Re: [Samba] Restrict access to [homes] share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: 22 Feb 2003 09:14:57 -0800 From: Michael Noble [EMAIL PROTECTED] To: Chew, Darren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Restrict access to [homes] share Try setting your home shares as follows: [home] comment = Home Directories path = /home/%u read only = No veto files = /.*/ This will always mount the users home directory. Not necessarily with winbind, you should not need to use a path directive, it defeats the feature of the homes share (which is to use the users home directory). I'd like to know how to restrict access to the [homes] share. Currently, each user is able to read/write to his/her own share, and by typing \\machine\anotheruser can open another user's share and read/write there too. I would like to restrict access so that a user can only read/write to their own share only. Here is some of the relevant config: [global] workgroup = ASDF server string = Samba Server %v security = DOMAIN encrypt passwords = Yes password server = * log file = /var/log/samba/log.%m max log size = 10240 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 64 preferred master = No domain master = No dns proxy = No wins support = Yes winbind uid = 1-2 winbind gid = 1-2 template homedir = /dev/null winbind separator = + winbind use default domain = Yes admin users = wicked printer admin = @Domain Admins [homes] comment = Home Directories path = /home/samba/%S This line should not be necessary, you should rather set your template homedir to /home/samba/%U or /home/%D/%U. force group = nobody The line above is your problem, you should not need this if winbind is working right! read only = No browseable = No The best option (as with Windows) is to have the permissions correct on the filesystem, and not to enforce everything via share definitions. Then if people access to the filesystem via other means, the permissions are still enforced correctly. The easiest solution is to: # cd /home/samba # chmod 700 * Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+WgITrJK6UGDSBKcRAmiqAJwP+XooMp4IrQJffIU35z+DIvUJ0QCfTEB8 WEacOcjkCNrxqUPJFMD7Lqo= =7lrq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pam_mount_conf?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Fri, 21 Feb 2003 15:40:42 -0500 From: Aaron Bennett [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [Samba] pam_mount_conf? Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: list Message: 1 Have any of you folks actually managed to get pam_mount working? I have it working, but do not usually use it (we have NFS and various other tools instead). A quick google shows a ton of messages saying you can use pam_mount to automatically mount a user's home directory on log in, but no messages saying I use pam_mount etc -- I'm suspecting it might not actually work. Or at least I might not be smart enough to make it work. I am not using it to moun the users home, as we have NFS for that. Would be interested to know if people use it for user homes with winbind ... First -- pam_mount 0.5.11 from www.flynn.org doesn't compile on RHAT 8. Following is the failure: pmhelper.c:176:27: missing binary operator pmhelper.c: In function `get_fstab_mountpoint': pmhelper.c:200: `FIXME' undeclared (first use in this function) pmhelper.c:200: (Each undeclared identifier is reported only once pmhelper.c:200: for each function it appears in.) pmhelper.c:200: parse error before '}' token make[2]: *** [pmhelper.o] Error 1 make[2]: Leaving directory `/usr/local/src/pam_mount-0.5.11/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/pam_mount-0.5.11' make: *** [all-recursive-am] Error 2 You might want to give a few more lines of output (from the beginning of this error). You might be missing the pam development files (usually in the pam-devel or similar package). so much for that. However, pam_mount 0.5.9 does compile and install. My pam_mount_conf has the following volume line: volume * smb olinfs02 users /home/remote//winnt uid=,gid= - - /etc/pam.d/gdm has the following two extra lines in it: sessionrequired /lib/security/pam_mount.so use_first_pass auth required /lib/security/pam_mount.so use_first_pass I added them to the end of the file as per the README. Nothing happens. No volumes are mounted. Nothing appears in /var/log/messages. No errors are generated. It just silently fails. Try using it in /etc/pam.d/login, as you can turn on the debugging in the config file, and you will be able to see any errors as you log in. Once it works for login, apply it to gdm/kde/xdm etc. I have: [EMAIL PROTECTED] bgmilne]$ grep ^volume /etc/security/pam_mount.conf volume * smb caelinuxserver /home//mnt/mail uid=,gid=,dmask=750 - - volume * smb caeprintserver installs /home//mnt/installs uid=,gid=,dmask=750 - - (I do not use ~ since we use root-squashed NFS-mounted homes, so root may not be able to mount on the NFS mounts). 0.5.9 (I am running Mandrake cooker using the package from cooker contribs) works for me, 0.5.10 seems to not work with smbfs, and someone has reported having problems getting 0.5.11 to compile where 0.5.10 does. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+WkAHrJK6UGDSBKcRAk12AJ9YNkLFmp3+BCP1AAM+2f6m/trxUgCgkFyN VhoLmKS1yCeg0qcalNe0VxQ= =XPOp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain users in local groups with Winbind/Samba/Redhat
Date: Fri, 14 Feb 2003 11:37:53 +0100 (MET) From: Matthias Rutzki [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] domain users in local groups with Winbind/Samba/Redhat Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Message: 8 Hi, I am running a Samba 2.2.7a on Redhat 7.3 in a NT domain. For authentication I am using the domainusers.This is done by Winbind 2.2.7a which verifies the existens of the users on the PDC. So I dont't have to create local users (/etc/passwd) for users who want to connect to the shares in the smb.conf. I authorise them by adding valid users = domain+domainuser to the smb.conf. This works very well. Now my problem: By writing valid users = @localgroup or +localgroup I can authorise local groups (/etc/group) to connect to the shares. Now I want to add the domainusers to some local groups.Putting the domainusers in groups should save much time because otherwise I have to add each domainuser for every share seperatly. E.g. valid users = domain1+domainuser domain2+domainuser2 I have tried it with: usermod -g localgroup domain+domainuser which ends in this message: usermod: domain+domainuser not found /etc/passwd I know this is message is right because there is no domainuser in /etc/passwd. But how can I assort the domainusers? Is there a way to use groups of domainusers who are verified by winbind in the smb.conf? valid users = @localgroup @'Domain1+group1' -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain users in local groups with Winbind/Samba/Redhat
[EMAIL PROTECTED] wrote: Am 14 Feb 2003 um 15:52 hat Buchan Milne geschrieben: valid users = @localgroup @'Domain1+group1' My experiences with Samba in domains are not very big. So, what does 'Domain1+group1' mean? Domain1 = any Domain in my Network or the Domain which Samba has joined? group1= any group that exists in Domain1? Remember that there is not really a distinction between domain groups and local grops on unix. With winbind (assuming you had used + as the domain seperator), winbind will return groups to the system as DOMAIN+username for any domain trusted by the domain winbind is a member of. The use of the quotes protects the string from being mangled by samba (especially where there are spaces in the group name). But thank you for your answer.It seems that this kind problem is poorly documented... I have not run winbind in a mutli-domain setup before, but this is supposed to work. You should try some experiments with $ getent passwd $ getent group $ wbinfo -g $ wbinfo -u to see more. Note that getent is a generic command on unix, and will show any entries that are accessible (from local files, NIS, ldap, winbind etc). wbinfo is specific to winbind. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to join a linux machine to a pure Active DirectoryDomain using Samba 3.0alpha21?
Date: Fri, 14 Feb 2003 09:25:01 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] How to join a linux machine to a pure Active DirectoryDomain using Samba 3.0alpha21? Message-ID: [EMAIL PROTECTED] References: 20030214130008$[EMAIL PROTECTED] 20030214130008$[EMAIL PROTECTED] 20030214130008$[EMAIL PROTECTED] 20030214130008$[EMAIL PROTECTED] Message: 9 On Fri, 14 Feb 2003 14:00:08 +0100, Alexander Skwar [EMAIL PROTECTED] wrote: Kurt Weiss schrieb: mission impossible! windows XP home does not support domains!! Well, as pointed out in the link, that's not true. But as I said, how did this link help with my problem? So it would appear that Kurt was correct JA Who cares ##@$@! This has nothing to do with Alexanders original question or the subject, so please stay on topic for the thread and do not use your post to hijack the thread. If you want to debate the capabilities of windows XP home, please at least start your own thread, or even better, move it to a different list. I still want to follow the AD-part of this thread, and have no interest in the Windows XP bit (I deal with Windows XP more than I want to as it is). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba acl's
Date: Wed, 12 Feb 2003 14:34:56 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] samba acl's Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Precedence: list Message: 20 I have been playing with samba for a short time. I am not a programmer but a I have some questions on if acls within samba are possible, regardless of acl's in the file system or kernel. In samba now, you can have read list or write list and say this user and/or group has write and/or this user and/or group has read only. This is a scaled down version of an acl. What if they created a folder called acl's and had one file called no access, one file called read, write, change, and full. An entry inside these files could look similar to: /data = @domain admin, john, steve /data/accounting = @domain admin, @accounting, bob if these entries were in the change file then samba would restrict him accordingly. I have been trying to get acl's to work and it has been difficult to work. I have been thinking that maybe samba could do this for us without having to count on other pieces of software. I am only asking so please dont take this the wrong way. If it is possible I would like to help make it happen. I am not sure how I can help because I am not a programmer, but if there is anything I will be willing to pitch in. File permissions and ACLs are best stored by the filesystem, since then you are guaranteed to get the same behaviour via different services (smb vs ftp vs http vs local access vs nfs). If you want ACLs working easily out the box, use Mandrake 9.0. Either add the acl option to ext2/ext3 filesystems in your /etc/fstab, or use XFS. AFAIK, SuSE also supports ACLs out-the-box. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining PDC w/LDAP Question
Peak, John wrote: Buchan, I really appreciate the help as this has pointed me in the right direction. The getent passwd asa$ does not show anything unless I add the machine manually. Should I be putting the following directive in my nsswitch.conf file to be able to perform host lookups from LDAP properly?: hosts: files ldap dns No, samba currently needs a user account for the machine (since it uses the uid to generate an rid and ensure the rid's don't conflict, since we assume the uid's don't). So, you need at least: passwd: files ldap A common error is to set nss_base_passwd ou=People,basedn in /etc/ldap.conf, and then have the machine accounts in something like ou=Computers,basedn, where (if you have machines in seperate OUs) at least on the DC you need to have something like: nss_base_passwd basedn?sub (on non-DCs, you can leave it with ou=People, to prevent computers showing on client machines, which is what we do). I've noticed that some people do this and some do not in their configurations. I would think that after a Computer record is inserted in my LDAP directory by Samba that NSS needs this directive to actually lookup the computer. When I try this it gives me a Segmentation Fault. Any additional thoughts or suggestions for me at this point? It might be useful posting the ldap record for an example machine here (sans lmpassword and ntpassword attributes of course ...) so we can see if you have the correct object classes (sambaAccount and posixAccount IIRC). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mandrake Binaries
Date: Mon, 10 Feb 2003 09:39:15 -0500 From: Jim Wharton [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Mandrake Binaries Message-ID: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: list Message: 6 I lost my bookmarks to the samba binaries compiled for Mandrake 9.0. I'd like to mess around with the 3.0 stuff. I remember there were 2 ftp sites that stayed pretty current. I'd like to add them to URPMI so I can update easily. http://download.samba.org/samba/ftp/bin-pkgs/Mandrake/ (a bit out-od-date - waiting for 2.2.8 ..., try below) http://ranger.dnsalias.com/mandrake/samba http://people.mandrakesoft.com/~staburet/samba These RPMs should install alongside samba-2.2.x: http://ranger.dnsalias.com/mandrake/mandrake9.0/samba-3.0alpha21/ But I haven't got hdlists there atm ... There are RPMs of samba3 in cooker contrib Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Directories marqued as read only
Date: Mon, 10 Feb 2003 19:41:07 - From: Sylvio Bardes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Directories marqued as read only Message-ID: 001601c2d13c$5af0d210$0302a8c0@livingstone Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: list Message: 13 I am using samba 2.2.6pre2 from mandrake 9.0, Please run updates, or consider using smaba-2.2.7a-3mdk from here: http://ranger.dnsalias.com/mandrake/mandrake9.0/samba-2.2.7a (more updates will be coming sometime ...) I've set it up as PDC, You're missins a netlogon share .. You may want to take a look at http://www.mandrakeuser.org/connect/csamba6.html When I share directories, their properties are read-only, even if I have = the read/write permissions on the files. I'm able to = rename/delete/create... You're going to have to give more detail here on exactly what you can't delete, and what it's unix permissions are, and what the permissions of it's parent directory are. It's a probleme for certain programs who check the file permission = before some actions, Thanks for your help, here is my config file: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/01/15 09:03:38 The default config works out the box ... and has many cool examples, but you've trashed them now ... If you run updates though, you will get a new one in /etc/samba/smb.conf.rpmnew which you may want to look at in a text editor (kate or vi do fine). # Global parameters [global] workgroup =3D 98YS netbios name =3D SERVER server string =3D Samba Server %v encrypt passwords =3D Yes min passwd length =3D 0 null passwords =3D Yes log file =3D /var/log/samba/log.%m max log size =3D 50 socket options =3D TCP_NODELAY SO_RCVBUF=3D8192 SO_SNDBUF=3D8192 printcap name =3D lpstat logon path =3D=20 logon home =3D=20 domain logons =3D Yes os level =3D 99 preferred master =3D True domain master =3D True dns proxy =3D No wins support =3D Yes force create mode =3D 0755 force directory mode =3D 0755 printing =3D cups [homes] comment =3D Home Directories read only =3D No create mask =3D 0774 force create mode =3D 0775 directory mask =3D 0775 force directory mode =3D 0775 -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] trouble joining domain
Date: Mon, 10 Feb 2003 19:23:37 -0500 From: Jim Wharton [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] trouble joining domain Message-ID: 003101c2d163$d2100d30$1700a8c0@solomon Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: list Message: 8 I have added a machine account to /etc/passwd named luna$ and in smbpasswd named luna. When I attempt to join my Win2K box to the domain, I get this error. The following error occured attempting to join the domain: The account used is a computer account. Use your global user account or local user account to access this server. # smbpasswd -a Then use 'root' as username and the smbpasswd you just entered as the password. I am using openldap if that makes any difference. If you are using the ldap backend to samba, you probably want to make an ldap account instead of a local account, on Mandrake you should configure /etc/samba/smbldap_conf.pm and then: # /usr/share/samba/scripts/smbldap-useradd.pl You also need to configure samba for ldap, and give samba the password for the ldap dn it uses (see the smbpasswd man page). (read the help, and then add an account as with useradd, but ensure you make a machine account). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining PDC w/LDAP Question
Date: Tue, 11 Feb 2003 08:58:22 -0500 From: Samba Newsgroups [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Joining PDC w/LDAP Question Message-ID: b2b7nk$5g4$[EMAIL PROTECTED] Precedence: list Message: 15 Should I be required to add the machine to my passwd file even if I am using LDAP when joining a W2K domain domain? No, an LDAP account is enough, as long as your box is setup to retrieve user information from ldap (ie via nss_ldap). The only way I can get a machine to join my Samba PDC is via the following commands. # /usr/sbin/useradd -g 100 -d /dev/null -c asa -s /bin/false asa$ # smbpasswd -a -m asa Does 'getent passwd machinename$' return a valid entry on your DC? It needs to at present (samba-2.2.x). I thought that using ldapsam would lookup all machine information from LDAP without having to deal with passwd. Any comments would be appreciated. Thanks. Mandrake packages have this example: # Script for domain controller with LDAP backend for adding machines (please # configure in /etc/samba/smbldap_conf.pm first): ; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u Where we provide the smbldap-tools (in examples/LDAP in the souce) in /usr/share/samba/scripts Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Redhat ACL support
Date: Wed, 5 Feb 2003 09:09:41 -0500 From: David Gibbins [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Redhat ACL support Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: list Reply-To: [EMAIL PROTECTED] Message: 7 Hi, I'm trying to setup a RedHat 8 fileserver, it must work seamlessly within our 2000/NT network. After some research, I believe the first thing I need to do is install ACL support. I tried doing this once, didn't go well, had to reinstall RedHat. What files do I need and from where, to install ACL support for RedHat 8? Alternatively you could use a distribution that supports ACLs out-the-box on ext2/ext3 and XFS. Both Mandrake 9.0 and SuSE 8.1 do AFAIK. That way, at least you are using the kernel and samba binaries provided by the distribution. Also, Mandrake comes with winbind support out-the-box (ie you can join the domiain during installation, but only in expert mode, and remember to specify the domain name in caps). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mandrake 9.0: rpcclient problem exporting printers tosamba for windows
Date: Thu, 30 Jan 2003 17:00:21 -0600 From: David Woodyard [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Mandrake 9.0: rpcclient problem exporting printers to samba for windows Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: list Reply-To: [EMAIL PROTECTED] Message: 2 I am new to CUPS, after working for 4 days to get printing from WinNT to Mandrake 9.0, I give up. Here is the problem: the /etc/samba/smb.conf is setup with [printers] and [print$]. I copy the postscript drivers from adobe. I then tried to export a printer to samba with the following command cupsaddsmb -v -U dwoody canon It did all of the commands successfully except for the last one. which was: rpcclient localhost -N -Udwoody%password -c 'setdriver canon canon' It failed with NT_STATUS_UNSUCCESSFUL. I ran the same rpcclient standalone with debug and I got several error messages. They are 1) connection refused on localhost:445 (it then used port 139 - should it?) 2) WERR_ACCESS_DENIED (this was near the end of the output) 3) NT_STATUS_UNSUCCESSFUL I have not been able to fix the first two errors. BTW, the drive shares are working correctly. 1)Is the user dwoody in the list of printer admins 2)Does the user dwoody have write access to the print$ share 3)Does the user dwoody have write access to the directories in the print$ share (ie /var/lib/samba/printers/*) If in doubt, please send the entire defintions of your print$ and printers shares, and the following output: $ grep print /etc/samba/smb.conf|egrep -v [\;\#] BTW, using the adobe postscript drivers is really only recommended for postscript printers, you should upload the windows native drivers from a windows machine if you have non-postscript printers. But, the same issues would apply. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: linux server completely hangs copying files with samba
Davide Cavaleri wrote: final experiments; after realizing that unloading the usb-ohci module (non even the usbcore) system was fine, i compiled the kernel without modules support and without usb. the machine crashed and actually i was really angry, becuase i thought i had found the problem; but finally i discovered that if usb is not loaded the machine crashes, but if i load it and unload it (going back to the same situation) it doesn't crash. obviously if i disale usb from bios everything in ok. maybe is something about irq, so if it is enabled in bios the ira (11 for me) is used. loading and unloading the module will do something strange to the irq handles. cat /proc/interrupts gives 0 on usb. at this point i'm curios to find out why this happens; since i've red of many people having this problem maybe someone (not you, as you told me) had a similar situation. don't know if it's relevant, but only once the keyboard was blocked, i had to unplag and plug it back (ps/2 keyb) and it was ok, checking the interrupts they had jumped from 1500 to about 3000 in few seconds. going to work, nice day I forget how recent your hardware is, but have you tried booting with: lilo: linux noapic ? Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPs and Samba and XP
Date: Wed, 29 Jan 2003 11:06:53 -0800 From: [EMAIL PROTECTED] To: Samba [EMAIL PROTECTED] Subject: [Samba] CUPs and Samba and XP Message-ID: 007e01c2c7c9$959ddce0$ec00a8c0@tweety Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: list Message: 2 Hullo All. The preamble Samba 2.2.7a compiled against CUPS, CUPs v 1.1.6 (version that came with Mandrake 9.0), using client side drivers (raw printing) on XP. Printing works, cancelling jobs via the web interface works after the spooling is done. What doesn't work. Pausing jobs (though that's not as important as the next trouble) and cancelling jobs from XP. Note that you can't really have user control of print jobs unless the user is authenticating to the server, and you haven't given any detail on how you are setup. Easiest way to tell on a default installation is if you see a share on the server with the username you are logged into windows with. If you don't, you're either going to have to add unix accounts (if they don't exist) which match the windows user names (or use a username map) and set their smbpasswd (smbpasswd -a user) or provide more info on how your authentication is setup. This works fine here, using the samba-2.2.7a-3mdk RPMs available at http://ranger.dnsalias.com/mandrake/samba on mandrake 8.0-9.0. If I cancel a job by hitting the cancel button on a windows print dialogue, the program freezes until I manually restart the XP print spooler service. If I cancel a job by hitting cancel in the print spooler window, the job does get cancelled (it disappears from the spooler window), but the same problem, the program freezes until I manually restart the spooler. Anybody seen this before. I didn't have this trouble when I was using lpd, just recently with cups. One other side issue, i always have to manually refresh the spooler screen (F5) to see current activity. Is there a setting that I'm missing that will do that for me. Printing to samba also doens't work that well if you have the XP firewall enabled, which be default firewalls off 137-139, preventing samba from being able to send a reply. This also affects printers on Windows NT servers. Thanks for any and all help. Hans Rasmussen Drafting/GIS Coordinator FYI, grass-5.0.0 is in Mandrake 9.0 contribs if that would interest you ... Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP user adding
Date: Wed, 29 Jan 2003 15:36:57 -0600 (CST) From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: Jim Wharton [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Samba LDAP user adding Message-ID: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Content-Type: TEXT/PLAIN; charset=US-ASCII MIME-Version: 1.0 Precedence: list Message: 14 I just installed samba 2.2.7 on Mandrake 9 with OpenLDAP support. I have set up OpenLDAP and everything is cool. When I try to add a user I get: If you are using RPMs (such as from http://ranger.dnsalias.com/mandrake/samba) Note that there is a path setting in the default /etc/samba/smbldap_conf.pm that is incorrect, mkntpwd is in /usr/sbin and not /usr/local/sbin [root@luna openldap]# smbpasswd -a jim New SMB password: Retype new SMB password: Failed to issue the StartTLS instruction: Connect error Failed to issue the StartTLS instruction: Connect error Failed to add entry for user jim. Failed to modify password entry for user jim so I jumped in to smb.conf and disabled ldap ssl = start tls. Then I got: ldap ssl default to on which implies LDAPS. if you want clear text communication, you need to set ldap ssl = off Preferred option would be to fix ssl or tls, which requires that you generate an ssl cert with the hostname on it that matches the hostname set in smb.conf (and /etc/ldap.conf if you want to tls/ssl for pam_ldap/nss_ldap). Jerry, you are aware that samba defaults to using port 636 for tls when (AFIAK) it should be using port 389? (hint if you want to use tls, you need to set: ldap ssl = start_tls ldap port = 389 ) -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP user adding
Gerald (Jerry) Carter wrote: Preferred option would be to fix ssl or tls, which requires that you generate an ssl cert with the hostname on it that matches the hostname set in smb.conf (and /etc/ldap.conf if you want to tls/ssl for pam_ldap/nss_ldap). Jerry, you are aware that samba defaults to using port 636 for tls when (AFIAK) it should be using port 389? Yeah. I just found this yesterday. Fixed in CVS and will be in the 2.2.8pre1 out tomorrow. ~ timeframe for 2.2.8 final? I have one or two small packaging changes I would like to get in before you cut final, but can you apply this one in the meantime? http://cvs.mandrakesoft.com/cgi-bin/cvsweb.cgi/~checkout~/SPECS/samba/samba-2.2.7a-mandrake-packaging.patch?rev=1.1 Will 2.2.8 include the ldap-rebind patch for referrals (sorry, my cvs is out of date ...)? (in case you don't have one handy: http://cvs.mandrakesoft.com/cgi-bin/cvsweb.cgi/~checkout~/SPECS/samba/samba-2.2.7a-ldap-rebind.patch?rev=1.1 ) Also, in case you have time, please look at the smbumount patch: http://cvs.mandrakesoft.com/cgi-bin/cvsweb.cgi/~checkout~/SPECS/samba/samba-2.2.6-smbumount_lazy.patch?rev=1.3 We will continue to include this in our packages ... but if you apply it I will need to remove it's Patch and %patch entry from the spec file ... Thanks, Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PAM Module for SMB-LDAP
Date: 30 Jan 2003 10:40:50 -0500 From: Bradley W. Langhorst [EMAIL PROTECTED] To: Matthias Eichler [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] PAM Module for SMB-LDAP Message: 18 On Thu, 2003-01-30 at 05:28, Matthias Eichler wrote: And with these settings you can really change the lmpassword and ntpassword attributes in LDAP when doing a passwd under UNIX?!? yes - i am using samba3a21 but i'm pretty sure this worked with 2.2.6 when i last tried the 2.2 branch It really has no relationship to which samba you're running, since this is when changing your password on a unix machine which is not a DC, so you can't (AFAIK) use pam_smbpass, and the machine may have no samba components installed on it anyway. AFIAK, the only way around this is a hacked pam_ldap which changes ntpasswd and lmpasswd, there is one around somewhere ... The other option is to make a passwd script which calls smbpasswd -r name of pdc, and rename the old passwd binary. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PAM Module for SMB-LDAP
Bradley W. Langhorst wrote: On Thu, 2003-01-30 at 13:46, Buchan Milne wrote: It really has no relationship to which samba you're running, since this is when changing your password on a unix machine which is not a DC, so you can't (AFAIK) use pam_smbpass, and the machine may have no samba components installed on it anyway. I could be mistaken but I believe that the pam_smbpass that comes with samba uses native samba calls to change the password. Well then the docs on it are really stuffed and ambiguous ... but I would be happy to know that this works ... From: samba-2.2.7a/source/pam_smbpass/README This module authenticates a local smbpasswd user database. If you require support for authenticating against a remote SMB server, or if you're concerned about the presence of suid root binaries on your system, it is recommended that you use one of the other two following modules I have already determined from Andrew Bartlett that there is ambiguity in 'smbpasswd user database', as it should be 'samba passdb backend', to be more clear that LDAP etc is supported in 2.2.7a on the DC. But it may be out of date: 25 Mar 2001 Or maybe works better on samba3 ... Really - this does work on my setup i've just tested it by changing my password like this on the command line passwd bwlang New UNIX password: BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: LDAP password information changed for bwlang passwd: password updated successfully now when i log in to an xp machine (joined to the samba pdc) i must use the new password here's what my auth.log says... Jan 30 13:49:22 bitc PAM_unix[29461]: username [bwlang] obtained Jan 30 13:49:22 bitc PAM_unix[29461]: Password for bwlang was changed Jan 30 13:49:22 bitc PAM_smbpass[29461]: username [bwlang] obtained Jan 30 13:49:22 bitc PAM_smbpass[29461]: password for (bwlang/603) changed by (root/0) AFIAK, the only way around this is a hacked pam_ldap which changes ntpasswd and lmpasswd, there is one around somewhere ... maybe I'm using that hacked pam_ldap but I don't remember installing it... You can check: $ strings /lib/security/pam_ldap.so |grep -i ntpassword For example: [bgmilne@bgmilne wxgps]$ strings /lib/security/pam_ldap.so |grep -i \ userpassword userPassword am i smoking crack here? seems to work. We'll find out ... Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question
Date: Tue, 28 Jan 2003 13:53:20 -0500 From: Esler, Joel [EMAIL PROTECTED] To: Samba-L (E-mail) (E-mail) [EMAIL PROTECTED] Subject: [Samba] Question Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Precedence: list Message: 22 Since I put alot of reliability in listservs I want to do the following things. I run a Linux server on a completely Win2K network. I want the Linux server, when someone's password is updated through the domain controller, to automatically update the Linux server, so when we update someone's password, or disable someones account in Win2k domain, it also disables it on the Linux server. Well, the way this is done is actually to authenticate directly against the domain, rather than keeping passwords in sync. Also, I want to be able to set up a partition (say /home) on my linux server, where people can just go into Network Neighborhood and go into their share folder in the Linux server as if it were just a F/P server in a win domain. I am assuming Samba does both of these. However, I dont' know how... can someone point me in the right direction. You can do this with winbind. Take a look at this: http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz IMHO, Mandrake 9.0 is the quickest way to get this, plus you can use ACLs out-the-box. Reccomended procedure: 1)Install Mandrake 9.0 in expert mode 2)Where you enter the root password, choose Windows Domain as authentication type. 3)Enter the domain name in CAPS If your domain allows anonymous access, you should be able to log into the machine with a domain account on first boot. But the default config doesn't have any shares enabled, so: # cp /etc/samba/smb-winbind.conf /etc/samba/smb.conf Replace the 'workgroup = ' line in your new /etc/samba/smb.conf with the domain name, install samba-server (urpmi samba-server), start samba (service smb start) and it should make a home directory for any user who authenticates, even via samba. So, connecting to \\server\username\ should work out-the-box. To get ACLs working, you should either use XFS as the filesystem that your shares will be on, or add the 'acl' mount option to ext2/ext3 filesytems in your /etc/fstab. Note the tarball above has configs that should accomplish the same on Redhat 8.0 (except possibly for the winbind groups problem people are talking about). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux to Win2k Active Directory authentication usingsamba.
Message: 3 Date: Sun, 26 Jan 2003 22:09:01 -0800 (PST) From: bernie liwanag [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Linux to Win2k Active Directory authentication using samba. Hi to all, Is there any additional information I can get about on Linux to Win2k Active Directory authentication using samba? I have downloaded some documents on how can i test it but its not yet complete. I know that samba 3.0 is still on alpha version, I just want to try whether someone had already tried it to implement for one login authentication, especially using the GUI mode login (KDE or Gnome). Thanks a lotand more power! If you don't need kerberos support etc, you may come right with winbind. Mandrake 9.0 supports this out-the-box if you do an expert install, and choose Windows Domain authentication. Just remember to enter the domain name in CAPS. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] linux server completely hangs copying files with samba
On Sat, 25 Jan 2003, Dragan Krnic wrote: Which IDE chipset? We ran our network on a machine runnning essentially 9.0 (cooker but with 2.4.19-16mdk kernel, and most server components and libraries haven't changed) on a 120GB IDE disk for a week with no problems, with dma enabled. So it might be chipset specific. Good question! The chipset in my case was i845 from Intel. I had it running for a month in a sandbox with only a couple of clients, but when I eventually took it into production and added 40 clients it would simply freeze from time to time necessitating a cold start. IIRC, the i845 does give problems with DMA enabled under 2.4.19, I think smoe people are having more success with the latest kernels ... My distro is SuSE 8.1, but 2.4.19 is 2.4.19 is 2.4.19, right? I'd never go back to IDE even if I knew the problem is solved. At my home I can use anything, it doesn't matter. But a file server may be privileged with a couple of decent SCSI drives if you're serious. And besides, 15 Krpm LVD disks are a lot faster than 7200 IDEs and I can string many more on the same wire. And even better if you cah do hardware RAID ... and then use LVM over that ;-). Our new Dell PowerEdge 2500 has 5*36GB/15k LVDs setup like that, and is stable as a rock (so far, it's only been in production for a few weeks). Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Message: 12 Date: Fri, 24 Jan 2003 23:38:06 +0100 From: David Morel [EMAIL PROTECTED] To: Bradley W. Langhorst [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Samba] NT ACL's Bradley W. Langhorst wrote: On Fri, 2003-01-24 at 16:23, [EMAIL PROTECTED] wrote: I have been playing with samba for about 3 months. I have not been able to find a way to setup acl's efficiently. I would like to be able to set permissions for one person one way and three others all with different permissions. Then to also add 4 to 5 groups with all with different permissions the same way you would in windows. I am new to linux so I have a hard time fully understanding the Linux permissions. Any help would be appreciated. if you want a full set of permissions like on windows, you'd better install acl support on an xfs filesystem for instance. Distros like Mandrake (Redhat?) come with these tools already. xfs+acl support has to be compiled in the kernel or as modules, and a few other tools can be installed to get/set acls on the command line. Mandrake (since 8.1 on XFS, or 9.0 for ext2/ext3) and SuSE (currently both XFS and ext2/ext3 AFAIK) support them out the box. RH you will need 3rd-party support (SGI may still ship kernels, tools and possible samba packages with acls enabled) or will have to roll-your-own. Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Message: 1 Date: Fri, 24 Jan 2003 18:03:19 +0100 To: [EMAIL PROTECTED] From: Davide Cavaleri [EMAIL PROTECTED] Subject: [Samba] linux server completely hangs copying files with samba hi, i'm experiencying a strange problem with a mandrake 9.0 machine, kernel 2.4.19, samba (different versions, including latest). when I copy large amount of data from any win98 machine to a share directory on linux, after a random time the linux machine hangs; not responding even to ctrl-alt-canc, only possibility is to reset. I was using a realtek 8139 (driver 8139too) which I know sometime giving problems; I tried a Dlink (always 8139too), same problem; reading around it could be a driver problem so I managed to have a good 3com905c (driver 3c59x); big surprise: same problem!!! i noticed that trasferring from the laptop which has a 10 Mit/s card doesn't give the error, so probably it happens with large bandwith usage on the server. nothing appears on any log, as if nothing appened. anybody experienced similar problems? especially anybody solved it? regards We're running Mandrake 9.0 on the stock secure kernel with my own 2.2.7a-3mdk packages (which will be on the mirrors soon, RPMs on my webpage which is linked beloew) in production serving up 130GB+ of disk with no problems. Did some tests with 4GB+ files via smbclient to test the fixes, and the server (Dell 2500 with eepro100) is stable as a rock. We did see some issues with a tulip card, but way before we even got samba running (ifdown eth1 would oops). A number of Mandrake 9.0 desktops we have run with rtl8139 (using the 8139too driver), with which I haven't seen any problems. Do you see any errors on the various consoles on the machine (CTRL-ALT-F1 through CTRL-ALT-F12)? Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] linux server completely hangs copying files with samba
To: [EMAIL PROTECTED] Date: Sat, 25 Jan 2003 11:10:43 +0100 From: Dragan Krnic [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: [Samba] linux server completely hangs copying files with samba Organization: Lycos Mail (http://www.mail.lycos.com:80) I think it's the same problem I had and it's not the network problem. It's about a problem with system on IDE drives. After I switched to a SCSI disk for boot, swap and root the problem disappeared completely. The fact that the problem doesn't occur with 10 Mbps connections only shows that slow ether cannot create enough stress for the problem to manifest itself. It's some racing condition in UDMA driver. If you disable DMA on your system IDE drive you won't have the problem but the performance really sucks. Which IDE chipset? We ran our network on a machine runnning essentially 9.0 (cooker but with 2.4.19-16mdk kernel, and most server components and libraries haven't changed) on a 120GB IDE disk for a week with no problems, with dma enabled. So it might be chipset specific. Maybe if you two can log a bugzilla or Mandrakeexpert entry, and you may be able to try the kernel update that should be coming and see if it addresses the problem. Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-2.2.7a RPMs available for Mandrake 8.0, 8.1, 8.2 and 9.0
Just a quick note that I have finalised RPMs of 2.2.7a for Mandrake 8.0, 8.1, 8.2 and 9.0. They are currently available from http://ranger.dnsalias.com/mandrake/samba . Updates are in the works for 9.0, and RPMs for all releases should go to the samba mirrors soon, but if you're having problems with large file support, or are still running 2.2.6 for large file support, I thought you might want to grab these now ... (but please only take them from here if you need them urgently ... we're on tight bandwidth ...). Also note that I have applied patches for: 1)Large file support for smbclient and smbtar (posted here) 2)Referral support for LDAP when samba is running against a slave ldap server (from http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#patches) I have verified that large file support is fixed in smbclient (and smbd of course ..), but haven't tested smbtar, I would appreciate a report from someone who uses smbtar as to whether it works or not. LDAP-enabled RPMs will not be availble in the updates for 9.0 since we don't ship with ldap support by default. Finally, I have also update the samba3.0alpha21 RPMs for 9.0 with more features, these are availabe at: http://ranger.dnsalias.com/mandrake/mandrake9.0/samba-3.0alpha21/ All these packages are also in Mandrake cooker (samba3 in contrib). Finally, thanks to Danny Tholen for compiling on 8.2, I don't have an 8.2 box to build on any more (and my 8.0 and 8.1 boxes will be upgraded soon too ...) Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can't add Machine account ( LDAP ) ... (solved)
Message: 1 Date: Tue, 21 Jan 2003 19:08:07 +0200 From: C.Lee Taylor [EMAIL PROTECTED] Organization: LeeNX To: [EMAIL PROTECTED] Subject: [Samba] Re: Can't add Machine account ( LDAP ) ... Just got bitten in the ass by not been able to join the domain with 2.2.7a Correct me if I am wrong, Jerry did give me a quick explaination. It has to do with usernames and what allowable characters in it for security. It was basically dismissing the weird entry as a security mechanism in the logging/DEBUG code, it shouln't have affected the script. Now, I need to fix this, does anybody have a patch/fix or tell me where to look in the source to try and fix this. Finally was able to find the freaking message ... but I think that this might be something else ... OK, I am looking at this now ... Hmmm, after a bit of debugging work, I found that I could not join as a domain admin, but could join as root, and that was due to wrong perms on the smbldap-tools, essentially a non-root domain admin did not have permission to run the 'add user script' (due to a new setup where we hadn't fixed the perms). It seems to work now ... I really need domain joining, or at least a work around for it ... Please help me!!! If you have the smbldap tools setup, then you should be able to pre-create machine accounts. On Mandrake, we have them in /usr/share/samba/scripts, so I would run something like this: # /usr/share/samba/scripts/smbldap-useradd.pl -w -c Samba Machine Account' -s /bin/false -d /dev/null -g machines machine$ (the equivalent of the script you would have as a 'add user script' in smb.conf, just replacing the macros). Then you should be able to join with any domain admin account. Now, if the user you are going to join as can run the script (requires rx perms on the scripts: [root@hercules bgmilne]# ll /usr/share/samba/scripts/ total 112 -rwx--1 root domadm 1720 Jan 14 02:29 export_smbpasswd.pl* -rwx--1 root domadm 3498 Jan 14 02:29 import_smbpasswd.pl* -rwxr-xr-x1 root domadm 1703 Jan 14 02:29 print-pdf* lrwxrwxrwx1 root domadm 26 Jan 17 16:24 smbldap_conf.pm - /etc/samba/smbldap_conf.pm -rwxr-x---1 root domadm 2389 Jan 14 02:29 smbldap-groupadd.pl* -rwxr-x---1 root domadm 2369 Jan 14 02:29 smbldap-groupdel.pl* -rwxr-x---1 root domadm 5362 Jan 14 02:29 smbldap-groupmod.pl* -rwxr-x---1 root domadm 1821 Jan 14 02:29 smbldap-groupshow.pl* -rwxr-x---1 root domadm 6923 Jan 14 02:29 smbldap-migrate-accounts.pl* -rwxr-x---1 root domadm 4874 Jan 14 02:29 smbldap-migrate-groups.pl* -rwxr-x---1 root domadm 4994 Jan 14 02:29 smbldap-passwd.pl* -rwxr-x---1 root domadm 7147 Jan 14 02:29 smbldap-populate.pl* -rw-r--r--1 root domadm 11685 Jan 14 02:29 smbldap_tools.pm -rwxr-x---1 root domadm 13439 Jan 14 02:29 smbldap-useradd.pl* -rwxr-x---1 root domadm 2913 Jan 14 02:29 smbldap-userdel.pl* -rwxr-x---1 root domadm 10697 Jan 14 02:29 smbldap-usermod.pl* -rwxr-x---1 root domadm 1762 Jan 14 02:29 smbldap-usershow.pl* And something like this on the config file: [root@hercules bgmilne]# ll /etc/samba/smbldap_conf.pm -rw-r-1 root domadm 6947 Jan 17 22:02 /etc/samba/smbldap_conf.pm Then any member of domadm (assuming @domadm is in the 'domain admin users' list in smb.conf) you should be able to join a machine. OK, this means I just need to verify some issues (like testing password changes on referrals, which I may be able to do tomorrow or Friday) and we will have new samba packages for Mandrake ... hopefully by the weekend at the latest. If anyone has a setup to test large file support (smbtar, smbclient, files 4GB) on Mandrake 8.0, 8.2 or 9.0, please contact me and I will get you a set of RPMs that have the two fixes applied. FYI: [root@hercules bgmilne]# rpm -q samba-server-ldap samba-server-ldap-2.2.7a-3mdk Sorry for the false alarm Jerry ... Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [CLUG-tech] odd samba error
Chris Nash wrote: So this is my problem: Samba works but not as a domain controller.Well here is the smb.conf file and the testparm dump. I think it ver 2.2.x? Any ideas? extract from the var/log/messages, all from smbd daemon: api_samr_set_userinfo: unable to unmarshall SAMR_Q_SET_USERINFO passdb/pdb_smbpasswd.c: pdb_getsampwdrid (1416) unable to open passdb database Does this make any sense? Have you got any entries in your: smb passwd file = /etc/samba/smbpasswd If not, you need to add them (unix accounts must already exist) with 'smbpasswd -a' If you are joining winnt/win2k/winxp machine to your domain, you must uncomment this line: # add user script = /usr/sbin/useradd -g smbusers -d /dev/null -s /bin/False %u (yes, it gets used for machine accounts on a domain controller), and have added an smbpasswd for the root account (by running 'smbpasswd -a' as root). Also, your: NET USE I: /home doesn't belong in your smb.conf Please check the smb.conf man page for this one also: map to guest = sambauser (IIRC it should be on of 'bad user', 'bad password' or 'never'). You may be looking for the 'guest account parameter instead ... Also, it would help if you told us what steps you have followed prior to this, as not everything can be determined from your configuration file. How are you joining machines to the domain? Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding a machine; I think I am onto something
Message: 19 Subject: Re: [Samba] Adding a machine; I think I am onto something From: Dariush Forouher [EMAIL PROTECTED] To: Jim C [EMAIL PROTECTED] Cc: Samba ML [EMAIL PROTECTED] Date: 19 Jan 2003 12:52:37 +0100 --=-+wK3KcK7Sqyp6lPAjR1a Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Am Son, 2003-01-19 um 10.19 schrieb Jim C: libnss-ldap.conf? I don't seem to have that file anywhere. I suppose I should warn you that this is a Mandrake system. I do have=20 nss-ldap installed as well as pam-ldap. Well, it might be named different by Mandrake. SuSE's one is somewhere behind /etc/ldap. Have a look into your docs provided by mandrake or perform a find after 'ldap'. /etc/ldap.conf Why do you wan't to put the machines somewhere else anyway? You can't hide them before unix because samba uses them. If you wan't to make your ldap more clear and easier to administrate, just put all your machine trust accounts into a folder below ou=3DPeople, e.g. ou=3Dcomputers,ou=3DPeople,... Samba will find them without changing any configuration. Actually, what you can do is use a different search-base on your DCs than on your other desktops and other servers, then 'getent passwd' or a {k,g,x}dm wil only show user accounts. Of course, on the DCs, both samba and nss should be looking in the right places BTW, you are aware that machine addition worked fine on 2.2.6 (AFAICR)? I will try and take a look again shortly, but we've just migrated from our old DC/LDAP server to a new one and one or two things are still broken (unix password changes in LDAP ...). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logon Scripts for Mandrake 9.0
From: David Sexton [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 17 Jan 2003 12:16:00 -0500 Subject: [Samba] Logon Scripts for Mandrake 9.0 I was wondering if some one could help me make some basic login scripts and tell me where to place them. I know nothing about them. I am trying to get my windows based mechines to login to my Mandrake 9.0 server This isn't really a samba question, as you can write the login scripts as batch files on a windows machine, and copy them to your samba server. I am sure a google search would turn up a few examples. But most uses for login scripts include mapping shares (net use, see 'net help use' on a windows mahcine) or importing registry settings (regedit /s regfile.reg) or copying files etc. If you need to customise logins scripts per-user, per-machine, per-OS, you may want to try ntlogon, which is in the Mandrake contribs (set yourself up at http://plf.zarb.org/~nanardon if you haven't yet, and you should be able to 'urpmi ntlogon'). Edit the file /etc/ntlogon.conf, it's pretty self-explanatory. Also, uncomment the lines for ntlogon in the netlogon share of the default smb.conf in Mandrake. If you have mangled yours, take a look at: http://ranger.dnsalias.com/mandrake/samba/smb-domain-controller.conf I have windows ME and XP i got ME to login but XP won't. Can some one help That may be a different issue. Firstly, I don't think you can join XP Home to a domain (any domain, NT/2k/samba). Secondly, XP Pro, like NT and 2k requires machine accounts (check that your 'add user script' is setup), and that you join the domain with the root account (unless you are using an LDAP backend on 2.2.x). So, you would need to do 'smbpasswd -a' as root, and when joining the machine use 'root' as the username, and the password you entered for 'smbpasswd -a'. Finally, XP won't connect to a server that doesn't support signing/sealing unless you apply the registry patch, available in the samba-doc package: [bgmilne@bgmilne bgmilne]$ rpm -ql samba-doc |grep -i signorseal /usr/share/doc/samba-doc-2.2.6/docs/Registry/WinXP_SignOrSeal.reg Finally, make sure you have run updates (I have't on this machine as you can see above ...) Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Second Post: Unable to add user with Samba 2.2.7 - LDAP- PDC
Matthieu Turpault wrote: Thanks for the answer (BTW, are you using RPMs or not? If so, which ones please?). I use the RPM samba-common-ldap-2.2.7-1.1mdk, samba-server-ldap-2.2.7-1.1mdk and samba-client-2.2.7-1.1mdk. [global] workgroup = MDKGROUP server string = Samba Server %v log file = /var/log/samba/log.%m max log size = 5000 security = user encrypt passwords = yes ldap admin dn = cn=manager,id=1 Should this not be something like 'ldap admin dn = cn=manager,o=comelis? Or does : $ ldapsearch -x -h ldap.comelis.fr -D cn=manager,id=1 -W (uid=mat) work for you (with the password you have added to samba with 'smbpasswd -w password when prompted)? Yes, it does ! My base dn is id=1. Didn't appear so from the LDIF entry you posted ... the dn didn't contain 'id=1'. But I *can* log with a user, i.e. a valid credential stored in the directory. My computer *can* contact the PDC... and it worked with samba-common-ldap-2.2.3a-10mdk.. Works for me on 9.0 using 2.2.7a-3mdk (ie I can see users in Computer Management-Local Users and Groups when I add domain users to a local group). Also worked on 8.2 with everything from 2.2.3a up to 2.2.7a. Have you tried looking in the logs (maybe increase the log level also)? I will be releasing new RPMs soon hopefully, just want to try and track down why the 'add user script' isn't being run when trying to join a machine to the domain. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] First letter in filenames missing
Message: 12 From: Torben Ellgaard [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 17 Jan 2003 02:50:14 +0100 Subject: [Samba] First letter in filenames missing This is a multi-part message in MIME format. --=_NextPart_000_000B_01C2BDD3.29618040 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable I am new to Linux and Samba, but I have resently started experimenting = by installing a Mandrake 9.0 on an old PC. I am trying to use this as a = file server accessible from my Window 98 SE PC. So far I have managed to install Samba and the Linux PC is visible in = the Windows Network Neighborhood, but files can not be accessed. I think = this is a password issue, that I can solve by reading a bit and setting = up the right users on the Linux box. i will return if this problem = persists. Run 'smbpasswd -a user' as root, where user is replaced with an existing unix account (ie with 'useradd user') which matches the username the user uses on windows. BUT, The odd thing that is the issue of this mail is, that when I browse = on the Linux box to see the files on the Windows PC, I can see the = shares, folders and files, but in all filenames and foldernames the = first letter is missing! Please run MandrakeUpdate. This, and many other issues (including security vulnerabilities in other software) will be fixed. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth. samba users against Win2K AD
Message: 16 Date: Thu, 16 Jan 2003 20:58:20 -0800 To: [EMAIL PROTECTED] From: Bill Parker [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Samba] auth. samba users against Win2K AD Hi All, We have a mixed Win2K and Linux environment, and we run Samba 2.2.3a on SuSE 8.0 Linux. Assume you have users who have to access a share on Samba of say /foo/bar, and the users are part of group 'somegrp' (they have permissions to modify stuff in /foo/bar, btw). Now, assume said users exist on Win2K AD, is there any way to get Samba to authenticate against Win2K when they go for access to the the share, rather than have to change passwords on both Samba and Win2k so that they match? Yes, join the machine to the Win2k domain (as root): smbpasswd -j DOMAIN -U Domain Admin account -r Domain Controller You will still have to make the accounts. This you can get around using Winbind ( try 'man winbindd' for more info). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind authenticated users - no home directory
Message: 13 Date: Wed, 15 Jan 2003 11:48:43 -0800 From: John Oliver [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Winbind authenticated users - no home directory When I log on with an NT user to a Linux machine via winbind, I get complaints about no home directory and wind up in / The docs don't mention this at all. How to fix? Setup pam_mkhomedir. See this example (which can be used to replace /etc/pam.d/system-auth, at least on Mandrake) http://cvs.samba.org/cgi-bin/cvsweb/samba/packaging/Mandrake/system-auth-winbind.pamd?rev=1.2content-type=text/x-cvsweb-markup Ensure that the parent directory of the users home does exist, pam_mkhomedir doesn't make deep directories. If you want samba to make home directories via pam_mkhomedir, you need to set 'obey pam restrictions = yes' in your smb.conf. More winbind examples (configs for Mandrake 9.0 and RH 8.0, plus a presentation and some notes): http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz Of course, knowing which distro you are using and what steps you took or which docs you followed would help. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Second Post: Unable to add user with Samba 2.2.7 - LDAP- PDC
Message: 5 From: Matthieu Turpault [EMAIL PROTECTED] To: Samba [EMAIL PROTECTED] Date: Thu, 16 Jan 2003 11:27:30 +0100 Subject: [Samba] Second Post: Unable to add user with Samba 2.2.7 - LDAP - PDC Hello, I did not have any response of my first mail. Perhaps I did not be enough clear: Since I have installed the latest version of samba (2.2.7), I can't see user of my domain with the Win2K User management console. I have try to change several attribute in my user ( in particular acctFlags ) but I cannot manage with making my system works. (BTW, are you using RPMs or not? If so, which ones please?). Do you have any idea ? See below ... Thanks in advance Matthieu Turpault Appendice: - a sample of a user in my LDAP directory - my first post --- = A sample of a user in my LDAP directory: = dn: uid=mat,ou=users,o=comelis loginShell: /bin/bash objectClass: cmlsPerson objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaAccount objectClass: account objectClass: posixAccount objectClass: top objectClass: qmailUser sn: Turpault gecos: Matthieu Turpault mail: [EMAIL PROTECTED] qmailGID: 100 givenName: Matthieu uidNumber: 1002 homeDirectory: /homes/matthieu pwdLastSet: 1042190742 logonTime: 0 logoffTime: 2147483647 kickoffTime: 2147483647 pwdCanChange: 0 pwdMustChange: 2147483647 displayName: Matthieu Turpault cn: Matthieu Turpault rid: 998 primaryGroupID: 999 acctFlags:: IFtVWCAgICAgICAgIF0= ( ie [UX ] ) gidNumber: 100 uid: mat [...] -- my smb.conf [global] workgroup = MDKGROUP server string = Samba Server %v log file = /var/log/samba/log.%m max log size = 5000 security = user encrypt passwords = yes ldap admin dn = cn=manager,id=1 Should this not be something like 'ldap admin dn = cn=manager,o=comelis? Or does : $ ldapsearch -x -h ldap.comelis.fr -D cn=manager,id=1 -W (uid=mat) work for you (with the password you have added to samba with 'smbpasswd -w password when prompted)? ldap server = ldap.comelis.fr ldap ssl = off ldap port = 389 ldap suffix = id=1 As above, I think this needs to be o=comelis, unless the following works for you: $ ldapsearch -x -h ldap.comelis.fr -b id=1 (uid=mat) ldap filter = ((uid=%u)(objectclass=sambaAccount)) unix password sync = Yes passwd program = /usr/share/samba/scripts/smbldap-passwd.pl %u passwd chat = *New*password*:* %n\r *Retype*new*password*:* %n\r *all*authentication*tokens*updated*successfully* We use 'pam password change = yes and have pam_ldap in the passwd section on /etc/pam.d/samba instead. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profile migration again
Message: 11 Date: Thu, 16 Jan 2003 16:04:18 + (GMT) From: John H Terpstra [EMAIL PROTECTED] To: Gabriel D. Preston [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Profile migration again If they are already domain user profiles then the samba-3.0.0 'profiles' tool should report the SID's in NTUser.DAT and should allow you to change them. Where does one find this tool? Haven't seen it in my builds from samba3alpha cvs, and it would come in useful right now (actually, about 2 days ago, but it may still be of value ...). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB+LDAP Question ...
Message: 18 Date: Wed, 15 Jan 2003 15:58:41 +0200 From: C.Lee Taylor [EMAIL PROTECTED] Organization: LeeNX To: [EMAIL PROTECTED] Subject: [Samba] SMB+LDAP Question ... Greetings ... I have a quick question, which I hope will get a straight and quick answer. I am moving my system from flat files to LDAP. I have had my users in LDAP for a while, but then found that my computer accounts for Win2K in still in passwd. My question is, what are the bare minume LDAP attribs that I need for them to contiune to work? AFAIK, just sambaAccount and related items. But I don't think I am going to get that answered, so, do I need a Unix password for computers? No. I would just like to keep as little info my LDAP as possible .. I still believe the smallest amount of common info is best. In the end, in 2.2.x and non-NUA sam backends in 3.0alpha, you need the following to work on any DC: $ getent passwd machine$ So, on your DCs, you either need a unix account for the machine in /etc/passwd, or an LDAP account with posixAccount and sambaAccount BTW, see examples/LDAP/import_smbpasswd.pl in the samba docs if you hanen't yet. Should work for importing machine accounts. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB+LDAP Question ...
C.Lee Taylor wrote: AFAIK, just sambaAccount and related items. Mmm, you see, if you have the /etc/passwd entery and do a smbpasswd -a -m with LDAP, it creates the sambaAccount stuff in LDAP, but if I delete the /etc/passwd without moving it into LDAP, the computer will not logon the PDC/Network. So are you saying you have machines that are in LDAP, have no posixAccount in LDAP, no entry in smbpasswd, but have an entry in passwd? So now I have a few machine accounts which I want to move into LDAP, so I would like to know what I need, at least from and LDAP point of view ... In the end, in 2.2.x and non-NUA sam backends in 3.0alpha, you need the following to work on any DC: $ getent passwd machine$ So, on your DCs, you either need a unix account for the machine in /etc/passwd, or an LDAP account with posixAccount and sambaAccount Okay, but what does Samba 2.2 need with posixAccount? I mean, it does not need a homedir for anything. It does not need the Unix password stuff. I currently use the gid, but if it's in LDAP, I don't think I need that either. But gidNumber is an attribute of posixAccount, as is uid (and uidNumber). getent passwd won't return (under normal circumstances) an LDAP entry that doesn't have objectclass:posixAccount. AFAIK, samba checks the equivalent c call (getpwent) unless using one of the NUA backends. BTW, see examples/LDAP/import_smbpasswd.pl in the samba docs if you hanen't yet. Should work for importing machine accounts. But I would think that import_smbpasswd.pl is for importing smbpasswd, I need to bring in the passwd, that is why I am asking ... Well, what you *realy* want is LDAP acounts for machines that exist in smbpasswd but not in LDAP? Extract the entries from smbpasswd for those machines, and then run the script ... On Mandrake, that would be: $ /usr/share/samba/scripts/import_smbpasswd.pl /path/to/modified/smbpasswd Anyway, we've had some issues migrating DCs ... am not entirely convinced smbpasswd -S really works ... but it could be other issues. At least when we are done, we will know that nothing more resides in files, since the new machine does everything via LDAP. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba (2.2.7a) + openldap (2.0.x)
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 10 Jan 2003, C.Lee Taylor wrote: ((uid=machine_)(objectclass=sambaAccount)) where it should have been like this: ((uid=machine$)(objectclass=sambaAccount)) I am sure, but I am sure that I did a Machine Account add with 2.2.7, is this a change in 2.2.7a ... I don't remember seeing that in CVS logs ... but then I have been offline for about a month ... Nope. This wouldn't have been a change between 2.2.7 and 2.2.7a. I didn't run 2.2.7, but it worked very well up to 2.2.6, but is definitely broken in 2.2.7a ... no useful logs atm. Jerry, any idea where to look or what errors to grep for at what log level? Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] import_smbpasswd.pl for samba + LDAP
Message: 17 Date: Tue, 14 Jan 2003 15:21:15 +0800 To: [EMAIL PROTECTED] From: Long-Sheng Kuo [EMAIL PROTECTED] Subject: [Samba] import_smbpasswd.pl for samba + LDAP Hello All! I am trying to follow the instructions to store Samba's Uer/Machine Account information in an LDAP Directory (Samba-LDAP-HOWTO.html). Is there anyone knowing how to run this Perl script: import_smbpasswd.pl in examples/LDAP directory? I don't know Perl. :( Which version of samba is this? There was a change in some of the scripts somewhere around 2.2.5 IIRC. Anyway, in both cases you need to edit the script to set your ldap server details ($DN, $ROOTDN, $rootpw and $LDAPSERVER, and then run something like this: ./import_smbpasswd.pl /etc/samba/smbpasswd In addition, is there more information/tutorial of LDAP available on line? Mandrakesecure.net had a decent tutorial a while back. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0alpha21 - quotas on recent glibc breaks build
I get the following error building samba-3.0alpha21 on Mandrake cooker: Error: Compiling smbd/quotas.c smbd/quotas.c: In function `get_smb_linux_vfs_quota': smbd/quotas.c:115: storage size of `D' isn't known [buchan@klama buchan]$ rpm -q --whatprovides kernel-headers glibc-devel-2.3.1-6mdk [buchan@klama buchan]$ uname -a Linux klama.mandrake.org 2.4.19-16mdkenterprise #1 SMP Fri Sep 20 17:34:59 CEST 2002 i686 unknown unknown GNU/Linux [buchan@klama buchan]$ gcc -v Reading specs from /usr/lib/gcc-lib/i586-mandrake-linux-gnu/3.2.1/specs Configured with: ../configure --prefix=/usr --libdir=/usr/lib --with-slibdir=/lib --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --enable-long-long --enable-__cxa_atexit --enable-languages=c,c++,ada,f77,objc,java --host=i586-mandrake-linux-gnu --with-system-zlib Thread model: posix gcc version 3.2.1 (Mandrake Linux 9.1 3.2.1-2mdk) Any ideas? As far as I know, samba-2.2.7a (with quota support) still builds fine on this setup. Regards, Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Default domain for winbindd?
On Fri, 10 Jan 2003 [EMAIL PROTECTED] wrote: I think it's a bit suspect to suggest 3.0alpha over 2.2.x, depending on the application. For plain authentication use (ie desktops, ssh, cvs over ssh, pop/imap etc), it seems to work very well. I have a production server at a client, that I have never had problems with, service 600+ mailboxes to 60+ concurrent users. I had similar success when I tried it... the only problems I experienced were logs getting winbind errors for system accounts. But Jerry and Andrew both say don't use it in 2.x, and have said it more than once on this list. The question isn't whether it may have problems, but what the problems may be. As far as I know, the only possible problems with it relate to smbd, specifically in resolving permissions and ACLs. If you don't run smbd, I don't think it's an issue. BTW, I have it running on a production machine that has been up since shortly after the option first made it into a release, which AFAICR was 2.2.4. I would hae to check the machine, but IIRC it's at least 8 months production use with no issues. I actually do have an smbd running on the machine, but without ACLs, and there haven't been issues with that, but it's really only minor use (an easy way for students to work on web pages). I am quite sure 3.0alpha isn't supported yet either (which is the gist of the messages regarding winbind use default domain = yes). Well, if he has winbind problems in 2.x with use default domain, I suspect the samba team would say it got placed in 2.x to satisfy a dependency of a code merge, has known flaws, and should not be used. If he has problems in 3.x with winbind use default domain = yes, he's likely to get more eyes. That's my best guess, at least, and I welcomed him to try it in 2.x, but suggested 3.x was the way to go if he really needed it. For his use, I don't think there would be any issues (as long as he doesn't run an smbd). And if there are, then he could try 3.0alpha then, but starting on a development release is IMHO never a good option, since it is then difficult to know if your issues are bugs or configuration issues. Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [PATCH 2.2.7a] was: Samba Referrals
On Sat, 11 Jan 2003, C.Lee Taylor wrote: Ignacio Coupeau wrote: http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#patches I taken alook and see no differance, but then you could still be putting up the new patch ... White space doesn't survive cutting-and-pasting from a web page, and patch is sticky about white space in the first two characters in a patch file .. I got malformed patch even with -l. I see you have put up a tar file, but a single patch file for all the files would be fine. Best way to extract the other two is probably to save the html and open it in an editor :-(. I added a patch for rebind code in samba 2.2.7a. As I tested itonly with openldap, I need some feedback. Is based in the SAMBA_3 code, but in the 2.2.x fashion. Okay, when the patch is up, I will apply and test, but that is only with Samba 2.2.7a and OpenLDAP 2.0.25 on a ReDHat 8.0 system ... I don't have much else to do complete tests with. Same environment on Mandrake 8.2/9.0 ... the patch includes tree small ones: to configure.in (about 10 lines) to include/config.h.in (one line) to passdb/pdb_ldap.c (a bit long) As openLDAP don't have LDAP_SET_REBIND_PROC_ARGS definied in their .h (at leas t in te 2.0.25/21 and 2.1.7), the macros in the configure are required. Great, that is what I was not looking forward tring to figure out ... Thanks again. Cool, thanks to both of you. Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Re: [PATCH 2.2.7a] was: Samba Referrals
On Sat, 11 Jan 2003, C.Lee Taylor wrote: Okay, the problem I have run into now, is if I apply the patches, by hand sometimes, I still have to run autoconf before running configure ... now, this is not a show-stopper ... but for package compiling, which I am sure Buchan Miline is doing, as I am ... this is not a source patch ... or at least not for me ... We already run autoconf, just BuildRequires: autoconf, then: %build (cd source autoconf %configure etc ... Maybe after successful testing, we could get Jerry ( I am sorry if I get this wrong ... I always seem too ) to include this in Samba 2.2 as production code. I am sure the patches will get into SAMBA_2_2 if the samba team thinks there will be another 2.2.x release, but it would be nice to have them in sooner so we can use official patches. Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
[Samba] Re: samba (2.2.7a) + openldap (2.0.x)
C.Lee Taylor wrote: Buchan Milne wrote: OK, I stayed a bit late, waiting for things to finish compiling etc ... You should not work that hard ... ;-) Tell me about it, but we're on a tight schedule, and I have a day-job (if you call MSc.Eng thesis a job ...) and did some tests. It seems to work. What I did was just point the production DC at a slave server, and then Kewl ... 1)try and change my password a)while both ldap servers were running (works) Great ... did you watch the traffic follow by any chance ... I did, (openldap log level 256) but the clocks on the machines weren't synced, so I couldn't see exactly the sequence of events, but there were MOD requests to both ... b)while only the slave is running (doesn't work) That should not, at least not by the standards that I understand that LDAP replcia works ... c)while only the master is running (doesn't work) That should work, but I think that might be a smb.conf thing ... Ideally it should work for failover, but I think this will only be available in 3 with passdb backend = ldap://host1 ldap://host2 (Ok, got your other mail which indicates that 'ldap server = host1 host2' should work. OK, I will see if I can do a different test which doesn't force me to mess with the DC, we have a replica running on the box which will become the new DC next week, might as well test it there ) 2)connect to my homes share a)while both servers were running (works) b)while only the slave was running (works) c)while only the master is running (doesn't work) Same as the above ... So, it seems to be all correct, but it would be nice to have ldap failover (multiple ldap servers listed in smb.conf?), but not absolutely necessary. Now our WAN setup should work! This is how I intend it to work, but have not finish testing ... And, I also seem to not be able to have machine accounts created by samba. I lost the (samba) log now, but while I had smbcontrol'ed the smbd handling my domain join, I saw an ldap search string something like this: ((uid=machine_)(objectclass=sambaAccount)) where it should have been like this: ((uid=machine$)(objectclass=sambaAccount)) This I am not certain about this ... but I would think it better to use LDAP scripts to add the accounts, which I think IDXP or something like that does have ... remember, if you use the normal way, Samba is tring to add an account into passwd and shadow, which will not work ... The mandrake RPMs ship with idealx-tools setup by default in /usr/share/samba/scripts, with the config in /etc/samba/smbldap_conf/pm, and I have: add user script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -s /bin/false %u This worked fine until yesterday when I upgraded from 2.2.6 to 2.2.7a Without the LDAP entry in the server, I got a No mapping was done between etc error on the client. Do you have the LDAP enter at all ... I lost my level 5 debug log when I wanted to see samba referral later when I set debug level to 10 :-(. Will test again a bit later ... and save the log this time ... I also had a local machine account (in passwd) at which time I did not get the error AFAICR, but it failed to join. Mmm, I have had problems when there is an account already ... something fails ... I do remember somework in Head to get around this, but not in 2.2 I was hoping to release 2.2.7a RPMs for Mandrake now, but they can't ship like this ... I have made some RPMs for RedHat 8.0, which is what I am about to test, and I see Herb Lewis has sent me a patch for the autoconf check, which I have not looked at yet either ... but I am hoping this can all come together soon ... Wouldn't mind seeing the patch, but would like to have ldap machine addition working (and test machine addition without ldap) before we ship updates ... BTW, anyone who as a working setup for testing large file support in smbtar/smbclient on a Mandrake 8.2 or 9.0 box, please contact me as I have RPMs with both patches for those releases, and I don't currently have resources to test those ... Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Default domain for winbindd?
Message: 16 Subject: RE: [Samba] Default domain for winbindd? Date: Fri, 10 Jan 2003 11:50:30 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] The reason why your line was badly formed was because it sounds like you used the name of the paramater without specifying any value... so the badly formed line gets ignored and the default (= no) used instead. What you were looking for was 'winbind use default domain = yes' ... Should have put in a real entry instead of assuming people would read a man page ... That being said, do not use this in 2.x because it was meant for 3.x and has problems in 2.x releases ( http://marc.theaimsgroup.com/?l=sambam=103608357527005w=2 , http://marc.theaimsgroup.com/?l=sambam=103238578221048w=2 ). You can try it, but if you need to use this then you should really be in 3.x. I think it's a bit suspect to suggest 3.0alpha over 2.2.x, depending on the application. For plain authentication use (ie desktops, ssh, cvs over ssh, pop/imap etc), it seems to work very well. I have a production server at a client, that I have never had problems with, service 600+ mailboxes to 60+ concurrent users. I am quite sure 3.0alpha isn't supported yet either (which is the gist of the messages regarding winbind use default domain = yes). Regards, Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba (2.2.7a) + openldap (2.0.x)
Buchan Milne wrote: C.Lee Taylor wrote: OK, I stayed a bit late, waiting for things to finish compiling etc ... and did some tests. It seems to work. What I did was just point the production DC at a slave server, and then 1)try and change my password a)while both ldap servers were running (works) b)while only the slave is running (doesn't work) c)while only the master is running (doesn't work) 2)connect to my homes share a)while both servers were running (works) b)while only the slave was running (works) c)while only the master is running (doesn't work) So, it seems to be all correct, but it would be nice to have ldap failover (multiple ldap servers listed in smb.conf?), but not absolutely necessary. Now our WAN setup should work! Well, not quite. I did a new test, this time with: ldap/pdc: master ldap server and original dc bgmilne: slave ldap hercules: slave ldap, 2nd dc thinkpad1: win2k/linux dual-boox client pdc, hermes and hercules are on the same net, thinkpad1 is on a crossover cable with hercules. I could authenticate to hercules after doing the ldap setup only (did not join hercules to the domain, just imported the domain SID). However, I could not change the password, either from win2k, or from the commandilne on hercules (smbpasswd -r hercules). I will go through the unav.es howto again and see if I have missed soemthing. Also, for some reason the profile didn't work. It's not specificed in LDAP, but works on PDC when in the normal net. Ditto for login scripts. The shares defined in hercules's smb.conf are accessible after login though (but profiles are on root-squashed NFS to pdc, could be the issue). Failover (ldap server = bgmilne ldap) seems to work, but wasn't tested extensively. Regards, Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba (2.2.7a) + openldap (2.0.x)
C.Lee Taylor wrote: Seems I was wrong (left out ldap switch ...), it doesn't compile on cooker, here is the error: Compiling passdb/pdb_ldap.c passdb/pdb_ldap.c: In function `ldap_connect_system': passdb/pdb_ldap.c:289: warning: passing arg 2 of `ldap_set_rebind_proc' from incompatible pointer type passdb/pdb_ldap.c:289: too many arguments to function `ldap_set_rebind_proc' make: *** [passdb/pdb_ldap.o] Error 1 What the real problem, is that the ldap_set_rebind_proc now takes 2 par instead of 3. On line 289 ( I think remove the ,NULL from the call and recompile. It should then recompile fine. I am testing this at the moment. I now wish I could figure out the autoconf stuff so that it could be tested for. I hope this helps. Please let me know if it works for you. Thanks, compiles (with warning): Compiling passdb/pdb_ldap.c passdb/pdb_ldap.c: In function `ldap_connect_system': passdb/pdb_ldap.c:289: warning: passing arg 2 of `ldap_set_rebind_proc' from incompatible pointer type Will see if I can actually get it working later today (if I can devise an easy method to test it without disturbing our production dc ...) Regards, Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Removing requirement for local machine accounts
Message: 7 Date: Wed, 8 Jan 2003 09:32:22 -0700 From: Dan Peterson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] Removing requirement for local machine accounts Bruno Gimenes Pereti [EMAIL PROTECTED] wrote: add user script = sudo /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ Unfortunately, this is where the headache comes from. We rsync necessary password files (both system and samba) to many FreeBSD and Linux machines every few minutes. You may want to consider using LDAP instead? These are generated from a PostgreSQL database which we'd rather not clutter with extra accounts if possible. So, that's why I'd like each samba instance to just do whatever it needs to do to let machines think they've joined the domain without caring about system and samba accounts. Well, I don't know about making the machines think they have joined the domain (they have password, which they need to access the domain), but you may want to look into using one of the _nua (no user account) backends in samba3. But, then you would need to sync whatever files contain the machine accounts. You may rather just want to implement LDAP (there may even be a postgres backend for ldap, which will probably only allow you to migrate to LDAP) instead, will simplify your whole setup and provide more features. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba (2.2.7a) + openldap (2.0.x)
C.Lee Taylor wrote: Thanks, compiles (with warning): Compiling passdb/pdb_ldap.c passdb/pdb_ldap.c: In function `ldap_connect_system': passdb/pdb_ldap.c:289: warning: passing arg 2 of `ldap_set_rebind_proc' from incompatible pointer type Will see if I can actually get it working later today (if I can devise an easy method to test it without disturbing our production dc ...) Don't we all have that problem ... I was hoping to get to test today, but my test lab is infect with users ... OK, I stayed a bit late, waiting for things to finish compiling etc ... and did some tests. It seems to work. What I did was just point the production DC at a slave server, and then 1)try and change my password a)while both ldap servers were running (works) b)while only the slave is running (doesn't work) c)while only the master is running (doesn't work) 2)connect to my homes share a)while both servers were running (works) b)while only the slave was running (works) c)while only the master is running (doesn't work) So, it seems to be all correct, but it would be nice to have ldap failover (multiple ldap servers listed in smb.conf?), but not absolutely necessary. Now our WAN setup should work! And, I also seem to not be able to have machine accounts created by samba. I lost the (samba) log now, but while I had smbcontrol'ed the smbd handling my domain join, I saw an ldap search string something like this: ((uid=machine_)(objectclass=sambaAccount)) where it should have been like this: ((uid=machine$)(objectclass=sambaAccount)) Without the LDAP entry in the server, I got a No mapping was done between etc error on the client. I also had a local machine account (in passwd) at which time I did not get the error AFAICR, but it failed to join. I was hoping to release 2.2.7a RPMs for Mandrake now, but they can't ship like this ... Regards, Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Default domain for winbindd?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 18 Date: Tue, 7 Jan 2003 16:47:44 -0800 From: Chris Palmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Default domain for winbindd? [...] It'd be nice if there were an smb.conf option for [global] like default = winbind domain =3D WHATEVER. Is there a plan to include such a feature = in the future, or does this feature exist and I just haven't found it? Try 'winbind use default domain' in the global section of smb.conf, and it will use the default domain (the one which is already listed in 'workgroup'). It's not supported by the samba team on 2.2.x, but it works quite well for authentication via pam (there are apparently issues with samba, specifically ACLs). We (Mandrake 9.0) use it when selecting Windows Domain as the authentication method during installation (out-the-box winbind works on it ...), but our config for that setup doesn't have any file shares enabled to ensure people don't have problems which aren't of their own making ... Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+G/QqrJK6UGDSBKcRAufdAKCzENIXCPasg35OhM9nd8LD8gpZLgCgrfG7 XJvdL64iqOqD+0JBuF6lp24= =XJGD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sigh....ok once more with feeling
Message: 1 Subject: Re: [Samba] Sighok once more with feeling From: Stephen Kuhn [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: Kuhn Media Australia Date: 08 Jan 2003 15:26:31 +1100 On Wed, 2003-01-08 at 15:17, tufkal wrote: The firewall didnt help matters. I think its FUBAR and I need to reformat anyways, so ill reformat and reinstall and put fresh SAMBA up, on Mandrake 9.0. I'd like to point out that MDK 9 DOES have some firewall issues - with the built-in stuff - most users end up removing it altogether and using a different package other than the one that comes bundled with MDK. If you can manage to NOT install the Shorewall (or whatever it's called) from the MDK installation, I think you might fare a tad bit better on the initial setup of Samba... ...can't hurt to try. There's nothing wrong with shorewall (I have it in production on many 8.2 boxes, and a few 9.0 boxes, with some default setups, some very complex ones using the MNF interface to modify rules). There is one issue affecting internet connection sharing on 9.0, incorrect setting of the NIC as gateway (it's listed in the errata). Unofortunately most users posting haven't even bothered to read the errata before blaming something new ... Anyway, configuring a firewall is no trivial matter, and the poster didn't try with his firewall disabled to prove whether it was the firewall or not (though I suspect it wasn't). Please don't FUD the list, unless you have a bug report in Mandrake bugzilla ... (https://qa.mandrakesoft.com) or an issue in Mandrakeexpert.com to which you are willing to refer us. The system has 2 NICs and NET_MASQ shares internet to the XP machine. Therein it acts as a DHCP server and has a firewall. I will open 139 from the start next time. From this basic square one setup, how do I get to my objective? Objective being, all I want is to be able to access directories on my linux box from my windows box via Explorer for drag drop. I can mount on my linux box, folders being shared by the windows machine. I have been able to do that for a while (I love LinNeighborhood). I just wanna do the reverse. I think that once your firewall issues are resolved, the next steps are easy. Somehow I think not, since IIRC, he was getting a user/password prompt. Probably needs to apply the signorseal reg patch to his XP box. Of course, testing with another os on the client (knoppix or win9x/winnt/win2ksp3) or shutting down the firewall to test would help narrow down the problem. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba (2.2.7a) + openldap (2.0.x)
Buchan Milne wrote: Ignacio Coupeau wrote: Buchan Milne wrote: Hi, I was following some of the howto at http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#patches to include the ldap referral patches in the samba packages for Mandrake, but it seems that samba does not compile with the patch (I can give you the error later, but AFAICR it was incompatible 2nd argument passed to function on line 289 of pdb_ldap.c (I think where ldap_connect_system calls auth_rebind_proc). The tls stuff in the lib/include are a bit special... I going to apply the patch to the latest samba-2.2.7a. If you plan is use starttls the standard openldap libraries (at least in RedHat) should be replaced by ones with start_tls support. Try a search with: ldapsearch -ZZ -H ldap://your_FQDN_ldap_server/ filter attr list -d 256 [bgmilne@bgmilne bgmilne]$ ldapsearch -x -ZZ -H ldap://ldap.cae.co.za; (uid=bgmilne) dn -LLL dn: uid=bgmilne,ou=People,dc=cae,dc=co,dc=za (This is on cooker, but TLS works fine on Mandrake 8.0 through 9.0. also perform a search in the /usr/include: [root@bilbo htdocs]# egrep LDAP_API_FEATURE_X_OPENLDAP|LDAP_API_VERSION|REFERRAL|TLS /usr/include/* you should obtain some like: This box runs Mandrake cooker, original problem was on my home machine running 9.0, but 9.0 ships with 2.0.25-7mdk, and my cooker box currently has 2.0.27-1mdk. look for: #define LDAP_API_VERSION 2004 #define LDAP_REFERRAL 0x0a /* LDAPv3 */ #define LDAP_CHASE_SUBORDINATE_REFERRALS 0x0020U #define LDAP_CHASE_EXTERNAL_REFERRALS0x0040U #define LDAP_EXOP_START_TLS 1.3.6.1.4.1.1466.20037 On cooker (don't currently have a 9.0 build devel box available, will check at home on 9.0) I get: /usr/include/ldap.h:#define LDAP_API_VERSION2004 /usr/include/ldap.h:#define LDAP_REFERRAL 0x0a /* LDAPv3 */ /usr/include/ldap.h:#define LDAP_CHASE_SUBORDINATE_REFERRALS0x0020U /usr/include/ldap.h:#define LDAP_CHASE_EXTERNAL_REFERRALS 0x0040U /usr/include/ldap.h:#define LDAP_EXOP_START_TLS 1.3.6.1.4.1.1466.20037 But, on cooker it seems to compile fine ... so I guess I should upgrade to 2.0.27 on my 9.0 boxen that need referrals. Seems I was wrong (left out ldap switch ...), it doesn't compile on cooker, here is the error: Compiling passdb/pdb_ldap.c passdb/pdb_ldap.c: In function `ldap_connect_system': passdb/pdb_ldap.c:289: warning: passing arg 2 of `ldap_set_rebind_proc' from incompatible pointer type passdb/pdb_ldap.c:289: too many arguments to function `ldap_set_rebind_proc' make: *** [passdb/pdb_ldap.o] Error 1 And make the patch conditional so we don't try and apply it on 8.0 through 9.0 (for which we still build updated samba RPMS for each release). Or would it be possible to have referrals work with older openldap versions? I see a comment about a ./configure test Anyone else have the referral patch working on 2.2.7a against openldap-2.0.x ? Regards, Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Initial configuration help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 21 From: tufkal [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: 06 Jan 2003 17:02:08 -0600 Subject: [Samba] Initial configuration help I have my Linux box setup net_masq (internet connection sharing) for a windows XP PC. I am using Mandrake 9.0. I installed all the necessary RPMs for SAMBA and ran the wizard in SWAT for the default setup. Doesn't really achieve much but removing all the comments that were in the original file ... I then made a user 'tufkal' Did you assign an smbpasswd (via smbpasswd -a username or in swat)? If this ins't it, you may want to up logging (log level = 3 should be enough) and take a look at the logs ... using smbclient i am able to log in to my home dir share. If you didn't, this should not have worked .. since you are using encrypted passwords ... But I cant get anything at all on the windows box. net use z: \\hostnameofmyserver\tufkal gets a prompt, but no suitable username/pass is accepted Do the usernames/passwords match (the smbpasswd password). - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+GtHCrJK6UGDSBKcRAtaUAKCEKS30AtbI1j9NkJxiH0KxdfbXgwCgubdZ /dvvp8xaWxnraHv1+5c9EPY= =piGC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mksmbpasswd.sh and passwd sync problems...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 22 Date: Sun, 5 Jan 2003 08:21:49 -0800 From: Bob [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] mksmbpasswd.sh and passwd sync problems... Hello Everyone! I've spent quite a bit trying to get these shares to work just right. I'll past the output of my smb.conf at the end of this message. If anyone has any advice on this, that would be great. My first problem is that I'm trying to sync up my /etc/passwd with the /etc/samba/smbpasswd file. (I'm using Mandrake 9.0 and Samba 2.2.6-1.0.pre2.2.mdk. There have been security updates to 2.2.7, but you may want to wait a bit for 2.2.7a ... Mandrake puts the smbpasswd file in the /etc/samba directory. When I do this command cat /etc/passwd | mksmbpasswd.sh /etc/samba/smbpasswd It does create a smbpasswd file. However, then None of the users can log in to the shares. I can log into the win98 client, and then see the user's home directory, the care directory, and the public directory but can't log in to them. This command only makes an empty smbpassd file, which really serves no purpose, you may as well just do: # smbpasswd -a user for each user Why? The linux and windows password hashes are incompatible, the only way to derive one from the other is to brute-force them. This is the whole reason for the smbpasswd file. I've also tried to create the smbpasswd file with webmin, but that doesn't seem to work either, it gives me three options: For newly created users, set the password to 1. no password, 2. account locked, 3. use this password What if I want the same password as the linux password? argh! You could use something like pam_smbpass so that if the linux password is changed, that the samba password is also changed. Or, set it to a known value and let the users change the samba password from windows. Or authenticate all other linux services via pam_smb or pam_winbind The only way I can log into the shares is to actually create an individual password using smbpasswd -a username. What am I missing? I know I have successfully done this in the past? You might want to tell us how ... unless it was using clear-text passwords and hacking the registry on all the clients, and not being able to do domain logons at all. When I do create the password with smbpasswd, I can log in Log in how. Please be clear. Was this into windows? Which version? , see the shares, and actually log in Again, log in where? , but Ihave to enter in the password again to access the shares. Should I have to log in twice? No, you shouldn't be prompted for a password on connecting to a samba server using encrypted passwords if the username and password on the client (what the user logged into windows with) match that of the server Sorry for the double questions, Any advice would be very much appreciated. Thanks, Bob # Global parameters [global] workgroup = PARADISE netbios name = SERVER server string = Linux Server %v interfaces = 127.0.0.1, 192.168.0.254 hosts allow = 192.168.0. security = SHARE You really should use 'security=user' here IMHO. encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat dns proxy = No printing = cups wins support = yes os level = 65 local master = yes domain master = yes preferred master = yes [homes] comment = Home Directory read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients). lpq command = lpstat -o %p lprm command = cancel %p-%j browseable = No [public] comment = Public Directory path = /home/samba/public write list = @staff guest ok = No read only = No [care] comment = Careware Data path = /home/samba/careware valid users = sara, jim, bob read only = No browseable = Yes - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Re: [Samba] File Systems - Which one to use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 18 Reply-To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Dragan Krnic) To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], 'Simo Sorce' [EMAIL PROTECTED] Subject: AW: [Samba] File Systems - Which one to use? Date: Thu, 12 Dec 2002 16:54:48 +0100 Organization: dkdt ext3 and XFS have ACLs while, afaik, JFS and reiserFS do not. A dangerous misconception. The best file system around, ReiserFS, can I would be a bit hesitant to make such sweeping statements without at least qualifying the usage the FS is destined for, and what options the FS was mounted with. Benchmarks of ext3 vs ReiserFS have shown similar performance of the two when mounted with equivalent options. handle ACLs and EAs just beautifully after you enable the features in the kernel, Very nice to know, I was aware about EAs not of ACLs, are tehy in official kernels? I do not use proprietarized distributions so SuSe and such are not an option I consider. Run Mandrake (8.1 or later for XFS, 9.0 or later for ACLs on ext2/3, all works out-the-box via samba). Mandrake 9.0 also has winbind support in the install (if you need that). Or, run RH, and get 3rd-party kernels from SGI for XFS, (or roll your own). Besides that, if it is in an official kernel have you tested them with samba? Are they Posix compliant? Can you give me some more info on them? All of them use the draft posix ACLs. API? Merged in-kernel with 2.4.19. I'm not SuSE. I only use it. Perhaps it's not for you (proprietarized and all). What a difference in directory manipulation commands! Reiserfs is screaming fast compared to all other fs's out there. Windoze client SMB/CIFS subsystems are very abusive of these commands, so it may mean a lot of difference in performance. I have yet to take it into production (at the moment ext3 rules because of the same initial error of judgement) but tests so far were very encouraging - oh boy, reiser really kicks butts, especially with log on a separate spindle. Depends of course on the file sizes ... very big files in sparse directories will have a different effect ... Maybe, but I would like to see some test before :-) Of course. Before mkreiserfs I copied about 10 GB from the volume, ext3 to Ext3, it took 36 minutes. After mkreiserfs I copied back 13,6 GB in 50 minutes flat. Do ll on a real big directory, the listing just gushes forth. Sorry, no official benchmark made. Even official benchmarks are difficult to interpret. I have had issues with ReiserFS2.x, but we really need ACLs, so until some distro supports ACLs on ReiserFS, it's not coming near my file servers (mail/news/web maybe). Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9+OsorJK6UGDSBKcRAgFfAJ4lIkMXserhMUKRKrVHV9KBhXx6cQCdHQoC 5IHCi2I4wc40+MQKJQzPFNQ= =WEgf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.7a
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 15 From: Sylvestre Taburet [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Organization: Mandrakesoft To: Ken Walker [EMAIL PROTECTED], '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: Re: [Samba] Samba 2.2.7a Date: Thu, 12 Dec 2002 14:12:19 +0100 Cc: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Le Jeudi 12 Décembre 2002 12:56, Ken Walker a écrit : Are the latest updates for Samba ( 2.2.7a ) available on the mandrake update system yet ? Mr Smiley No, not yet. We have some QA to do before we put them on DL. You can still grab the 2.2.7a SRPM from cooker and recompile on 9.0. It works fine (though it's not an official update). I'll try to put 9.0 and 8.2 versions on my unofficial repository http://people.mandrakesoft.com/~staburet/freshsamba today if I have some time. Also check with Buchan's site: http://ranger.dnsalias.com/ Yes, I now have 8.0, 8.2 and 9.0 up, with and without LDAP, most with the samba-vscan RPMS (at least for sophos, fprot, mks, and trend, openantivirus only for 8.0 and 8.2). urpmi sources setup for non-ldap RPMs (it's too much effort now for the LDAP rpms), except 9.0 which will handle them all in one hdlist. http://ranger.dnsalias.com/mandrake/mandrake8.0/samba-2.2.7a/ http://ranger.dnsalias.com/mandrake/mandrake8.2/samba-2.2.7a/ http://ranger.dnsalias.com/mandrake/mandrake9.0/samba-2.2.7a/ In most cases, this should sort you out (except if using ldap on 8.0 or 8.2): # urpmi.addmedia samba-2.2.7a \ http://ranger.dnsalias.com/mandrake/mandrake`awk '{print $4}' \ /etc/mandrake-release`/samba-2.2.7a \ with hdlist.cz I don't have an 8.1 box to build on anymore, and the 8.0 box will be upgraded soon, so if you have Mandrake 8.0 or 8.1 boxen running samba, and don't want to rebuild SRPMS, you might want to think about upgrading sometime soon. I won't be on-line again until next week ... Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9+OzzrJK6UGDSBKcRArK2AJwOdNqTT/aJjaCdbdfQu8WpvD7iuQCgkjKp 4DvDWGJHic/AWa3oUEvBYTg= =16kq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange winbindd situation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 12 Date: Wed, 11 Dec 2002 11:37:08 -0500 From: George Lenzer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Strange winbindd situation -What would cause these connections? -Something malicious, or just a quirk with the clients? -As far as I can tell, these clients all seem to be Win2K and XP. Is this something natural to those clients? Maybe they search for shares and this results in logons? This seems like normal windows operation to me ... epsecially if you have printer shares on your machine. If you don't want to see this: 1)Don't run samba if you don't need to 2)If you do need to run samba, but don't need to auto-create home directory shares for users, turn off pam obedience 'obey pam restrictions = no'. This is actually the default, but in many circumstances it's very convenient to set 'obey pam restrictions = yes'. Making your samba server non-browseable may also help matters ... Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE995QOrJK6UGDSBKcRAhg0AKC+SJUQhXHkGT+Zh8+oAl48nzfBMgCffZH/ uy78QRntITkX0hpOuyGpkMA= =YzS+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Antivirus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 20 From: Mike Williamson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] Antivirus Date: Sun, 8 Dec 2002 22:58:58 -0500 - Original Message -=20 From: cantisan=20 To: [EMAIL PROTECTED]=20 Sent: Sunday, December 08, 2002 2:45 PM Subject: [Samba] Antivirus Anyone are using Server Protect for Linux to protect the files on = Samba File Server ? Are there any other product, I want to check every = file saved on my file server. Take a look at Vexira, www.centralcommand.com . Apparently it will = provide on-access scanning Samba shares. I'm not using it _yet_ but it = sounds like a great fit for Samba file servers. Sophos has a Unix/Linux product but it isn't set up to automatically = scan files that remote users write to the server. However, I suspect = that it's possible-- with some creativity-- since AMaViS uses Sophos to = scan e-mail passing through Sendmail. Or, try the samba-vscan project (http://www.openantivirus.com), which allows you to do on-access scanning in samba with your choice of virus scanner (Fprot, OpenAntivirus, Sophos, Trend or Kaspersky). I have tested it with Sophos (with samba-vscan 0.2.x), and am working on getting the latest version running with Sophie (a daemon for managing Sophos) in preparation for using it in production. Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE99JGurJK6UGDSBKcRAhgeAJ0evq094HtLFHGX98ZkKOGnfosHvQCdHDSO nndiSJ+iZfTm6P0OvMSJGgM= =UhQK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticate Linux Session with NT Domain Acct.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 24 From: Benjamin Krein [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: PMC Technologies, Inc. Date: 05 Dec 2002 11:28:56 -0500 Subject: [Samba] Authenticate Linux Session with NT Domain Acct. Despite configuring winbind and my /etc/pam.d/files, I am still unable to actually log into a Linux session (ie, at the gdm login screen or text login prompt) using my NT domain account. Here is my /etc/pam.d/login file: auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so It would be useful if you included your /etc/pam.d/system-auth file. You don't have a pam_mkhomedir entry here, so you won't be logged in if your home directory does not exist. NOTE: I can access NT shares using my NT Domain credentials, but that's about it. I can also get group/user info. from the NT domain which tells me winbind is communicating with my PDC. Thanks for any help. Some more debugging info would be useful, such as whether: 1)'wbinfo -u' returns domain users 2)'wbinfo -g' returns domain groups 3)'getent passwd' includes domain users 4)'getent group' includes domain groups BTW, Mandrake 9.0 has an option for winbind authentication during installation, which mostly works out the box (if you enter your domain name in caps, otherwise you have to create /home/DOMAIN manually). The file that we use to replace /etc/pam.d/system-auth (so you don't have to hack any other pam files for winbind auth) is in the samba source distribution, under packaging/Mandrake. You can also find some examples for Redhat 8.0 in the tarball which includes my presentation on winbind: http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE98MX4rJK6UGDSBKcRAr8aAKCy291pYAtGE5yyNynTSqoD/rj94gCgmavs tIgfy1SIqO0UzvVqmdaeRp8= =ab// -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Won't %L work anymore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 6 Date: Wed, 04 Dec 2002 16:43:01 -0500 From: Gary Algier [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] Won't %L work anymore? A followup to my own post: I went ahead and implemented a configuration with %L. It works great. One problem: Micro@!#$t broke Win2k with SP3. My test PC was running Win2k SP2. When it connected to the server it seems to have supplied the netbios name of my server. I went into my boss's office to show him how great this works and his Win2k SP3 did not show the same shares. They showed the shares that would show if the real host name is used. Here's my basic config: System OS: Solaris 2.6 Samba: 2.2.7 Hostname: tea IP addresses assigned: 172.25.0.13 (tea) 172.25.0.33 (cup) 172.25.0.34 (mug) Partial configs: /etc/samba/smb.conf: [global] interfaces = 127.0.0.1 172.25.0.13 172.25.0.33 172.25.0.34 #You probably want to try adding right here: netbios name = beverages netbios aliases = tea cup mug include = /etc/samba/smb.conf.host-%L /etc/samba/smb.conf.host-tea: [global] workgroup = MTLAUREL I don't think this will work if you have different workgroups listed here, I suspect you would have to run seperate smbd's with different config files if you want to do this. netbios name = TEA Unnecessary, use netbios aliases instead. ... [some-shares] ... /etc/samba/smb.conf.host-cup: [global] workgroup = MTLAUREL netbios name = Cup [other-shares] ... /etc/samba/smb.conf.host-mug: [global] workgroup = MTLAUREL netbios name = Cup [more-shares] ... So, am I crazy to think of using %L? Should I use another (hidden) % code? Should I hack in %s (for sockname) or %l (for alternate %L) as the result of getsockname()? Will this even work? Is this any different in samba 3? - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE971hprJK6UGDSBKcRAoWwAJ9Cs3Nrj0Nt1CRpJ+KXg2F0H8AEQQCeKJKz O4KUgm7icTFgpol4tVHUqCQ= =Wu93 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain logons+linux client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 10 Date: Tue, 3 Dec 2002 03:57:43 +0530 (IST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] domain logons+linux client hello, The concept of a PDC is every machine logs into the domain controller to get access to n/w resources(file and print sharing). Not really, the concept is that when a request is made to one of the members of the domain, authentication is passed off to the domain controllers. Using the term log in is misleading ... and in windows if i have a NT or 2000 machine as a domain controller,every other workstation or a client logs in to DC for n/w resources. Users log into a machine, and are authenticated against the domain controller. When they connect to another machine in the domain, their client (windows) passes authentication tokens to the server the user is connecting to, and the server checks authentication against a domain controller. Logging in doesn't *really* have anything to do with connecting to another machine, besides the fact that windows keeps a copy of your hashed password or a token form the DC (AFAIK). And samba is a server software on linux server,which i assume(iam new to linux n/w'ing,so still fighting hard to familiarize linux)is configured on linux server to allow linux machines visible on windows n/w neighbourhood. Samba is a suite of software to allow unix machines to perform network operations using the SMB/CIFS protocol, which is used by Windows. It provides both server-side and client-side features. and windows have to be logged in samba server to get n/w resources. But wat abt linux systems on the n/w.Is it possible that once linux machines starts,similarly like windows clients ask to give a username pasword pair to get into samba server for n/w access. ...if anyone is having an idea abt this,pls share it with me.and any kind of guidance is appreciable. Maybe it would be better if you told us what you are trying to accomplish? For example, it is possible (and very easy with Mandrake 9.0) to provide desktops that authenticate against a windows domain, using winbind. Using some tools such as pam_mount you would automatically have windows/samba shares mounted when the user logs in. This authentication can also be used for other services (email, ssh, cvs over ssh, domain member server with ACLs, print server with downloadable print drivers etc etc). Browsing a windows network can be done with tools such as Linneighborhood, Komba2, or the network browser in KDE, but they do not get the password from the login, rather you must manually set the password they will use. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE97ILgrJK6UGDSBKcRAtobAKC/yKGKMnVIFbcOb+gnP9VVZU98nwCgxknc U5YLmPab6Syhee6V+cVW0iA= =sHNR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RPMs of alpha21 for Mandrake 9.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have built RPMs for Mandrake 9.0 that will parallel install with an existing samba-2.2.x installation (you should be running 2.2.7-2.1mdk if your machine is up-to-date). RPMS here: http://ranger.dnsalias.com/mandrake/mandrake9.0/samba-3.0alpha21/ The srpm should build cleanly on anything from Mandrake 7.2 and up, but I don't have time at the moment to build for other releases. No testing besides it installs and runs Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE95jhOrJK6UGDSBKcRAlG8AKCjIb/Tu0+iYYaXjRAg4FtGhrHf9gCfdWVs eAxYNQOD1gUMFnyW5l7Gd+g= =Pv9c -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 alpha21 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sylvestre Taburet wrote: Le Mercredi 27 Novembre 2002 16:45, Gerald (Jerry) Carter a écrit : On Wed, 27 Nov 2002 [EMAIL PROTECTED] wrote: And what about side-by-side installations? Having both versions installed... so I can run 3.x for a bit, stop it, and turn 2.x smbd back on if needed? I heard this was the case in tarball installation, but is this supported by the RPM? The 3.0alphaX RPMs will overwrite a 2.2.x RPM. Downgrading is not supported as some TDB's will be upgraded to a newer format that would be unrecognized by 2.2.x. Correct me if I'm wrong, but the Mandrake Linux contrib samba-3.0alpha20 RPM was designed specifically to allow testers to keep their existing 2.2.X version and try 3.0alpha20 (everything installed in /opt, /etc/samba3, /var/lib/samba3...) That's correct, except I think I managed to stay out of /opt. Unfortunately one of the final changes to alpha21 broke the building of RPMS on Mandrake, so I am currently fixing the patch, RPMs are thus delayed until tomorrow at least. Under Mandrake 9.0 with the post-alpha20 CVS RPMs here: http://ranger.dnsalias.com/mandrake/samba/samba-3-alpha/9.0/ (AFAICR) the binaries all have suffixes of 3, so smbd in this package is smbd3. Configs are in /etc/samba3. Logs in /var/log/samba3 etc. This is definitely the case with the RPMS in Mandrake cooker, and will be the case with the alpha21 RPMs as soon as I am done with them. No migration of configs are done (since I wouldn't trust it myself, and haven't had time to attempt, let alone test this), so samba3 will have absolutely no impact on your existing config. Just (after copying your configs): # service smb stop service smb3 start to try samba3, and: # service smb3 stop service smb start to revert. If you have multiple interfaces, you could even run them simultaneously, but I haven't gotten around to trying that yet. Maybe I will get around to fixing configure.in to support - --program-suffix so that this could be available more easily on other distros. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE95O/urJK6UGDSBKcRAue0AJ9EU24d4XP1g9plUQvPb3ekg6t1gQCfekbg ohvKbWkcmXiJKppHe/NT918= =UXkp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Annoying winbind problem solved
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 16 Reply-To: [EMAIL PROTECTED] From: Peter S Scudamore [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Tue, 26 Nov 2002 01:06:23 -0700 Subject: [Samba] Annoying winbind problem solved I launch the winbindd daemon. I perform wbinfo -t and get the secret is good. I perform wbinfo -u and get 0x0c0022 or something like that. wbinfo -g yields the same results. After running the winbindd daemon in various levels of debug all day and searching the web for the results, I found the answer! performing the steps outlined in Tim Potter's email on the win2k domain controller resolves this issue. I am still unsure about which files to edit in /etc/pam.d The howto says to edit /etc/pam.d/* There are scores of files in there! Surely not. I did a paper for a local linux conference, where I demoed winbind setup during Mandrake 9.0 installation. Afterwards, I made configs for RH 8.0, and they are all in the tarball: http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz In the redhat directory is a file which can replace /etc/pam.d/system-auth, to do all authentication of all services that support pam via winbind. I also made some changes to RH's default smb.conf to make winbind work the way it was described in my paper. Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9427arJK6UGDSBKcRArjJAJwLlnfw3tNddpd5tJGyfMibbwnZ0wCdEGG6 jz6CWsVJbBbSP3FQPKdtW4Q= =thYN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about W2K and SAMBA PDC
Message: 9 From: Alberto Chacon (LINUX) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 22 Nov 2002 21:14:16 -0600 Subject: [Samba] Questions about W2K and SAMBA PDC Hello my name is Alberto and I write from San Jose Costa Rica. I was install Mandrake 9.0 and SAMBA version 2.2.6-1.0.pre2.2mdk. I try to join the machine with SO W2K at the domain. I was defined the machine_name$ include the $ sign into the machine name. I change the computer from workgroup to domain and windows sayme welcome to domain xxx, and restart the computer. When try to make logon from the panel, I put the root user and root password and the machine say me ... the system computer account in this PDC is missing or the password is incorrect. Did you add an smbpasswd for root before doing this? As root: # smbpasswd -a Then, use this password when prompted. Also, you may want to look briefly at http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Shared profiles under XP?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 12 Date: Thu, 21 Nov 2002 10:36:18 +1100 From: xfesty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Re: Shared profiles under XP? Hi... Isn't this possible? I've gotten no replies... R On Wednesday, November 20, 2002, at 10:54 PM, xfesty wrote: Hiya. Is it possible to share profiles between different users with Samba 3.0CVS acting as a PDC, and XP Workstations? It doesn't matter what is on the server side. The issue is that the registry file contains ACLs, and unless you set the ACLs to allow everyone to use the profile it won't work (regradless of the server). However, some features won't work right if you do this, such as the list of last-opened files in many applications won't be updated, since this information is store in the registry. All users are using the same profile share; the concept is that there's an Admin user which can read/write to this, so I can setup things such as Internet Explorer settings / Desktop/Start Menu items / color scheme, etc..., and all other users only have read only access to this share, yet use the same profile. AFAIK, windows requires write access to the profile, otherwise it won't load it (or it may, but will warn you that your changes will be lost everytime you log in). You can enforce a lot of these settings by policies, however the policy implementation changed with windows 2000 to use AD, and policy files don't quite seem to work as they should with windows 2000. And policies didn't seem to be very robust with NT4 anyway. We don't use policies that much any more, since they broke the one (expensive) application everyone here uses. For desktop/start menu items, you can use the All Users profile on the client machine, I don't think the All Users profile can reside server-side. At the moment each user's trying to create its own profile, which isn't what I want (and isn't possible, considering the fact its a read only share). If it makes any difference, I'm using jelmer's mysql module, and all users are in the same unix group. Don't think it would make a difference. Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE93KFzrJK6UGDSBKcRAjKqAJ9ZzuOzW3gEHnWFFTnVA03F6eN/FACgtGmv Tlc50bwD37JPt64KtX5aA7M= =ytzZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Dat drive on another LM9 machine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 16 From: Ken Walker [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Date: Tue, 19 Nov 2002 19:48:26 - Subject: [Samba] Using Dat drive on another LM9 machine How can i use a dat tape on another remote LM9 machine. This question really doesn't have much to do with samba, you may want to post to a more Mandrake-centric list (assuming LM9 means Linux-Mandrake 9.0 ...) such as the expert list. You can subscribe to these lists from the Mandrake web sites. Using tar and keeping the original ownership/permissions. Assuming your accounts are identical on both machines, you could NFS mount the machine you want to restore on. However, you will have to create the NFS share without root-squashing, see 'man exports'. You may also be able to have success with rmt, but probably only using dump/restore. Amanda may be a better backup system to use, as it is network capable and pretty efficient. All of these packages are in Mandrake 9.0 or the contribs. or smbmount to the machine with the files on and again keeping the original ownership/permissions. smbmount will not really work too well, as it only connects as a single user, and mappings of permissions aren't that great, but if you connect as root or an admin user, you may have success. I would probably go with NFS at the moment, and in future plan to use amanda. Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE920XirJK6UGDSBKcRAjvFAKCnJOcJZNfIVQe45xQEb4p48SO1NACgoQYL FHLW9h+IOBn7p2JcWEWLoow= =9Hpf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michele Santucci wrote: I got the problem clear: when i try to join the domain (as root) smb reports in the machine log that guest is trying to do something and it fails authentication... You never mentioned that you couldn't join the domain. You should get a Welcome to the Domain Domain message if it worked. I now assume you didn't get one. Please remember, the more information you give about your problem, the easier it is for other people to help you. I partially fixed it mapping the guest user on root but this's not what security manuals suggest ;-) Hope someone can clarify me now... bye by(t)e[s]TuX! Can you connect normally to the server as root? $ smbclient -L server_name -U root (you can try this on the server itself). If not, you need to add an smbpasswd for root. As root, do: # smbpasswd -a Then try it again. If it works, you should now be able to join the domain. This is all covered in the documetation that ships with samba, and the webpage I sent a link to you about: http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE925tFrJK6UGDSBKcRAiWMAJ446EqOEN4pMQA5MgsJ5PF6ZGom+QCghDCu IYZuihUfFVckmxIymvjSdiQ= =PVY5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 18 From: Michele Santucci [EMAIL PROTECTED] To: Samba [EMAIL PROTECTED] Date: Mon, 18 Nov 2002 21:34:13 +0100 Subject: [Samba] PDC Problems Hello, That's what I got trying to join a Win2K workstation to my domain (managed by a linux/samba server), after I joined the domain the system refuse to logon/add any domain user reporting a trust relationship failure... 1) All the clients are Windows 2000 sp3 machines (tcp + netbeui) 2) Linux server use a Mandrake 8.2 pro suite running samba 2.2.6 /etc/passwd video$:x:504:421:Machine Account:/dev/null:/bin/false /etc/samba/smbpasswd video$:504:DD8EB67612E73F3842517E31664A1C6C:BC3911425DC8A72332F814FC212ABE91 :[W ]:LCT-3DD8E642: ^ seems like it created the machine account correctly [root@server samba]# more log.video [2002/11/18 14:08:17, 0] smbd/service.c:make_connection(381) make_connection: root logged in as admin user (root privileges) As long as I add machine accounts it just show this [2002/11/18 14:09:18, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/11/18 14:10:30, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest these lines appear after the procedure created the machine account and I try to add a new local account (called michele) taking it from the domain. Explain this more please. Are you trying to log in with a domain account that exists on the samba server, which has been given an smbpasswd? The user is being mapped to 'guest' which seems to not exist. [root@server samba]# more log.smbd [2002/11/18 14:06:42, 0] smbd/server.c:main(707) smbd version 2.2.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/11/18 14:07:42, 0] smbd/server.c:open_sockets(238) Got SIGHUP This's my CONFIGURATION file ... [root@server samba]# more /etc/samba/smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/11/18 13:52:01 # Global parameters [global] workgroup = CCGM-DOM netbios name = CCGM-SERVER server string = Samba Server %v encrypt passwords = Yes update encrypted = Yes null passwords = Yes pam password change = Yes You may want to disable unix password sync and pam password change until you have this working. You haven't got a 'passwd chat' configured, which could cause this to fail. username map = /etc/samba/smbusers unix password sync = Yes admin log = Yes log file = /var/log/samba/log.%m max log size = 50 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat domain admin group = @smb-admin domain guest group = @users add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes guest account = guest valid users = @smb-admin @ccgm @satyagra admin users = @smb-admin read list = @ccgm @satyagra write list = @smb-admin printer admin = @smb-admin printing = cups [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. browseable = No [print$] path = /var/lib/samba/printers write list = @smb-admin - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92gi9rJK6UGDSBKcRAjgsAKDDTIkG6nlPjohDHtP6mDlzXg7X7wCgrSwU fmYQJKCcYdUK7wp7er5ILAo= =WU74 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Attaching to Netware-Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 10 From: Jurzitza, Dieter [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Date: Tue, 19 Nov 2002 07:36:33 +0100 Subject: [Samba] Attaching to Netware-Server Dear listmembers, recently our sysadmin turned off the support for ipx-protocol. Since = then I found no way to mount my home-directory on the net (novell) on my linux = box. Using ipx, I had had the same servername etc) I found a lot of = discussions about the way vice versa, but no FM I could R to manage around this = issue (i.e. mounting a Netware volume on a linux box). Anybody out there having an idea on how to do that? I tried using mount = -t smbfs, but I always get a messagt that my user would not be known. = Hopefully this is not off topic. I think it is off topic, since you should use something like: ncpmount -S servername -A ip or server hostname [-U username] /mountpoint The '-A ip or hostname' forces ncpfs to use IP instead of IPX. Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92jQjrJK6UGDSBKcRAvEIAJ9utaaO2VNadJiZmDP5QzeEjZt6zQCghsGo 1soEOeqZFD6EnWeA3pIPeyU= =SzGz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michele Santucci wrote: Ok this time I attached all the involved files. I try to explain the incident from the very beginning: I have a linux server (Mandrake Pro Suite 8.2 updated to the latest fixes etc.) I removed the supplied 2.2.3 samba distrib. and reinstalled the new 2.2.6 (mandrake 8.2 rpm taken from the binary distribution of samba.org) It's normally best *not* to remove a package, but just to upgrade it, but this shouldn't make much of a difference. , the attached smb.conf show how I set it up to act as a PDC. I haven't looked at it in detail now, but FYI, the default smb.conf that ships with the samba RPMS on Mandrake needs about 6 lines uncommented to turn it into a domain controller with many features. I don't like swat because it removes all these well-tested examples which are configured for Mandrake including the directory layout we use. The domain must be CCGM and the server netbios name CCGM-SERVER I just added an alias for backward compatibilities... I created all the users (since we have two distinct kind of users I created two groups i.e. ccgm and satyagra) and 'passed' everyone to smbpasswd. Now I have to join a W2K PRO SP3 workstation called 'video' to this domain, it run just TCP/IP (no NETBeui neither IPX). Before attempting to join the domain I set the workstation to act as a standalone pc then rebooted it (I also restarted smbd nmbd) I logged in as administrator, then I start the network ID configuration (I supplied root as the username (with it's password) VIDEO as the computer name and CCGM as the domain name), the procedure goes on haging a little just before the last step after that I found these lines on log.video but the w2k worstation at this time reported no errors: [2002/11/19 13:13:28, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest After joining the domain the network ID procedure wizard asked me to add a local user I always use the procedure that I have made animated screenshots of here: http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html#join I don't trust wizards ;-). so I tried to import a domain account and I got these lines in the log.video file: [2002/11/19 13:47:03, 0] smbd/service.c:make_connection(381) make_connection: root logged in as admin user (root privileges) [2002/11/19 13:47:08, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest This time the w2k workstation reported me the infamous error: Cannot add user the trust relationship has failed I really cannot understand what's going on... But have you rebooted the machine and tried to log in? Also, we don't run SP3 yet, we currently only run up to SP2 due to issues with the EULA ... Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92lM5rJK6UGDSBKcRAtwfAJ411872z9AjPaOgZrqjM+MoL6oNYgCfTM1B qoBOfGF0M8QuDUd/k241wcM= =AXzu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with print$
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 10 Date: Fri, 15 Nov 2002 10:54:35 -0500 From: Lloyd Dieter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] Problem with print$ Organization: Synergy, Inc. On Fri, 15 Nov 2002 15:31:24 +0100 Kurt Pfeifle [EMAIL PROTECTED] wrote: Maybe you should *really* use for the share [print$], not [printer$] in your smb.conf.. ;-) Yes, tried that too...no joy. Well, maybe you should also 1)Ensure the directories below /etc/samba/drivers exist (specifically W32X86) and are writeable 2)Read the extensive documentation on this in the samba-HOWTO-Collection 3)Turn on logging and see if samba is picking up problems 4)Choose a distro which does most of this for you BTW, your 'readonly' option should be 'read only'. Have you run 'testparm' ? The symptom that I get is that when I attempt to load the driver to # Global parameters [global] workgroup = LANGROUP interfaces = 192.168.5.2/24 security = SHARE encrypt passwords = Yes socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY printcap name = cups character set = ISO8859-15 os level = 2 printer admin = @ntadmin, ldieter printing = cups use client driver = Yes [printers] path = /var/spool/samba printer admin = root guest ok = Yes hosts allow = 192.168.5. printable = Yes browseable = No [printer$ comment = Printer Drivers path = /etc/samba/drivers write list = root, @ntadmin, ldieter guest ok = Yes browseable = yes readonly = yes - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92K1/rJK6UGDSBKcRAneLAKCIFiPVqkg1AFBMh0NLga4/+yLGkgCdFa35 WCePxNj5eQSVnFni8EqT724= =MufH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WINBIND configuration and NT Authentication]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 1 From: Chris McKeever [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [Samba] WINBIND configuration and NT Authentication] Date: Sun, 17 Nov 2002 09:54:51 -0600 Mikko..you hit the nail on the head with the PAM configuration... I will fiddle around with those sites to try to get i going (I already locked myself out once...wonderful!) When playing with pam, always keep a root login open until you are absolutely sure your config works. If any one has working pam config files that they could post or email, that would be great. You can find one in recent versions of samba (2.2.5 and later I think): packaging/Mandrake/system-auth-winbind.pamd This is what we use to replace /etc/pam.d/system-auth to do all authentication via winbind. In pam files that use pam_stack, you can also use 'service=system-auth-winbind' if you install this file as /etc/pam.d/system-auth-winbind and don't want to authenticate all services by winbind. Here is the file in webcvs: http://cvs.samba.org/cgi-bin/cvsweb/samba/packaging/Mandrake/system-auth-winbind.pamd?rev=1.2.2.1content-type=text/x-cvsweb-markup Does one need to restart a pam service after changes are made? If so..how? No. -Original Message- From: Mikko Rautiainen [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 17, 2002 3:56 AM To: Samba ML Subject: Re: [Samba] WINBIND configuration and NT Authentication] Hi, Yes it's possible to authenticate users from win 2000 server with winbind. For me the PAM configuration was the hardest part. I used mandrake 9 and it has a realy good pre config. And if you want to modify the folder/file permissions from NT/W2k PDC then don't use ReiserFS as the filesystem. Use either EXT3 or XFS. Mayby the ReiserFS 4 will have the ACL support. I have had dificulties with suse and samba. Like my suse8 home server needs a restart after 2 days and I don't know the reason why. I just lose the connection to the samba. So the winbind part was easy to make work in mandrake 9, just need to config smb.conf right and thats about it. In fact, if you do an expert installation of Mandrake 9.0, you can join the domain during installtion (choose Windows Domain as authentication method in the dialog where you enter your root password). Just enter your domain name in caps (small buglet, we don't capitalise the domain name before creating /home/%D). It will join the domain for you, configure pam etc. But, this sets up a very basic smb.conf (only for running winbind for authentication of other services). For real samba use, copy /etc/samba/smb-winbind.conf over /etc/samba/smb.conf and just set your workgroup again in the file, and you will get a more usual samba config. The PAM is a bit harder (to me at least). PAM is the key for the linux end to understand to use the winbind connection. If not correctly cinfigured it can't get the authentication from the Win NT/2k PDC. Here are some links that was helpful for me. http://archives.neohapsis.com/archives/pam-list/2001-10/0038.html http://ma.ph-freiburg.de/tng/tng-users/2001-06/msg00025.html http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html (very helpful) Hope these help Mikko Rautiainen - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92LEyrJK6UGDSBKcRAlsHAJ0fIX3/3YsDvP3W6BmRCaNKxJVfMgCgtu8i peiVXkGtLme5YGPpWbYc3K0= =xhf9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Writing CD on Samsung SW-248 Writer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 11 Reply-To: Gagneet Singh [EMAIL PROTECTED] From: Gagneet Singh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Mon, 18 Nov 2002 12:09:49 +0530 Organization: Acme Technologies Pvt. Ltd. Subject: [Samba] Writing CD on Samsung SW-248 Writer Hi! I have just purchased a new Samsung CD-Writer SW-248. I would like to make it shareable so that it is visible to me via another computer having Windows as the Burning software is available for windows only. Is the above setup possible or do I have to do anything to make the above setup possible? Not (currently) with samba AFAIK, since the kernel doesn't support packet writing yet. You should look at webCDwriter: http://wwwhomes.uni-bielefeld.de/jhaeger/webCDwriter/ We use it very successfully, we (about 60 users total) have written over 133GB on 400CDs in less that 2 years on one really old machine. Maybe this needs to be an FAQ?? Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92LJ4rJK6UGDSBKcRAuxWAKCfxgY6cunfxnYbpmL2lhxi2gRD8gCfVYDn k20Gq+mXuizwxR4Szi3+m5E= =Jo1B -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users changing samba passwords directly from windowsclient
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 9 From: Michael [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] Users changing samba passwords directly from windowsclient Date: Mon, 18 Nov 2002 14:41:02 +0800 Hi Mark, Thank you for your reply. I supposed this would be the way to go with win98 clients. But most of my users are using Windows NT4.0 SP6 and Windows 2000 Professional as clients. With these clients, most of them enter as administrator account at their workstation. This is a very bad habit, you should really not have users use an administrator account on any operating system. Would you run as root on your linux box (I hope not)? You can still (if you are really brave) have them use administrative accounts, but it is really not a good idea to have users using the same account/user name. The moment they attempt to connect to the shared Linux box, a window will pop up and prompt for BOTH username and password. This username and password does not necessarily correspond to the Windows username and password, but is what was previously set up on the Linux box. In such scenarios, how can we change the smb password? It's not the password that is the problem, it's the fact that you are connecting with an account that does not authenticate (ie username/password supplied by windows does not match an account in samba). Windows only knows the username and password that they have logged in with, so the accounts *must* match, otherwise they will get a password propmt (windows95/98/me can remember a password here AFAICR, but not winnt/win2k). You really need to make individualy accounts on the workstations, or implement a windows domain (possibly using a samba machine as a domain controller). This will drastically simplify your life, since you only need to create one domain account per user. Take a look at http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html If you don't want to implement a windows domain, you need to: 1)Create accounts with different usernames for each user on their machine 2)Make a matching account on the samba machine (via useradd for example) 3)Assign a samba password (via smbpasswd -a username Then, when they change their local password, they must change the password on the samba machine via the same method (CTRL-ALT-DEL), just change the machine name. However, if you have a windows domain, they would only have to change it once, and windows would only change it on the domain controller. In your scenario, if you want to keep operating as you are at the moment, the only way you are going to avoid a password prompt is if all the users use the same windows password on the administrator accounts! - Original Message - From: Mark Belfanti [EMAIL PROTECTED] To: Michael [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, November 18, 2002 2:27 PM Subject: Re: [Samba] Users changing samba passwords directly from windowsclient you need to set the password chat option in the global section. This is what I use and it works well. Users just hit cntl-alt-del to change password or use the previously mentioned applet in win98 passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* This is incorrect advice, passwd program and passwd chat are only necessary if you want to change the user's unix password when they change their samba password ('unix password sync' option). Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQE92OvkrJK6UGDSBKcRAsx8AJdI/wtJ8AoU5wiT6VPDt8jrUX2xAKCyBTXY cRtZ6x6VVgsc3uRKI237Fg== =9P3v -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Member Server or LDAP?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 20 From: Nick Willey [EMAIL PROTECTED] To: Samba Mailing List [EMAIL PROTECTED] Date: Thu, 14 Nov 2002 15:54:42 -0500 Subject: [Samba] Samba Member Server or LDAP? Hi, Is it possible for samba to act as a member server in a samba domain? Yes What I'm trying to accomplish is: I already have a samba pdc setup. Everything works fine with login scripts, password change, etc. However I need to move all of the home directories onto another server with a much larger disk and would like to keep the existing server to authenticate users against. My idea was to point the new member server to the existing pdc as password server, and set the pdc server logon home option to point to \\member\home\%u. My ultimate goal is to centralize user/machine management and only have to do it one one machine, but have the option of several servers available to all users setup on said machine. Would looking at implementing LDAP be a more efficient option? Samba can act as a domain member, but it needs some way to be able to map windows SIDs to UID/GIDs for permissions etc to work, so you need to be able to sync unix accounts for this to work. LDAP is probably the better method. But you don't need samba to store it's passwords in LDAP, in fact with 2.2.x it may be better not to. So, you probably need to setup LDAP (or NIS or rysnc your passwd files) regardless. LDAP has other benefits which NIS and passwd file syncing don't have. Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE91MZLrJK6UGDSBKcRAt2EAKDHvp3sR2ZyWWrECi1XZMx2RrtBpQCfY7K1 kGJSOohySfmBgXbe4n4RKrQ= =gUw6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba@lists.samba.org
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 10 From: Andy Fish [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Tue, 12 Nov 2002 16:50:12 - Subject: [Samba] using winbind without a PDC This is a multi-part message in MIME format. --=_NextPart_000_0017_01C28A6B.911CC230 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hello Can someone tell me whether it is possible to use winbind on a simple = windows workgroup (i.e. with no NT domain and hence no PDC). I *thought* = I saw it work in samba 2.2.3 but now I am on 2.2.6 and the winbindd = daemon won't start up - it loops forever in the initialization trying to = contact the PDC. winbind has no function without a domain controller, since it only works with users and groups, not hosts. All I want to do is configure nsswitch.conf to resolve hostnames with = netbios broadcast. If there is a simpler way than winbind, I'd be = interested to know about it. You are looking for nss_wins, you need to add wins to your hosts line of nsswitch.conf, assuming the rest (getting the libs in the right place) is done. Set a wins server in your smb.conf, and it should all work. Of course, you need a WINS server. Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE90Uj4rJK6UGDSBKcRAsyyAJ41lPPkSdNTtN/DHQJBR3JvZvi8cwCdHjjL DSBTstpYHhEHr3UqKFDUX24= =uvER -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Multiple Groups Assigned to a File
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 14 From: Noel Kelly [EMAIL PROTECTED] To: 'Jess Cannata' [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [Samba] Multiple Groups Assigned to a File Date: Wed, 6 Nov 2002 15:07:33 - -Original Message- From: Jess Cannata [mailto:doubtful500;hotmail.com] Sent: 06 November 2002 14:28 To: [EMAIL PROTECTED] Subject: [Samba] Multiple Groups Assigned to a File I'm new to this group so I hope that this is the right place to ask this question (if not, let me know): We are setting up several Samba servers and we've run into a problem with file permissions. We've have a few shared folders that we'd like for some GROUPS to have read/write access and other GROUPS to have only read access. I cannot figure out how to do this because Linux/Unix seems to have the limitation that a file can only be owned by one user and one group, and the permissions are only applicable to the owner (user and group). Is there a way to assign more than one group to a file, and make it so the different groups have different permissions (Like NDS and Microsoft do)? If not, how do people get around this? Thanks for any help. Should have added that if you want more sophisticated (and therefore more complex administration) permissions then you can use ACLs. However at the moment this requires that you compile your kernel with ACL support using patches or grab an ACL enabled kernel/filesystem like XFS from SGI. ACLs don't require that you recompile your kernel, just choose your distro. ACLs (with support in samba) have worked out the box (on XFS) on Mandrake since 8.1, and 9.0 also supports ACLs on ext2/ext3. With 2.4.19 kernels and later however, you need to mount any FS which uses ACLs with the acl option before they will work, and this is not the default (since it breaks LSB-copmliance). I think SuSE also has ACL support, but I don't use it, so can't be sure. Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9z4YKrJK6UGDSBKcRAg0gAJwKNEiqjEN1RDgONG/RzhSghdyKBQCgjBk/ nUWefO9nZ3IZ9DlcNA9agTM= =IGfp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
nss_wins (was [Samba] winbind)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 19 Date: Mon, 04 Nov 2002 19:19:15 -0800 From: Joseph Loo [EMAIL PROTECTED] To: samba [EMAIL PROTECTED] Subject: [Samba] winbind I have been looking a t winbind recently. Is it possible to configure winbind and not join the microsoft network and use nss_wins to retrieve the window host address? So far the It organization has not responded to a request to allow the machine to join the microsoft network. I need to get the window machines host ip address for the Linux system. AFAIK, nss_wins is useable without any other parts of samba. All you need is an smb.conf file listing your wins server. In fact, in Mandrake (since 8.1 or 8.2 I think) nss_wins has been a seperate package, relying only on samba-common (which provides the smb.conf). Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9x6xQrJK6UGDSBKcRAuf5AKCVHRxOtUdemky4wJQ1srWbarO1xACgsZfe S4bQaEuZ2ORhiK/YfI8FquQ= =L1WN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Warning when updating Samba via mandrake update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 19 From: Ken Walker [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Date: Tue, 5 Nov 2002 11:16:53 - Subject: [Samba] Warning when updating Samba via mandrake update I've just done a update of Samba from 2.2.4 to 2.2.6. Not with MandrakeUpdate, unless you have screwed up your update configuration. There is only an update to 2.2.6 that went out late yesterday, and only applies to 9.0, which originally shipped with 2.2.6pre2. There should be no update for 2.2.5 or earlier, since you would be running on something earlier than Mandrake 9.0, in which case you should be using the RPMs for Mandrake 8.x which are available from two sites: http://ranger.dnsalias.com/mandrake/samba http://people.mandrakesoft.com/~staburet/samba These RPMs have been submitted to the samba team, and should have been available on the samba ftp mirrors, but I think Gerry ran out of time ... After installing everything it says some files were modified, ie smb.conf, and gives you the option to view the changes. No, it warns you that yuo have changed the supplied default config, and should show you what has changed in the default config, and the option to update your config to take these changes into account. Unfortunately these updates haven't arrived on our mirror yet, so I can't test it right now. It removed all my shared folders, removed settings from 'global' and changed lines for cups and other bits and pieces. Did it actually remove things without input from you, or did it just show you what differed between yours and the supplied default? Some changes are highlighted in green and the ones it removes are in red with '-' stuck in front of them. Standard diff-type output. I'm not sure if anything happens if you just click on ok after the update and don't see what's been changed. If you just click ok, it *should not* change anything, assuming then that you don't want any of the added features added to your smb.conf. So be warned, if everything stops working after an update then check your smb.conf file Maybe it would be better to back up your configs, specifically when doing updates. We commit our configs to cvs whenever we change them, so we can't lose them. Mr Smiley ( not smiling ) Did something break? FYI, the fact that you see a dialog is a feature, otherwise you would have the old config as you had set it up kept in place, and a /etc/samba/smb.conf.rpmnew added, which has the new default config. You would then manually have to use etc-update to get any new entries in your smb.conf. In fact, you don't get the dialog if you update via urpmi (which is what we do here): # urpmi.update updates # urpmi --auto-select --auto --update Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9x+fWrJK6UGDSBKcRArmpAKC5vzVeQ8PqwBoKP9u8NxGtztpjdwCffXBu OaBUN1BGLzrLRHG08RSuMr0= =qbyp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 parallel installable RPMs for Mandrake 9.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have been updating the packaging for Mandrake in HEAD, which means it is now possible to build RPMs of HEAD which are parallel installable with Mandrake RPMs of 2.2.x. Of course, you can only run one version of samba on a given interface. To do this, update to HEAD cvs if your snapshot is older than late yesterday. then: $ cd packaging/Mandrake $ sh makerpms-cvs.sh If you have all the dependencies, you should have RPMs within 10-20 minutes (depending on the speed of your machine, maybe less for a 1.6GHz+ machine) This should work on Mandrake 8.x and 9.0, maybe even 7.2. You may have problems if you haven't compiled RPMS before, please see http://www.linux-mandrake.com/howtos/mdk-rpm/, specifically sections 3.1 and 3.2. Also, make sure you have rpm-build installed: # urpmi rpm-build If you don't feel like building yourself, you can get RPMS for 9.0 here: http://ranger.dnsalias.com/mandrake/mandrake9.0/samba-3.0-cvs/ I will see if I can get the right pieces together to automate builds in the future. Please cc me on issues relating to this if you want me to answer before I get around to reading the digests. Finally, those running Mandrake cooker (and have a contrib source available) should be able to get RPMs of 3.0alpha20, by running: # urpmi samba3-server Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9wrs6rJK6UGDSBKcRAq/uAJ923KUl6GeM2Z/ATmwcsq9K3o24hACfbT51 GtPzl+rImohnmoweB5t/W1Q= =ZSMM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: The Samba Team Releases Version 2.2.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pramod, Indu wrote: Hi I am struggling with samba2.2.6. I have got old version of samba. And I don't know how to install this new version. Can any one help me. What Unix/distribution are you running? There are binaries available for a number of linux distributions on ftp.samba.org (and one or two other places), and some proprietary Unices, however not all are up-to-date. You can find binary packages for samba in South Africa here: ftp://ftp.sun.ac.za/mirrorsites/samba.anu.edu.au/pub/samba/Binary_Packages/ If your unix does not have binary packages, you should reply on this list listing your unix, and someone may be able to help, otherwise you may have to build from source. Here is the latest source on a local mirror: ftp://ftp.sun.ac.za/mirrorsites/samba.anu.edu.au/pub/samba/samba-2.2.6.tar.gz ftp://ftp.sun.ac.za/mirrorsites/samba.anu.edu.au/pub/samba/samba-2.2.6.tar.bz2 Regards from CAE Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9wPzlrJK6UGDSBKcRAhoVAKDDjTLYylrnPEDxFRPAqURJj0DogACgi2Ld jzWzGI/gwjdB+FjbKxVnjBA= =bug+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems (read this the first one is incomplete)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 3 From: Michele Santucci [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 31 Oct 2002 10:25:34 +0100 Subject: [Samba] PDC Problems (read this the first one is incomplete) Sorry but I've posted an incomplete message before that: I've got a big problem with my PDC (Mandrake 8.2 with samba 2.2.5): when I try to join the domain from a W2KPRO (sp3) workstation the procedure goes on well until it require to create a local account for a Domain user ... the system let me browse all the user account on the domain controller but when I try to add it reports this error: Sorry, I just want to clarify, does it fail when adding a computer account in the domain? The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). In the machine specific log file if found this: [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest When you were trying to do what? I already set the w2k workstations to send non encrypted password to third parties smb server. I checked /etc/passwd, group and /etc/samba/smbpasswd file and they're correcly updated with machine and user accounts. You cannot join a windows 2000 machine to a domain if you have set it to use clear text passwords, and you smb.conf is set for encrypted passwords. Anyway these are smb.conf, group,passwd and smbpasswd interested rows: Which show that you have successfully added machines with the name video and gfx to the domain. FYI, if you have any pre-sp3 machines, please test with those first ... And, with the default smb.conf (such as http://ranger.dnsalias.com/mandrake/samba/smb.conf), you only have to uncomment about 10 lines to get a working smb.conf for a domain controller (such as this file http://ranger.dnsalias.com/mandrake/samba/smb-domain-controller.conf) on any recent version of Mandrake linux. Can you be more clear on exactly which procedure you are using? And to answer Mike Rambo's replies, when samba runs in 'security = user', add user script is used when samba creates a new machine account. Mandrake ships with the following example for a domain controller not using LDAP backend: # Script for domain controller for adding machines: ; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u Regards, Buchan (PDC runs Mandrake 8.2 / samba-2.2.6). - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9wVCnrJK6UGDSBKcRAkCVAKDG2nBdlKZa2fgDyYlmwgM1eGow1gCfRCfp fNQBqm1r6+AMhgk25iRwy7g= =YKzg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC reliability?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 5 Date: Tue, 29 Oct 2002 13:30:34 -0700 From: Beau Sapach [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Samba PDC reliability? Hello all, I'm using Samba 2.2.5 compiled on Solaris 8 for my PDC, I've included my smb.conf below. My client machines are all winnt4.0 service pack 6, but I can't get them to log in to the PDC reliably. Very rarely will they log in properly, I usually get the Domain controller could not be contacted error message. Does anyone have any advice? Thanks! We have been running samba as a domain controller since the 2.0.x days (I think 2.0.6) on linux (currently 2.2.6 on Mandrake 8.2), never seen this problem (except a similar message when trying to join a machine that thinks it's in the workgroup of the same name ;-)). Ensure your clients 1)Look at your WINS server. This is most easily done via DHCP 2)Don't have IPX/NetBEUI installed 3)Don't have badly-configured firewalls installed, some of which have a default config which prevents wins from working Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9v/BurJK6UGDSBKcRAoZ2AJ9IOAtr7tJtdfNgj8gDuzZmU8hxBgCgkXSs ozypTGafYB+O1HBZ5so79GM= =zgPj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDF printer using ps2pdf ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 21 Date: Wed, 30 Oct 2002 09:38:30 +0100 From: Eirik Thorsnes [EMAIL PROTECTED] To: S. Ancelot [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] PDF printer using ps2pdf ? S. Ancelot wrote: Hi, Is it possible to set up a printer in samba that will use ps2pdf converter to create pdf documents when printing on it ? Best Regards Steph Have a look at packaging/Mandrake/samba-pdf-print in the source. Eirik Thorsnes And the example share definition in packaging/Mandrake/smb.conf I am still looking for an easy way to reduce the number of slashes to pass, ideally so that the share definition can use \\server\share\path instead of serversharepath, without breaking the exisiting configs that are out there ... And, it could also find a better home in future than stuck in our packaging directory ... Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9v9D3rJK6UGDSBKcRAjDRAJ956m15r22JcUOwT3SAQtdtVdDZxgCgwiww 1bzgEodFhJWczPZf+4ta3fg= =+v1c -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: pam_mkhomedir.so and Samba question (was: RE: [Samba] Scriptquestion)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 5 Date: Tue, 29 Oct 2002 17:59:35 +0100 (CET) From: dj [EMAIL PROTECTED] To: Scott Wrosch [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: pam_mkhomedir.so and Samba question (was: RE: [Samba] Script question) On Tue, 29 Oct 2002, Scott Wrosch wrote: I've created a small howto detailing a Samba/Winbind setup as part of a domain controlled by Windows DC's. It includeds all details on setting up pam_mkhomedir. You can fin it at : http://www.sin.khk.be/~dj/ There's also this one, which has been around for quite a while, and probably needs to be updated especially since Mandrake 9.0 has winbind support in install ... including setting up pam_mkhomedir, setting samba for 'obey pam restrictions' etc. http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html#winbind - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9v5dYrJK6UGDSBKcRAjfdAJ0Snokk3EB6891g+x3U6eAuBfSjpACgiD3p 5wP5bqGI9aOAlI9hFwj1otA= =8qQc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind with samba PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 4 Date: Fri, 25 Oct 2002 15:51:50 -0300 From: cyroreal [EMAIL PROTECTED] To: samba [EMAIL PROTECTED] To: samba-nt-domain [EMAIL PROTECTED] Subject: [Samba] Winbind with samba PDC Is it possible to use winbind to authenticate my Mandrake 9.0 (samba 2.2.6) machine on my windows domain (controled by a Mandrake 8.2 (samba 2.2.6) server??? I tryed and the users are working fine, but the groups that i use to my windows shares are not, where do i set on the samba server wich groups are my domain groups, is it possible?? This isn't possible, AFAIK there are issues both with samba's groups handling (you should notice you can't use domain groups on ACLs on client machines) and winbind's group support (even against Windows DCs) in 2.2.x. It could be possible with samba3, but samba3 is not recommended for production yet. I have RPMs of samba-3alpha20 that will parallel install with samba-2.2.x (well, currently built for 9.0, but I can build on 8.2 if necessary). The problem though (with any samba-winbind solution) is that you won't have consistent uid's between machines, so you won't be able to use things like NFS. The better solution is probably to setup LDAP. This will allow you to use group permissions on samba servers, and NFS between machines. You can find a tutorial for setting up LDAP on Mandrake at http://www.mandrakesecure.net You can then also setup samba to store it's passwords in LDAP, and there are LDAP-enabled RPMs of samba-2.2.6 at http://ranger.dnsalias.com/mandrake/samba (soon to be on ftp.samba.org). Shout if you want some pointers on setting up samba for LDAP on Mandrake, most work is done for you, you can take a look at the /etc/samba/smbldap_conf.pm (I think) and the import script in /usr/share/samba/scripts. Also be sure to look at the new configuration options in the default smb.conf (will be installed as smb.conf.rpmnew). Regards, Buchan P.S. The samba-ntdom list doesn't exist any more. - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9vRrVrJK6UGDSBKcRAhpxAJ93HCNg9VxZiJW0dYMtpF3MVrOuQQCfQzBc z9NYHgBHbZxCA7bDHeTkyo4= =m1MX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] plea for sample config files : accessing samba from windows...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 2 Date: Thu, 24 Oct 2002 22:32:12 -0700 From: Joel Thompson [EMAIL PROTECTED] To: Joel Thompson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] plea for sample config files : accessing samba from windows... Posting again, due to no response. If you can't share the working config files, then please let me know the essentials to getting this going (there are a lot of options in the conf file, that I don't know if I should ignore or make sure to set). Thanks, Joel Joel Thompson wrote: Hello, I am having a lot of difficulty setting up samba (2.2.6-1) on linux (REDHAT 7.2), and accessing from Win2k. I have been able to get the share working for smbclient, while on the LINUX box, but have not been able to get anything working from a Windows box. Even after trying \\IP address of samba box I have done the following after scouring the network for solutions. I have modified the register settings on windows to allow none encrypted passwords, This isn't necessary, and isn't desirable if you are trying to set up a domain. (You can find out how to do with on MS's website), however this didn't work. You can also find example .reg files in the samba docs directory. If you can send me your config files or mocked up to protect the internal integrity of your system, I would surely appreciate it (as I know a million other struggling samba admins would as well). Also explain a little about the DOMAIN, and what kind of Authentication you setup. Please, please, please help! This may be a better example: http://ranger.dnsalias.com/mandrake/samba/smb-domain-controller.conf It's the standard smb.conf shipped with Mandrake, just with the domain-related options uncommented. Has some useful things. Works best on Mandrake of course (due to correct directories in place, ACLs available out-the-box etc). This may also be useful: http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html All that you should need to do with the above example file (after saving it to the appropriate place) is: 1)Change the workgroup name 2)Add an smbpasswd for root: # smbpasswd -a Then follow the instructions on the web page. Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9uTcarJK6UGDSBKcRAhNPAJ0VO71u8yZvvobLIu4iW7CJemOjPgCbB2X3 tkGLmb1f7PTkKKSXn3uverg= =IZl5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Always use the native protocol of the client -- WAS:How Samba let us down
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Message: 1 | To: Jay Ts [EMAIL PROTECTED] | Date: Wed, 23 Oct 2002 15:36:09 -0400 (EDT) | From: Bryan J. Smith [EMAIL PROTECTED] | Cc: John H Terpstra [EMAIL PROTECTED], [EMAIL PROTECTED], | [EMAIL PROTECTED], Mathew McKernan [EMAIL PROTECTED], | [EMAIL PROTECTED], [EMAIL PROTECTED] | Subject: [Samba] Always use the native protocol of the client -- WAS: How Samba let us down | | | Quoting Jay Ts [EMAIL PROTECTED]: | | My experience here is that smbfs isn't perfect, but works pretty | well, and I *really* like it! Without smbfs, I end up having to | run to the Windows system to transfer files. (Sorry, but smbclient | just doesn't do it for me. It works, but is really inconvenient.) | Performance of smbclient-based frontends also doesn't match that of smbfs. It's like comparing FTP to NFS. | | Production networks should use NFS for UNIX clients. NFS peacefully co-exists | with Samba just fine. I have been using it on both Solaris and Linux for over 6 | years. Of course, I have always supported production engineering environments | -- and need network filesystem access to be a little more mission critical | than something for just basic file transfers. | | Which brings me to my rule of thumb ... | _Always_ use the native protocol of the client. If your server is capable of doing that sufficiently well. | | For a UNIX client, use NFS. Otherwise expect case and codepage issues (let | alone it makes it much nicer for home directory mounts and the automounter ;-). | | For a Windows client, use SMB. Otherwise expect Windows fits. ;-P | | For a [pre-X] Mac client, use Ethertalk. Otherwise expect special file fits. | | And so forth ... | | If your server platform doesn't have a service that supports a protocol (or does | a poor job *COUGH*NFS on NT*COUGH*), don't use that platform as a server. ;-P ie, Unix desktops don't belong in windows-based networks | P.S. Please no NFS is insecure comments being that CIFS password equivalent | exchange is just as bad. ;-P But you have to at least sniff packets to get a password equivalent. Give a user root on their own box with NFS mounts, and they can do what they like ... without having to sniff passwords. | | P.P.S. With that said, Kerberos+OpenAFS is always a nice universal network | filesystem as well. | With how much cost in setup? I think some people still haven't realised the following. - -Unix needs to grow on the desktop, or it will die a slow death (just like Netware is doing, and mainly for the same reasons). - -To grow on the desktop, unix desktops need to be able to be integrated into all existing networks with minimal additional expenditure. - -To be integrated into the majority of current networks, that means being able to network with windows (almost) as easily as windows clients. Winbind + smbfs are currently (almost) feasible for this. Using smbclient-type access (for example, smb:// urls in KDE) just doesn't do it. Secondly, try setting up Kerberos and replicated directory services on the unix of your choice or windows 2000, and tell me which one is easier. Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9t+j+rJK6UGDSBKcRAv5+AKC+57AoWd6scK3O77NvmLCsoJ7OzwCglLLu 3erF1XX+HKaLHP+1Ln/a7e0= =xXee -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba + Winbind + Squid
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Message: 16 | To: [EMAIL PROTECTED] | From: [EMAIL PROTECTED] | Date: Thu, 24 Oct 2002 10:26:10 +0200 | Subject: [Samba] Re: Samba + Winbind + Squid | | |Hi. | |I'm looking for samba 2.2.5 or 2.2.6 binary package to use with squid. |So I need a version compile with option --with-winbind-auth-challenge |and the one provide with red hat 8 doesn't have it. I tried to compile |it but it doesn't work. | Could you explain what this accomplishes? I normally use the auth_smb (or is it auth_smb?) that comes with squid ... |Can someone help me? | |Thanks in advance, | |Hugues | | | | For RedHat 7.x you can try this: | | Download | http://it.samba.org/samba/ftp/Binary_Packages/redhat/SRPMS/7.x/samba-2.2.6-1.src.rpm | | | rpm -i samba-2.2.6-1.src.rpm | cd /usr/src/redhat/SPECS | Make the following modifications to samba.spec: | modify row 187 to add \ to the end | --with-libsmbclient \ | add the following row right after row 187 | --with-winbind-auth-challenge And bump the release number, preferably adding something to distinguish it from other RPMS. | rpm -bi samba.spec | cd ../BUILD/samba-2.2.6/source/ | make install | You may want to : rpm -ba samba.spec rather, as that will then give you RPMS you can install/upgrade, and that you can remove easily. Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9uAgmrJK6UGDSBKcRAoRMAKDBIyO0J+WsEzPjx5fDoWHD4YatvgCfSkDg maiJJob+BUXazQz1JQ44EC8= =L5kV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] can't add w2K client to samba domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Message: 25 | Date: Tue, 22 Oct 2002 07:53:42 -0300 | To: [EMAIL PROTECTED] | From: Daniel Bertin [EMAIL PROTECTED] | Subject: RE: [Samba] can't add w2K client to samba domain | | Morning | I re-installed samba 2.2.6 and applied service pack 3 on win2K. same thing; Doens't seem like it ... | | when I try and login with any use | the credentials supplied conflict with an existing set of credentials That's a windows error. Windows it telling you it can't connect to the same server as multiple users. You have probably browsed the machine as an anonymous user already. Log out of windows, log back in, and try and connect to the machine as the first thing you do. If you want to avoid this problem, make sure that your windows username and password match the username and password on the samba server. | | what else can I do. | what would be the steps to follow for a new install. rpm from the | mandrake 9.0 distribution? Remove the old RPM: # urpme samba-common Move the old configuration files, since rpm won't overwrite them, and that's actually what you want: # mv /etc/samba /etc/samba.old Install samba # urpmi samba-server Edit your smb.conf to change the workgroup: # kate /etc/samba/smb.conf (or use the editor of your choice, I use vi, which syntax highlights smb.conf if you have vim-enhanced installed, but kate should also if you have KDE on the machine) Restart samba for good measure # service smb restart Add smbpasswd's for the users: # smbpasswd -a username Connect, and it should all work. BTW, you have a different subject line to your previous mail, I may be on the wrong thread, in which case you should *really* take a look at the original smb.conf with a text editor, and everything should be clearer. Also, http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html may be useful if the subject of this mail is correct. Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9tUVLrJK6UGDSBKcRAgyBAJ9zWhweQdzWGjKbQmzuhStJSVaCBQCcDI0w 4lmPlANa6HojPuvuKLKFdXc= =7XgK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] win2K passwords
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Message: 3 | Subject: Re: [Samba] win2K passwords | From: Mark Belfanti [EMAIL PROTECTED] | To: Daniel Bertin [EMAIL PROTECTED] | Cc: [EMAIL PROTECTED] | Date: 22 Oct 2002 09:54:10 +1000 | I set encrypted to no, with webmin and manually | | This is the default anyway. No. Mandrake ships with encrypted passwords enabled by default (and has since about 8.1). Why people insist on reg-hacking many windows machines instead of adding an smbpasswd for their users is beyond me. | Should also have security = share | Mandrake defaults to having samba mimic windowsNT/windows2000, which basically do security=user when not in a domain. Generally, security=share is a bad idea (just like it is in windows), and even worse if you use clear-text passwors. Buchan (contributor to Mandrake samba RPMs). - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9tUKyrJK6UGDSBKcRAoYNAKC4pLuIRGixP69V/fd8AzJDnkHj6wCfaDat dBPcyiGtAdBPZqTPCkrFUH8= =1vGv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED - Samba on Mandrake 8.2
Message: 7 Date: Thu, 17 Oct 2002 12:31:39 -0400 From: Albert E. Whale [EMAIL PROTECTED] Organization: ABS Computer Technology, Inc. To: Samba [EMAIL PROTECTED] Subject: [Samba] NT_STATUS_ACCESS_DENIED - Samba on Mandrake 8.2 I am attempting to integrate a Linux Samba Server with an NT 4.0 PDC. Ideally I am looking to authenticate the users on the PDC, and then permit access to the Samba Shares on the Linux Box. You probably want to setup winbind. Winbind is available in Mandrake 8.2, you may need to install it: # urpmi samba-winbind You will need to uncomment the winbind sections of the default smb.conf file, set it to 'security=domain', set the workgroup, and join the domain: # smbpasswd -j domain -U domain admin account For more information (note that most steps should have been done for you in the 8.2 RPMS) see: http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html#winbind Note that Mandrake 9.0 allows you to join it to the domain (with full winbind setup) during installation (probably only in expert installation, choose windows domain as authentication method where you enter your root password). The latest samba RPMS for 8.2 (2.2.6 is available at http://ranger.dnsalias.com/mandrake/samba) have a better example smb.conf example configuration for winbind, /etc/samba/smb-winbind.conf. All that you should need to do to it is change your workgroup name). I have several issues, but the one which is presenting itself currently is when I attempt to Browse the PDC using smbclient. I get the following: smbclient -L dumbo You haven't specified a username, by default smbclient uses the username you are currently logged in as. Do you have a domain account with the same username? added interface ip=192.168.0.11 bcast=192.168.15.255 nmask=255.255.240.0 session request to DUMBO failed (Called name not present) Are you sure you're using the right netbios name for the machine (only applies to error above). Password: Anonymous login successful You haven't authenticated successfully. Domain=[FCCA.COM] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] Sharename Type Comment - --- Error returning browse list: NT_STATUS_ACCESS_DENIED Server Comment ---- ACCMAN-JAIME ACCMAN-ROUSCHKA Dumbo is the DNS Name of the PDC. Netbios and DNS names should preferably match (either using DNS aliases/CNAMEs etc) Why Do I get the NT_STATUS_ACCESS_DENIED message? Because your machine does not have the guest account enabled, and you haven't connected with a valid username/password. I get this same message when I attempt to use the Samba Share as an NT PDC User (using the Username and password as well). That would probably be because you either haven't joined the domain, or don't have existing usernames on the samba server. Here are two sessions to our windows server (member of our samba domain), one without a valid username/password, one with a valid username/password: [bgmilne@bgmilne bgmilne]$ smbclient -L atlas added interface ip=146.232.174.36 bcast=146.232.174.255 nmask=255.255.255.0 Password: Anonymous login successful Domain=[CAE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- Error returning browse list: NT_STATUS_ACCESS_DENIED Server Comment ---- WorkgroupMaster ---- [bgmilne@bgmilne bgmilne]$ smbclient -L atlas added interface ip=146.232.174.36 bcast=146.232.174.255 nmask=255.255.255.0 Password: Domain=[CAE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- pwshareDisk pw Disk IPC$ IPC Remote IPC D$ Disk Default share ADMIN$ Disk Remote Admin C$ Disk Default share Server Comment ---- WorkgroupMaster ---- Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba proposal document.
Message: 19 From: Irving Carrion [EMAIL PROTECTED] To: 'John H Terpstra' [EMAIL PROTECTED], 'Joe E. Fieck' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Samba proposal document. Date: Fri, 18 Oct 2002 09:42:38 -0400 Organization: All Interior Supply You may also want to throw in that the average salary for a UNIX/Linux admin is A LOT MORE than the MSCE admin. ;) Maybe per hour, but not per server, since the average number of servers/admin is usually much higher for a unix/linux admin ... Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 2.2.6rc4 RPMS released for Mandrake Linux 8.2 and 9.0 (and8.0 and 8.1)
Sylvestre Taburet wrote: Hi! As usual, get them at: http://people.mandrakesoft.com/~staburet/freshsamba or http://ranger.dnsalias.com/mandrake/samba Get the SRPM at: http://people.mandrakesoft.com/~staburet/SRPMS Anyone wanting to test RC4 on 8.0 or 8.1, please see: http://ranger.dnsalias.com/mandrake/samba/samba-2.2.6rc4/ Shout if there's a particular feature which is disabled in the build which you need to test. IIRC, 8.0 and 8.1 have winbind, nss_wins, acl and LDAP disabled by default (and these are default builds). Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Directory size display discrepency
Message: 10 Subject: Re: [Samba] Directory size display discrepency From: Stephen Kitchener [EMAIL PROTECTED] To: samba lists [EMAIL PROTECTED] Date: 15 Oct 2002 11:30:46 +0100 Hi Micheal Subject: Re: [Samba] Directory size display discrepency Thanks for clearing that up - I did think that is was just a 'windows thing' but had to find out. It may not be. What version of samba are you running? I think up to 2.2.3a, and maybe 2.2.4, samba wasn't calculating this correctly. I'm assuming that the directory contents actually do total around 33 bytes. It's been a while since I used a DEC so I don't remember how its du handles the size of small directories. If you use ls -l you'll probably see that the directory shows 4096 as the size. On Mon, Oct 14, 2002 at 11:55:52AM +0100, Stephen Kitchener wrote: When I slect properties of a directory it has two enties Size and Size on disk As an example size says 33 bytes, size on disk says 512kb and if I du a du -ks on the directory it reports 4 k. stat the file, and multiply by the blocks by the block size, and you should be seeing the same size that windows reports in 'size on disk'. If you don't, there is a problem. This works fine for me with 2.2.5 (to the byte) on linux. Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind /etc/pam.d/system-auth
Message: 8 Reply-To: Norman Zhang [EMAIL PROTECTED] From: Norman Zhang [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 10 Oct 2002 18:44:51 -0700 Subject: [Samba] winbind /etc/pam.d/system-auth Hi, I have setup /etc/pam.d/system-auth as below. But when I login to the Linux Box from KDE3, I get a prompt saying I don't have write access to the HOME. pam_mkhomedir doesn't make deep directories, so you need to make the parent directory of your user's homes. So if you use 'template homedir = /home/%D/%u', then you need to make /home/%D where %D is each domain you are supporting. Then got kicked out. In NT Domain, when I double click on the Samba machine, I get network path not found. What am I doing wrong? Please help. If you still get this with samba when connecting to it, and the home directory didn't exist before, you need to add the option 'obey pam restrictions = yes' to the global section of your smb.conf. Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [GLUG] Samba password changes?
Andrew Bartlett wrote: Buchan Milne wrote: [EMAIL PROTECTED] wrote: hi, i've setup a LDAP server with account information, and compiled samba with ldap support. everything works great, except for the password changes i still have to run two seprate commands ( passwd, smbpasswd ) to change a users password. i've tried to put the pam_smbpasswd.so module into system-auth, but that does work? The funny thing about this thread is that pam_smbpasswd shouldn't really affect what happens when a user changes their password via samba ... Adriaan, if you haven't sorted this out, what are you aiming at doing? Just keeping the unix and samba password in LDAP in sync from a password change via samba, or is it more complex than that? No, pam_smbpasswd is meant for modifying the smbpasswd file, it doesn't do anything else. I found the best solution was to use: unix password sync = yes pam password change = yes passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *LDAP*passwd:*all*authentication*tokens*updated*successfully* (not sure if the passwd chat is necessary) and then modify your /etc/pam.d/passwd to do password changes via LDAP. This ensures that password changes from samba apply the same rules that any other password change would apply. Only problem I have now is if a user does a unix password change, it currently won't change their windows password, but I believe there is a hacked pam_ldap which will do that too. (I have some issues with the idealx stuff, but it should all work out the box on recent Mandrake RPMs). You seem to be in a bit of a mess here... pam_smbpass uses Samba's passdb backend to communicate with smbpasswd, or Samba's LDAP backend. It allows the full range of operations normally available on /etc/shadow: checking and changing passwords, both as root and a normal user. The documentation doesn't reflect that, unless you make assumptions about what smbpasswd means ... and previous comments on [EMAIL PROTECTED] on it implied it only worked with the smbpasswd file backend. And (AFAIK) it only solves password changes which occur on a/the DC, the problem remains with users changing passwords from unix client machines, only their unix password will be changed, they will have to manually change their windows password. Or am I missing something? This should allow you to keep just one password database, and not use /etc/shadow. Or you can keep then both in sync, by listing both in your PAM configuration. The other thing mentationed here (unix password sync) is a way to sync incoming remote password changes with 2 sources, the smbpasswd file/LDAP equiv and some 'unix' password system. This only matters if you keep the unix password file - you may be better to use pam_smbpass and just use one. Well, 'pam password change' with pam_ldap allows you to keep LDAP passwords in sync, and there are some things (phpgroupware for one) which can authenticate by LDAP but not by pam (so pam_smb is out of the question). A third option is with Samba 3.0, we have 'ldap password sync', this sets the userPassword attriubute in LDAP via an extended operation, and lets you aim pam_ldap at your LDAP DB. A forth option (again 3.0) is to run winbindd on your PDC, set 'winbind use default domain and use pam_winbind. Do you mean running winbind on the unix clients? Then you have uid mismatches, so you can't use NFS? Or is there a way to keep the winbind rid/uid/gid mapping consistent between machines? In any case, there is certainly plenty of solutions here... But the only way to address users on unix clients changing their password is with a hacked up pam_ldap that will change ntPassword and lmPassword. Regards, Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Please assist with Winbind issues!
Message: 20 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 10 Oct 2002 11:56:51 -0400 Subject: [Samba] RE: Please assist with Winbind issues! Thanks Andrew. I was actually under the (faulty) impression that --with-ssl was meant for SWAT. SWAT does not have SSL support (AFAIK). Use webmin instead (and it also won't trash comments in your smb.conf). Hint: Mandrake 9.0 has winbind authentication support out-the-box, just do an 'expert' install, and choose 'Windows Domain' as authentication method (during installation), and enter your domain name in caps (it doens't get uppercase for making the /home/%D). Then, reboot, and log in with your domain account. Unfortunately, the GUI for this isn't avialable after installation (yet). Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba