use default domain =3D Yes [homes] comment =3D Home Directories read only =3D No browseable =3D No [printers] comment =3D All Printers path =3D /var/spool/samba printable =3D Yes browseable =3D No I think that is too simple configuration, and the Win NT4 and Win 2000 client appears work good! Thanks for the attention and sorry for my English. FYI: http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf (details on setting up winbind during install on Mandrake 9.0). Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+iDDerJK6UGDSBKcRAmcyAJ9N6V0yBRsBrDOm9a9yzAamSWYriQCfWs7R A3Tvjaxp3q9n6SdsIf/LTAY= =+IjM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I see my samba server but.............
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Mon, 24 Mar 2003 14:10:54 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] I see my samba server but. Message-ID: [EMAIL PROTECTED] Content-Type: multipart/mixed; Boundary=0__=85256CF3006D91FF8f9e8a93df938690918c85256CF3006D91FF MIME-Version: 1.0 Precedence: list Message: 1 --0__=85256CF3006D91FF8f9e8a93df938690918c85256CF3006D91FF Content-type: text/plain; charset=us-ascii Here I go guys! I've already changed the configuration of my sbm.conf, also I made my samba server to be configured as a windows domain, yes! it is found in my windows domain now but as doing double click on this machine (samba) it asks me for a user and passsword, it does not let me get into it, I have created the same samba users as windows, but without any results. I appreciate your help : (See attached file: samba1.jpg) And my samba config files is: Looks like it was a Mandrake 9.0 default config file until you crucified it with SWAT ;-). The best option for you may be winbind. If you have not got too much time invested in this machine, you may consider doing an installation in expert mode, where you can choose to have authentication via a Windows Domain (which sets up winbind). If not, you need to do this manually. 1)Install samba-winbind, either with software manager, or: # urpmi samba-winbind 2)Get a decent config file (backing up your current one) # cp /etc/samba/smb.conf /etc/samba/smb.conf.backup # cp /etc/samba/smb-winbind.conf /etc/samba/smb.conf 3)Edit the file with the text editor of your choice, spend 5 minutes reading it first, then change your workgroup name back as it was. 4)Join the domain # smbpasswd -j DOMAIN -U user with rights to join the machine to the domain 5)Start winbind # service winbind start 6)Test # wbinfo -u should list users # getent passwd should list users in the same format as the passwd file 7)Setup authentication via winbind (making a backup): # cp /etc/pam.d/system-auth /etc/pam.d/system-auth.backup # cp /etc/pam.d/system-auth-winbind /etc/pam.d/system-auth (everything up to here gets done for you if you choose Windows Domain for authentication during installation) 8)Login to X/KDE/GNOME/Mail server/console with your domain account There are some caveats, see http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf for more details in winbind setup in Mandrake. - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+gu7PrJK6UGDSBKcRAm4AAJ9XHU1bu+zaPbGW+2Y7hV5twozOvgCffYaN jvBO7j6tFeDIwRUu1r9yXZc= =z0p0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A samba document manual project
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Mon, 24 Mar 2003 09:45:11 -0800 From: Raj Saxena [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Samba] A samba document manual project Message-ID: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Content-Type: text/plain; charset=Windows-1252 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: list Message: 19 Hey guys, After rolling out samba 2.25-10 as a pdc which is the stock samba with redhat 8.x. Of course, you should either use an updated release (most distros have patched packages available), or encourage users to upgrade due to security vulnerabilities in releases prior to 2.2.8. I am going to document and make a manual with screenshots. The key items i am going to do are as follows Document with screenshots for every step of the way. Explain what is happening when you join a domain. What to do when things don't work. Where to look what else to try. Take a look here first (a bit outdated now): http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html There are features that I have not implemented so if anyone has there documentation expertise would be of great help. Why another manual? Although many of us do know how to do it i think another manual that has been beta tested and checked before it gets published makes a difference. I have seen many docs on pdc but there was something or the other missing. Being a sys. admin we all say rtfm!! but there are times one just wants the answers asap and its not possible to find it. A quick search in smb.conf (5) followed by a google should turn up most issues, if not, mail the list ... So my expertise is based on redhat on x86,I will address win pc's that are nt4, xp and win2k. 9x is probably still worth mentioning. Server versions also. If anyone is interested to participate i would like to have folks that are running something on aix,irix, sun, bsd and others, to participate. Yeah i know we all don't have that much free time. Neither do I but i think for a lot of newbies who put a post up here can refer to this manual. I don't have a deadline but i know that i can publish at least what i have on the fly as we are putting this together. Please respond to me on or off the list with the subject samba manual. FYI, I have been assisting someone to write a document covering LDAP-Samba PDCs in more detail, using samba-2.2.8 for Mandrake from the samba FTP mirrros, since we have packages available both with and without LDAP support. Note also that AFAIK SuSE ships with both ldap-enabled and non-ldap-enabled packages. LDAP is becoming more important, and is worth discussion. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+gGmHrJK6UGDSBKcRApmXAJ9h/FsMUb/8CX/4Z4OrunOZ9WUzVACgiPaD mXUKbPYn6sNHms/I12cocww= =MBY5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting Compile errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: 18 Mar 2003 16:05:21 -0500 From: Bob Matckie [EMAIL PROTECTED] To: samba [EMAIL PROTECTED] Subject: [Samba] Getting Compile errors Message-ID: [EMAIL PROTECTED] Content-Type: text/plain MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: list Message: 49 Hi I have downloaded samba-2.2.8 and I used the following command to compile the source. ./configure --prefix=/opt/samba --sysconfdir=/opt/samba/conf --with-smbmount --with-acl-support I got the following error when I tried to compile it. checking configure summary... ERROR: No locking available. Running Samba would be unsafe configure: error: summary failure. Aborting config The server is currently running Mandrake 7.2 with 2.4.17 kernel. Any suggestions? IIRC this error was normally due to either missing kernel headers, or a missing link to the kernel headers. Last time I had a 7.2 box I solved it by installing kernel-headers on it. BTW, you might want to try rebuilding the Mandrake SRPM available on the samba FTP mirrors. It should still build correctly on 7.2 but I don't have a 7.2 box left to build on. If you want ACL support you should install the srpm: $ rpm -ivh samba-2.2.8-2mdk.src.rpm Edit the samba.spec file and find the %define build_acl in the build_mdk72 seciont and change the 0 to a 1. I would appreciate feedback if it still builds on 7.2, or errors if it does not. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+eFKdrJK6UGDSBKcRAnq7AJ4jMoFbzzczU/k/2raFCVOeDbjGHgCfXm5n dAU/Vu1Ot+5sC3V1QezTgtc= =Idmd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pam_mkhomedir.so
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 12 Mar 03 10:16:59 +0100 Subject: [Samba] pam_mkhomedir.so Problem is how to setup samba for automatic home directory creating. Maybe smb.conf is incorrect, but if I create home directory manually, samba log me in without problems. Second question.Computers in network are under W2k PDC. Everytime I try to login into Mandrake via putty(ssh) and I'm not as local user (on mandrake) but I'm domain user, pam_mkhomedir.so writes this:'Can't change directory to /home/DOMAIN/user (No such file or directory)'. But if I manually create directory /DOMAIN under /home and change mode for /DOMAIN to 777 then directory /user will be create automatically. You should only need to have all users have x permission on /home/DOMAIN (ie chmod a+x /home/DOMAIN should do it). But this is valid only for ssh access. Samba still does not create directory /user. As Andrew answered, use obey restrictions = yes. BTW, you should not need to modify your /etc/pam.d/samba at all if you use the method below: So. I need to setup auto creat of directory:/home/DOMAIN/user for each service. Next question is, if is possible to configure all of services (login, telnet, ftp, ssh, samba, kde...) centrally in one file or somewhere. Or it is not possible? Replace your /etc/pam.d/system-auth with the /etc/pam.d/system-auth-winbind that ships with Mandrake. BTW, you can have Mandrake 9.0 setup winbind for you (only available in installation) by doing an expert install, and choosing Windows Domain as authentication method in the dialog where you enter the root password. In the dialog where you are propmted for the domain name/username/password to use to join the domain, just enter your domain in capitals (small buglet, should be fixed for 9.1). In this case, you do not need to worry about the /etc/pam.d/system-auth, it is done for you. For more info on winbind setup in Mandrake (with some examples and some configs that you may need to change) see: http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+b0xcrJK6UGDSBKcRAtKbAJ9xWV/lF/Rss0tAIObn1I643sg/hACgqHn4 0XnPjKAEAay4nU620UHi0k4= =UGf8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LinuxMDK 9 file perms oddities?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Date: Sat, 01 Mar 2003 14:08:23 +0100
From: AlF [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Samba] Samba and LinuxMDK 9 file perms oddities?
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii; format=flowed
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: list
Message: 1
Hi all
I noticed a pretty strange behaviour regarding file permissions that
sometimes change without any reason. I need to share the following two
directories:
/home/public (owner=root, group=root, perms=0777)
/home/users (owner=root, group=users, perms=0770)
the /home directory is owned by root, the group is root and permissions
are set in this way: 0755.
The above dirs are shared using these instructions in smb.conf:
[grp]
comment = Folder for group [%g]
path = /home/%g
guest ok = no
public = no
browseable = yes
writable = yes
create mask = 0660
directory mask = 0770
[public]
comment = Public folder
path = /home/public
guest ok = no
public = no
browseable = yes
writable = yes
create mask = 0666
directory mask = 0777
When a member of group users connects to the [public] or [grp] share
and interacts with them by creating dirs and/or files, something strange
happens because file permissions change to:
Are you sure it is when a user connects?
/home/public (owner=root, group=root, perms=0755)
/home/users (owner=root, group=users, perms=0750)
In a short words, the write flag disappears. As a result, the next time
that a user logs in or interacts with shares, he won't be able to write
files, create dirs, rename them and so on.
I tried to shut down and restart samba to discover if that change is
caused by the deamon itself and not by the use of the shares but I
observed that restarting doesn't change file perms. Does anybody know
the solution?
What security level are you running?
[bgmilne:/home/users/bgmilne]# cat /etc/sysconfig/msec
If you are running security level 2 or higher, msec will reset
permissions to not be group writeable on directories under /home. So,
you should run draksec to customise this, or not use msec.
[bgmilne:/usr/share/msec]# grep home perm.? |awk '{print $1 \t $2
\t $3}'
perm.0:/home/ root.root 755
perm.0:/home/* current 755
perm.1:/home/ root.root 755
perm.1:/home/* current 755
perm.2:/home/ root.root 755
perm.2:/home/* current 755
perm.3:/home/ root.root 755
perm.3:/home/* current 711
perm.4:/home/ root.adm751
perm.4:/home/* current 700
perm.5:/home/ root.root 711
perm.5:/home/* current 700
After making your changes in draksec, run:
# msec security level
to have msec set the permissions as it thinks they should be, or set
them the way you want them, and run
# msec
to see if it leaves them alone now.
Regards,
Buchan
P.S. I normally search the digests of this list for mandrake, I would
not have found your post since I do not search for MDK/mdk/md etc. It is
also a good idea not to abbreviate if you intend other searches (Google
etc) to find your post ...
- --
|--Another happy Mandrake Club member--|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+YzMLrJK6UGDSBKcRAstdAJ4sZBbp06bKYnixkWSaKAFPsD+IlgCgyauP
LJIDZHhscR9f7e46Bv3W5SQ=
=/1Or
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDF Printer issue
Date: Thu, 27 Feb 2003 08:50:12 - From: Noel Kelly [EMAIL PROTECTED] To: 'Robert Adkins II' [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [Samba] PDF Printer issue Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Precedence: list Message: 8 Might not be much help but you could try and use 'use client driver = yes'. Better to install a driver on the samba server. Also very nice PDF/Samba Howto here: http://www.linuxgazette.com/issue72/bright.html The script in packaging/Mandrake/print-pdf (or something like that) is IMHO a better solution. I can expand as to why if you are interested. BTW, Mandrake 9.0 and later have a working pdf converter out-the-box (just need to upload a printer driver). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDF Printer issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Smith wrote: On Thu, 2003-02-27 at 08:42, Buchan Milne wrote: The script in packaging/Mandrake/print-pdf (or something like that) is IMHO a better solution. I can expand as to why if you are interested. Expansion would be appreciated thank you. Firstly, the print command should be forked, so that the windows machines don't block while waiting for the process to finish. That is why in the default pdf share is like this: [pdf-generator] path = /var/tmp guest ok = No printable = Yes comment = PDF Generator (only valid users) #print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP doc_name print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I %J You will see that we backgroud the script (). We initially (about 2-3 years ago) had the majority of the script in the smb.conf file, but it was becoming unmanageable, so I wrote the script, which also allowed me to background the job, instead of manually setting all the windows machines not to spool the job (which is the other option to prevent them blocking). Our current print server is not the fastest machine, so it is an issue for us (ps2pdf on a 50-page document with images will take more than a few seconds). Lets just make sure we are comparing the same things. Here is the current print-pdf script: http://cvs.samba.org/cgi-bin/cvsweb/samba/packaging/Mandrake/samba-print-pdf.sh?rev=1.1.2.3content-type=text/x-cvsweb-markuponly_with_tag=SAMBA_2_2 This is the page the other poster referenced: http://www.linuxgazette.com/issue72/bright.html Improvements: 1)Use of features such as mktemp to prevent clobbering of other files. This is not totally correct as I have used it, but I see no other way when wanting to be able to provide both Postscript and PDF files (which can be disabled in the script by changing KEEP_PS=1 to KEEP_PS=0). But the current method will at least prevent the script clobbering itself, even if two users submit jobs simultaneously. 2)Ensure the user will be able to get the file on a default installation, so stick it in their home directory 3)Optionally use the document name as the name of the PDF (if the 6th argument is provided). This can be broken by windows apps sending bad names, so take out the 6th (%J) argument in the config file if it does not work for you. 4)Enforcing good permissions on all versions of the file to ensure that possibly confidential documents may be readable by others. Admins should adjust the PERMS variable to be suitable for their environment. 5)Notify the user where their PDF is located via a windows popup. Other alternatives are to send an email notification, or to send the PDF as an attachment, but this would not then work out-the-box without requiring an MTA to be configured etc. 6)Use better options for PDFs. The current options basically produce Acrobat 4-style PDFs, adjust via the ps2pdf command used (ps2pdf14 is Acrobat 5). Pass some other options via OPTIONS. Defaults enable image compression. So, in the end, as long as user authentication is used and correclty setup (ie 'smbpasswd -a user'), this will work out-the-box, and windows users will get a popup notification, hopefully with the document name as the filename. Note that is has been a while since I looked at the script in detail, there still seem to be some things that could be cleaned up, but I am quite pressed for time these days. Patches welcome though! Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+XkQ7rJK6UGDSBKcRAlk4AJ9+EZa/cL8f1jg+cbMD1KYCHcm3swCgxTry S5rK90xkH6zuaPnu156R8cY= =1PbE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
