Re: [Samba] question about ldap passwd sync
FM rta: Hello for unix sync password we can add a custom script ot sync password : passwd program = Which ldap tool samba is using to sync password ? Is is possible to use a home made script ? My unix password are hardcoded ([EMAIL PROTECTED]) because of kerberos 5 auth so I use a perl script to update the krb5 database thanks ! I'm also intereseted in this topic. Have been anybody successfuly using smbk5pwd openldap loadable module, with/without kerberos/samba. Will using this module remove any need for custom passwd scripts with unix passwd sync = yes, or the ldap passwd sync = yes options? Thanks Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Test, please ignore
Test -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] same profile for several users
Florian Effenberger írta: Hi there, I would like to have the same (mandatory) profile for a group of users. I tried by setting the same profile path using pdbedit and allowing everyone of them read/write access to the appropriate Linux files, including executable access to the appropriate directories of the profile. However, it does not work. At least Windows always saves my NTUSER.DAT and some other files with exclusive read/write access for the current user, so others get a permission denied. What would be an appropriate way of having the same (mandatory) profile for a group of users? Thanks! Florian For a mandatory profile you should rename the NTUSER.DAT to NTUSER.MAN, then you can disable any write access for that group. This way it worked for me. Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password ldap clarification requested...
Adam Tauno Williams rta: I would like to know if the following statements are true, just to make sure that my understanding of passwords/ldap stuff is correct... Vampireing passwords from an nt4 pdc only populates the ldap server with windows passwords, and not the (linux) userPassword. Yes. Authenticating linux logons against this ldap server is therefore only possible using winbind. Not entirely true. 'Normal' ldap enabled software can NOT authenticate against this ldap, because they expect a userPassword, and by simply vampireing this password is left blank. Yes, but recent OpenLDAP servers support authenticating binds against a LANMAN hash. And what could be more inetresting, you could have a Heimdal Kerberos authenticating against the NT hash, see https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap for the details The ldap passwd sync = yes smb.conf option makes sure that when updating the 'windows' password (via idealx scripts, for example) the (linux) userPassword get's updated as well. Yep, via password-modify extended operation. So: suppose I migrate our domain to samba, and on the first samba day, I set all accounts to 'required to change password upon first login' I would end up having new passwords for everybody, both for windows and linux. Yes. And all normal ldap enabled software would then be able to use that ldap directory to authenticate to. Yes. Are these assumptions correct? Thanks very much for feedback. More or less. Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Kerberos V
[EMAIL PROTECTED] rta: On Mon, 10 Jan 2005, Jukka == Jukka Salmi wrote: Jukka Does Samba have native Kerberos V support, i.e. is it Jukka possible to authenticate against a (Heimdal, in our case) Jukka kdc? On Mon, 10 Jan 2005, Ganeshram == Ganeshram Iyer wrote: Ganeshram I had just recently asked this question on this. I see this question pop up on this list every so often, but one thing I never see addressed is whether or not Samba can be used to autheticate to the localhost, which, using PAM, could then authenticate against Kerberos. Apache can do this, or use it's mod_auth_krb5 module. Why can't Samba do something similar? People who have an existing MIT kerberos implementation aren't going to want to switch over to Heimdal. And storing kerberos data in LDAP just seems like an inherently bad idea to begin with. What you are asking for is not possible, as long as: -Windows clients, and Samba server aren't configured to use plain text passwords (quite a bad idea IMHO). -Windows clients do not treat Samba as an Active Directory controler (see Samba4) which trust your MIT Kerberos server. -Windows clients aren't part of an Active Directory domain which trust your MIT Kerberos server. The problem is, that when Windows clients send the encrypted NT hashes to the Samba server, there is no way to get back the plaintext from it, and thus no possibility, to authenticate using that against Kerberos. I don't know too much about authenticating Windows workstations directly against MIT Kerberos, and have no idea, that in that condition the workstation attempt or not a Kerberos authentication, when trying to connect to Samba server. If no then you can't do anything :-(. If yes there would be a need for some patches to the winbind daemon which would allow it to authenticate against MIT Kerberos, instead of Active Directory (also Kerberos based). Cheers, Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Groupmap problem
Adam Tauno Williams rta: Also, the Machines and Users must be stored in the same OU. Beneath a common OU, storing IN the same OU is not required. It appears that you have users stored in one OU and Computers stored in another OU. I don't believe this is supported right now. (I believe this is because PAM will only search one OU for a UNIX user instead of multiples.) NSS will only search one OU for account type objects; and both machines and user are accounts. You can have the users and the computers stored in different ous, there are actualy two sollutions to this: 1) specify the basedn as the searchbase for your nss/pam_ldap config, with a sub type scope. E.g nss_base_passwd dc=example,dc=com?sub 2) with a recent nss/pam_ldap (I don't remember the exact versions) you can have multiple lines each specifying a different searchbase: nss_base_passwd ou=People,dc=example,dc=com?one nss_base_passwd ou=Hosts,dc=example,dc=com?one And don't forget to configure your smbldap tools! Good Luck! Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC, BDCs - how do you synchronize roaming profiles?
Tomasz Chmielewski rta: John H Terpstra wrote: I thought of this approach: - keep profile size to the minimum (20-30 megs), How will you control the size of the profile? I can not see a practical solution to do this. Didn't think of it yet. Several years ago, in a rather big university facility I saw something like that on Windows NT workstations: if student profile was too big, user was disallowed to logout until he/she deleted some data (there was a pop-up window your profile is bigger than XY megabytes, you can't log out, delete some files etc.). The only way to logout was to delete some files and try again, or to poweroff the machine (which meant the profile was lost). Anyone knows what this could be? NTConfig.POL made with NT4 policy editor saved to the root of the netlogon share can implement profile size limitations. I think one of the adm files distributed with poledit.exe can do the trick. - rsync changes of the profile to the other domain controllers when user logs out. The trouble is that you have to do it from each WAN location and there is just no way to maintain data integrity with multiple source locations and multiple targets. Given the fact that one user can log in only once and in one place, I think it is doable: just rsync changes to other places using postexec %U script. There are some problems to be solved (what if changes can't be uploaded for some time and we have two different profiles?), but I think I have to live with that as I didn't think of anything better so far. It would be great if there was some profile-daemon which could take care of profile replication: 1) user logs out and uploads profile to a local Samba server, 2) profile-daemon notices that user logged out and finished uploading profile locally, 3) profile-daemon attempts to copy profile to other location(s); if upload successful, exit 4) if upload unsuccessful, retries, 5) if user wants to log in locally again - no problem; if user is a olympic sprinter and managed to reach another building before the profile was fully uploaded, he should be notified during login that profile is not in sync (and ask what to do), 6) if upload unsuccessful because link broken, triggers dial-up and notifies other locations that the profile is *not uploaded*, 7) now other locations know that profiles are not in sync, and won't allow user to log in (or allow to log in, but warn that profile is not in sync), 8) every 5 or 10 minutes profile-daemons should communicate and exchange information; if they can't communicate, they know it, and during login present a user a window explaining last profile change was on Friday, 11:34 etc., what to do... This would need some additional software installed on a Windows side, too I think. Anyway I think it could be a killer Samba feature, especially for bigger organizations like universities. Do you think it's a good approach, or should I think of something else? I'd suggest local profiles for such mobile users. Remember you can use Windows XP Pro off-line folders to replicate data to a home server. But these mobile users can sit in front of a random workstation, so I can't do it like that. Tomek Very nice, but very hard to implement. Another idea: There is coda (http://coda.cs.cmu.edu/), which was designed for disconected operation, you could try to make it interoperate with samba. I think it is not trivial either, as coda uses its own authentication/authorization methods, with some support for kerberos. Cheers, Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Spoof server name to redirect calls to another server?
Leon Stringer rta: Hi, I've got an ageing NT4 server on our NT4 domain. The hardware is getting unreliable and few people use it. Unfortunately/predicatably the few people who use it are senior staff and they have some (important, naturally) Excel spreadsheets which link to files on this server by name. As I haven't been entirely successful in weening them off this server I've been keeping it ticking over but I wondered if there was a way to remove the server but keep the UNC name for the share alive and get it redirected to another location, i.e. I get rid of SERVER1 but somehow keep requests for \\SERVER1\SHARE going to \\SERVER2\SHARE. Is there a Samba solution to this? Thanks in advance for any help, Leon... See smb.conf manpage for netbios alias, or a DNS CNAME record if you aren't using NETBIOS at all Good Luck! Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + (LDAP + Kerberos V)
Andrew Bartlett rta: On Thu, 2004-10-21 at 06:46, Gmes Gza wrote: Matt Joyce rta: That's very easy to explain, because if you follow it you will have your kerberos using the Samba' MD4 password hash, and so all of your *nix and windows machine will use the same password. However as Samba3 is able to emulte an NT4 DC, Windows clients don't try, nor are succesfull in using kerberos against it. So you can have something like in the following ASCII graphic: Care to un-line wrap that and put it into the Wiki? Andrew Bartlett Attached is a reworked version. Looks right in vi, kwrite, gedit. Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] admin users and root priviledges
Hi everybody, Specifying admin users = root,@adm in global would make any access by members of the adm group maped to the root *nix user, thus allowing them to add machine accounts (my goal). Can I override this on a per share base, with admin users = root , so that they won't be able to accidentally do harmful things on the filesystem? Thanks in advance, Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to assign a change file permission
mic chan rta: Dear ALL : I'm a school system administrator , I want use samba to create a share for students can submit their execise or exam file, after the submition, student cannot change/delete file, but UNIX only provide write and read file permissions , how to config the SAMBA to doing this function. THANKS - email Yahoo! Messenger http://messenger.yahoo.com.hk What you seems to want is called drop in folder in MacOS/Netatalk parlance. IMHO it could be a lot easier implemented by using a ftp server (e.g proftpd), with upload folders. Cheers, Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba NT Domain Controller Help Possible Walkthrough Please
Debug Account rta: Hello, Well a How-To Guide said to use that command after everything is setup. I tried using Windows 2000 Client to join the domain, but it would not, said domain dns lookup failed. Any help? Mike --- Gmes Gza [EMAIL PROTECTED] wrote: Debug Account rta: Hello everyone, I have done my reading research and everything I try is coming to different errors, so I am going to beg pray someone here can help me with my problem. I appericiate any help in advance! I am running Samba 2.2.11 on a RedHat Linux 7.3 Server, connected to a network of Windows 2000 XP Machines. I want to configure Samba to be the Domain Controller for my other machines. Before I was getting an error on a old copy of Samba (2.2.2a i think), then I upgraded to 2.2.11, and when I run the smbpasswd -j domainname , I get this error: ERROR: Must have both SECURITY = DOMAIN and ENCRYPT PASSWORDS = YES! My Security = Users and Encrypt Passwords = Yes I want Samba to be the domain controller, Then why do you want it to join its own domain? You just need to have domain logons = yes for a domain controler and domain master = yes if this is the primary domain controler (which is the case, if this is the first, or the only one domain controler on your network). And then join the clients to this newly created domain. I don't want to have samba rely on Windows2k as the domain controller, so this is why I don't have it set Security = Domain. If anyone can please provide me with some very helpful information or a small working config file, please do. Domain name = Hinata-Inn-NT Domain Controller's PC Name: Tama-Chan-PDC Description: Hinata Inn's Network PDC Thank you very much, Mike _ Are you a Techie? Get Your Free Tech Email Address Now! Visit http://www.TechEmail.com Cheers, Geza _ Are you a Techie? Get Your Free Tech Email Address Now! Visit http://www.TechEmail.com I supose you should have workgroup = Hinata-Inn-NT instead of Domain name = Hinata-Inn-NT but we (the list) could give you more help if you would post your actual smb.conf, so that we could tell you wat's wrong with it. Other question: what kind of password backend are you wanting to work with tdbsam, ldapsam, or other. Cheers, Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba NT Domain Controller Help Possible Walkthrough Please
Debug Account rta: Hello everyone, I have done my reading research and everything I try is coming to different errors, so I am going to beg pray someone here can help me with my problem. I appericiate any help in advance! I am running Samba 2.2.11 on a RedHat Linux 7.3 Server, connected to a network of Windows 2000 XP Machines. I want to configure Samba to be the Domain Controller for my other machines. Before I was getting an error on a old copy of Samba (2.2.2a i think), then I upgraded to 2.2.11, and when I run the smbpasswd -j domainname , I get this error: ERROR: Must have both SECURITY = DOMAIN and ENCRYPT PASSWORDS = YES! My Security = Users and Encrypt Passwords = Yes I want Samba to be the domain controller, Then why do you want it to join its own domain? You just need to have domain logons = yes for a domain controler and domain master = yes if this is the primary domain controler (which is the case, if this is the first, or the only one domain controler on your network). And then join the clients to this newly created domain. I don't want to have samba rely on Windows2k as the domain controller, so this is why I don't have it set Security = Domain. If anyone can please provide me with some very helpful information or a small working config file, please do. Domain name = Hinata-Inn-NT Domain Controller's PC Name: Tama-Chan-PDC Description: Hinata Inn's Network PDC Thank you very much, Mike _ Are you a Techie? Get Your Free Tech Email Address Now! Visit http://www.TechEmail.com Cheers, Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Desktop.ini showing up
Dan Slatford rta: On Wed, 2004-09-15 at 15:31, Shane McBride wrote: First of all I am new to Samba. I successfully deployed Samba 3.0.6 as a PDC w/roaming profiles. All the workstations have a desktop.ini file that shows up on the desktop after joining the domain. The contents of the ini differ from workstation to workstation. I've found the same thing, the desktop.ini file is in the startup folder in the programs menu, so opens up into notepad when you log in for the first time. Is this the same for you? Deleting the file from start button programs startup 'solved' it, but I never figured out why it appeared there to begin with. I've had the same problem before I figured of, that having a roaming profile, the Start Menu and the Desktop gets loaded from the Profiles share, and posix has nothing like the hidden attribute. The workaround was to specify hidden files=desktop.ini at the profiles share Cheers, Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Test please ignore!
Test please ignore! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] humble plea - once more
Michal Kurowski rta: Asked this question with absolutely no response - seems it's a high volume list ;-) Is there no way for unix crypt password - ntPassword conversion ? Just too strange - someone must have met the problem of moving existing unix users to NT domain before. As long as PlainText---UNIX hash is one way there is no way back, and you are unable to get NT hashes from there. Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos and Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sensei rta: | On Sat, 2004-04-10 at 16:07, Andrew Bartlett wrote: | | |Samba cannot use the kerberos tickets directly - not unless the KDC is |Active Directory (for now). But it is possible for Samba to use the |same password store. (For NTLM, but not kerberos passwords) | |What is your KDC? MIT or Heimdal? Are you using the Heimdal LDAP backend? | | | MIT K5. The passwords are stored only in the kerberos database. | | |While the work is still new, there is support in Heimdal to read Samba |password entries in LDAP. There is also an OpenLDAP plugin to set |both Samba and Kerberos passwords on password change. | |You would need to manually edit your LDAP database, to expose the |passwords in 'Samba' format - potentially a dump and restore of the |Heimdal entries might do it, if the sambaSamAccount objectClass was |added, and you used a current snapshot. | | | It would be nice to have just kerberos passwords. I've done this with | ldap (sasl gssapi authentication via k5) and afs (tokens are released on | ticket releasing). | | The main issue is the integrated windows login: a student must login, | gain tickets and token, and have his windows home dir set to what ldap | shows him: this means that afs must be enabled at boot. | | How would you do this? I don't have any clues... | I see a different solution here: User authenticate to a Samba controled Domain, and because Samba has the Kerberos password(=NTPassword hash) it could impersonate the user, accting to the AFS/Coda cell on behalf of her/him. In this way Samba could become a gateway between Windows clients and AFS/Coda servers. Unfortunatelly I don't know how could be that implemented. Cheers, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAem21/PxuIn+i1pIRAuJNAKCmFU8Sr+iqN3Vijm1VbepNFXVPvQCfRTLX AFLmUljvrcCfMfJt4Tmu7RY= =IAYb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT4 PDC-Samba 3.0.2 PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lancsr Roland rta: | Hi all, | | I try to migrate NT4 to Samba. | | I installed following package to my Suse 9: | 1 cups-libs-1.1.19-80.i586.rpm | 2 libsmbclient-3.0.2-0.i586.rpm | 3 libsmbclient-devel-3.0.2-0.i586.rpm | 5 samba3-cifsmount-3.0.2-0.i586.rpm | 4 samba3-client-3.0.2-0.i586.rpm | 6 samba3-doc-3.0.2-0.i586.rpm | 7 samba3-utils-3.0.2-0.i586.rpm | 8 samba3-vscan-0.3.4-0.i586.rpm | 9 samba3-winbind-3.0.2-0.i586.rpm --nodeps | 10 samba3-3.0.2-0.i586.rpm | | My samba can act as PDC, but | | #net rpc join -S NT4PDC -w etc.etc.etc. | bash: net: command not found | | What kind of package(s) I have to install? | | Does anybody have any kind of writing down NT4 PDC to Samba PDC migration? | Because the Official Samba doc is a little bit sort. | | Thanks! | | Regards, | Roland | | ICQ: 173539771 | Try net3 my Mandrake RPMS have renamed everything to the 3 suffix to avoid conflicts with possibly existing samba-2 utilities. Regards, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAenvj/PxuIn+i1pIRAqOPAJ4lwny/b71J8RX8OAK17/HYuZGp/gCgrnDQ zBTXEIpfgmT4Fiem4FOLsPE= =Q3XD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos and Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tarjei Huse rta: | Hi, | |See Volker's presentation to SambaXP, and the --with-fake-kaserver |option to Samba. | | Where can I find this an the orther sambaxp presentations? I tried the sambaxp website, but no go :-( I must agree :-( , I just wanted to ask the same question, when your e-mail arived. Cheers, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAeoMr/PxuIn+i1pIRAly6AJ464dV2ZoQZPXY+/0pHutkcNGNGbQCgnbT9 J0eflJcZIu06c4dO/8nnfro= =Imbn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL doesn't work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lancsr Roland rta: | Hi all, | | linux:/var/log/samba # cat /etc/fstab | grep acl | /dev/sda2/shared ext3 defaults,acl 0 | 0 | |From XP I connect to my server and try to set permission for my user's home | directory, but when I click apply the checked checkboxs set back unchecked. | :( | | linux:/var/log/samba # cat log.smbd | [2004/03/29 16:06:31, 1] smbd/service.c:make_connection_snum(705) | dnalor (10.1.1.10) connect to service roland initially as user roland | (uid=500, gid=100) (pid 1119) | [2004/03/29 16:06:31, 0] smbd/service.c:make_connection(857) | dnalor (10.1.1.10) couldn't find service rolan | [2004/03/29 16:06:33, 0] rpc_server/srv_util.c:get_domain_user_groups(372) | get_domain_user_groups: primary gid of user [roland] is not a Domain group | ! | get_domain_user_groups: You should fix it, NT doesn't like that | [2004/03/29 16:06:42, 1] smbd/service.c:close_cnum(887) | dnalor (10.1.1.10) closed connection to service roland | | drwxr-xr-x3 root root 4096 Feb 25 22:36 . | drwxr-xr-x 21 root root 4096 Mar 29 16:02 .. | drwxrwxrwx7 roland users4096 Feb 25 22:36 roland | | Ok, I try it from workgroup, but I don't understand why it does not work. | | Can anyone help me? | | Regards, Roland | | These are two separate problems: 1. The acl problem: - -Check if you have commands setfacl, getfacl, setfattr, getfattr - -Check if they do work - -Check if your smbd was compiled with acl support: ldd /path/to/your/smbd you should got libacl and libattr entries. If not then please install libacl-devel, and libattr-devel (or something like that) and rebuild your Samba. 2. You should take care, that all of your groups, which ever would be involved with Samba have been mapped to NT groups: see net groupmap modify, net groupmap add. Cheers, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAaEkh/PxuIn+i1pIRAjy1AKCavJNG94NOmnFHqbfEzWQj1GVH7wCcDH7D //pLje/9i9hhcSEzg7LlAQs= =ESZH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] acl on Windows client don't work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stefan Kania rta: | Hello to all of you, | | After installing Samba i have the following Problem: | I would like to use acl's, ldap and quotas with samba so i run configure | with the options | --with-acl-support --with-ldapsam --with-ldap --with-quota | | After running configure i found the following lines with acl: | checking sys/acl.h usability... no | checking sys/acl.h presence... no | checking for sys/acl.h... no | checking for _acl... no | checking for __acl... no | checking for _facl... no | checking for __facl... no | | I then checked if the libacl is on the system. With rpm -qa | grep | libacl | this is the output: | felixsch01:~/downloads/samba-3.0.2a/source # rpm -qa | grep libacl | libacl-2.2.15-23 | | So libacl sould be ok. | | After compiling samba i checked for the use of acl with ldd this is the | result: | felixsch01:~ # ldd /usr/sbin/smbd | libldap.so.2 = /usr/lib/libldap.so.2 (0x40022000) | liblber.so.2 = /usr/lib/liblber.so.2 (0x40055000) | libcrypt.so.1 = /lib/libcrypt.so.1 (0x40061000) | libresolv.so.2 = /lib/libresolv.so.2 (0x40093000) | libnsl.so.1 = /lib/libnsl.so.1 (0x400a6000) | libdl.so.2 = /lib/libdl.so.2 (0x400bb000) | libc.so.6 = /lib/i686/libc.so.6 (0x400be000) | libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0x401f1000) | libssl.so.0.9.7 = /usr/lib/libssl.so.0.9.7 (0x40205000) | libcrypto.so.0.9.7 = /usr/lib/libcrypto.so.0.9.7 (0x40235000) | /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) | | I mount the partion with the option acl in fstab. Then i tested the | acl with the Server and Linux client. Then i logged on with a Windows | client with the same user. But no acl :-(. I could only see the normal | rights (u-g-o) but no groups from the extended acl. | What did i wrong? What schould i do? | | Thank's for then help | | Stefan | | | Before compiling samba install libacl-devel, or acl-devel, or something like that (depends on your distro) Good Luck, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAaGsO/PxuIn+i1pIRAgrUAJ9BIAtF+cn4UFhDJ9jil3HOSWuRRwCgg3eW XzCtTMJR3z2mDnLE1SGaDZI= =jvTL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 852 code page
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lancsr Roland rta: | Hi, | | how can i set 852 code page in samba 3.0.2? | | thanks | | regard, | | roland | My smb.conf's global section has the following two lines: ~dos charset = CP852 ~unix charset = ISO8859-2 the second line may differ on your system depending on your system config. You can play a little bit: Create the folder named rvztr Tkrfrgp from Win2k/XP and if your unix charset is ok, then the filename should be the same looked from Win2k/XP and Unix. If you see the same thing from Win9x/Me also, it means, that your dos charset is also correct, because those winversions cannot negotiate unicode on the wire. Good Luck, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAZvgy/PxuIn+i1pIRAqfAAJ9JZOP9Cd0JsVgjv+vt/NnRNfVZUACfV2JE 9KZfpOYjnjA5wgrhoTdxBVw= =hC2F -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles with WinXP and Samba PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If you can log in and Windows complain about profiles, then it has nothing to do with the signorseal registry hack. Anyway if you are using Samba 3.0.x you DON'T NEED to apply that registry patch! Cheers Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAYuuA/PxuIn+i1pIRAmlyAJ0Tm3fsrhDreLtufIEUFmpFhPsd9wCgqoTt 1Fv/h33l6SWxeRVlpHwhBi8= =3pxD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netbios names? okay but which?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lancsr Roland rta: | Hi all, | | I use suse linux 9 with samba.3.0.2 | | In the smb.conf among others there are: | | -- | ;basic server settings | workgroup = NIK | server string = SZERVER | socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 | wins support = yes | name resolve order = wins lmhosts hosts bcast | -- | | It is okay, testparm do not mark errors. | | But when I try to join to my samba from XP in expolrer \\SZERVER, it do not | work. WINS is setuped in XP. | | In yast2, my linux's netbios name: linux9, and I try to connect \\linux9, it | works! WHY? | | What is wrong? | | Thanks, | | Roland | | ps: | In lmhosts there is: | -- | 172.0.0.1 SZERVER | -- | | server string is just a comment on Network Neighborhood. If you want your server to bee called SZERVER in NETBIOS, use: ~ netbios name = SZERVER in your smb.conf Cheers, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAX+3v/PxuIn+i1pIRAsVoAKCKIOjdzV2toRPS3pf6UpTufcp3mwCbB9qp rLc9Y1dcI20oSvE6wuQqcFw= =/JQ1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba,ldap and kerberos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett rta: | On Fri, 2004-03-19 at 09:19, aarumuga arumugam wrote: | |Hi Everybody, |We are integrating samba,kerberos and ldap |samba-3.0.2a |sun kerberos |sun ldap |all the three servers are on three different solaris machines. | | | In an unfortunate twist, Samba's kerberos support is *only* available | against active directory. Even if you have somehow convinced your | windows client to talk kerberos against a unix KDC, Samba will only join | AD. OK that's understandable, but recently you have made some (Loriket) patches to Heimdal, and using them together with Heimdal's LDAP backend, would it be possible, to fool Samba into thinking that it joined AD, or Samba requires tickets containing MS PAC? Cheers, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAXX/R/PxuIn+i1pIRAks1AKCIgW9vmnyIkwUKoYyfU7+zwKuaBwCfbmu6 aIB/+4eykfssMHjjKiZYits= =8dOq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba,ldap and kerberos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett írta: | On Sun, 2004-03-21 at 22:43, Gémes Géza wrote: | |-BEGIN PGP SIGNED MESSAGE- |Hash: SHA1 | |Andrew Bartlett írta: || On Fri, 2004-03-19 at 09:19, aarumuga arumugam wrote: || ||Hi Everybody, ||We are integrating samba,kerberos and ldap ||samba-3.0.2a ||sun kerberos ||sun ldap ||all the three servers are on three different solaris machines. || || || In an unfortunate twist, Samba's kerberos support is *only* available || against active directory. Even if you have somehow convinced your || windows client to talk kerberos against a unix KDC, Samba will only join || AD. | |OK that's understandable, but recently you have made some (Loriket) |patches to Heimdal, and using them together with Heimdal's LDAP backend, |would it be possible, to fool Samba into thinking that it joined AD, or |Samba requires tickets containing MS PAC? | | | The heimdal patches were a different thing - in that case Samba is not | actually using Kerberos at all (but it is part of my plan to allow it). | | As to looking like AD, there is much more to AD than LDAP+kerberos. But | that does not stop us making a good stab at making LDAP+Kerberos viable | for unix clients, which we have some control over... | OK, sorry for my quite confusing reply, what I was really interested in is if Samba as an AD client would use the information contained in MS PAC, or after getting the ticket would do an LDAP lookup, to get the authorization(SIDS)/account(HomeDrive,etc) informations? In the later case a correctly configured Heimdal/LDAP could simulate an AD (except MSRPC calls) for Samba (but not Windows :-( ) Thanks, Geza P.S. My question could be reformulated: what is needed to have a UNIX AD (!) signs where work has to be done? - -LDAP with multimaster(!) replication - -Kerberos with LDAP backend, with NTLM hashes (Loriket) and MSPAC(!) - -DNS with LDAP backend, and Kerberos authenticated updates(!) - -DHCP server - -NTP server - -New MSRPC calls in Samba(!) - -Anything else? -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAXYuI/PxuIn+i1pIRAks6AJ9QwPTftDD5qkggLAtU0hLh2RER9wCgtvbK b49LhXjyhmr0hGW0q68vadE= =GIPG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migration nt4 with ldap problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Will rta: | hello | | i try to migrate nt4 to samba. the passwd-backend is ldap. | the migration itself works fine but after that, i cannot logon from the | windows xp clients | to the domain. - i have to rejoin the client to the domain then it works | is this a bug or feature? | the sambaNTPassword change then in ldap data base | | | here is part of my smb.conf | --- snip- | workgroup = holladie | preferred master = yes | domain master = no | local master = yes | security = user | encrypt passwords = true | passdb backend = ldapsam:ldap://localhost | domain logons = yes | logon path = \\%N\profiles\%U | logon drive = Z: | logon home = \\%N\%U | logon script = logon.cmd | ldap suffix = dc=schmeich,dc=tux |ldap admin dn = cn=root,dc=schmeich,dc=tux |ldap user suffix =ou=mitarbeiter |ldap machine suffix =ou=rechner |ldap group suffix =ou=gruppen |ldap ssl = no |ldap delete dn = no |add user script = /usr/local/sbin/smbldap-useradd.pl -m %u |delete user script = /usr/local/sbin/smbldap-userdel.pl %u |add group script = /usr/local/sbin/smbldap-groupadd.pl -p %g |delete group script = /usr/local/sbin/smbldap-groupdel.pl %g |add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m | %u %g |set primary group script = /usr/local/sbin/smbldap-usermod.pl -g %g | %u |add machine script = /usr/local/sbin/smbldap-useradd.pl -w -d | /dev/null -g domcomputers -s /bin/false %u | -snap- | | here are the steps of my migration | 1. smbldap-groupadd.pl -g 512 -r 512 domadmins | smbldap-groupadd.pl -g 513 -r 513 domusers | smbldap-groupadd.pl -g 514 -r 514 domguests | smbldap-groupadd.pl -g 515 -r 515 domcomputers | | 1. smbd and nmbd don''t run | 2. net rpc join -S WALDFEE -w HOLLADIE -U administrator%blabla | 3. net rpc testjoin | Join to 'HOLLADIE' is OK | 4. net rpc vampire -S waldfee -U Administrator%blabla | works fine and sort all user to the right groups | | 5. I switch the nt pdc off | | 6 . i change domain master = yes | | 7 . i restart smb and nmb | | 8 . i restart the client | | 9. i can't login to the domain | It seems to me that you have missed one important step: setting the same Domain SID for your Samba server, that your NT server had, using net getlocalsid net setlocalsid (Please remember, that all machines in a Windows Domain have both local security accounts and Domain security accounts, except the DC, where local security=domain security). Cheers, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAXA5P/PxuIn+i1pIRAiDnAJsGnGBbWTaKOAebKufJIKY9qE/TaACgmTXr IPnLoty4RPZzCc5e2oeHcAE= =JOec -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble replicating samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Borja Pacheco írta: | Dear all, | | I'm experencing a big trouble with samba and an instalation we had at my | enterprise's intranet. This intranet is based on a Samba server v2 wich | acts as Primary Domain Controller, wins server and file server. All | these features works great nowadays. | | Our issue, is with a newest server that we are interested to replace the | previous samba server in order to improve the performance and | realibility to our users. For this reasen we have installed the samba | daemon in this machine (keeping samba version, but minor version | numbers) and we have copied everything from one server to the other, I | mean, smb.conf, lmhost, smbpasswd, etc, and we have updated the smb.conf | to change the IP address and netlogon name. Of course, we have updated | the system's groups and users, and syncronize data. | | When we startup the service on the newest one (after shutting down in | the other), we noticed that samba becomes domain master, master browser | and that we can access files through smbclient. The trouble is with the | MS Windows clients, which can't register in the domain anymore, Windows | tell us that the machine account doesn't exist or the password is wrong. | These accounts were created with smbpasswd -a -m, so they exists. So it | seems to, that the autonegociated password is failing. | | Does anybody knows why is it failing? Is it related with the SIDs? What | are these SIDs? Could you suggest me a solution? Depending on your Samba version: 2.2.x You should start your old Samba instalation, then on your new machine as root you should do smbpasswd -S (Terebly sorry I'm not 100% about the -S switch, I used last time 2.2.x long time ago, about a year, so please read its manpage first) 3.0.x Start your old Samba installation. Run net getlocalsid. Note the string (S-...) obtained. Shut it down. Start up the new Samba installation, and run net setlocalsid the_previously_noted string After doing that you will need to rejoin thoose machines, which were rejoined :-( . Setting the correct SID is vital in the Windows world, since Windows operating systems identify all security objects: domains, users, groups, and computers, by their SID. | PD. we tried to remove a Windows client from the domain, and latter, | register it again. And it seems to work, but we have to waste lots of | time on every client, and we have more or less 300... Best Regards Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAVhxW/PxuIn+i1pIRAqqoAJ0a24t6KaBMbPwsu80u3G2269ECugCfcirt YndVsNv3dreC/4AbbTuMQ7Y= =ulxl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Errors related to Samba in httpd log!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi This although strange it seems to be the manifestation of the lot discussed webclient, which appeared in XP, and caused a lot of trouble to many people. If you would disable it on all of your clients, maybe that strange error messages should disappear. Cheers Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFASJbo/PxuIn+i1pIRAhqgAKCy4omZ5O3LFeaoH2t2uYhMMz55kQCdG5+A 778FBxe0wi1qojY5F8TJIZA= =9Zir -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC+BDC+Filereplication_How?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | |Hi all, | |Sorry for this general question, but I'd like to hear your opinion on |this subject, but I'd like to set up a really working backup solution |for my PDC, currently it uses NFS, so there are lots of issues: No ACLs, |When NFS server goes down, everything fails. |What method would you recommend for replicating folders, keeping |existing ACLs (ability of manipulating that ACLs from Windows is not |important) between Samba PDC-BDCs: |- -Rsync+FAM based scripts | | | For things that should be static, but replicated (such as the netlogon | share), this sounds like the right solution. Unfortunately I also have to replicate the [homes] and the [profiles] share in order to get a really working backup solution. |or |- -Distributed filesystems: | -Coda | -Intermezzo | etc. | |Thank you for ANY answer. | | | You cannot safely replicate files between two CIFS servers, unless you | also manage the locks and share modes. A BDC is not a mirror of a PDC, | for file shares, only for the logon database. Clustered CIFS is *hard*, | see recent discussions on samba-technical. I'm willing to pay that price, already had to disable oplocks completely, because of some stupid applications located on users home share (in its documentation its written: You need to create a share, with full rights for everybody who will be using the program), well symlinked of course. Thanks again, Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFALytD/PxuIn+i1pIRAsEjAJ48RouCNZY19L8aNgcnxo6wLUpL+gCfeM9N rqwmitPpQ49xYjtZ+Mo8Yvc= =xYoN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC+BDC+Filereplication_How?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joao Fraga írta: | Gémes Géza wrote: | | |What method would you recommend for replicating folders, keeping |existing ACLs (ability of manipulating that ACLs from Windows is not |important) between Samba PDC-BDCs: | | | I suggest you take a careful look at DRBD: | http://www.drbd.org | | It is what you are looking for. | | | Joao | Thanks for the idea, but unfortunately it is not yet XFS ready, and I had no luck with ACLs and other filesystems (it could be my fault), and I desperately need ACL support :-(. Cheers, Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAL55B/PxuIn+i1pIRAg30AKCQRnnfEQE+IbgbDb1apHYX9smBJQCgrpcV ZCiMpZ5CZI1RYeCjz5VR2UU= =5fmi -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC+BDC+Filereplication_How?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John H Terpstra írta: | On Sun, 15 Feb 2004, [ISO-8859-15] Gémes Géza wrote: | | |-BEGIN PGP SIGNED MESSAGE- |Hash: SHA1 | |Joao Fraga írta: || Gémes Géza wrote: || || ||What method would you recommend for replicating folders, keeping ||existing ACLs (ability of manipulating that ACLs from Windows is not ||important) between Samba PDC-BDCs: || || || I suggest you take a careful look at DRBD: || http://www.drbd.org || || It is what you are looking for. || || || Joao || |Thanks for the idea, but unfortunately it is not yet XFS ready, and I |had no luck with ACLs and other filesystems (it could be my fault), |and I desperately need ACL support :-(. | | | If you want to use ACLs you need: | | 1. ACLs support in your Linux kernel | 2. File systems formatted correctly | 3. To mount the file systems correctly in /etc/fstab | 4. Samba to be compiled and linked with the acls-devel libraries 1-4 OK at my side, except, that I'm using Mandrake and XFS. I just had some nasty problems with acl support and non-XFS filesystems in the past, then I've found XFS and it seems, that I get used to it a little bit too much. | | Here is an entry from my fstab file for example; | /dev/hda6 /export reiserfsacl,user_xattr 1 2 | | | I run SuSE SLES8, 8.2 and 9.0 with ACLs support without any problems. | | The relication of ACLs from a Windows server to a Samba server requires | use of the correct Windows tools and does present limitations. You can do | this only when logged onto the Windows server/client as the Domain | Administrator and you must have Domain Administrator rights under Samba. | | Cheers, | John T. I don't need any replication from Windows, as my Windows machines are used as clients exclusively (well except some shared printers), all my servers are Unix (Linux) thanks God. Cheers, Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAL7Uf/PxuIn+i1pIRAj2nAJwIUsB6OMMK+oNMH1kp9Ip5Vn/soQCeIsDn cki2+YktY8RFGgA9zLTHUQY= =Xxzv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC+BDC+Filereplication_How?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, Sorry for this general question, but I'd like to hear your opinion on this subject, but I'd like to set up a really working backup solution for my PDC, currently it uses NFS, so there are lots of issues: No ACLs, When NFS server goes down, everything fails. What method would you recommend for replicating folders, keeping existing ACLs (ability of manipulating that ACLs from Windows is not important) between Samba PDC-BDCs: - -Rsync+FAM based scripts or - -Distributed filesystems: -Coda -Intermezzo etc. Thank you for ANY answer. Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFALiLR/PxuIn+i1pIRAiYpAJ48q99ChLiScSte4VSYFT02BvWuMQCgi2mz DsD5cBSfPG+PFHLxS0pw8/s= =NcB6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Charset settings
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beliczay Andrs rta: | Hello, | | We used samba 2.2.8 with the following settings before we changed to 3.0.1 | yesterday. | client code page = 852 | character set = ISO8859-2 | | What should I set in smb.conf of samba 3 to get the same result as in 2.2.8? | I know that the unix charset and dos charset. But tried plenty of variations | and none of them worked fine for us. Is there a correct and logical (!) | solution | for this? | | Thank you, | Andras Beliczay | | At our site: # testparm3 -s -v | grep charset gives: ~dos charset = CP852 ~unix charset = ISO8859-2 ~display charset = LOCALE with this we can have filenames like rvztr Tkrfrgp displayed correctly both at the Server, as wel as at the various clients: 9x/me and NT4/2k/XP Regards, Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAJ+ud/PxuIn+i1pIRAhr9AJ9q9vcqncC8/8G4/2p3LGFaLTZEJwCffm1K fdjz6B0JYPcT5MKKHJBQNIM= =1ymB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP connection leak?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wil Cooley rta: | On Fri, 2004-01-23 at 14:50, Andrew Bartlett wrote: | | |I would not think that 52 was high, given the number of files that slapd |has to open before it starts serving connections anyway. | |Samba will open one connection per smbd, and nss_ldap will open one per |program using nsswitch. Standard posix semantics ensures these close |on daemon shutdown. | |Do you have anything that indicates that we are actually leaking (rather |than just using) connections? | | | Yeah, I think you're right and there is no leak. I checked and there | are 30+ smbd with the same number of open connections to slapd; plus the | connection from nscd (shouldn't nss_ldap open only one connection when | using nscd?). I'll keep a closer eye on it to see if the number grows; | I'm still left trying to figure out why slapd started logging deferring | operation and what happened to the system, but those are questions for | another list. | | Wil | Hi, I don't have an answer for your problem, but I've had something similar: OS: Mandrake 9.1 kernel: 2.4.19 openldap: 2.0.27 ~From the local machine everything worked well nss_ldap, pam_ldap, samba, phpLdapAdmin, lam, gq, etc. Connecting over TLS, SSL or without encryption. However connecting from remote clients, even anonymously, with, or without encrypted connections, sometimes freezed (the processes were running, but the connecting clients had to wait forever for an answer, so with nss_ldap, and pam_ldap it made the system hanging) openldap. Unfortunately I wasn't able to find out the origin of the problem. But it seems that upgrading to openldap-2.1.22 solved it. Regards, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAEjzi/PxuIn+i1pIRAnZBAKCZCQjvO5XuhttRU/HP1GRXe0U+1wCgt0qn K8TSwkIjMJXkIplWsAnwGUU= =+LQo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Log Viewer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andre Luis Fogagnoli rta: | I'm looking for a program to allow me to vizualize the samba's logs | trought a web interface. | | Have you looked at Webmin: http://www.webmin.com Regards, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAEUUC/PxuIn+i1pIRAlUnAKCZaM8NXXmRle62huZzQ/BHwzMc0gCggUeJ G+brwYaLoUrVhAWVsOjQB5k= =bm1A -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Learning smb.conf file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hunter, Jess rta: | I have just started playing around with Samba and have run into a mental | block / learning hurdle | | Here is what I have | | I have a WinNT box that acts as a PDC for a domain (mydomain for the sake of | this post). Within 'mydomain' I have several workgroups (wg1, wg2, wg3, etc) | | Now here is where I get confused. I am trying to set up the Samba Server so | it will work as follows | | [general] | this will be for all the general stuff which everyone in the domain can see | | [wg1] | this item will only accessible by those in the wg1 workgroup | | [wg2] | this item will only accessible by those in the wg2 workgroup | | and so on. | | Any assistance on this would be greatly appreciated | | Jess | | --- | Outgoing mail is certified Virus Free. | Checked by AVG anti-virus system (http://www.grisoft.com). | Version: 6.0.560 / Virus Database: 352 - Release Date: 1/8/04 | if you can find out what ip adresses are in wg1, wg2, etc. you could specify hosts allow = ip/mask,ip/mask in your share definition. Regards, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAA5vl/PxuIn+i1pIRAgblAJ9B8KCH9wTFCw2Ys07IT7f4OOfXEQCeJbyl WJmoayd0MEmQkd9nIIv9lZg= =I4IV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT4 PDC --- OpenLDAP directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beast írta: | Friday, December 19, 2003, 1:50:05 PM, Gémes wrote: | | |-BEGIN PGP SIGNED MESSAGE- |Hash: SHA1 | | || |I haven't migrated from NT4 to Samba yet, but I did many times Samba to |Samba migrations, when upgrading hardvare, or OS needed to move to other |DC, and the crucial point of success is setting the same Domain SID, as |it was before. | | | Setting same same ISD alone will not migrate machine trust, you'll | need to re-join macine, even machine account is already there. | Machine trust is stored on both pdc and client, and peridically changed, | cmiiw. | | | --beast | It's just one step, you then need to migrate using net rpc vampire, after seting up your samba, and joining it to the NT4 domain. Anyway this method doesn't require you to kill your NT4 PDC yet, so after doing so try to shut it down, make Samba the PDC, and try to reboot one of your clients. If something went wrong, you can still turn back to NT4, fix the problem, and try again. Regards, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4qir/PxuIn+i1pIRAtJVAJ9ObkOAQ9DGBUhxSADEm0xh4x62kACfRgt3 K02dQQx9wd8Y7fxQ9Sf1GSg= =GbKY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT4 PDC --- OpenLDAP directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lancsr Roland rta: | Hi all, | | it is possible that converting the NT4 PDC to Win200x Active Directory. | | And converting to OpenLDAP directory? Does such an converter exist? | | Thanks, | Roland Setup samba with passdb backend = ldapsam=ldaps://ldap.server.fqdn.here and ldap suffix = something users suffix, and so one, setup useradd groupadd, etc scripts path to the coresponding idealx scripts join the domain controled by your NT box then do net rpc vampire. And your ldap should be filled in with your old NT4 accounts. I don't know any other method :-( Sorry. Good Luck! Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4gIq/PxuIn+i1pIRAg+8AKCNxCgenkAeimN9eND+Ta1TMY3WzQCgsHt3 pBy7KC/6zsYf2gEI7AMN4WM= =zoKl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT4 PDC --- OpenLDAP directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beast írta: | Friday, December 19, 2003, 3:48:47 AM, Adam wrote: | | |And converting to OpenLDAP directory? Does such an converter exist? | | |Setup the LDAP SAM with a Samba PDC and run net rpc vampire. It is |all in the Samba HOWTO Collection PDF | | | I'm sorry i did not try it (yet). | If i run net rpc vampire, will it migrate all 'data', including | machine trust?? | I have to migrate hundreds of users and i don't want to go to every ws | to re-joint the ws account. | | (NT4 to Samba 3, no ads) | | Big tks. | | --beast | I haven't migrated from NT4 to Samba yet, but I did many times Samba to Samba migrations, when upgrading hardvare, or OS needed to move to other DC, and the crucial point of success is setting the same Domain SID, as it was before. Regards, Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4p+d/PxuIn+i1pIRAs3ZAJ9hUeM3mx9bbmzC4RrsaBY2DdNhFACfZJ+Y btHefqnzMUM4PBjw2eh2NkY= =GfJ2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] sessionid.tdb not initialised?!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I am just curious, about the following: I've upgraded from 3.0.1pre3 to 3.0.1rc2 and found that running testparm gives me sessionid.tdb not initialised, and then outputs what is expected. Everything else seems to work as before. I'm using Mandrake 9.2, with SRPMS built by Buchan Milne rebuilt locally, but without changes from the original specs. The password backend is ldapsam. I've googled on sessionid.tdb, but found nothing, except similar problem reports. Thanks in advance! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3NJl/PxuIn+i1pIRAjg5AJ9WONl/FHpw12CyZz3E66OT9eTaEQCfdhyM l08nEuMqHlnHzkLL4IvDNjA= =iput -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Which Linux best suits Samba3?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 .Andrew Bartlett rta: | On Sat, 2003-11-22 at 05:40, Eric Geater 11/18/03 wrote: | |In a discussion with one of the main answer people, of whose time I am |greatly appreciative, it was suggested that some of my problem (or |solution) may be to run Samba on a distro that's better suited for it. |Problem is, I don't have the time nor the inclination to download a |bunch of distros just to install, test, fdisk, repeat. | |So I ask. what is a recommended recent distro that works well with Samba |3? Drake? Debian? SuSE? RH9? All answers welcome, with explanations |or not. | | | A particular point to consider is the native support for MIT kerberos | 1.3.1, or the right Heimdal version. | | Fedora Core 1 has this, and I think the latest SUSE does, Debian Testing | and Debain Unstable do have the right krb5, but naturally Debian Stable | does not. In particular, note RH9 does NOT, and this can get in your | way. | | Andrew Bartlett | | Mandrake 9.2 also has them + native support for acls (even right after installation if you use the XFS filesystem, which supports acls, without any special mounting option, like ext2/3 does) Best Regards Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/vxqO/PxuIn+i1pIRAnTXAJ9Y7a6NZ5Bbl4CynZo2k5B3A26Z6wCdEWzR jgKGALz0fvThyX6BDMPmr+k= =oV43 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to add users to samba 3.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 lovswr1 rta: | Hello. I can not add any users to my samba 3.0 server, either via SWAT | or manually. Keep getting something about the SAM_ACCOUNT is not/will | not initialize. Did a little googling it seems this is related to | PAM. I do have PAM on my redhat 9 box but /etc/pam.conf is blank. If | someone could offer a solution or point me in the right direction it | would be greatly appreciated. | Two sidenotes: First: Linux distros usualy use /etc/pam.d/pam-enabled-service-name. And the very nice ones would point in this file to the /etc/pam.d/system-auth, providing a single point of configuration. Second: What is your configuration? Most importantly the passdb backend = ... line of your smb.conf? Regards, Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/rpOL/PxuIn+i1pIRAg4iAJsGx3BQ+evB8kS2g0dVljpBA0ggXACdG8Wv x62QsVhtJKmM72KYtXMIZIY= =lpJp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux - Win2k
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Niklas Berglund rta: | Hello.. | | Can somebody tell me how or if its possible to sord of map a directory on a | win2k machine to a link or a dir on the linux machine. Like a mirror. | | | I have a win2k machine (192.168.168.2) and a linux machine (192.168.168.1) | running samba. | | Ive been trying to get samba to do it for me, like this : | | smb.conf | -- | | [super] | comment = Superoffice | path = //192.168.168.2/Super/ | valid users = %S @wheel @users | invalid users = root bin daemon nobody named www uucp | writeable = Yes | create mask = 0777 | force create mode = 0777 | | | Im not sure how to properly write the path= parameter on thisone. | | Can someone help me please? | | Regards | Nick. | | | I'm really not an expert on the subject, but I've read one of them writing before on this list about the fact, that samba can access only files accessible by the host OS, e.g /somedir/someotherdir/... But I think, that what you are trying could be achieved by using DFS. I would suggest to read chapter 17 of the Samba Howto Collection. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/oE3o/PxuIn+i1pIRAgbMAJ9CFX/dQyZuSkeBQsT7sP5kI4qKeACfbYvT A2oN+bsEsZ3Yx4JY8zMx0N8= =eZvV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd is running!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xiao-Bing Feng rta: | After uninstalling VMware, smbd is running! | It seems that installing VMware has side-effects on Samba. | Thanks to everyone who sent me suggestions. | xiaobing | | _ | The new MSN 8: smart spam protection and 2 months FREE* | http://join.msn.com/?page=features/junkmail | Only if you say yes to the question: Would you like that your guest operating systems access the hosts file system, or something like that. Because older (before 4.x) versions of vmware are using a version of samba to make this access possible. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/nhDd/PxuIn+i1pIRAjIJAJ0QhtIfdIkwqOAlBVo4U3BU7wajugCeMoLt 5x54UrkTYWOGsCZNozs6vAI= =aQv8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP!: TDB - Samba 3.0 - Playstation 2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Springate rta: | Hi, | When I try to execute the following: Sorry, but I don't know what are you trying to do here: | smbclient -U% -L localhost The correct syntax at least as in the manpage is: smbclient -U username -L localhost or smbclient -U username%password -L localhost if you don't want to be prompted for password. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/nFS0/PxuIn+i1pIRAn/YAKCR11mdST34a60LDTdpS2BYYncwSACgpvIp Zev7CCcjJMaMtMBE5qGkWnU= =9x+h -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Bug #596=Bug #532
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I'm the unhappy reporter of bug596, and I would like to report that bugs #596 and #532 are 100% the same, I've experimented today with tdbsam, and found conclusions about the number of users (under a limited number of users Win9x can get the list of users if there are more users than that don't, no mater that I've used ldapsam or tdbsam) similar to what's reported at bug #532. Unfortunately I wasn't able to report bug #596 as a duplicate of bug #532, so please in the future please consider writing about bug #532. Thanks, Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/mAnQ/PxuIn+i1pIRAizBAJ9Dt55kkzzrPTXCJOi1eKbeciaY9QCeOv2E HfN8oteOBcJqVBxYEyzUXsY= =8RNC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba]Samba3+Win2k/XP profiles issues caused by my stupidity
John H Terpstra rta: On Wed, 22 Oct 2003, [ISO-8859-1] G?mes G?za wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear List, Thereby sorry for being stupid ;-). All my Win2k/XP profile issues were caused by forgetting to specify writable = yes on the profiles share. Geza, Someone who has made many mistakes has learned a LOT! :) Keep going, it's a long road to genius status. :))) - John T. From the number of mistakes I've maden in my previous experience I should be a super expert ;-) Regards, Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 PDC - WinXP question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alecsandru Chirosca rta: | Can someone please tell me why samba PDC only accepts winXP clients | while compiled wih LDAP support (even when the LDAP backend is not used) | ? | | Alecs | What have you done? Mine is having all kind of: Win98 WinNT4 Win2000 WinXP Your config should be realy strange ;-) Regards Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/joV//PxuIn+i1pIRAqRpAJ4jW1Jvxux9MILY2Ia4c6V4zRXWmACfRXEC 5JJs+m/+wEm22JaL+I1qC50= =+kvM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+Coda
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett írta: | On Mon, 2003-10-13 at 00:50, Gémes Géza wrote: | |Hi all, | |Is there any way to map in samba the coda acls? |E.g: |I have a coda filesystem mounted under /coda/something, shared by samba. |Is it possible, to present to NT clients the coda acls, not the Unix |rights, and let them manipulate it? | | | Can CODA ACLs be presented as POSIX ACLs? That is the easiest route. | If not, you should be able to write a VFS moudule that handles the | translation. | | Andrew Bartlett | Thanks for the answer. I'll investigate that possibilities. Regards Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/itTY/PxuIn+i1pIRAkbbAJ9ytvo546IDXG9LeqHnn9kQgF/S/ACbB2qT FVHk4b3EFmLRQhsgG8UdMII= =NSjT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP+SASL+GSSAPI(Kerberos)
Hi all, I have an LDAP based PDC. I'm planing to move to SASL-GSSAPI authentication for LDAP. Is it possible with samba? How?, with nss+pam? Thanks! Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba+Coda
Hi all, Is there any way to map in samba the coda acls? E.g: I have a coda filesystem mounted under /coda/something, shared by samba. Is it possible, to present to NT clients the coda acls, not the Unix rights, and let them manipulate it? Thanks! Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net getlocalsid problem
Hi I decided after some testing and experimenting, to move the production servers from 2.2.x to 3.0. so I've installed samba3.0 in paralel with the old binaries. To start the migration I wanted to save the old domain SID, to can make the migration as transparent as possible, so I did: net3 -d 10 -I 127.0.0.1 getlocalsid while the old binaries are still runing all that I've got (remember at debuging level 10!): [2003/10/10 23:44:07, 5] lib/debug.c:debug_dump_status(359) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 [2003/10/10 23:44:07, 3] param/loadparm.c:lp_load(3917) lp_load: refreshing parameters [2003/10/10 23:44:07, 3] param/loadparm.c:init_globals(1303) Initialising global parameters [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset UCS-2LE [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(95) Registered charset UCS-2LE [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset UTF8 [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(95) Registered charset UTF8 [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset ASCII [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(95) Registered charset ASCII [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset 646 [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(95) Registered charset 646 [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset UCS2-HEX [2003/10/10 23:44:07, 5] lib/iconv.c:smb_register_charset(95) Registered charset UCS2-HEX [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba3/smb.conf [2003/10/10 23:44:07, 3] param/loadparm.c:do_section(3420) Processing section [global] doing parameter workgroup = KZSDABAS doing parameter netbios name = PDC [2003/10/10 23:44:07, 4] param/loadparm.c:handle_netbios_name(2712) handle_netbios_name: set global_myname to: PDC doing parameter server string = Samba Server %v doing parameter printcap name = cups doing parameter load printers = yes doing parameter printing = cups doing parameter printer admin = @adm doing parameter log file = /var/log/samba3/log.%m doing parameter max log size = 50 doing parameter map to guest = bad user doing parameter security = user doing parameter encrypt passwords = yes doing parameter smb passwd file = /etc/samba3/smbpasswd doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter dns proxy = no [2003/10/10 23:44:07, 4] param/loadparm.c:lp_load(3949) pm_process() returned Yes [2003/10/10 23:44:07, 7] param/loadparm.c:lp_servicenumber(4059) lp_servicenumber: couldn't find homes [2003/10/10 23:44:07, 10] param/loadparm.c:set_server_role(3867) set_server_role: role = ROLE_STANDALONE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10 23:44:07, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-2' for LOCALE [2003/10/10
[Samba] Samba3+Nexus+Srvtools at least strange
Hi all, Sorry for distubing you with this minor problem, but: I've configured samba3 for ldapsam and successfuly joined a WinNT Server 4.0 with on the fly account creation (I have root in LDAP). Now I'm able to manage my samba3 with user manager for domains from srvtools, but not nexus :-(. From my point of view the sadest thing is that on 9x no other application can retrive user and group information from samba3, like they did with 2.2.x. I was logged in with a root equivalent (username mapped) account, which is member of the Domain Admins group (SID ending with -512). Also as a side efect in srvmgr from srvtools I can view the shares, while in nexus I got an error). At each try I've got in the logs something like: [2003/10/09 00:01:32, 1] smbd/ipc.c:api_fd_reply(284) api_fd_reply: INVALID PIPE HANDLE: 0 Thanks in advance for any suggestion Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba acting as bdc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brad Langhorst rta: | On Fri, 2003-10-03 at 04:34, Michal Gubik wrote: | |Hello, |I am sorry if I anyone asked this before but I would like to know if its |possible to use samba 3 to backup data including profiles and netlogon |scripts from samba 3 pdc? If so how can I do it? I tried to search this |but never found a suciffient answer. |Michal Gubik | | | see the samba howto collection for how to configure samba | | to have an effective samba pdc you need to keep a few things in sync | 1) password database | 2) netlogon share | 3) user profiles | | | i use fam to detect changes in the latter two and rsync to synchronize | them | | i use replicated ldap to handle the password database. | | best wishes! | | | brad If I'm not asking for too much, could you tell us more about the fam+rsync setup? Thanks in advance Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/gvwU/PxuIn+i1pIRAh+mAJ0Y529GddfjpmrbHJupdp8wbNUoqACZAd4V PnIEfMpJHhlvMfyo2Y4d+ZU= =UBR/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Huh... 2.2.8 exploit?!
Vizitiu, Ciprian rta: ... By my mistake a 2.2.8a-1 running on RH8 was exposed to the Internet. It was cracked in a matter of hours. I noticed it because they've deleted my smbd. :-| I'm ready to reinstall the machine, if there are any logs that anybody is interested into please say it now. Are you really shure, that the computer was breaked through samba, you can be sure only if just the samba ports (137,138,139,445) was opened to the Internet?! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Veto files, doesn't seem to work
Hi Everybody! I've tried out recently the veto files feature in the global section (shall I do it on a per share basis?) but it doesn't seems to work for me. testparm didn't give me any errors, but I've been able to create and then to see and open, without any problems the vetoed files. Any idea would be apretiated: veto files = /riched20.dll/*.eml/*.nws/ Thnx in advance Geza Gemes