[Samba] LDAP problems clarified, in relation to MS ADS.
I am subscribed to another list for the Exim MTA. I have been experiencing a similar problem to it for quite a long time. I believe the patch supplied by Alain Williams [EMAIL PROTECTED] and his discussion on the list mail could be quote relevant to Samba. Here is the start of the thread. http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20060710/msg00077.html Any comments? -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing NOTICE: Due to Presidential Executive Orders, the National Security Agency may have read this email without warning, warrant, or notice, and certainly without probable cause. They may do this without any judicial or legislative oversight. You have no recourse nor protection. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unix password sync not working
On Thu, 2006-07-13 at 12:14 -0300, Ethy H. Brito wrote: On Wed, 12 Jul 2006 18:53:56 -0300 Ethy H. Brito [EMAIL PROTECTED] wrote: Hi again Can anyone help me with this, please? Any doc, FAQ, whatever? I am not afraid reading these. Google was not my friend this time (or maybe I did not know how to ask). passwd program = /tmp/teste %u Ummm, most /tmp directories have noexec hardwired on them. It you do not have that, then who owns the File and is it set to runs as the owner? [EMAIL PROTECTED]:tmp]$ ls -l test.sh -rwsr-xr-x 1 root root 20 2006-07-13 11:43 test.sh [EMAIL PROTECTED]:tmp]$ ls -l /usr/bin/passwd -rwsr-xr-x 1 root root 26616 2005-05-18 02:33 /usr/bin/passwd in any case for these kinds of thing, are best kept to protected filesystems. /tmp isn't a good idea. I had to remount with exec enabled. I believe the real problem though is the fact samba is expecting the program to be suid, if I am not mistaken. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing NOTICE: Due to Presidential Executive Orders, the National Security Agency may have read this email without warning, warrant, or notice, and certainly without probable cause. They may do this without any judicial or legislative oversight. You have no recourse nor protection. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Preparing to migrate
On Mon, 2006-05-08 at 10:42 -0400, Dirk H Bartley wrote: .. Are there any tools/methods to move files from ntfs to samba and maintain ownership and acl data??? I Think I may have figured out a good way to recreate the acl information from ntfs to posix. Using cygwin's find, xargs and getfacl to create a file to reproduce acl's in posix. Is there a more preferred method?? I am still hoping for recommendations on migration methods from AD to samba3. Thinking that using samba 4 to vampire the user, group and group membership information. Then backpedaling to samba-3 creating scripts to modify the ldap schema's appropriately. I'm hoping someone has had experience with this and can advise. You are a pioneer, we would all like to see you succeed. Please make sure you orient the heat shield in the proper way... cause it'll get really hot. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing NOTICE: Due to Presidential Executive Orders, the National Security Agency may have read this email without warning, warrant, or notice, and certainly without probable cause. They may do this without any judicial or legislative oversight. You have no recourse nor protection. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: authentication performance problem
On Thu, 2006-04-06 at 14:14 -0500, Rex Dieter wrote: Greg Folkert wrote: On Thu, 2006-04-06 at 15:08 +0200, Jerome Warnier wrote: Nobody has any idea about this? Any idea would probably help. Thanks I wish I did have an idea. I am experiencing a similar issue with HUGE AD lookups causing delays on the order of 30 seconds to do bash tab-completion. Try adding to smb.conf: winbind enum users = no winbind enum groups = no Ummm, hmm. But this machine actually hosts the Windows Home Directories and it also is a Shell machine for the Production systems That actually helps with homedir enumeration. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication performance problem
On Thu, 2006-04-06 at 15:08 +0200, Jerome Warnier wrote: Nobody has any idea about this? Any idea would probably help. Thanks I wish I did have an idea. I am experiencing a similar issue with HUGE AD lookups causing delays on the order of 30 seconds to do bash tab-completion. We are using 3.0.20a at the moment, but this problem has existed since at least 3.0.2 We have some where in the area of 1200 groups and (nested groups) and one personal group for every user and multiple groups of those groups. Even conglomerations of everybody's personal group being in Domain Users We also have about 20 AD peers with no PDC/BDC setups. About 6 DOMAINS all with inter-trusts and 1 domain that isn't trusted at all. Don't ask me why it was done this way, the Windows Admin that plunged us into it has been long gone. And nobody trusts what I say about AD, as I am one hellish of an Anti-Microsoft anything bigot. The lookups are near instantaneous on the windows side of things. I am at a loss as well. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing NOTICE: Due to Presidential Executive Orders, the National Security Agency may have read this email without warning, warrant, or notice, and certainly without probable cause. They may do this without any judicial or legislative oversight. You have no recourse nor protection. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb-ldap or not to smb-ldap
On Fri, 2006-03-31 at 16:30 +0100, Antony Gelberg wrote: Hi all, We are deploying a Linux server and desktops for a customer. We will have the users and groups in LDAP on the server, and files shared via NFS. However, one never knows if Windows desktops will be needed in the future. Is it a good idea to add users with smb-ldap even if samba is not initially used, as adding the samba attributes to an existing LDAP database is painful, and the smb-ldap created users will have the relevant POSIX credentials to be able to login anyway? Do use LDAP, having something that does the stuff is awesome. Recently The Linux Journal had a series that goes into your kind of questions and gives so very good overall answers. While I disagree with some of the implementation, Ti Leggett has done some very good work to bring things together. He brings in quite a bit of the planning and why-fors etc to the article. This is good, as many many people ignore most of these things while trying to get things working, creating a serious mess that is very discouraging. You could nearly go line for line on his configs. Ti Leggett also refers to some previous articles at the LJ, also you should be at least able to skim these referenced articles and completely understand them. If you can't or don't understand the reference articles, you need to sit down and work them out before proceeding here. Single Sign-On and the Corporate Directory, Part 1 http://www.linuxjournal.com/article/8374 Single Sign-On and the Corporate Directory, Part 2 http://www.linuxjournal.com/article/8375 Single Sign-On and the Corporate Directory, Part 3 http://www.linuxjournal.com/article/8376 Single Sign-On and the Corporate Directory, Part 4 http://www.linuxjournal.com/article/8377 A follow on from Single Sign-On and the Corporate Directory (Part 1-4), in my opinion goes very well with the previous series and may have well been intended. Using Wikis and Blogs to Ease Administration http://www.linuxjournal.com/article/8779 The last one goes into making sure you cover you assets and documentation is a wonderful thing. Using these articles as a reference for steering your decisions is a good idea. You may disagree with Ti on some things or particular items that you won't/can't/forbidden to use, but then again consider the whole picture he gives us. Good luck and hope to hear good news. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing NOTICE: Due to Presidential Executive Orders, the National Security Agency may have read this email without warning, warrant, or notice, and certainly without probable cause. They may do this without any judicial or legislative oversight. You have no recourse nor protection. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3 performance issues
On Thu, 2006-03-30 at 13:52 -0500, Rohit Kumar Mehta wrote: I believe I have some hardware or configuration related performance issues running samba 3.0.14a-3sarge. Our server is an Intel Celeron 2 Ghz with 512 MB of RAM and a 3ware card using SATA disks in a RAID 5 configuration (3ware controller card). We have a gigabit network and are using Intel Gigabit ethernet cards e1000). When copying large files to the samba shares on the system, the transfer rate maxes out near 100 mb/s. We tested with nttcp and were able to get speeds of nearly 800mb/s. So I think it is safe to conclude this is not a network issue. Various tools like top, xosview and mpstat convinced us that we are bound in the CPU. Stopping the samba file transfer and the cpu idle time exceeds 90%. We are convinced that our CPU is the bottleneck, but not sure why. #cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 2 model name : Intel(R) Celeron(R) CPU 2.00GHz stepping: 9 cpu MHz : 1996.920 cache size : 128 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe cid bogomips: 3956.73 Does anyone have any advice on how to speed up our file transfers? We regularly have to 18 GB worth of files to this system, and it would be very good if we could speed it up. At current speeds, we get no advantage at all from even having gigabit network cards! Please feel free to ask me any other questions about our system setup. Thanks in advance for any advice, Have you done *ANY* system caching parameters, filesystem tuning, or Samba Config tuning? What have you done besides verify it is not the network itself? Have you tested throughput for the 3ware card? I can tell you this, if you have the RAID-5 setup not-optimally to work with the block sizing on your Filesystem you'll never get excellent throughput. I always tend to use largest blocking factors with the 3ware cards for RAID-5. This (for me at least) has proven the fastest and least latency ridden settings for me. But then I am using XFS on all of my 3ware RAID-5 setups. For Mirroring, I typically let the defaults work. Defaults have been by far the best setup for most filesystems. If you still believe you are suffering from CPU overload, I'd suggest sending it to the RAID-5 array with over compressed scp (with mild compression of 4 or 5) and then without compression. See what you get. I am betting the real problem comes from multiple bus-mastering cards conflicting or colliding. The Intel-E1000 and the 3ware card are definitely both bus-mastering. There are a couple of things on the Samba side you can do. Turn off Logging (you don't need it really), change the read and send buffer sizes, change the TCP setting it uses to be more in line with Gigabit, move to using Jumbo frames, get a TOE (TCP Offload Engine) NIC. Then if you still have issues, turn on logging for the stuff you are worried about (auth would be 0, etc...) and then add a sniffer to you connection. You'll definitely find something. My gut reaction is that since this is a Celeron Processor, you really need to goto 64-bit slots on the mother board. Getting a PCI-X capable motherboard would greatly help your problems. One last thing, any of the 95xx cards from 3ware are 3.3V only and are PCI2.3 compliant, they will function incorrectly possibly even be ruined or not recognized by a 5V or Auto-detect 5v/3.3v slot. The 9xxx, 8xxx and 7xxx cards can be used in either a 5V or 3.3V PCI slot. Good luck. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing NOTICE: Due to Presidential Executive Orders, the National Security Agency may have read this email without warning, warrant, or notice, and certainly without probable cause. They may do this without any judicial or legislative oversight. You have no recourse nor protection. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux Primary Domain Controller Authentication
On Fri, 2005-11-11 at 07:42 -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: this was one of the primary reasons that I proposed having a samba wiki to dispel some of these legendary misinformations. another thought was where to deflect people who ask about 'the endpoint has disconnected' messages in logs. one other thought was a samba troubleshooting checklist... So do you have a favorite wiki? We've looked at twiki (written in python) before. Do you have a recommendation? Ummm, hmmm, written in Python? no... try Perl. I know, I host: http://twiki.iwethey.org First line in every script is: #!/usr/bin/perl -wT Twiki is a very good wiki. Peter Theony does a great job with the team he has. It has a metric-buttload of testing, sincere amount of users, among other things. Plug-ins are a way cool item for it. Recently, due to missed maintenance items for twiki, that site I host has been battling a few comment spam problems (and one quoting problem causing stray files to be deposited in temp space, but that is a lack of applying updates, bad on my part and the twiki operator/admin) The plugins for twiki (and the new dakar release coming RSN) are really truly its biggest feature. http://twiki.org/cgi-bin/view/Plugins/WebHome Twiki is very mature and flexible. Has few problems other than wiki problems in general. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20a and Winbind crashing (bug?)
On Mon, 2005-10-10 at 08:22 +0100, [EMAIL PROTECTED] wrote: Yeah i forgot to mention that, i had the same problem in 3.0.14a as i do in 3.0.20a :/ Mine doesnt freeze, it actually ends the daemon. whats odd (just noticed this morning) is i checked the server at 7:40am, all is well. checked it at 8.05 am, its crashed! just had a look through logs etc, it looks like it crashes at 8am most days! always 8 am! last night when i checked it was slighly different, it seems that crash was caused due to a log rotate. :/ Any one else got any ideas? To me this sounds like an nsswitch issue. Reason being, if you have to Official RPM install from said vendor, I'll bet that the old library is being used. check in /lib and /lib/security and find out if the libraries are the old ones or not. I do an MD5 on the files for comparison. Just for good measure (since I am not using the official RPMs) I replace /lib/libnss_windbind.so /lib/libnss_wins.so /lib/security/pam_winbind.so I was having huge difficulty, I'd get incomplete responses from the AD controllers, or winbind would crash. So, I just looked around at all the files that are compiled in the samba source dir... I noticed them thar liberaries being stubburn sonuvaguns. I dun copied over 'em with the new ones and dadgummit, things shoor did start dancing. At least for me, that solved the problems I had that were similar. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth problem
On Thu, 2005-09-22 at 14:48 -0600, Ric Tibbetts wrote: There is a terribly good howto: http://www.idealx.org/prj/samba/smbldap-howto.en.html Thank you! That helped, I'm closer. I left out one line from my smb.conf I found it from digging through that how-to. password server = LDAP server With that in, it now picks up the users from LDAP, which is exactly what I was after! Now I just need to work out a performance issue. getting the IDs from LDAP is SLOW It works, just as I wanted it to. It's just slow. Well, it depends. How *slow* is slow? And also, have you cranked up the logging on the auth part? log level = passdb:10 auth:10 Also have you set: passdb backend = ldapsam ldap://auth.yourhost.com I am also assuming you have all the LDAP stuff setup properly, of course as needed/if needed. ldap admin dn ldap delete dn ldap filter ldap group suffix ldap idmap suffix ldap machine suffix ldap passwd sync ldap replication sleep ldap suffix ldap timeout ldap user suffix Hopefully, if you have good throughput, its all in these settings. If you don't have good throughput... well time to check the networking tweaks for samba. Also, if the delay turns out to be a lookup delay, try hard coding the name and ipaddr in the /etc/hosts file on the AIX box. This sometimes is a good work around for DNS queries gone bad. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth problem
On Fri, 2005-09-23 at 09:43 -0600, Ric Tibbetts wrote: [...] Greg; Well, what was working yesterday, has stopped today. This is getting frustrating. I have been seeing spotty workings as well, usually though it is the ADS integration, with the ADS side being 99.99% of the trouble. Being mostly un-known and blindly following M$ advice Admins. In short: I'm trying to use Samba in it's most basic form. I don't need a windows login server, nor a domain controller, none of that. I just, very simply, need it serve out shares to already logged in windows users. I've done this many times, in other places. I can't possibly imagine why it's not working now. I don't need a passwd database. I don't even need passwords. That is a bugger. The process is: 1) users are at a PC (which is already logged in via the Windows ADS. 2) Users need a share from Unix server X 3) uinx server X should only need to validate that the request is coming from a valid subnet, from a valid user. They don't need anything else. Just the share. That's it. This is Samba at it's simplest. The only wrinkle in this whole thing is that the user names between the windows side, and the Unix side, don't match. So I have a smbusers file to translate that. Other than that, it's all pretty basic. I'm getting crazy errors in the logs. Everything from unknown user, to no domain controller, to no password server, etc... It's almost random. What was working yesterday, is dead today, and I didn't change anything while I was at home last night. I'll strip it all down again today, and piece it back together, and hope I can make it work again. This is just nuts. Yep, sometimes I have found SWAT to be the best bet against spelling errors and or erroneous settings. Good luck. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACLs with Problem
On Thu, 2005-09-22 at 11:43 -0300, Luis Henrique de Faria Guimarães wrote: Hi All, I am with problem with the permissions of windows. The samba is not getting the ACLs permissions. I compiled version 3.0.20, with the following options: [...] Well the first thin we need to know, is the filesystem that you are sharing via samba mounted with the acl option in the /etc/fstab? Here is what mine looks like and I get the ACLs just fine: /dev/datavg/examplelv /lf/db ext3 rw,suid,nodev,exec,auto,nouser,async,acl,errors=remount-ro 1 1 I guess, I could have done defaults,acl,nodev and be-equivalent... but hey I guess I am a bit retentive. # file: teste.txt # owner: root # group: Domain Users user::rwx user:henrique:rw- group::r-- mask::rw- other::r-- The user henrique appears in linux, but he does not appear in windows. When I try to add permissions through windows appears a message of denied access. Somebody can help me Well, as long as you have the filesystem mounted (assuming it is ext3 with acl support compiled in) with the ACLs turned on... then things should work. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth problem
On Thu, 2005-09-22 at 09:43 -0600, Ric Tibbetts wrote: Okay, I'll keep asking questions, until I word one in a way that someone will answer. :) i'm trying to get Samba setup. I've done this before, and it has never given me this much trouble. In short, it seems to be insisting that the user be in smbpasswd (I've not experienced this before). If the user is in smbpasswd, all seems well. If not, even though they exist on the server (via ldap + kerberos), I get a user not found error. On the last set of servers I did this on, even ones who authenticate via ldap, I never did anything special to samba to get it to work. But I've not been so lucky this time. The setup: Server: IBM AIX 5.2 Samba 3.0.14a Authentication: LDAP Security: Kerberos The user entry in /etc/security/user: user name SYSTEM = KRB5files smb.conf (in a simple form) [global] workgroup = WIN log level = 5 auth log file = /var/log/samba/%m.log username map = /usr/local/samba/lib/smbusers [Homes] comment = User home directories guest ok = no read only = No I need the username map because the user names do not match between the windows clients the samba server. So I need to map the translation. When I try to access the system, I get an unknown user error. The ONLY thing I need samba to do is provide shares (not shown above) to windows users. Nothing else. If, I add a user to samba with smbpasswd . then the users can access the shares. If not, they can't. I also, in the past have not had a server prompt me for passwords to access shares. I'm missing something really obvious. I'd really appreciate some assistance on this one. There is a terribly good howto: http://www.idealx.org/prj/samba/smbldap-howto.en.html -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] kill this damn spam...
On Wed, 2005-04-06 at 10:48 -0700, Joe Cipale wrote: Is there anyway we can stop this 'need Employee' or other kinds of spam that seems to infiltrate this mailing list I sent them an ICQ message with something attached. He/She had auto-receive turned on. I don't believe we will be seeing additional items from them. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printers detect
On Tue, 2005-03-29 at 13:43 +0200, Fabio Marcone wrote: Hi! I'm designing a web interface to manage samba server (users, shares, printers) and I would known how i can detect printers available in samba. In that way, admin can set rights and others params of a selected printer. Uh, Fabio have you looked at SWAT? SWAT == Samba Web Administration Tool Or Webmin with SWAT integration? I'd hate to see you make all this fuss for something that is already done and updated every release of Samba as well. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Need some help setting up a Samba server
On Tue, 2005-03-29 at 19:48 -0500, Madhusudan Singh wrote: Hi I am trying to implement a simple Samba server on a Slackware 10.1 machine running for a bunch of Windows users that also have unix accounts on the machine. Using webmin, I did convert the unix users to samba users. A possible problem is that I have very little experience using windows, so please be patient with me. I want them to have read and write permissions only in /home/username. How does one accomplish this ? O/p of smbclient -L localhost -U% : Domain=[MOLECTRON] OS=[Unix] Server=[Samba 3.0.10] Sharename Type Comment - --- IPC$IPC IPC Service (Samba Server on Molectron) ADMIN$ IPC IPC Service (Samba Server on Molectron) Domain=[MOLECTRON] OS=[Unix] Server=[Samba 3.0.10] Server Comment ---- MOLECTRONSamba Server on Molectron WorkgroupMaster ---- MOLECTRON First things first, EVERY NAME must be unique. SO a server name of Molectron and a domain of Molectron just WILL NOT WORK AT ALL. Please change these to be different like this: workgroup = MOLEDOM netbios name = MOLECTRON It'll get you a lot further. Get back to us after you do that, if you have other problems. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OT Anybody any comments?
On Wed, 2005-03-23 at 19:23 +0100, Tony Earnshaw wrote: List, Anyone there at Brainshare? Knows about Zenworks 7? How does Novell plan to manage Windows clients from any Linux service? Can she (Novell), for example, do a regedit[4] or mmc remotely? I have the greatest regard for Novell; she invented NDS/eDirectory and has always respected Open Source. Her NetWare market share has since then been steadily decreasing, OpenLDAP/others and AD/ADS haven't helped. I'd like to believe in Novell for the future, but I find it somewhat difficult. I'm a Red Hat person, not a SuSE person. Perhaps that makes it more difficult? Or does one have to go the whole hog and become a Novell person? I have some contacts (very deep and high up as well), still in Novell. From the 6 Brain-shares I have attended. I showed the Lead NCP Scientist how I was serving webpages on apache on Linux, but the root of the webserver was on a Novell NCP-over-IP mount. This was 6 or 7 years ago. He was flabber gasted by it, never thought it could be done. It was authenticated as a read only NDS user for that container and the netware machine didn't even have bindery emulation. I was then shown a neat project he was working on. Apache on Netware. I was blown away. I was also shown early developments of eDIR on Linux, Solaris and Tru64 as well as Windows. Also, I hang out with a bunch of people that KNOW Directory services, see my .sig for comments. I also am a HUGE fan of Novell, you wait, there is MUCH MORE to come from them. The developments I have been whispered to about will literally shake the very foundation of the Old School Software/OS Business. Causing Companies Like Comp-U-Ware and Microsoft and even SUN to either change or die. Remember, it is ONLY the disruptive technologies that move us forward. Things like Linux, Samba, *BSD, Apache...etc -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT and cups printing.
I have been using swat for a really long time. This is the first I have ever REALLY caught it doing something wrong. In the latest version of SAMBA, with swat compiled at the same time (with the explorer patch added afterward) I am fairly certain, I have found and issue. I am tooling along, I use swat to add a share. No problems, share works fine. About 10 minutes later, I start getting phone calls... about printing failing. I try with my linux machine... no problems, cups is working, must be samba. Samba config looks fine to me, I restart it, still no printing. Well, I get the people who MUST print now working using client side printing to cups (not pretty on Win9X) So, I start twiddling with the advanced printing area. Set to cups. misc option... commands all look good. Commit. Still no printers. I look at smb.conf. Hmmm, takes me about 3 minutes to deduce the problem. When SWAT wrote the smb.conf, set with printing = cups through SWAT, the declaration is _*GONE*_. Since there is #No default# setting. All printing goes away. I switch it to BSD temporarily... printing starts as I have BSD print emul going to for a few legacy *NIX machines. I look at the conf... it shows printing = bsd I think GREAT it just needed a change, I wait for printing to catch up. I use swat to change smb.conf to printing = cups, printing falls over again. Looking through smb.conf... the *IS* no printing = anymore. I add it manually, restart samba. Voila We are good to go. Time to stay away from Swat for a bit. Anytime you commit anything through SWAT it removes the printing = cups unless it isn't set at printing = cups then it leaves it. This is a BIG pain. Any chance someone could look over it. I couldn't find a problem with a cursory check (using grep and a few patterns I sort of expected to find) and gained no insight. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT and cups printing.
Sorry for the resend, if this is. I got an error on the first one. I have been using swat for a really long time. This is the first I have ever REALLY caught it doing something wrong. In the latest version of SAMBA, with swat compiled at the same time (with the explorer patch added afterward) I am fairly certain, I have found and issue. I am tooling along, I use swat to add a share. No problems, share works fine. About 10 minutes later, I start getting phone calls... about printing failing. I try with my linux machine... no problems, cups is working, must be samba. Samba config looks fine to me, I restart it, still no printing. Well, I get the people who MUST print now working using client side printing to cups (not pretty on Win9X) So, I start twiddling with the advanced printing area. Set to cups. misc option... commands all look good. Commit. Still no printers. I look at smb.conf. Hmmm, takes me about 3 minutes to deduce the problem. When SWAT wrote the smb.conf, set with printing = cups through SWAT, the declaration is _*GONE*_. Since there is #No default# setting. All printing goes away. I switch it to BSD temporarily... printing starts as I have BSD print emul going to for a few legacy *NIX machines. I look at the conf... it shows printing = bsd I think GREAT it just needed a change, I wait for printing to catch up. I use swat to change smb.conf to printing = cups, printing falls over again. Looking through smb.conf... the *IS* no printing = anymore. I add it manually, restart samba. Voila We are good to go. Time to stay away from Swat for a bit. Anytime you commit anything through SWAT it removes the printing = cups unless it isn't set at printing = cups then it leaves it. This is a BIG pain. Any chance someone could look over it. I couldn't find a problem with a cursory check (using grep and a few patterns I sort of expected to find) and gained no insight. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT and cups printing.
On Tue, 2005-03-22 at 10:27 -0500, Greg Folkert wrote: Sorry for the resend, if this is. I got an error on the first one. I have been using swat for a really long time. This is the first I have ever REALLY caught it doing something wrong. In the latest version of SAMBA, with swat compiled at the same time (with the explorer patch added afterward) I am fairly certain, I have found and issue. I am tooling along, I use swat to add a share. No problems, share works fine. About 10 minutes later, I start getting phone calls... about printing failing. I try with my linux machine... no problems, cups is working, must be samba. Samba config looks fine to me, I restart it, still no printing. Well, I get the people who MUST print now working using client side printing to cups (not pretty on Win9X) So, I start twiddling with the advanced printing area. Set to cups. misc option... commands all look good. Commit. Still no printers. I look at smb.conf. Hmmm, takes me about 3 minutes to deduce the problem. When SWAT wrote the smb.conf, set with printing = cups through SWAT, the declaration is _*GONE*_. Since there is #No default# setting. All printing goes away. I switch it to BSD temporarily... printing starts as I have BSD print emul going to for a few legacy *NIX machines. I look at the conf... it shows printing = bsd I think GREAT it just needed a change, I wait for printing to catch up. I use swat to change smb.conf to printing = cups, printing falls over again. Looking through smb.conf... the *IS* no printing = anymore. I add it manually, restart samba. Voila We are good to go. Time to stay away from Swat for a bit. Anytime you commit anything through SWAT it removes the printing = cups unless it isn't set at printing = cups then it leaves it. This is a BIG pain. Any chance someone could look over it. I couldn't find a problem with a cursory check (using grep and a few patterns I sort of expected to find) and gained no insight. Opened this defect report. Minor, but a real pain. https://bugzilla.samba.org/show_bug.cgi?id=2518 -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File copying under WIN98
On Mon, 2005-03-21 at 14:01 +0100, Jens Wulf wrote: with the Samba3.0.12 release i encountered the following problem : when i try to copy a file from a samba share to the local disk then the process hangs with the windows-message Preparing to copy (my translation from the german message). In a WIN98-DOS-Windows the copy command hangs too, but the file is created. The copying from my WIN-XP HOME works. My previous installed version 3.0.9 worked fine with the same configuration (smb.conf) does anyone have this problem too - and maybe a solution except reinstalling old samba ? Hahahaha... I have also been experiencing this too. Break open a DOS Prompt, try to copy a file from the SAMBA server to the local machine. it always asks if you wanna overwrite the file. The file didna exist before the copy, but completely loops through a transfer. If you hit ALL (Yes, No, All) your network falls overs. Literally. Nice one Jeremy! Oh, BTW any DB you try to open never does either. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (CONFIMED-SOLVED) File copying under WIN9X (and Opening Databases)
On Mon, 2005-03-21 at 12:55 -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: | | I've attached my proposed patch but more testing | would be welcome. I've put a copy in http://samba.org/~jerry/patches/post-3.0.12/ (named win98_explorer.patch) for anyone looking for it at a later date. Confirmed this fixes all file copying problems associated with Win9X and DB Opening problems also associated with Win9X. It never did affect and effect for Win2K/XP/2K3 opening the same file(s). Thanks. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Power SMB
On Fri, 2005-02-18 at 08:05 -0600, Larry McElderry wrote: Has anyone here actually seen or perhaps even used PowerSMB? It sounds like it could be areal timesaver if it actually works or exists for that matter. TIA, http://www.essay-software.com/ It appears to be a product pre-configured to a set of standards they setup. You could do all the same work and save $$$ and understand the whole shooting match rather than pointy clicky. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating data from W2K - losing Windows ACL's
On Fri, 2005-02-18 at 13:05 +, Gibbs, Simon wrote: Hi, I've been running some test data copying from a W2K box to our new Samba box but have noticed that the assigned Windows ACL's are lost when copying. The only ACL's specified are those assigned to the directory in Linux that the data is being copied to. Is there any way to retain the Windows ACL's? Either through an smb.conf parameter or some other feature? System config is Redhat ES 3 Taroon update 3 running Samba 3.0.11 compiled with acl support. Mounted luns have ext3 filesystem and are mounted with acl option. Any help/info appreciated. As John Terpstra has said many a time here (and as recently as Wed, 16 Feb 2005 06:01:05 -0700): Use robocopy (search for it on tucows.com) or scopy (part of the NT4 Server Resource Kit). The use of explorer does not preserve ACLs. Hope this helps. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RedHat+Samba+Winbind to ADS
On Wed, 2005-02-16 at 11:49 +0100, Antón wrote:
Hi,
I 've a gateway and I want to use squid authenticated with Windows 2000
Active Directory users.
I've a development platform with Debian/Sarge as gateway, and it works.
(samba 3.0.10-1 and Kerberos 1.3.6-1)
On the other side the production platform uses RedHat Enterprise AS3,
initially with Samba 3.0.6 and Kerberos 1.2.7-28. I was not able to use
Active directory groups without get smb panic errors in winbindd, so I
update to Samba 3.0.9-1.3E.2 and Kerberos 1.2.7-38 (last available
updates).
You *ABSOLUTELY MUST USE* a version of MIT Kerberos5 v1.3.1 or newer.
For a good example of getting a newer version of mit krb5 (v1.4) see
bug:
https://bugzilla.samba.org/show_bug.cgi?id=2309
You can use the configure line as is for mit krb5 v1.3.3 and above
currently. It will work with RHAS, by installing overtop the RPM.
a recommendation, don't use v1.4 unless you want to add patches to
3.0.11 version of samba. You can just install over-top the RHAS samba
version as well.
Make sure you use the configure for samba as I did.
Both configure commands are for RHAS compatibility for existing
installs via RPM.
The patch(es) for 3.0.11 used for v1.4 of mit krb5 and other things are:
http://samba.org/~jerry/patches/post-3.0.11/
Now I've following troubles with kerberos-winbind.
If I not set encryption types in krb5.conf (As in debian working
platform), windbind fails with following errors:
|ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (No
credentials found with supported encryption types)
|spnego_gen_negTokenTarg failed: No credentials found with supported
encryption types
|failed kerberos session setup with No credentials found with supported
encryption types
but kinit and klist works, wbinfo -t also works, but wbinfo -u and
wbinfo -g gives an error.
getent passwd -s winbind and getent group -s winbind doesn't work
Also, net ads join gives an error (but computer was previously joined
ok)
wbinfo --sequence shows:
GATEWAY : 1
BUILTIN : 1
TEST : DISCONNECTED
Configuration files are:
-krb5.conf---
[libdefaults]
default_realm = TEST.COM
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_timesync = 1
forwardable = true
proxiable = true
[realms]
CIKAUTXO.ES ={
kdc = PDC
admin_server = PDC
default_domain = TEST
}
[domain_realm]
.test.com = TEST.COM
test.com = TEST.COM
-krb5.conf---
PDC address is included in /etc/hosts
-nsswitch.conf---
···
passwd: files winbind
shadow: files
group: files winbind
···
-nsswitch.conf---
-smb.conf
···
workgroup = TEST
netbios name = GATEWAY
realm = TEST.COM
security = ads
encrypt passwords = yes
password server = PDC
interfaces = 192.168.254.1/16
winbind separator = /
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = true
time server = Yes
##winbind nested groups = true
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
obey pam restrictions = Yes
passdb backend = tdbsam, guest
log level = 2 winbind:10 ads:10 auth:10
···
-smb.conf
Last options was included to replicate testparm -v obtained
in debian development installation.
After some test, I was able to avoid encryption type error, using the
following configuration in krb5.conf
-krb5.conf---
[libdefaults]
default_realm = TEST.COM
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_timesync = 1
forwardable = true
proxiable = true
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
permitted_enctypes = des-cbc-crc
[realms]
CIKAUTXO.ES ={
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc
kdc = PDC
admin_server = PDC
default_domain = TEST
}
[domain_realm]
.test.com = TEST.COM
test.com = TEST.COM
-krb5.conf---
Choosing other enctypes in some params (default_tkt_enctypes
default_tgs_enctypes ) give me the same error as above
But this configuration also doesn't work fine. I get the following error
with winbindd
|Doing kerberos session setup
|failed tcon_X with NT_STATUS_ACCESS_DENIED
kinit and klist works.
wbinfo -t returns following error:
|checking the trust secret via RPC calls failed
|error code was NT_STATUS_ACCESS_DENIED (0xc022)
|Could not check secret
but wbinfo -u and wbinfo -t works fine
getent passwd -s winbind and getent group -s winbind also work
wbinfo --sequence shows:
GATEWAY : 1
BUILTIN : 1
TEST : 2951992
It seems that
Re: [Samba] Re: Using SeMachineAccountPrivilege returns NT_STATUS_NO_SUCH_PRIVILEGE
On Mon, 2005-02-14 at 08:41 -0500, Michael Lueck wrote: Greg Folkert wrote: Shouldn't that be: SetMachineAccountPrivilege vs. SeMachineAccountPrivilege I think that should help. Still fails with the same error message. I had copied the SeM spelling for Jerry's preview docs for these new features. Ah, okay then, sorry for the interruption, we now return you to your regularly scheduled life. :-D -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Command to verify config options at compile time
On Mon, 2005-02-14 at 14:16 -0800, Jeff Yana wrote: All- What is the command to verify config options of Samba at compile time? You tell me. Here is the output from smbd --help king:~# smbd --help Usage: smbd [OPTION...] -D, --daemon Become a daemon (default) -i, --interactive Run interactive (not a daemon) -F, --foreground Run daemon in foreground (for daemontools etc) -S, --log-stdout Log to stdout -b, --build-optionsPrint build options -p, --port=STRING Listen on the specified ports Help options: -?, --help Show this help message --usageDisplay brief usage message Common samba options: -d, --debuglevel=DEBUGLEVELSet debug level -s, --configfile=CONFIGFILEUse alternative configuration file -l, --log-basename=LOGFILEBASE Basename for log/debug files -V, --version Print version king:~# obviously it is smbd -b Good luck. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using SeMachineAccountPrivilege returns NT_STATUS_NO_SUCH_PRIVILEGE
On Sun, 2005-02-13 at 21:13 -0500, Michael Lueck wrote: I am logged into a new test Linux server with my personal admin account. It is a member of a Linux group which has been mapped to Domain Admins. When I issue 'net rpc rights grant auserid SeMachineAccountPrivilege' and enter the password for my personal admin account, I am returned that it failed with NT_STATUS_NO_SUCH_PRIVILEGE. 'auserid' is both a Linux account and has been added to smbpasswd. This is running the 3.0.11 Debian packages from samba.org on Debian Sarge. Shouldn't that be: SetMachineAccountPrivilege vs. SeMachineAccountPrivilege I think that should help. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Patch for clitar.c (bug 2390) Solves problem.
http://lists.samba.org/archive/samba/2005-February/100161.html https://bugzilla.samba.org/show_bug.cgi?id=2309 I have added reply to the bug. It was on a quad Opteron, 10GB of Memory and gaggles of disk. RHES v3.0 for X86 - 32bit [not AMD_X86 - 64bit] is the OS being used. With kernel-smp-2.4.21-20.EL being the installed kernel. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [PATCH] bug in 3.0.11 winbindd when 'disable netbios = yes'
Sorry for the break in the threading. Originally this is from : http://lists.samba.org/archive/samba/2005-February/100230.html Quoting from Jerry: Heads up If anyone has had problems with winbindd not being able to locate any domain controllers after upgrading to 3.0.11 *and* you have 'disable netbios = yes' in smb.conf, please test this preliminary patch (winbind_find_dc.patch). It's pretty rough currently but needs some more widespread testing. You can download it from : http://www.samba.org/~jerry/patches/post-3.0.11/ If anyone would care to test it out on other winbindd installations, that would be great. But this is just a patch in progress. Please don't install it on production servers (unless you are already in a lot of pain from the original bug). Note that if smbd -b | grep WITH_ADS doesn't return anything, don't install this patch as I haven't put in the proper ifdef's to compile on systems without kerberos and ldap packages. If you do have trouble with winbindd after installing the patch, please just email me directly with a short description and the details of your smb.conf. Thanks. I was forced to goto version 3.0.11 of samba. The added abilities were needed at this location, also with the printing fixes as well. So, Samba has fixed Bug #1580 (and yes it did fix it, THANKS Jerry!) And your prelim-patch for clitar.c also passed the mustard quite well... And NOW you fix the resulting problem I was having as I brought up the Samba Server. wbinfo gave me only local account and groups, 1 sequence number that was stale and basically was non-functional. I am just glad I happen to browse by the problem that this patch fixes... And, as of right now... it is in production, mainly because of the consequence of the features of 3.0.11. I wish to thank, all of you on the Samba Team, those of you listed on the contacts page: * Jeremy Allison* Andrew Tridgell * John Terpstra * Chris Hertel * John Blair* Gerald (Jerry) Carter * Michael Warfield * Brian Roberson * Jean Francois Micouleau * Simo Sorce * Andrew Bartlett * Jelmer Vernooij * Richard Sharpe* Stefan Metzmacher * Martin Pool * Herb Lewis * Dan Shearer * David Fenwick * Volker Lendecke * Tim Potter * David Bannon * Steve French * Jim McDonough * Alexander Bokovoy * Rafal Szczesniak * Marc Kaplan * Paul Green* Deryck Hodge * Vance Lankhaar* Guenther Deschner To each of you, you have made my life simpler by replacing a POS product that should never have been this popular. I am going to share my good fortune (not that it'll be much... but hey some os better than none) soon enough... with quite a few FOSS Projects that I convert companies and people to. The place I work, is nearing a point where I'll be able to run everything on Linux, using Native apps or using bridge apps like Wine/wine Derivatives. Once again: THANKS^3! -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating domain from Samba 3 to Windows 2003
On Sat, 2005-02-12 at 14:40 -0800, Jonathan Johnson wrote: At the risk of being called a turncoat and traitor in Sambaland, I ask, how do I migrate from a Samba 3 domain to a Windows 2003 Active Directory domain? A customer has determined that they wish to use the groupware features of Microsoft Exchange. They already have the licenses they need, so there's no point in convincing them that Samba will be cheaper or that some Linux-based solution will work. This of course requires Active Directory (although I would not be surprised if a subscriber to this list proves me wrong), and by extension, migrating their existing Samba 3 domain. Of course, it would be easy to just create a new domain. Since this customer has only 6 machine accounts and 7-10 user accounts, it's not a big deal to recreate them. However, one must remember that creating new users in a new domain means that user profiles will be lost since the profile (read: NTUSER.DAT) is tied to the SID of the user. New domain = new SIDs. It's possible but tedious and risky with unpredictable results (due to permissions, again tied to the SID) to migrate user profiles. A domain migration would be much smoother, if possible, especially for an administrator dealing with hundreds or thousands of user and machine accounts. Here is how I imagine doing it. The customer has two new servers (hardware), one of which will be a replacement for the existing Samba box (which handles file storage and sharing), the other of which will be the Windows 2003 AD server. I will make a copy of the existing Samba 3 domain to one new box, and install Windows 2003 in the other new box. These boxes will be at this point disconnected from the production network, leaving it intact and unchanged for now. This lets us make mistakes on the new systems without affecting their production network. Configure the Samba server so it looks like an NT 4 server (how?). Join the Windows 2003 server as a member server to the Samba 3 domain. Run the Active Directory installation wizard to migrate the domain, elevating the Windows 2003 server to an Active Directory server. Take the Samba 3 server offline, rebuild it, joining it to the new W2K3/AD domain as a simple file server. Any reason this won't work? Your experiences? Your wisdom? One final question: Can Exchange 2003 be made to authenticate against a Samba domain? I would expect not, since a Samba domain is mostly an NT4 equivalent and Exchange 2003 requires a domain at least at AD2000 functional level. Maybe AD2003 functional level. Why not just do the easy thing... add 2003 to the samba domain... and just have local AD and then it'll just work. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] General Samba Questions
On Wed, 2005-01-05 at 23:21 -0500, [EMAIL PROTECTED] wrote: Hi, We've been having lots of issues with our Linux based Samba servers since the Windows domains have migrated to AD. We were hoping and expecting that, at least in the short term, we could run in mixed mode and not have to make any changes to our Samba servers. However, things just aren't working well. Also, I've posted several issues to this list over the last several weeks and many of the issues I've encountered have gone unresolved. So, the question(s) I have is what is the recommended/suggested Samba version and configuration we should consider deploying in an infrastructure running with Windows 2003 servers and AD? We are running primarily RedHat 9 and RedHat ES 30 and a majority of our Samba servers are currently running 3.0.7 with some running 2.2.7a, (both of which are RedHat's distributions). We've had all kinds of problems varying from intermittent password server not available issues, to smbd locking up and most recently having problems changing a server from server to domain security style. Interestingly, (or maybe not), none of these problems existed prior to the AD upgrades I'm considering making an effort to go full ads mode on the samba servers, however, I've also seen that others have had issues doing this. I'm open to suggestions. You must make sure you use MIT Kerberos v1.3.4+ (1.3.[0|1|2|3] seemed intermittent to me). Winbind... this is the pivotal piece that needs to work properly. If everything else fails except winbind, thats a wonderful start. If everything works except for winbind, that will be an uphill battle, at least it has been for me doing remote samba installs where I have to rely on others to fix W2K3 domains and perms and such. Most of the time they fudge it up... or don't really trust Samba due to it being Shareware (yes I know it isn't) Work on getting a simple test environ (if possible) and try Samba in full ADS mode. (no mixed mode) Hammer it and make it work. Then apply your knowledge to a limited production server. The deploy once all the issues are resolved. I also want to heavily suggest samba 3.0.8 or after... really 3.0.10 as of now. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] SUSE 9.2 support
On Thu, 2005-01-06 at 16:43 -0600, John Schmerold wrote: I'm really sick of trying to get Fedora working with Samba LDAP, I've read all the books, technotes etc etc Still no glory after several months of fighting with it. So: I'm going to give SUSE 9.2 a shot, after 6 years of Red Hat, however I'll certainly need some support don't know which list /or news groups are best Anyone care to make a recommendation or two? Give the new Debian Installer a shot and install Debian's Sarge (testing as it is called right now) The packages are working very well for me, just by editing things. Generating the certs and imports the schema, etc... etc... Feels much more a breeze than anything SuSE or Fedora (or RedHat for that matter, my last was RH9, I got off the whirly-gig then) -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Thank you! Upgrade from Novell 4.11 is complete
On Tue, 2005-01-04 at 10:51 -0500, Misty Stanley-Jones wrote: I just wanted to write to you guys and thank you for all of your help and hand-holding as I upgraded our company's file server from a Pentium 200mmx running Novell 4.11 to a nice P4 server running Linux and Samba 3.0.9. It took from September to the end of December to accomplish it, but I have gotten compliments from several users about how smooth the transition was. My environment includes every version of Windows since (and including) Windows 95. I even have a computerized saw on my network, and it is happily getting its cut files from the Samba server. I only have about 60 users, so I guess it is a much smaller install than most. But Samba is running extremely lean, and not bogging the server down at all. Below is a brief summary of what I did: 1. Used 'rsync' to keep all of the data on the new server up-to-date with what was on the Novell server so the users would not lose any data in the transition. 2. Completely rearranged the shares and the way they are presented to much users, while providing some shares to certain users who needed to see certain drive letters for their ancient (RBase, QBasic) applications to work. 3. Improved security and eliminated home directories for users who have not worked here for years and years. 4. All printer drivers except for the pen plotter are now stored on the server. Printing via CUPS+Samba, and the print performance has outstripped the Novell print server by thousands of percents. 5. LDAP for authentication to not only Samba, but most UNIX servers, incoming and outgoing mail servers, and implemented a searchable white-pages while I was at it. 6. I am using Kixtart for login scripts. Drive letters are assigned based on group membership and machine type, and roaming profiles are implemented with folder redirection for non-laptop machines. My users are very very happy, and my boss is extremely pleased with the price-point and the performance. I just wanted to let you guys hear of a Samba success story. I will be happy to offer any advice for what I have learned along the way. I am sure that John Terpstra and Jeremy Allison would like to see you publish an in-depth Success Story article or HOWTO to document your progression (including the rsync, Kixtart, LDAP for everything (including WP publishing), Of course anonymizing the configs and names to protect the innocent (or guilty as the case may be) There might even be some people willing to pay a modest amount of publishing costs to you or your company, providing it be released similarly as John has done Samba by Example. I know, if it were edited well and had good content, I'd be extremely interested in purchasing a book on it. I just like to have things around to refer to. You never know, you might get feedback on how to improve your design and/or performance for little work or a small change doing both. I'd have done the same thing, but I am being blocked by the place I wrote my write up for (as part of doing the work), as they claim it property of their's. They will not allow any configs or setup info out, though completely re-written without ANY of their info in it, for Samba and AD integration, for logins on Windows and Unix using kerberos tickets that are automagically generated, being able to login to other unix machines from other unix machines without a password forwarding credentials, etc... It is a really smooth setup. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba=3.0.4 - no more smbpasswd ? no more local auth when joined to domain ?
My feedback is in-line. On Thu, 2004-12-09 at 08:35 +0100, Izo wrote: Not only nobody reads news://linux.samba, nobody obviously reads this newsgroup also ! This is just the 5th time I am sending the same or similar message in last 7 days with no response... Remember the term Volunteers? That is what SAMBA is supported by on this list. If nobody responded, you either have a way with words that is offensive or a problem not encountered widely or at all. I suspect the first, as I was a bit put off by this message. I would like to point out that *I really need help on this - either appointment to prompter resource either an answer about what is going on with my Samba installation Platform: SuSE-9.1, kernel-2.6.5, samba-3.0.4 Fine, thanks for the info needed. I have recently upgraded from 3.0.2a to 3.0.4 and I have just noticed that using the same smb.conf as with previous version, the system just does not work anymore for me ! Furthermore, smbpasswd utility appears to be dropped ! Okay, which package(s) did you install to upgrade to the non-working version, where did you get them? Are you sure you installed every package needed? Reason I ask, I am currently running 3.04 and I have /usr/bin/smbpasswd. Afterwards, I have noticed that I had to join the domain once again (security = DOMAIN). Yet, I still could not log in on to my machine. Before joining again, every attempt to access shared resources on MYHOST failed with: Really means nothing. session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE This just means that the machine account somehow got out of sync or the samba you installed wasn't compiled properly with the options you need OR you actually removed the samba package(s) and purged the files it needed to remember its machine trust account info. This behaviour was just the same even if I tried to used local samba user. This indicates, that the smbpasswd file is either ignored (despite passdb backend being set to smbpasswd) either changed the structure either being displaced. Anyway, browsing the samba docs I could only realize it was rather outdated (it refered to samba 3.0, obviously not to samba-3.0.4 and later), wasn't it ? smbpasswd *IS* still there. The docs are still very uptodate. They might not include various options added since v3.0. Nothing has changed considerably since v3.0 # smbclient -U me -L MYHOST -d3 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] Unknown parameter encountered: character set Ignoring unknown parameter character set Unknown parameter encountered: client code page Ignoring unknown parameter client code page added interface ip=172.22.110.137 bcast=172.22.255.255 nmask=255.255.0.0 added interface ip=192.168.74.1 bcast=192.168.74.255 nmask=255.255.255.0 Client started (version 3.0.2a-SUSE). Connecting to 172.22.110.137 at port 139 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPENGO login failed: Trust relationship failure session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE It appears the Machine Trust account info on your machine is not in sync with what the domain feels is right. As I've already said, I realized that I should have joined domain again. Why so if none of samba admin files changed during upgrade ? Anyway, net join went smoothly - I got reported Joined to domain OURDOMAIN so I supposed I was joined, wasn't I ? Maybe, possibly. I can't confirm this, you did not include any debug info to prove otherwise. Now I could perform net user -L MYHOST with DOMAIN authentication, yet I could not map or browse any of served shares from MYHOST (see the smbclient dump below) Could be related to the actual packages you installed... or did you compile from source? And more - where has support for local user/passwords gone ? I had previously configured few users which had not been configured within OURDOMAIN (using smbpasswd -a FOOUSER) and authentication was performed locally even when MYHOST was joined into OURDOMAIN. It seems that this functionality has just been dropped, hasn't it ? No, it has not been dropped. Again... *WHAT DID YOU INSTALL*? Did you install SuSE official packages? Did you install Joe Schmoe's packages with xyz(IOW whatever) option(s) disabled? Did you install samba.org's packages from the binary distribution point? Did you compile from source, with everything you needed is the way of -devel packages installed? Smbclient dump: smbclient notoriously reports as follows (see also testparm dump after smbclient dump): # smbclient -d3 -L me -U MYHOST lp_load: refreshing parameters Initialising
Re: SPNEDO [was Re: [Samba] samba=3.0.4 - no more smbpasswd ?...]
On Thu, 2004-12-09 at 07:19 -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Folkert wrote: |Doing spnego session setup (blob length=58) |got OID=1 3 6 1 4 1 311 2 2 10 |got principal=NONE |Got challenge flags: |Got NTLMSSP neg_flags=0x60890215 |NTLMSSP: Set final flags: |Got NTLMSSP neg_flags=0x60080215 |NTLMSSP Sign/Seal - Initialising with flags: |Got NTLMSSP neg_flags=0x60080215 |SPENGO login failed: Logon failure |session setup failed: NT_STATUS_LOGON_FAILURE | | | Spegno has a problem in 3.0.4 and maybe other versions as well. Not that I'm disagreeing, but there have been a lot of urban legends surround Samba's spnego implementation. What specific bug are you referring to ? We haven't changed that code much at all in a while now. Well, I see spegno failures on the machines I have joined to my Samba PDC (using tbd backend), especially for for some reason, those machines that have these failures... which didn't start until v3.0.4 now cannot find the Samba-PDC if they boot with the Network cable in. If they boot with the cable out and we wait until the CTRL-ATL-DEL splash comes up and *THEN* plug in the cable, they find it and the roaming profiles just honky dory. Domain Login script works, shares are all mapped, printers work... etc. Now, I have severed from the Domain... changed machine names, changed the user that actually joined the machine to the domain, made sure the PDC SID is all good, edited anything that was incorrect, just to make sure, there was nothing incorrect, nothing was wrong in the server side or client side. I also removed all WINS info after a stop and before a start... even completely re-created the whole domain. These same clients... no matter what do not find the PDC when the link-light is showing on the NIC when it boots. These machine are all over the map as far as network hardware; Intel e100, e1000, 3Com 3CXXX, Broadcom, Belkin, D-Link, even one machine has an ISA SMC card in it. I have even took one machine to another companies network and did a join to their ADS Domain and it just worked. Came back to mine (after an un-join from theirs) and the same problem exists. But some machines... especially notable are Virtual Machines, these Virtual machines are VMware machines. They have exactly Zero (0) problems with the network connected when they boot on Linux machines that don't even have Samba on them. The Linux machines use NFS to do things. So, at this point, I just gave up. Company moved to new Locale, I have a 100% new and certified Wiring Plant, with 100% new and properly working Giga-Bit Backbone and Switches serving everything. The PDC acquired a D-Link SK98LIN(kernel module name) GB card and is connected to the Backbone directly. Same problem exists. I sort of hoped it was the Old Wiring Plant or Networking Gear. BTW, since I gave up trying to fix it, I turned off all debug logging. I can turn it back on and do the dance for you and give you the logs. I have Win95OSR2, Win98SE, WNT4 sp6a, W2K SP4 plus hot fixes, WinXPSP2+ and nothing Win2k3 or longhorn beta. I am all EARs/WARs/JARs (drinking^W using Java at the moment) -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure dual samba 3.0.8 instances-one fedora box
On Wed, 2004-12-08 at 10:19 -0600, Fred wrote: Greetings, I've a need to run 2 instances on one box. I've spent the better part of 2 days looking for docs and howto's and reading the FM. However, I think I'm making too much out of it, thinking that there is more to it than there really is. the first instance is to serve the users, the second instance is for the backup system. I'm running fedora core 2 with samba 3.0.8pre2 (the first instance is a member server in a win2k3 domain and its working well.) I have a test box set up to experiment on. is there someone that can give me a quick run down as to the process of setting this up? or just a link to a doc would be fine... I haven't really found that much on the web though. You are missing an additional IP Address. Just assign an additional IP Addr to the existing interface and then have the working one only listen to the original interface (eth0 maybe), and the new one listen on the added interface (eth0.1 or what ever you name it) Both instances have to have different configs and storage areas for things like the tdbs and WINS/cached information, print$ and profiles. Though you can still have the same shares defined. And the printers should just work as well especially if you use CUPS. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] gui win2k interface for managing ACL or quota ?
On Mon, 2004-08-09 at 12:58, xavier wrote: hi, I have a question here: May I use the win2k gui interface for adding a user rights to a file (I mean with ACL, equivalent to setfacl -m u:test:rwx myfile for example) OR May I use the setfacl command or another tool like acl tool into webmin (I use it and it works good) ? Cause I have tryed to add rights for a user onto a file into gui windows, but the logs say that I don' t have permission (I'M memeber of admin users) and an error message is displayed to me into my win2k box! hey, I have the same question with quotas ! (but not problematic for me) it works good managing the quotas under webmin. What filesystem are you using? Are you adding the acl support on the mount options? -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Bug 1580, any ideas if it has been looked at?
Submitted on 2004-08-02. I foolishly attached my stuff to 364 which is an exact duplicate of my experiences. Except I have 6 ADS domains I am supposed to have sequence numbers for. It almost seems like a timeout or lack of comm issue. Usually it happens over night. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Website Updated and Redesigned
On Mon, 2004-08-09 at 01:22, Deryck Hodge wrote: If you haven't been to samba.org in the last few hours, it's time to take a look. Much has changed. The Samba website has been completely redesigned and updated. Very nice appearance. Almost looks professional :-P (T'was a joke son) No really it is nice... cept some of the mirrors in the US don't look so good. In particular, us2.samba.org -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory - Samba 3.0.4
On Tue, 2004-08-03 at 18:19, [EMAIL PROTECTED] wrote: Hello Everyone, I'm trying to get Samba 3.0.4 under Solaris 8 to join a Windows AD domain. I've compiled and configured all the required code.. and all works so far. I can do a kinit [EMAIL PROTECTED] and get a ticket from the AD server... Samba's smbd and nmbd run, winbind complains about credentials. Here's my issue. I don't have any control over the AD server. We have a 3rd party IT support group. And I'm not sure they are adding the samba server in the AD tree correctly My problem is, our 3rd party IT guys said he added my machine to the ad domain, but, I can't join, nor is the machine searchable through MS networking, so, I don't think he added it right. My question is: Is there any way to join an AD domain without having to know the administrators password? If so, how? You have to either do a net ads join Computers -Sserver once you get Kerberos setup properly, or you have to use key.tabs This is how it has to be done on the Microsoft side. http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp Then you just have to follow up and configure samba to use the key.tab -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba server onto a Windows 2000 server
On Mon, 2004-08-02 at 11:07, [EMAIL PROTECTED] wrote: Wanting to install SAMBA (3.0 preferably) onto a Windows 2000 Server, and then share files from the Windows 2000 Server, to the Sun Solaris 8 Workstation. Larry, you are misunderstanding me. Here: SAMBA is NOT a LOADABLE Program you install ON a WINDOWS SERVER PERIOD. Windows Server can and does share the files through it's server services already included with MicroSoft's Product. Windows 2000 already has SMB/CIFS services available once you turn them on. Nothing more is needed on that machine other than to define the shares (\\YOURSERVER\CAD-FILES) Again, let me explain this: SAMBA is NOT a LOADABLE Program you install ON a WINDOWS SERVER PERIOD. SAMBA is used by *NON**WINDOWS* machines to connect to Windows machines. By default Solaris uses NFS and AFS by default. Windows 2000 WILL NOT USE READ or OFFER THESE SERVICES PERIOD. For your SOLARIS MACHINE to COMMUNICATE PROPERLY with the WINDOWS server, you must do the following thing on your solaris workstaion: 1. Download the samba source: http://us3.samba.org/samba/ftp/samba-3.0.5.tar.gz 2. extract the source to a non-compressed format 3. you must configure (it is a command in the files you just extracted) and it will prepare itself to be compiled 4. you must 'make the compiled versions of SAMBA 5. you then as root on the solaris workstation, do a make install 6. Find the service file for Solaris and have it auto start samba for Solaris. 7. You then must know how to mount these Windows2000 Shares from your Solaris machine, to be able to read these files. Please Read the Manuals URLs, I gave you earlier. They will so much help you out. Good, luck. You need to comprehend the whole idea first. This is not an insult, just that you are lacking the understanding needed to really get this done. -Original Message- From: Greg Folkert [mailto:[EMAIL PROTECTED] Sent: Monday, August 02, 2004 7:58 AM To: [EMAIL PROTECTED] Subject: RE: [Samba] samba server onto a Windows 2000 server Comments in-line. On Mon, 2004-08-02 at 10:10, [EMAIL PROTECTED] wrote: So that I can share files from a Windows 2000 server to a Sun Solaris 8 workstation. Are you wanting to put SAMBA (the product) on a Windows Machine or On a Solaris Machine? There absolutely, positively any way possible to add samba to a Windows 2000 machine. What SAMBA does is provide CIFS(formerly SMB) connectivity for UNIX machines. This then allows you to mount Windows2000 Shares on directories in the Solaris Workstation. In other words, SAMBA provides you with the tools to connect *TO* Windows and access files and such *FROM* a UNIX machine. Therefore you have to install SAMBA on the UNIX machine. All you need to do is read the documentation. It is clear, concise, easily understandable and has specific for doing it on Solaris. http://www.samba.org/samba/docs/ Specifically: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ http://www.samba.org/samba/docs/man/Samba-Guide/ Good Luck. Now you know why I said it was INSANE. -Original Message- From: Greg Folkert [mailto:[EMAIL PROTECTED] Sent: Friday, July 30, 2004 9:09 PM To: SambaUser List; [EMAIL PROTECTED] Subject: Re: [Samba] samba server onto a Windows 2000 server On Fri, 2004-07-30 at 18:20, [EMAIL PROTECTED] wrote: How do I install any version of samba onto a Windows 2000 server? Come again? Anything that samba provides ( except for stability and compatibility ) is already available on a Windows 2000 Server. Please explain why you would want to do such an INSANE thing! -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Server 2000 Server installation
On Mon, 2004-08-02 at 11:08, Keith Edmunds wrote: On Mon, 2 Aug 2004 07:58:12 -0700 [EMAIL PROTECTED] wrote: Is there a procedure for installing and configuring SAMBA 3.0 for a Windows 2000 server so as to share files from the Windows 2000 server for Sun Solaris 8 workstations? You just need to use smbmount to mount the Windows shares on the Sun workstations. NO, that is NOT what he is asking. He wants to put SAMBA on the Windows2000 machine. Not on the Solaris Machine. See my other postings to his ramblings. He doesn't listen or read. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble authenticating clients from ADS domain on Samba 3.0.5 file server
On Fri, 2004-07-30 at 16:27, Chris Goff wrote:
[...]
Used MIT KRB5 v1.3.4, Samba 3.0.5, Also make sure that all the /lib and
/lib/security files related to each get replaced.
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
server string = BIG Storage
security = ADS
auth methods = winbind, sam
obey pam restrictions = Yes
password server = mydc1.mydomain.com
username level = 3
lanman auth = No
ntlm auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 0
syslog = 0
log file = /var/log/samba/%m.log
max log size = 1
smb ports = 445
disable netbios = Yes
max xmit = 65535
name resolve order = wins hosts bcast
server signing = auto
deadtime = 10080
socket options = IPTOS_LOWDELAY TCP_NODELAY
logon path =
logon home =
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
idmap uid = 1-4
idmap gid = 1-4
template homedir = /home/%D/%U
template shell = /bin/bash
winbind separator = +
winbind cache time = 20
winbind nested groups = Yes
ea support = Yes
use client driver = Yes
hide special files = Yes
map archive = No
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0700
browseable = No
My krb5.conf
===
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MYNETWORK.COM
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
kdc_timesync = 1
dns_lookup_realm = true
dns_lookup_kdc = true
forward = true
forwardable = true
proxiable = true
autologin = true
encrypt = true
[realms]
NETWORKMCS.COM = {
kdc = mydc1.mynetwork.com:88
admin_server = mydc1.mynetwork.com:749
default_domain = mynetwork.com
}
[domain_realm]
.mynetwork.com = MYNETWORK.COM
mynetwork.com = MYNETWORK.COM
[pam]
debug = false
ticket_lifetime = 24000
renew_lifetime = 24000
forward = true
forwardable = true
autologin = true
encrypt = true
krb4_convert = false
My /etc/pam.d/login
==
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
accountsufficient pam_winbind.so
accountrequired pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
sessionrequired pam_mkhomedir.so skel=/etc/skel/ umask=0022
sessionrequired pam_stack.so service=system-auth
sessionoptional pam_console.so
--
greg, [EMAIL PROTECTED]
The technology that is
Stronger, better, faster: Linux
signature.asc
Description: This is a digitally signed message part
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble authenticating clients from ADS domain on Samba 3.0.5 file
On Fri, 2004-07-30 at 17:08, Chris Goff wrote: Did you install the PAM from the Samba FTP server, or PAM from padl.com? I ended up following another tutorial than my original post here on the mailing list a day or so back: http://www.rongage.org/manual_samba_howto.html Everything has worked like a charm, although there was no mention of PAM. I actually used the pam src rpm from fedora core 1/2 which ever was 0.77. rpmbuild --rebuild that.src.rpm Then install it. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba server onto a Windows 2000 server
On Fri, 2004-07-30 at 18:20, [EMAIL PROTECTED] wrote: How do I install any version of samba onto a Windows 2000 server? Come again? Anything that samba provides ( except for stability and compatibility ) is already available on a Windows 2000 Server. Please explain why you would want to do such an INSANE thing! -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need some advice
On Thu, 2004-07-29 at 05:18, [EMAIL PROTECTED] wrote: hi, i've several - for me - big problems. i've posted here several times and only got generic or no replies. as my problmes ge more and more urgent i need some help. where can i get this ? what do i have to do. i'm realy desperate .. Matthias, please, in one long drawn out e-mail, again: 1. List your problems, as quite detailed as possible. Including Samba version, configure options used, what type of environment you are using besides samba, the OSes involved with the problems. 2. List your steps you have taken to solve these issues, including google search queries used (just the search terms), options enabled/disabled/changed, Libraries you have updated, and so on. 3. Give us Level 6, 7, 8, 9 or 10 samba log snippets showing the problems, the error codes the Windows side is getting. 4. Give us a sanitized copies of you smb.conf, krb5.conf, slapd.conf and any other conf you are using... including scripts to add users, delete users etc Otherwise, you will only get a generic response. *IF* someone can get their arms around you problem, they may post a few fixes that may or may not work. This is the way of this list, we are not GODS (well except Jerry, John and Gerald (plus a few others on the samba team)) -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need some advice
Matthias, I have not read your thread about your problems at all. I need the list of stuff I wanted. Yes there is a size limit, But we don't NEED 10,000 lines of the log, just the pertinent stuff. Along the lines of don't use Win98, I'd have to agree. But, then again, that probably is not doable in your case. Please let me be the first to say sorry for no responses. I tend to help those that help themselves or the one that have demonstrated at least some persistence. And, don't think that I haven't gone through the same here. I was really frustrated with an ADS/WindowsNT/2K/2K3/Samba/Applications Server/shell access/e-mail setup recently... I'd have thank nobody for replying as well on 2 separate events. BUT, to go back to your stuff, The stuff I listed is what I need to continue to help you, and maybe others will share the secrets they have found. So, go back to my first one just before this on... and answer those questions, if need be multiple mails to overcome the size limit. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2003 KDC and Samba
On Thu, 2004-07-29 at 10:08, Tran Charles A Civ OC-ALC/ITMA wrote: We have serveral RHEL 3.0 Update 2 servers running Samba. These have been working flawlessly for several months.. Recently, the base upgraded all the Windows 2000 servers to Windows 2003.. NOTE: we don't have admin rights to the Domain Controllers.. (wish we did..) Previous to the Domain (and kdc) controllers to 2003 we had no issues joining a new Samba Sever to the ADS.. Using the same krb5.conf and kdc.conf and smb.conf file.. it is no longer possible to join a Samba 3.0 server to the domain.. Any help direction is appreciated.. VR Charles Samba packages - samba-common-3.0.4-6.3E samba-3.0.4-6.3E samba-client-3.0.4-6.3E Kerberos Packages.. - pam_krb5-1.73-1 krb5-libs-1.2.7-24 krb5-workstation-1.2.7-24 krbafs-1.1.1-11 krbafs-utils-1.1.1-11 krb5-server-1.2.7-24 krbafs-devel-1.1.1-11 krb5-devel-1.2.7-24 First off, you need to use MIT kerberos v1.3.x, install it (I had to use source to do this. v1.3.4 works nice. I just left the RHES krb5 stuff inplace. as then it feels just like it was compiled for it. I used a fugly configure line, for kerberos. You will prolly have to do the same for krbafs. I also updated the pam_smb and pam_krb5 packages from Fedora Core (got the src rpm and did a rpmbuild --rebuild on it) Your samba should be okay, but given that 3.0.5 was just release last week Wednesday as a security release... dunno. I had many little problems at MIT krb5 v1.2.7. Why I went to v1.3.4. You might also try the currently broken option called: spnego = Yes It may or may not work. If you want to know the configure options I used... let me know. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need some advice
On Thu, 2004-07-29 at 12:59, John H Terpstra wrote: On Thursday 29 July 2004 10:03, Greg Folkert wrote: Please let me be the first to say sorry for no responses. I tend to help those that help themselves or the one that have demonstrated at least some persistence. ... And, don't think that I haven't gone through the same here. I was really frustrated with an ADS/WindowsNT/2K/2K3/Samba/Applications Server/shell access/e-mail setup recently... I'd have thank nobody for replying as well on 2 separate events. ... [...] Greg makes a good point here. Over the years many people have contributed to answering questions on this list. Mostly the same questions come up repetitively. It takes a huge time commitment to answer the requests that are made. Those of us who help out do it for love and for a desire to help others. [...] Where people demonstrate that they have done their homework, have read the documentation we provide, and still have a problem I will break ice to help them - particularly if in return they will provide an update to either book. Please be mindful when asking for help that by explaining your problem on this list your goal should be to help some else by way of having your problem solved. This is after all a community help list. I welcome direct, personal, email that points me to information in the above books that is either missing, in error, or mis-guided. We want to improve the documentation so it will help everyone. All contributions by way of patches to the documentation will be given attribution in the book. [...] John, since I was a consultant on that Gig I (am still finishing) am charged with Complete Documentation of what I did. This is a good thing. I'll have to include my samba.install.journal, Each and everything I did and referenced to make RH-ES 3.0 SP2 running 2.4.21-smp-HUGEMEMetc. to operate in a Completely mixed NT/2K/2K3/Linux/s390/(Win*NIX)ApplicationServer/Solaris/kerberos5/ADS/KitchenSink environment. (Thank $DEITY it didn't include NIS/NIS+) Now, the good thing is I'll have everything *I* did to get things to work, including configure options, references that helped out to glue all the pieces together, versions of software used, compiler used, CFLAGS, CPPFLAGS, LDFLAGS, winbind setup, joining ADS, setting KRB5 proper for 6 KDCs, 2 InterTree TransSumpthing trust and 5 domain in the tree trusts, with ACLs being used on the Linux machine (a quad 248 Opteron HP system with 10GB of Memory and 40+TB of Disk), bad thing is, it'll have to be sanitized, and proof read before I can release it. It basically turned out to be a single-Sign-on setup with ADS and kerberos5 doing the auth work. With machine key.tabs and group mappings from H3LL!. But, then again, maybe my pain will finally lessen others pain. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with Unix Permissions and ACLs
On Wed, 2004-07-28 at 22:53, Adam Luchjenbroers wrote: System is RHEL3 with Samba 3.0.0. I have a share that is configured to be accessible only to a specific group (Test Admin). [delta] comment = Testing path = /var/test valid users = @TEST/App - Test Admin admin users = @TEST/App - Test Admin writable = yes Do you have ACL support in the Kernel? Are you using a filesystem that supports ACLs? Have you enabled ACLs on the machine in global? You didn't in the share. Do you have Winbind properly config'd? Via the NT security dialog, file permissions are mapping fine but all directories have empty ACLs (no permissions for any). File permissions in question have been checked. Despite this lack of permissions, directories can be entered and browsed, however files cannot be created. In addition, no file may be written to, though reading works fine. guest access is probably what you are seeing. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Access Denied
See comments below: On Tue, 2004-07-27 at 05:29, Bill Mann wrote: CONFIDENTIALITY NOTICE: This e-mail (including attachments), is covered by the Electronic Communications Privacy Act, §§ 2510-2521 and is confidential. The information contained in this message and the accompanying documents is confidential information that is legally privileged and intended only for the use of the above-named recipient. If the reader of this message is not the named recipient or an employee or agent responsible for delivering the telecopy to the named recipient, please notify us immediately to arrange for the return of the original documents to us. You are hereby notified that any review, disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. Uh, yeah, sure. You understand that this is completely NOT enforceable? You also, realize that *ANY* e-mail transmitted to any machine other than your own is by default public record? As a note, you sent this to an e-mail list, which has archives, therefore will forever be readable. Just a thought, you might want to let you legal department know about this, have them review it and understand about Electronic Communications. E-Mail is not coverable, although it claims it is. Technically speaking... it cannot be done. There IS only one way to make it work: Encryption. Good luck. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users %g and %u not behaving properly...
On Tue, 2004-07-27 at 10:24, Chris wrote: Okay... I guess I can find ways around that then... My thanks to those who read. It is times like this I like to point out that Microsoft's POS (ADS with Kerberos) is highly undocumented. There are many caveats. I myself have experienced similar issues with what MS throws back at samba. Case in point, I have just completed a full-on integration with kerberos and ADS authentication from a pretty darn big Linux machine (Quad Opteron 10GB Memory and 40TB+ Clarion Disk subsystem) It is unexplainable. But, once you get it to work... it works. My problems always start when I have to shutoff error tables and stack smashing protection. It nearly ALWAYS ends up being a shared libraries issue. For winbind (what you are using) make sure the libraries it uses are put in place and/or replaces the existing ones. The make install for some reason wouldn't (couldn't) over write some libraries in /lib and /lib/security Hope this helps. On Friday 23 July 2004 02:02 pm, Chris wrote: Hello. I have samba working with ADS and winbind (upgrading from nt4/samba-2.0.7 to w2k3/samba-3.0.4). Everything seems cool, but for one thing. My old homes share used to look like this: [homes] path=%H/sam valid users = +%G,%U force user = %U force group = %G write list = +%U create mask = 0770 directory mask = 0770 browseable=no read only = no It worked beautifully. But the whold valid users thing isn't working on the new system. To help troubleshoot, I used root prexec to dump the contents of %U, %u, %G, and %g to a file. The values of these variables when connecting to the [homes] share as me: %U = username without domain (e.g. chris) %u = username with domain name and domain seperator (e.g. DOMAIN+chris) %G = users --- always equal to the group users -- I have no clue why! Sometimes, however, %G = %G instead of users. I think this is true for users who don't have a local unix account on the system. %g = groupname with domain name and domain seperator (e.g. DOMAIN+chris_) Here is where it gets weird. Because %u = DOMAIN+chris it seems I should be able to do this: valid users = %u But it doesn't work! Once I add that line, it denies me access to the share. If I comment it out, I once again have access. So, because %g = DOMAIN+primary_group I tried this: valid users = +%g (also tried valid users = @%g) Same thing. Doesn't grant me access. This makes absolutely no sense to me. The use of these variables are critical to maintaining the security of the server shares. Has this changed between versions? Is this a bug? Or am I missing something all together? How can I do this? I can't find anything on this in the books (I have 4 samba books...) or on line. It used to work... I appreciate any help. Thanks! Chris -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting Samba 3 to communicate with Win2k3 ADS
On Tue, 2004-07-27 at 14:59, Chris Goff wrote: [snip a buncha] So basically, does anyone have some steps they went through to get a basic samba 3 file server running on their 2003 ADS network? Also, I'd *really* like to be able to use ACL to control folder permissions from WinXX clients rather than fudging with unix permissions. Does ReiserFS support ACL, or do I need to use another file system? Not properly. Use either XFS or ext3 with ACL support compiled into the kernel. Samba n00b, frusterated but hanging in there... Even me being as good as I am in general, Samba hath shamed me these past 2 weeks. I want you to know that reference really works well. That at least got me in the RIGHT direction. The thing that made everything work for me, was making sure the kerberos setup was absolutely proper, and making sure the shared libraries that winbind uses are the proper versions. I had a three shared libraries not get replaced... screwed up everything. Anyhow, I suggest you take a look back at the samba archive and look for an e-mail by me called: Chasing the ads_add_machine_acct: Insufficient access problem Everything in there in the building of samba and kerberos is very crucial. Make and install kerberos v1.3.4 first. Then without setting up kerberos just make and install samba (was 3.0.4) 3.0.5 that way. Things should be very good. It is a good baseline. Now, as far as smb.conf thingers... things in smb.conf and ads and kerberos have to line up exactly , domain names, realm names, etc... Once you do that, you should be golden. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with nobody processes in Samba 3.0.4
Comments inline. On Tue, 2004-07-27 at 18:22, Jason wrote: Hi I am having the exact same problem. Did anyone every solve it? It occurs on both of my samba servers, one of which is not being used. Jason - original message - Hi, Hopefully someone can help me with this because its driving me up the wall. I admin a Samba PDC which authenticates through an LDAP backend. Both the samba server and pam authenticate through the entries in the LDAP database. I recently upgraded to 3.0.4 to combat the M$ hotfix that destroyed password changing. Since then things have been squiffy. All runs fine (apart from a grouping problem that I shall describe later) until a rogue samba thread appears which is owned by nobody. PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 2639 root 20 0 13844 3832 804 S40.8 1.5 4317m 0 slapd 7889 nobody15 0 1528 492 372 S 4.9 0.1 76:19 0 smbd This particular top output is probably a bad example because the nightly backups are running at the same time. However the exhaustion of slapd as shown above occurs at the same time as this nobody thread appears. When the backup is not running the smbd thread usually hits about 40% CPU as well leading to a very congested fileserver. At this point the network slows to a crawl, killing these processes stops the slapd cpu usage but seems then to corrupt peoples smb sessions which seems to suggest the process is actually associated with a user. In trying to track down this bug I've rearranged the entire ldap tree; we used to have an ou=smb tree for all samba classes and ou=People and ou=Group trees for all the posix classes. These have ow been rearranged so that ou=People,ou=Computers and ou=Group exist with both their posix and samba attributes in each respective tree. I would really, really appriciate any help that you people can give. I've had success tracking down samba problems in the past but this one has me. From what I have seen, this is caused from having some (l)user in a group that does not exist as a (l)user. Check your configs, and make sure they are right. It can be as minor as a mistype. (that was a problem on one of my installations... DOH!) -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Backup
On Thu, 2004-07-22 at 05:17, Olaf Eichhorn, Vermessungsbüro Pfeifer wrote: Hi James, this is an known bug in samba 3.0.4 The number of the bug is 1404. It is solved in 3.0.5 Martijn Moret sent me patched packages of samba 3.0.4 because I need an working update on our server. (thanks Martijn) No, it is not solved in 3.0.5. It was a security release from 3.0.4 with only those 2 changes causing the release. Should be fixed in 3.0.6 (unless another security release gets in there first) -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cups/samba integration problems
On Fri, 2004-07-23 at 18:43, Greg Saunders wrote: Some notes first: Fedora Core 1 (2 node HA cluster, heartbeat drbd) Cups 1.1.20 Samba 3.0.4 400 Windows 2000/XP clients 50 print queues HP Laserjets, Xerox colour multifunctionals, Ricoh mulitfunctionals, HP DesignJet plotters 2000+ print jobs/day 8000+ pages/day 5GB + print data/day I have a custom printer accounting application that is run by samba when a print job arrives at the server. This application supports PCL5, PCL6, postscript and HPGL2 blah blah blah. PROBLEM: Because samba and cups are now tightly integrated, samba does not offer the facility to issue a custom print command (print command =) when you tell samba the printing system is cups. Samba quietly ignores any custom print command, postexec, and preexec directives. The right thing to do would be to write a cups filter to invoke the printer accounting, however, the cups command line arguments to a filter program and the environment variables seem lacking some key pieces of information, namely, the remote host and remote ip address of the client. So, in my case, I must break the relationship between cups and samba and tell samba that the printing system is bsd or lprng in order to use my printer accounting application. This is where all hell breaks loose. There seems to be no valid lpq command that samba can hand off to cups that reports anything that samba understands. Worse, the default lpq command (lpq -P%p) invokes (I assume) cups lpstat program. Under the right (or wrong) conditions, this has brought my server to its knees. I don't know what's wrong with lpstat but it seems to be horribly inefficient, especially when 400 windows desktops query the samba server for print queue status (which it is unable to report anyway). In order to stop the samba/cups duo from crashing my server (doesn't really crash, it just can't do anything, like a self inflicted DOS attack) i have to map the samba lpq command to /bin/false. So here are my two questions: 1. Is it samba or cups that prevents samba from using a custom print command 2. What the heck is wrong with lpstat. Even a script that runs lpsat (multiple times) to collect different pieces of information seems to tax the system. You need to install the LPR support for cups... it will then use the stuff more properly. Define all of your printers manually. Specifying localhost as the host and the CUPS printer name (lpr://localhost:515/MyPrinter) or something similar, but not the IPP info. On Debian this package would be: cupsys-bsd the files it provides: /usr/bin/cancel /usr/bin/cupstestppd /usr/bin/lp /usr/bin/lpoptions /usr/bin/lppasswd /usr/bin/lpstat /usr/bin/disable /usr/bin/enable /usr/bin/cupsdisable /usr/bin/cupsenable /usr/sbin/reject /usr/sbin/cupsreject /usr/sbin/cupsaccept /usr/sbin/cupsaddsmb /usr/sbin/accept /usr/sbin/lpadmin /usr/sbin/lpinfo /usr/sbin/lpmove I hope this helps. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Compiling Samba 3.0.4, err w/ krb5
On Thu, 2004-07-22 at 07:46, Poulson, Shawn wrote: I don't care for being patronized. I had a question, and I get this condescending reply. Thanks, but no thanks. I wasn't patronizing you. It was not condescending. It was a polite reminder to ask good questions. You think it is a simple question you asked, it is not. I could have given you the standard tirade that people asking your kind of bad questions get on the mailing lists I am on that are technical in nature, but not Windows in nature. You see, many people that have been long using Unix, Linux or *BSD, understand how to ask good questions, yet it seems from my perspective and many others that people coming or 95% of the time being in a Windows[tm] world, ask questions that are not quite as complete. Therefore when dealing with a heavy technical group such as the samba mailing list, where traceback stacks are commonly referred to or the error logs say Read the Bugs Appendix others typically known what the heck they are talking about. Please, think about including details of the system(s) you are dealing with. Then and only then can someone with the knowledge you are *ASKING FOR* can make a proper response to your problem. Being snide and asking stupid questions are not garnering you any goodwill. Thank you my dear for really hitting this idea home for me, without your ability to dig deeper, the message would not have come across as well. Now, that we are past the pleasantries, What kind of a system are you running, is it Linux, *BSD or Commercial Unix? If so, What version and possibly which Distro are you using? Have you searched for a prebuilt Binary that may fit your needs? Please cut the pleasantries and just answer the questions. This is NOT SAP you are dealing with here, Deary. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba 3.0.4, err w/ krb5
On Wed, 2004-07-21 at 11:46, Poulson, Shawn wrote: Hello again, I'm not attempting an install of Samba 3.0.4 from source. I want to specifically compile in ads and winbindd support. So, I already compiled and installed OpenLDAP 2.2.13. If you are not attempting to install samba from source, how are you going to get ads and winbindd support? What does OpenLDAP have to do with doing up samba for ads and winbind? Now the configure script is hung on krb5 dependancy: checking for krb5.h... no configure: error: Active Directory cannot be supported without krb5.h That is a sticker. you need to have version of krb5 installed, either MIT or HEIMDAL. So I downloaded and attempted compile of krb5 1.3.4, but I got this error: /root/stuff/krb5-1.3.4/src/appl/telnet/telnet/telnet.c:783: undefined reference to `tgetent' collect2: ld returned 1 exit status Upon searching kerberos list archives, there was a complaint about this error and having to reinstall ncurses to satisfy this reference. Good on the D/L of MIT KRB5 1.3.4. Shucks, ncurses. well, you downloaded that. http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html However, when I compile ncurses 5.3, I get an error about g++ not being installed. Well, that is a biggy. you might have gcc installed (the C compiler) but not have the C++ compiler g++ installed. It happens to all of us. This seems like an endless dependancy. Any tips on making samba configure script happy? Yes, how long have been an admin of a *NIX machine? I can say I have had to deal with things like this for eons. If you do it often enough, you get good at it. I used to update whole Linux machine with touch RPM or any other package manager. Mainly they screwed up everything I needed left as is (config wise). So, I used Slackware. Now I use Debian Sid. Now, remember I said alot. But gave no real answer. You asked alot but gave us no clues how to help you. What *NIX are you using. Is it a Linux or *BSD? If it is Linux which distro is it? When you can tell us the answers, we can help. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Chasing the ads_add_machine_acct: Insufficient access problem
Okay, the jist of this whole thing, I get this infamous (?) problem, I have been trying to search though the archives of samba-general on gmane and also in my archive of this list. I have only seen requests for the magical answer. Environment: W2K/W2K3 mixed ADS going Native ADS only soon. Samba 3.0.4 compiled from source on a RHEL AS30 machine. MIT Kerberos v1.3.4 also compiled from source. Kernel == 2.4.21-15.0.2.ELhugemem #1 SMP Wed Jun 16 22:36:51 EDT 2004 i686 athlon i386 GNU/Linux Here is the problem in a nutshell: [EMAIL PROTECTED] root]# net ads join Computers -S mydc1.mynetwork.com [2004/07/20 15:06:09, 0] libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access and the important pieces of smb.conf: [global] workgroup = MYNETWORK netbios name = ROAR server string = Lotsa Room security = ADS realm = MYNETWORK.COM auth methods = winbind password server = mydc1.mynetwork.com passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . lanman auth = No ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No syslog = 0 log file = /var/log/samba/log.%m max log size = 1 smb ports = 445 disable netbios = Yes max xmit = 65535 name resolve order = host wins lmhosts bcast #tried both spnego Yes and No same diff. use spnego = Yes # use spnego = No server signing = auto deadtime = 10080 socket options = IPTOS_LOWDELAY TCP_NODELAY logon path = logon home = os level = 49 preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 1-4 idmap gid = 1-4 winbind separator = + winbind nested groups = Yes winbind cache time = 20 template homedir = /home/%D/%U invalid users = root ea support = Yes hide special files = Yes hide unreadable = Yes And here is my klist: [EMAIL PROTECTED] root]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 07/20/04 16:21:53 07/21/04 02:22:01 krbtgt/[EMAIL PROTECTED] renew until 07/21/04 16:21:53 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Yes, [EMAIL PROTECTED] has rights to create users and machines in the AD Tree in Computers So, now, given that this is an existing problem in v3.0.4, I have to show the way I configured and compiled it. I also compiled MIT Kerberos v1.3.4 the proper way (similar to this). Personally I like integrations. Here is the configure for samba v3.0.4: ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr \ --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc \ --datadir=/usr/share --includedir=/usr/include \ --libdir=/usr/lib --libexecdir=/usr/libexec \ --localstatedir=/var --sharedstatedir=/usr/com \ --mandir=/usr/share/man --infodir=/usr/share/info --with-acl-support --with-automount \ --with-codepagedir=/usr/share/samba/codepages --with-fhs \ --with-libsmbclient --with-lockdir=/var/cache/samba --with-pam \ --with-pam_smbpass --with-piddir=/var/run \ --with-privatedir=/etc/samba --with-quotas --with-smbmount \ --with-swatdir=/usr/share/swat --with-syslog --with-utmp \ --with-vfs --without-smbwrapper --with-ads --with-winbind \ --with-krb5 Here is the configure for krb5-1.3.4: ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr \ --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc \ --datadir=/usr/share --includedir=/usr/include \ --libdir=/usr/lib --libexecdir=/usr/libexec \ --localstatedir=/var --sharedstatedir=/usr/com \ --mandir=/usr/share/man --infodir=/usr/share/info CC=gcc \ CFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686 -I/usr/include/et \ -fPIC LDFLAGS= CPPFLAGS=-I/usr/include/et --enable-shared \ --enable-static --bindir=/usr/kerberos/bin \ --mandir=/usr/kerberos/man --sbindir=/usr/kerberos/sbin \ --datadir=/usr/kerberos/share --localstatedir=/var/kerberos \
[Samba] FIXED: Chasing the ads_add_machine_acct: Insufficient access problem
Fix provided below. On Tue, 2004-07-20 at 18:06, Greg Folkert wrote: Okay, the jist of this whole thing, I get this infamous (?) problem, I have been trying to search though the archives of samba-general on gmane and also in my archive of this list. I have only seen requests for the magical answer. Environment: W2K/W2K3 mixed ADS going Native ADS only soon. Samba 3.0.4 compiled from source on a RHEL AS30 machine. MIT Kerberos v1.3.4 also compiled from source. Kernel == 2.4.21-15.0.2.ELhugemem #1 SMP Wed Jun 16 22:36:51 EDT 2004 i686 athlon i386 GNU/Linux Here is the problem in a nutshell: [EMAIL PROTECTED] root]# net ads join Computers -S mydc1.mynetwork.com [2004/07/20 15:06:09, 0] libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access and the important pieces of smb.conf: [global] workgroup = MYNETWORK netbios name = ROAR server string = Lotsa Room security = ADS realm = MYNETWORK.COM auth methods = winbind password server = mydc1.mynetwork.com passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . lanman auth = No ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No syslog = 0 log file = /var/log/samba/log.%m max log size = 1 smb ports = 445 disable netbios = Yes max xmit = 65535 name resolve order = host wins lmhosts bcast #tried both spnego Yes and No same diff. use spnego = Yes # use spnego = No server signing = auto deadtime = 10080 socket options = IPTOS_LOWDELAY TCP_NODELAY logon path = logon home = os level = 49 preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 1-4 idmap gid = 1-4 winbind separator = + winbind nested groups = Yes winbind cache time = 20 template homedir = /home/%D/%U invalid users = root ea support = Yes hide special files = Yes hide unreadable = Yes And here is my klist: [EMAIL PROTECTED] root]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 07/20/04 16:21:53 07/21/04 02:22:01 krbtgt/[EMAIL PROTECTED] renew until 07/21/04 16:21:53 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Yes, [EMAIL PROTECTED] has rights to create users and machines in the AD Tree in Computers So, now, given that this is an existing problem in v3.0.4, I have to show the way I configured and compiled it. I also compiled MIT Kerberos v1.3.4 the proper way (similar to this). Personally I like integrations. Here is the configure for samba v3.0.4: ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr \ --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc \ --datadir=/usr/share --includedir=/usr/include \ --libdir=/usr/lib --libexecdir=/usr/libexec \ --localstatedir=/var --sharedstatedir=/usr/com \ --mandir=/usr/share/man --infodir=/usr/share/info --with-acl-support --with-automount \ --with-codepagedir=/usr/share/samba/codepages --with-fhs \ --with-libsmbclient --with-lockdir=/var/cache/samba --with-pam \ --with-pam_smbpass --with-piddir=/var/run \ --with-privatedir=/etc/samba --with-quotas --with-smbmount \ --with-swatdir=/usr/share/swat --with-syslog --with-utmp \ --with-vfs --without-smbwrapper --with-ads --with-winbind \ --with-krb5 Here is the configure for krb5-1.3.4: ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr \ --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc \ --datadir=/usr/share --includedir=/usr/include \ --libdir=/usr/lib --libexecdir=/usr/libexec \ --localstatedir=/var --sharedstatedir=/usr/com \ --mandir=/usr/share/man --infodir=/usr/share/info CC=gcc \ CFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686 -I/usr/include/et \ -fPIC LDFLAGS= CPPFLAGS=-I/usr/include/et --enable-shared
Re: [Samba] SSLeay
On Mon, 2004-07-19 at 12:52, Loftus Andy - ALoftu wrote: Could someone tell me where i can download the latest version of SSLeay. I have tried the following sites: * ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ * ftp://ftp.uni-mainz.de/pub/internet/security/ssl * ftp://ftp.cert.dfn.de/pub/tools/crypt/sslapps * ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.psy.uq.oz.au * ftp://ftp.sunet.se/ftp/pub/security/tools/crypt/ssleay None of these will let me access the software. From the FAQ Page for the descendant of openSSL: (http://www.openssl.org/support/faq.html) 2. Where is the documentation? OpenSSL is a library that provides cryptographic functionality to applications such as secure web servers. Be sure to read the documentation of the application you want to use. The INSTALL file explains how to install this library. OpenSSL includes a command line utility that can be used to perform a variety of cryptographic functions. It is described in the openssl(1) manpage. Documentation for developers is currently being written. A few manual pages already are available; overviews over libcrypto and libssl are given in the crypto(3) and ssl(3) manpages. The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a different directory if you specified one as described in INSTALL). In addition, you can read the most current versions at http://www.openssl.org/docs/. For information on parts of libcrypto that are not yet documented, you might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's predecessor, at http://www.columbia.edu/~ariel/ssleay/. Much of this still applies to OpenSSL. There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt The original SSLeay documentation is included in OpenSSL as doc/ssleay.txt. It may be useful when none of the other resources help, but please note that it reflects the obsolete version SSLeay 0.6.6. Should explain it well enough. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Smart Questions [Was: Re: [Samba] Re: What happened to this list?]
On Mon, 2004-07-19 at 12:55, fire-eyes wrote: I think this is an excellent read. Some people who are given this URL are offended, and think that whoever gave it to them thinks they are an idiot. True there is a tone of elitism in it, but it's still an outstanding read. Because if the asker doesn't give enough info, then yes, it's much more likely to be looked over in favor of somebody who did provide better information. I encourage all to read this in full. http://www.catb.org/~esr/faqs/smart-questions.html To be honest, you really need to realize WHOM you sent this to... Jeremy Allison, is not the person *I* would send this to. Please understand this. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: v3.0.4-5 (Debian Sid) not Samba 3.0.5 - Can't change password
On Mon, 2004-06-14 at 03:21, Laurent CARON wrote: Hello, I upgraded samba to 3.0.5 (debian sid) in the hope of getting windows password change to work, but had no success. [EMAIL PROTECTED]:greg]$ apt-show-versions -a samba-common samba-common3.0.4-5 install ok installed samba-common3.0.2a-1testing samba-common3.0.4-5 unstable samba-common/unstable uptodate 3.0.4-5 I am sorry, but you have 3.0.4-5 installed. The password is changed (fortunately), but the computer still displays a message saying the old password is incorrect. Do you know how to fix it? Do you have a proper password chat setup? Are you using PAM to change the passwords? You really need to give us more info. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba shares becoming inactive after a while
On Mon, 2004-06-14 at 03:09, Wilfred van Velzen wrote:
When a user is not using a samba share, after a while they become
inactive. When a user wants to access the share again, it takes an
irritating long time before they get access again. The (windows)
application that does the accessing is not responding during that
time. There are no drive letters assigned to the shares in a logon
script. When I do assign a drive letter to the share (in a test
situation), this problem doesn't seem to exist. But how can I prevent
this without assigning drive letters to all the shares?
Here's the global section of my /etc/samba/smb.conf :
[global]
workgroup = SERCOM
server string = Samba Server
encrypt passwords = Yes
map to guest = Bad User
time server = Yes
unix extensions = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
keepalive = 0
printcap name = CUPS
add user script = /usr/sbin/useradd -c Machine -d /dev/null -s
/bin/false %m$
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
I've already experimented with the 'socket options' and 'keepalive'
options, but these don't seem to make any difference...
From the included docs for Samba:
deadtime (G)
The value of the parameter (a decimal integer) represents the
number of minutes of inactivity before a connection is
considered dead, and it is disconnected. The deadtime only takes
effect if the number of open files is zero.
This is useful to stop a server's resources being exhausted by a
large number of inactive connections.
Most clients have an auto-reconnect feature when a connection is
broken so in most cases this parameter should be transparent to
users.
Using this parameter with a timeout of a few minutes is
recommended for most systems.
A deadtime of zero indicates that no auto-disconnection should
be performed.
Default: deadtime = 0
Example: deadtime = 15
Hope this helps.
--
[EMAIL PROTECTED]
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry
Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup
signature.asc
Description: This is a digitally signed message part
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: v3.0.4-5 (Debian Sid) not Samba 3.0.5 - Can't change password
On Mon, 2004-06-14 at 09:53, Laurent CARON wrote: Greg Folkert wrote: On Mon, 2004-06-14 at 03:21, Laurent CARON wrote: Hello, I upgraded samba to 3.0.5 (debian sid) in the hope of getting windows password change to work, but had no success. [EMAIL PROTECTED]:greg]$ apt-show-versions -a samba-common samba-common3.0.4-5 install ok installed samba-common3.0.2a-1testing samba-common3.0.4-5 unstable samba-common/unstable uptodate 3.0.4-5 I am sorry, but you have 3.0.4-5 installed. The password is changed (fortunately), but the computer still displays a message saying the old password is incorrect. Do you know how to fix it? Do you have a proper password chat setup? Are you using PAM to change the passwords? You really need to give us more info. I'm using 3.0.4-5 (sorry for the mistake), password chat is correct, but since microsoft patch, the problem didn't disappear. I had a very similar problem. My only fix I could actually find was to completely remove all of the generated samba files (the .tbd files and such) with samba and winbind not running. Then removing all the machine accounts out of /etc/passwd, basically cleaning up to look just like just installed and never run yet Then starting joining the machines again, then using a script to generate the samba users from /etc/passwd... setting policies proper and since then (two weeks ago) haven't had any problems. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: v3.0.4-5 (Debian Sid) not Samba 3.0.5 - Can't change password
On Mon, 2004-06-14 at 16:51, Laurent CARON wrote: Greg Folkert wrote: I had a very similar problem. My only fix I could actually find was to completely remove all of the generated samba files (the .tbd files and such) with samba and winbind not running. Then removing all the machine accounts out of /etc/passwd, basically cleaning up to look just like just installed and never run yet Then starting joining the machines again, then using a script to generate the samba users from /etc/passwd... setting policies proper and since then (two weeks ago) haven't had any problems. Unfortunately it is a live environment I can't remove the accounts :( Same deal here, neither could *I*. But twas the only solution. As 3.0.4 somehow didn't SIGHUP and rotatelogs on Sunday morning about a month ago. Painful, Painful... I had to keep restarting SAMBA every 4-6 hours. Actually stop and start it. I'll try on a test environment I did too. Came to the same conclusion. Major bigtime suxxorz. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbtorture utility
On Thu, 2004-06-10 at 14:19, Jeremy Allison wrote: On Thu, Jun 10, 2004 at 02:13:32PM -0400, [EMAIL PROTECTED] wrote: Forgive my ignorance, but I keep reading about this smbtorture utility and I can't find it anywhere! It doesn't *seem* to come with Samba. Where can I find this binary? Thanks! The source code comes with Samba but it must be built separately as it is purely a developer tool. ./configure make bin/smbtorture will make it. O! All this time I thought it was referring to Windows and its myriad of incarnations. Oh, please forgive my ignorance. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT - Could not connect to port 901
On Wed, 2004-06-09 at 20:09, Bruce wrote: I'm using Suse 9.1 professional. I've got Samba *almost* up and running. But, I'm a newbie and need Swat to configure a few things. I've gone to /etc/services and made sure that I have the entry swat 901/tcp I have checked /etc/xinetd.d/swat and added port = 901 and changed it to disable = no I have gone through the steps in the documentation on setting up swat. It all looks correct. But when I try to run the program, I get the message: An error occured while loading localhost:901 Could not connect to host localhost (Port 901) I have all the files installed. I get the same response whether I use localhost or 127.0.0.1. I have restarted xinetd. I'm not using a firewall. This is all behind a NAT router that serves as our firewall. When I give the iptables -nL command, I get: Chain Input policy Accept Chain Forward policy Accept Chain Output policy Accept I ran netstat -a and got 230 lines. There was no reference to 901. I have even gotten Samba and Swat running twice before. Does anyone know what is wrong? After you edited the files... did you restart xinetd? signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What about domain trusts
On Tue, 2004-06-08 at 16:40, Tom Skeren wrote: Say between a Samba 3.0.4 and win2k machine? YES. Can be done. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What about domain trusts
On Tue, 2004-06-08 at 18:24, Tom Skeren wrote: Any info would be appreciated. I've added the samba server as a one way trust in win2k, but the domain machines can't access the sambaa share (access denied) although the win2k servers can. Really would like the samba server to show up in DFS, well it does, but the users acces is denied. Greg Folkert wrote: On Tue, 2004-06-08 at 16:40, Tom Skeren wrote: Say between a Samba 3.0.4 and win2k machine? YES. Can be done. http://us1.samba.org/samba/docs/man/howto/InterdomainTrusts.html http://us1.samba.org/samba/docs/man/howto/msdfs.html Good luck -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC login problem
On Mon, 2004-06-07 at 07:26, Matic Koncan wrote: About two months ago Samba (PDC) started rejecting users when login in Windows 98 or XP (that's what we've got). The strangest thing is that there is no rule when the server rejects username, so sometimes it allows login and sometimes doesn't. Users say that the system let them in if they empty all three fileds (username, password, domain) and retype them when login in Windows 98. I have tried versions from 3.0.2 to 3.0.4 and it was always the same. The problem appeared in version 3.0.3. Seems that the update from 3.0.2(a) to 3.0.(3|4) is a tough one. I just experienced a similar problem (except mine was a bit more reproducible. I ended up have to remove every tbd. (Basically I removed samba, purged, re-installed) and re-joined everything to the domain. All is good so far. I confirmed that I did not need to restart it to get things to work good again. So, good luck re-doing the domain setup (don't forget to keep a copy of smb.conf as you can just re-use it). One tidbit: START with 3.0.4. When you join the 2K/XP machines to the domain, samba will reject it the first try, try once again right after it rejects it, and you will be welcomed to your domain. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Joining domain
On Mon, 2004-06-07 at 14:19, Derek Harkness wrote: I'm attempting to join a Samba 3.0.4 domain on a Debian linux box, with a Windows XP client. Problems 1) Can only get the join to work if I use the root account. On Win2k I can use any account in the Domain Admins group. 2) The join succeeds, the unix account and the smb account are created but the smb account is disabled, and the password contains all s. Joining the domain works fine from Win2k. I've tried adjusting the Signing entries. I tried manually creating the machine accounts, and I get a can't access machine account error on login. I'd take a look at this quick and dirty. It works well if you use it as a guide: http://www.osnews.com/story.php?news_id=6684 That is all. :) -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Follow-up: [Samba] Authentication and Joining failing after a time.
On Thu, 2004-06-03 at 12:00, Greg Folkert wrote: I have a Samba Domain that did migration from: 3.0.0 - 3.0.2 - 3.0.2a -3.0.4 It is a very healthy machine it is running on. A heavily updated RedHat 7.2 machine. I have rebuilt newer source SRPM to update it. Pretty much updated piece meal since forever, and probably is updated eenough. It is lean, as I do not believe in Garbage installs. But, the point of this is: About a week after installing the 3.0.4-1_rh73, this domain has to be restarted ever ~4-6 hours to fix Authentication issues. When first restarted (not kill -1, but -stop -start) I can have my Win9X Clients authenticate just fine. I can also Join and manage things just fine. But after a certain point this Domain will not authenticate my Win9X, or Win2KP or WinXPP. Nor can I do any domain admin. If the machines are already authenticated and not restarted/rebooted or logged out, they do just fine. [...] Well, I removed SAMBA and deleted all the files related to it. Well kept a copy of the conf. Removed all machines accounts from the /etc/passswd. Installed SAMBA 3.0.4-1_rh73.i386.rpm did not start samba, but laid in the conf. Started up swat and went through everything piece by piece, even got the group add and user to group add/rem scripts running proper (sucks when adduser doesn't handle groups at all). Machine add script works, add share works, add printer works. Best of all Machines can join the domain and login proper. All my policies work, and profiles work as well. Every user had to take ownership of the profiles area of their own, once they were in with a temp roaming. I forgot to record the domain SID. OOPS. Did all my group mapping exercises... One VERY significant piece of info: The patch to Windows 2K and XP that required 3.0.4 to be released, you cannot rollback the patch. Doesn't work period. As I tried to use v3.0.2a rpm with all the clients rolled back. It could see the Domain, could see the server, but once I tried to login to the SAMBA domain it would just Disappear. Windows would complain that the network is no longer available. No a fresh install of W2K without the Authentication change would work... NO problem. Your help is most greatly appreciated in advance. Guess, nobody cared to even comment on this one. I'll have to remember that. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] (no subject)
On Fri, 2004-06-04 at 12:03, [EMAIL PROTECTED] wrote: When performing an upgrade of Red Hat 2.1 AS to Red Hat 3 ES Samba fail to start due of missing libssl.so.2 and libcrypt.so.2 libraries that has been deleted during upgrade process. We restored files from backup but winbind still fail to starting. Radu, First, it's very scary that you're using RedHat 3. That could be a source of many problems. ;) Anyway, what error(s) is winbind giving you when it fails to start? Anything in the syslog? Ummm, that is Enterprise Server v3.0 of RedHat. Which is the current version. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profil problem
On Fri, 2004-06-04 at 12:31, Fabrice Tereszkiewicz wrote: It didn't work. A user without local administrator's rights can't use his old roaming profile. I've changed the samba SID to fit with the one in the NTUSER.dat file, didn't work anymore. any other ideas ? I have fixed it by using UNIX perms as well. chown -R username.sambadomainadmingroup /dir/where/profiles/are/username chomd -R 750 /dir/where/profiles/are/username That usually takes care of it also. Did and does for me. The samdadomainadmingroup is the group that is the equiv of the NT domain-admins. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication and Joining failing after a time.
I have a Samba Domain that did migration from: 3.0.0 - 3.0.2 - 3.0.2a -3.0.4 It is a very healthy machine it is running on. A heavily updated RedHat 7.2 machine. I have rebuilt newer source SRPM to update it. Pretty much updated piece meal since forever, and probably is updated eenough. It is lean, as I do not believe in Garbage installs. But, the point of this is: About a week after installing the 3.0.4-1_rh73, this domain has to be restarted ever ~4-6 hours to fix Authentication issues. When first restarted (not kill -1, but -stop -start) I can have my Win9X Clients authenticate just fine. I can also Join and manage things just fine. But after a certain point this Domain will not authenticate my Win9X, or Win2KP or WinXPP. Nor can I do any domain admin. If the machines are already authenticated and not restarted/rebooted or logged out, they do just fine. But, here is the sticking point. Which is why I am baffled. My W2KP and WXPP machine that are not part of the domain (the ones I am trying to join that is) Can map a share from the same server that is the PDC, without error. Can also print just fine using manual mapping (net use etc...), I do not have ADS on site in use, am using WINS for resolution. I have currently back-revvd to 3.0.2a. I have also tried hand configured and compiled versions as well. Including build 977 from SVN. I have resorted to drastic measures, scheduling restarts in cron at slow/break/lunch times. This is an ugly solution. And causes havoc with a file-based DB we are using. This is the first time I have encountered this kind of an issue with Samba that was not (at least I hope) a configuration problem. What do I need to do and provide to get the proper information to anyone on the list so perhaps a resolution can be done? I am unsure of what and how things need to be done to debug this. Your help is most greatly appreciated in advance. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles and Service Packs
On Tue, 2004-05-18 at 10:12, Dael wrote: Gerald (Jerry) Carter schrieb: | A Friend told me, that the Profile Folder has to | be inside the Home-Directory to get it work. Is this | correct?? I do not want this. No. storing profiles in separate shares for NT4+ clients is the recommended method. this is good news, but how do i get it work?? I always get the wrong Permission Error! If you read the error you get from Windows when you login it tells you how to fix the problem. Basically, the actual profiles directories are supposed to be owned by the profile user. A good measure would also to have the group as the designated Domain-Admin group (mine is admins or @admins for the *NIX group admins) I also have mapped a few Microsoft needed groups to the proper *NIX groups. Here is a listing of what I am saying: from my smb.conf: [global] logon script = login.bat logon path = \\myserver\profiles\%U logon drive = h: logon home = \\myserver\%U [profiles] comment = Profiles path = /home/samba/profiles force user = %U force group = admins read only = No create mask = 0600 directory mask = 0770 My login.bat: TITLE Domain Login Script net time \\myserver /set /y net use h: /home net use s: \\myserver\data net use w: \\myserver\music net use y: \\myserver\cvs net use z: \\myserver\depot :quit that was a simplified login.bat Here is other important pieces. ls -ld /home/samba/profiles drwxrwxrwx 11 root admins 4096 May 11 14:55 profiles Listing of the profiles directory. [EMAIL PROTECTED]:profiles]$ ls -l /home/samba/profiles/ total 36 drwxrwx--- 13 greg admins 4096 May 6 09:40 greg drwxrwx--- 18 user22 admins 4096 May 18 15:25 user22 drwxrwx--- 16 user33 admins 4096 May 11 09:32 user33 drwxrwx--- 13 user44 admins 4096 May 10 09:33 user44 drwxrwx--- 14 user55 admins 4096 May 18 14:04 user55 drwxrwx---2 user66 admins 4096 May 4 17:21 user66 drwxrwx--- 13 user77 admins 4096 May 6 09:45 user77 drwxrwx---2 user88 admins 4096 May 7 11:26 user88 drwxrwx---2 user99 admins 4096 May 7 11:27 user99 Of course you see I have changed everything to be generic but correct. This roaming profile setup works for me and will for you too. Good luck. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.4 on Debian sid
On Tue, 2004-05-18 at 04:26, Rafal Pietrak wrote: Hi All, I was wondering if anyone have tried to build v3.0.4 on Debian unstable (curently it's sid)? It failed for me, and I had to make changes to packages/Debian/debian/* to have it go. It looks like the debian directory there comes from quite old days and samba evolved to the point where not all of it curently apply. The main problem is, that two chunks of fhs.patch get rejected. In the patches I include here, those two chunks are removed from fhs.patch (the new patch is thus included here), and 'currently applicable' versions of those chunks are in fhs-rp1.patch. I've made this split to allow for easier inspection. For distribution, those should probably be 'cat-ed' togather again as fhs.patch replacement. I also had to change some debian control files to have the package build. Those changes are in debian-files.patch, which SHOULD NOT be put into debian/patches as the fhs*.patch should, but applied manually BEFORE dpkg-buildpackage is run (by doing: patch -p0 ...). You might need to do a build-depends before you try to build Samba. You might choose to get the deb-src package for 3.0.2a and transfer the Debian directory to the 3.0.4 source. This is a very quick workaround... do the proper editing for 3.0.4 and all things should build very well. They did for me. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mapping My Documents
On Tue, 2004-05-18 at 21:48, L. Claudius wrote: I'm creating roaming profiles for the Win98 boxes in our network. Is there any way to map the My Documents folder to a share in the Samba server? usermgr.exe from microsoft seems to work quite well for this. AFAIK, I have added users and defined things using the usermgr.exe. I use W2KP and WXPP as the machine I run it on. Works for me. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is windbindd necessary?
On Tue, 2004-04-27 at 22:00, Matthew J. DiBattista wrote: Is it necessary? I am also confused as to what it does. If I disable it in the smb.conf file, I can not say I see any difference. I am running 6 XP pro clients, MDK 9.2 as the file server. There are few reasons to run winbindd, of which the following is one: If you have a a real M$ DOMAIN, and this machine you are using is a home server for the clients. It will need to create the homedirs and accounts and groups for the users. And then do auth-relay to the domain. There are other reasons but that is the main one. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Changing the List-ID twice in short order == Bad.
Something or some one changed the Header in the e-mails from the list server for samba twice recently. From: List-Id: General questions regarding Samba \ samba.lists.samba.org To: List-Id: General questions regarding Samba \ samba.lists-dp3.samba.org And then back to: From: List-Id: General questions regarding Samba \ samba.lists.samba.org A bit of heads up would have been nice. I sort mail based on these little things. I get sometimes on the order of 2000+ messages a day. I don't have the time nor the patience to deal with these types of things regularly. Not that this list really is a large percentage of my mail. It was just annoying. I have an inbox monitor to notify me of mail I get in my inbox. Usually it is from friends and family, I send a small preview to my pager or phone based on keywords, so I know if I need to address it on not. Sorry, I just wanted to point out that someone *DID* notice. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] xp pro debian
On Tue, 2004-03-02 at 17:26, steve downes wrote: I've got a working samba setup on a debian linux server. Existing windows boxes are win98 with unencripted passwords. They only need to see the exported directories on the samba server. All the networking is working. (dns, dhcp, ping, internet access, etc ) Anything I do on my new XP Pro box or in samba.conf gives the error message:- The folder you entered does not appear to be valid.please choose another. When I try to set up a network place \\server\home\steve The win98 XP boxes are sharing the win98 boxes are picking up the samba shares. The XP installation is pretty much default nothing clever done with it except running the win98_plainpassword.reg which seems OK as this is what opened the win 98 shares. Any gotchas I am missing? You are not causing the XP and W2K machine to use plain text passwords. It is a completely different Registry Key. Good Luck, it isn't to hard to find. First couple of links should get you going: http://www.google.com/search?q=EnablePlainTextPassword+Windows+XP -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] win32 implementation
On Fri, 2004-02-20 at 01:10, yyy wrote: Is there samba server version for win32 ? (As alternative to windows built in smb server) I am sorry, the answer seems to me would be *NO*. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PRINTING FROM LINUX CLIENTS TO LINUX PRINTER SERVER WITH SAMBA
On Tue, 2004-02-17 at 10:00, zynkx wrote: hi all and thanks in advance for reading this OKAY, I read it the first 300 times, it wasn't funny then either. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Window XP write performance
On Mon, 2004-01-26 at 15:28, Gustavo Rincon wrote: I did some testing using samba-3.0.0 as a server and two identical clients one Running W2K and other running Win XP pro. If I write a big file using the W2K client, I'm getting about 25 Mbytes/sec but if I run the same testing using the Win XP Pro, this client only is able to get 12.5 Mbytes/sec. There is a problem between XP and samba? What speed Network interface do each of the clients have? 100Mbits/sec Ethernet will Theoretically get you ~11MBytes/sec due to the 4/5 encoding and 125MHz signaling rate. 10Mbits/sec Will theoretically get you 1.4MBytes/sec due to the 20MHz signaling rate with no encoding. This assumes you are have zero Collisons during the throughput. Personally, unless you have 1000Mbits/sec Ethernet(Gig), W2K is lying to you. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Window XP write performance
On Mon, 2004-01-26 at 16:41, Gustavo Rincon wrote: did some testing using samba-3.0.0 as a server and two identical clients one Running W2K and other running Win XP pro. If I write a big file using the W2K client, I'm getting about 25 Mbytes/sec but if I run the same testing using the Win XP Pro, this client only is able to get 12.5 Mbytes/sec. (The Server, clients are using 1000 Gbits NICs) There is a problem between XP and samba? You could have just answered my Questions. And therefore I would have responded to that as well. Here are some of the relevant messages: http://lists.samba.org/archive/samba/2003-December/076229.html http://lists.samba.org/archive/samba/2003-December/077030.html I believe you might want to do your own searching instead assuming someone will do it for you. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] files over 2 GB in size?
On Mon, 2003-11-24 at 12:53, Adam Williams wrote: Is there a way in samba to create files greater then 2GB in size? I'm tarring some stuff to a samba share (from one linux server to another, share mounted using smbmount) and I get an error File size limit exceeded and the size of the file is 2147483647 bytes. Is there anyway to create files larger then 2GB on a samba mounted share? If so, how? Yes, You didn't give us enough info. First off, what versions of the Linux Kernel are on the 2 machines? Second, what version of Samba on each machine? Any setting in Samba that are designed for DOS Machines for those shares? As much pertinent info as possible would be good. -- greg, [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Woe is me, for I must forever more huddle, unminded, in the dark shadow of thine undeserved engine of procreation. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] files over 2 GB in size?
And the flow of the discussion. What you are trying to say As it breaks up Top posting isn't polite. On Mon, 2003-11-24 at 13:10, Adam Williams wrote: Hi, sorry about that :) The machine with the share runs redhat 9, linux 2.4.20 samba 2.2.7a. The other machine is redhat fedora core 1, linux 2.4.22 samba 3.0.0. No special settings on either machine. I read that I can use -o lfs on smbmount, I'm gonna see if that works. Next questions: Are these machines using older-filesystems like reiserfs v3.5 (or 3.6 would be good), Early ext2 (ext3 would be good). How about, are there any 2GB files on either of filesystems? Are you using quotas on either filesystem, ACLs perhaps? What version of Libc6 (glibc for you) are you using? Why aren't you using NFSv3 for this? It is fast and more native to linux than SMB. Easier to use than SMB, except for Windows which has native SMB. Please don't CC me, as I read the samba list, especially since murphy.debian.org isn't quite working yet (which runs the mailing lists for debian). Greg Folkert wrote: On Mon, 2003-11-24 at 12:53, Adam Williams wrote: Is there a way in samba to create files greater then 2GB in size? I'm tarring some stuff to a samba share (from one linux server to another, share mounted using smbmount) and I get an error File size limit exceeded and the size of the file is 2147483647 bytes. Is there anyway to create files larger then 2GB on a samba mounted share? If so, how? Yes, You didn't give us enough info. First off, what versions of the Linux Kernel are on the 2 machines? Second, what version of Samba on each machine? Any setting in Samba that are designed for DOS Machines for those shares? As much pertinent info as possible would be good. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Which Linux best suits Samba3?
On Mon, 2003-11-24 at 16:07, Tim Jordan wrote: I just tried installing Samba 3 rpm from samba.org on a fedora1 box and it failed to install missing libcom_err.so.3 I take it Fedora is using a different set of libs. Any advice on how to resolve this or do I roll back to redhat 8 or 9? I've been trying and trying to get samba 3 to work with Gentoono joy! Personally I use Debian. Debian always just works for me. I use Stable for my Critical servers, I use unstable backports for things like Samba 3. Debian has many different systems platforms available as well (11 last I checked, almost 12 soon). For Machine I really need newer support for, I use the Sid(Unstable) (unstable does NOT mean the stability of the machine, just that the packaging and packages change quite radically sometimes). I also, use Sid with Experimental pinned @ 1000 (actually this machine I am on my default is experimental). Sure with experimental I grieve sometimes, but there are thing worth enduring. If you are going to compile, I'd use Debian Still as you can have the packaging system make sure the dependencies are proper for your setup. apt-get build-dep samba will install all the needed libraries to build samba. Then you can D/L the source for Samba3 from debian's source archive and build the package and fix a few differences from Woody to Sid. It really is a trivial process to do it. Good luck. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Success Story
On Mon, 2003-11-10 at 19:03, Jerry Haltom wrote: I'd like to thank the Samba team for making our switch off of Active Directory amazingly smooth. We're a small company, only 30 desktops, but things went great for us. Actually, nobody even notices the Windows DC is even gone! The Exchange migration that went along with this wasn't as hassle free though. =( It's really refreshing to be able to SSH into our file server and see what's going on! Kudo's to the Samba team for saving us time/money and our sanity! Could you share what you did? Along with what e-mail/groupware package did you switch to... I'd be interested to know. I am sure other would be as well. -- greg, [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not sure
On Sat, 2003-10-04 at 21:40, John Pearson wrote: I just received an e-mail from V.K. Quach and I am not really sure what it meant. So if anyone can help me I would really appreciate it. I just sent out a message to the list regarding a newbie question. The reply I received was as follows: Ich bin bis 17. Okt. 2003 abwesend. In dringenden Fällen wenden Sie sich bitte an Hr. Kay Vetter (770) oder Hr. Sascha Huter (778) V. K. Quach A I'll be out 'til the 17 of October message. If you need things call Kay @ 770 or Sascha @ 778 signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] too much spam - filtering the mailinglist
On Tue, 2003-09-23 at 01:28, Marc Schoechlin wrote: Hi ! Today i deleted more then 60(!) spam-messages on this list I think it would be a good idea, to limit the possible senders of this list to the addresses which are subscribed. I have yet to delete any SPAM (Swen/Gibe) caused by this list. I believe you are getting them spoofed. Please look at the headers. Oh, and STOP USING LookOut Exploit (Outlook Express or Outlook). -- greg, [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry You cannot compare with the apex of a ferris wheel, nor the nadir of a ditch filled with a coelocanth's droppings. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using Samba 2.2.7.a and PlainText Auth
Server == samba-2.2.7-3.7.2 Plaintext Auth daemon mode, RedHat 7.2 all errata applied, 2.4.20-(stock errata latest) Clients == WindowsXP (forced to use plaintext auth) all patched up. Software == Multitude of lists sorting and management using the server as it's store for data. Trouble == Every once in a while after daemon uptime of a month so, files written to the network drives will sometimes not be shown or even available. But shell into the Linux machine ... the files are there. All users have experienced this problem with Windows XP only. This doesn't affect Win9x or ME users. I have zero Windows2K machines so I do not know if it affects them. Workaround == Stop and start the samba daemons. Works every time. I discovered this when I tried to restore and the files were there. I thought something was screwy. Restarted the daemons all was well. I'd switch inetd mode but have had trouble with the software not liking that, even though it is supposed to be transparent. Also the plaintext password is due to some really old Windows95 machines that will not work with any kind of hashed authentication (I know... I know... not my choice. but hey gimme a break!) I have cannot just jump to v3 if that is the fix... but I'd like to know if anyone else has seen anything like this, have you resoled it. Or is this a NEW one? It has only started happening since we added the WindowsXP machines and only happens to them. Hope this is clear enough. -- greg, [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Dear David, Never was a man so badly meant to wear corrective glasses. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
