[Samba] Share configuration between subdomains

[Túlio Henrique]

Hello everyone!

In my enviroment, I have an AD Domain Controler where some samba server are
connected.

Look the domain tree.

LOCAL
SUBDOMAIN1
SUBDOMAIN2
SUBDOMAIN3
SUBDOMAIN4

I have a samba server included in SUBDOMAIN2.LOCAL and users from
SUBDOMAIN4.LOCAL need permission to access share on SUBDOMAIN2.LOCAL

I have been searching in google but nothing could help me.

Best regards,

-- 
Túlio Henrique A. dos Santos
LPI3-Certificate
Linux User #454598
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Change SOA DNS servers

[Sérgio Henrique]

Hi,

It's possible to change samba servers SOA record while migrating from
samba4 dc to other samba4dc?

In windows dns i can successful transfer SOA but in samba4 at the moment i
was unable to perform this transfer to other


-- 
Best Regards,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Remove Win2008R2 from Domain, remove missing DC from domain

[Sérgio Henrique]

Use ADSI Edit and Go to OU=Domain Controllers and Delete old Windows DC

On ADSI Edit connect now to Configuration Naming Contect:

Go to CN=Sites, CN=Default-First-Site-Name,CN=Servers

Remove CN=Old Windows DC





On Wed, Mar 20, 2013 at 1:07 AM, Lukas Gradl  wrote:

> Hi!
>
> I'm almost done with a migration from Win2k to Samba4. To get this going I
> had to install a Win2008R2 Server as an intermediate server, now I want to
> get rid of it.
>
> I found a bug that Win2008R2 can not be demoted from Samba Domain - so I
> think I've to remove it somehow else.
> But I couldn't find anything about that in the docs and on google.
>
> So anyone out there with a little help on that topic?
>
> regars
> Lukas
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc]

[Sérgio Henrique]

Yes:
_ldap._tcp.DomainDnsZones.example.local
_ldap._tcp.ForestDnsZones.example.local
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.example.local
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.example.local

fixfsmo http://support.microsoft.com/kb/949257 windows 2008




On Thu, Feb 28, 2013 at 12:26 PM, Peter Beck  wrote:

> Sérgio Henrique  quatschte am Mon, Feb 25, 2013 at
> 04:26:30PM +:
> > Solved.
> >
> > I have sucessfully migrated a windows 2008R2 domain to samba4 and then
> > create a new samba domain as a replica.
> >
> > A lot of steps i had to introduce.
>
> Hi Sérgio,
>
> > 1- Working on DNS
> > add samba dc to forest and domain dns _ldap values
> > change DNS SOA to samba4 and add samba4 as NS
>
> are you talking about these records:
>
> _ldap._tcp.DomainDnsZones.example.local
> _ldap._tcp.ForestDnsZones.example.local
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.example.local
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.example.local
>
> ? I'd like to add that to my checklist... ;-)
>
> > 2- Working on fsmo
> > run script fixfsmo.vbs
> > samba-tool transfer all roles
> > run adsedit and change samba dc fsMORoleOwner to samba dc
>
> But you had to do that because of your dcpromo command was failing,
> correct ?
> What is fixfsmo.vbs ? Is that a Server 2008 script?
>

Regarding the OUTBOUND they only work after you sucessfully dcpromo the
windows domain and join another samba domain to the domain.

With windows 2008 i can only add --local replication to the DNSZones.

Best Regards,
Sérgio Machado




>
> >  OUTBOUND NEIGHBORS 
> >
> > DC=DomainDnsZones,DC=lisboa,DC=local
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > DC=ForestDnsZones,DC=lisboa,DC=local
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
>
> and you got these outbound neighbors after adding the DNS SRV records
> mentioned above ? Somehow these two entries are also missing in my test
> environment with Server 2003...
>
> Thanks
> Peter
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

Solved.

I have sucessfully migrated a windows 2008R2 domain to samba4 and then
create a new samba domain as a replica.

A lot of steps i had to introduce.


1- Working on DNS
add samba dc to forest and domain dns _ldap values
change DNS SOA to samba4 and add samba4 as NS

2- Working on fsmo
run script fixfsmo.vbs
samba-tool transfer all roles
run adsedit and change samba dc fsMORoleOwner to samba dc

working on Global Catalog
remove windows domain as GC
reboot

working on DC removal
force windows dcpromo removal

working on DNS to remove old values
delete old dns windows dc values, kerberos, NS ... etc

working on cleaning old DC values from AD
run adsedit
bind credencials to samba dc
remove old DC
remove old Default-First-Site-Name DC reference

remove dns and AD roles left on windows DC


Join samba4 replica

and thats it.

windows DC replicate do samba4 dc2 and new samba4 added as a replica dc4

root@dc4:~# /opt/samba/bin/samba-tool drs showrepl
Default-First-Site-Name\DC4
DSA Options: 0x0001
DSA object GUID: c5581b86-4ce8-44bc-a55e-3b89db29f553
DSA invocationId: b76275bb-267b-4b79-a4ae-7deba1a13709

 INBOUND NEIGHBORS 

CN=Configuration,DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful
0 consecutive failure(s).
Last success @ Mon Feb 25 17:22:48 2013 CET

DC=DomainDnsZones,DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful
0 consecutive failure(s).
Last success @ Mon Feb 25 17:22:48 2013 CET

CN=Schema,CN=Configuration,DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful
0 consecutive failure(s).
Last success @ Mon Feb 25 17:22:48 2013 CET

DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ Mon Feb 25 17:22:49 2013 CET was successful
0 consecutive failure(s).
Last success @ Mon Feb 25 17:22:49 2013 CET

DC=ForestDnsZones,DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful
0 consecutive failure(s).
Last success @ Mon Feb 25 17:22:48 2013 CET

 OUTBOUND NEIGHBORS 

CN=Configuration,DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=DomainDnsZones,DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=ForestDnsZones,DC=lisboa,DC=local
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

 KCC CONNECTION OBJECTS 

Connection --
Connection name: d7dde7b1-46eb-4d8f-869b-b84922b6588c
Enabled: TRUE
Server DNS name : DC2.lisboa.local
Server DN name  : CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lisboa,DC=local
TransportType: RPC
options: 0x0001
Warning: No NC replicated for Connection!











On Mon, Feb 25, 2013 at 1:56 PM, Sérgio Henrique  wrote:

> Well i am guessing that the problem may be on the fsMORoleOwner..
> http://support.microsoft.com/kb/949257 ...
>
>
>
> On Mon, Feb 25, 2013 at 11:37 AM, Sérgio Henrique wrote:
>
>> Hi Peter,
>>
&

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

Well i am guessing that the problem may be on the fsMORoleOwner..
http://support.microsoft.com/kb/949257 ...



On Mon, Feb 25, 2013 at 11:37 AM, Sérgio Henrique  wrote:

> Hi Peter,
>
> I am using 2008R2 domain, i get always the following message:
> http://tinypic.com/r/a1e8y/6
>
> Thank you in advanced
>
>
> On Mon, Feb 25, 2013 at 11:14 AM, Peter Beck wrote:
>
>> Sérgio Henrique  quatschte am Mon, Feb 25, 2013 at
>> 10:27:17AM +:
>> > Hi Peter,
>> >
>> > I am unable to demote windows DC, i get always error when demoting
>> windows
>> > AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things.
>> >
>> > Raise forest level, keep at 2003, add samba to nameservers,etc...
>>
>> Hi Sérgio,
>>
>> do you get this message: http://tinypic.com/view.php?pic=140itd4&s=6 ?
>> This message is also shown in my test environment each time I run
>> dcpromo to demote the Windows server. As far as I have seen it's no
>> issue, if the replication is up to date.
>>
>> I had issues if the operation levels were lower than 2003 and Samba was
>> already joined to the domain. Then the only change that was possible for
>> me was to raise to Windows 2000 native, but not 2003 anymore.
>>
>> What I am doing after joining Samba to the domain:
>>
>> * check the operation levels (before joining)
>> * check all the SRV records (usually added automatically)
>> * create a reverse zone if not already there
>> * add ns record for samba to all zones
>> * drink some coffee to ensure everything gets replicated
>> * check everything again, drink some more coffee
>> * again ;-)
>> * disable GC on the win server, running dcpromo
>>
>> but I am still testing the whole migration, no long term experience,
>> most of the time I reset my virtual machine and try again to ensure it
>> still works...
>>
>> > What i can see is that if i create a new samba4 as primary root domain
>> and
>> > then add windows AD i have no problems.
>> >
>> > But my objective is to migrate current windows domain to samba4 and not
>> > the opposite.
>>
>> I am sure that is working very good, but the problem is, our customers
>> usually already have a working Windows environment (I think a lot of us
>> have
>> exactly this problem) and we need to takeover these domainsand do not
>> want
>> to create everything from scratch ;-)
>>
>> Regards
>> Peter
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> Cumprimentos,
> Sérgio Machado
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

Hi Peter,

I am using 2008R2 domain, i get always the following message:
http://tinypic.com/r/a1e8y/6

Thank you in advanced


On Mon, Feb 25, 2013 at 11:14 AM, Peter Beck  wrote:

> Sérgio Henrique  quatschte am Mon, Feb 25, 2013 at
> 10:27:17AM +:
> > Hi Peter,
> >
> > I am unable to demote windows DC, i get always error when demoting
> windows
> > AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things.
> >
> > Raise forest level, keep at 2003, add samba to nameservers,etc...
>
> Hi Sérgio,
>
> do you get this message: http://tinypic.com/view.php?pic=140itd4&s=6 ?
> This message is also shown in my test environment each time I run
> dcpromo to demote the Windows server. As far as I have seen it's no
> issue, if the replication is up to date.
>
> I had issues if the operation levels were lower than 2003 and Samba was
> already joined to the domain. Then the only change that was possible for
> me was to raise to Windows 2000 native, but not 2003 anymore.
>
> What I am doing after joining Samba to the domain:
>
> * check the operation levels (before joining)
> * check all the SRV records (usually added automatically)
> * create a reverse zone if not already there
> * add ns record for samba to all zones
> * drink some coffee to ensure everything gets replicated
> * check everything again, drink some more coffee
> * again ;-)
> * disable GC on the win server, running dcpromo
>
> but I am still testing the whole migration, no long term experience,
> most of the time I reset my virtual machine and try again to ensure it
> still works...
>
> > What i can see is that if i create a new samba4 as primary root domain
> and
> > then add windows AD i have no problems.
> >
> > But my objective is to migrate current windows domain to samba4 and not
> > the opposite.
>
> I am sure that is working very good, but the problem is, our customers
> usually already have a working Windows environment (I think a lot of us
> have
> exactly this problem) and we need to takeover these domainsand do not
> want
> to create everything from scratch ;-)
>
> Regards
> Peter
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

Hi Peter,

I am unable to demote windows DC, i get always error when demoting windows
AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things.

Raise forest level, keep at 2003, add samba to nameservers,etc...

What i can see is that if i create a new samba4 as primary root domain and
then add windows AD i have no problems.

But my objective is to migrate current windows domain to samba4 and not
the opposite.




On Sat, Feb 23, 2013 at 8:49 PM, Peter Beck  wrote:

> Hi guys,
>
> I did some more testing:
>
> --- Scenario 1:
>
> Server 2003 with Forest Operation Level 'Windows 2000' and domain
> operation Level 'Windows 2000 mixed' (which seems to be the default when
> setting up Server 2003):
>
> After joining Samba4 to the domain I was unable to raise the level.
> Samba-tool just had an error, when trying to showing the levels:
>
> ERROR: Could not retrieve the actual domain, forest level and/or
> lowest DC function level!
>
> And on the Windows DC the only change that was possible was to raise up
> the domain operating level to "Windows 2000 native". No other changes
> were possible [cannot raise ...because this domain includes domain
> controllers that are not running the appropriate version of Windows]
>
> I also got issues with replicate:
>
> samba-tool drs replicate lab07 lab03 dc=domaindnszones,dc=adlab,dc=local
> ERROR(): DsReplicaSync failed -
> drsException: DsReplicaSync failed (8440, 'WERR_DS_DRA_BAD_NC')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 331, in
> run
> drs_utils.sendDsReplicaSync(self.drsuapi,
> self.drsuapi_handle,source_dsa_guid, NC, req_options)
> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in
> sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
> with option --local:
> samba-tool drs replicate lab07 lab03
> dc=domaindnszones,dc=adlab,dc=local --local
> Partition[dc=domaindnszones,dc=adlab,dc=local] objects[26]
> linked_values[0]
>
> the same behaviour with forestdnszones.
>
> --- Scenario 2:
>
> Then the same setup again, but _before_ joining Samba, the Domain
> and Forest level were raised up to 2003. After joining the samba server,
> the levels were shown without issues:
>
> samba-tool was able to list the levels:
>
> Domain and forest function level for domain 'DC=adlab,DC=local'
> Forest function level: (Windows) 2003
> Domain function level: (Windows) 2003
> Lowest function level of a DC: (Windows) 2003
>
> Also replicating seems (after restart of samba) to work successfull
> (with all its options like full-sync, local,etc):
>
> samba-tool drs replicate lab07 lab03 dc=domaindnszones,dc=adlab,dc=local
> Replicate from lab03 to lab07 was successful.
> samba-tool drs replicate lab07 lab03 dc=forestdnszones,dc=adlab,dc=local
> Replicate from lab03 to lab07 was successful.
>
> I was able do demote the Windows server like the times before.
>
> My conclusion is to ensure the forest and domain operating levels
> _before_ joining the Samba server to the domain and do not hurry with
> replacing to ensure the replication was done completely prevents from
> lots of issues and headache...
>
> I think the next test will be with Server 2008...
>
> Regards
> Peter
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

I guess the comunication beetween MS AD and Samba4 is by kerberos, i have
copied the /opt/samba/private/krb5.conf to /etc after joined to domain

I have installed a windows server at 2003 forest level as PDC then
installed samba4.0.3
join domain but everytime i am getting problems with forest and domain dns
zones...


# Global parameters
[global]
workgroup = LISBOA
realm = lisboa.ad.root
netbios name = DC2
server role = active directory domain controller
allow dns updates = true

[netlogon]
path = /opt/samba/var/locks/sysvol/lisboa.ad.root/scripts
read only = No

[sysvol]
path = /opt/samba/var/locks/sysvol
read only = No

Thank you in advanced,
Best Regards,


On Fri, Feb 22, 2013 at 4:56 PM, Friedrich Locke
wrote:

> Are you using kerberos to authenticate ?
>
> On Fri, Feb 22, 2013 at 7:10 AM, Sérgio Henrique  wrote:
> > Awesome i will try to replicate in my test environment.
> >
> >
> > On Fri, Feb 22, 2013 at 2:23 AM, Peter Beck 
> wrote:
> >
> >> Hi guys,
> >>
> >> weehoo! Samba4 rocks ! Great work!
> >>
> >> if someone is interested - I finally managed to replace a Windows DC
> >> successfully.
> >> (at least i hope so ;-)
> >>
> >> this is what I have done:
> >>
> >> * Windows DC: Domain and Forest Operation Level = 2003
> >> * Reboot Windows DC (always a good idea on Windows ;-)
> >> * joining the Samba Domain Controller to the existing 2003 domain
> >> * adding a Reverse zone for my network in DNS (on Windows)
> >> * replicating forestdnszones, domaindnszones
> >> * on the Windows DC i've changed the nameserver for each zone to the
> samba
> >>   domain controller (which automatically added an NS-record to dns)
> >> * samba_dnsupdate --all-names --verbose
> >> * removing the Global Catalog on the Windows DC (including reboot ;-)
> >> * transferring all fsmo roles to the samba dc (what's the differnce to
> >>   seizing ? for me transfer seems to work more reliable..)
> >> * demote the windows server
> >>
> >> Now I am able to add or remove records in dns (with samba tool and on
> >> Windows with the MMC-Snapin) and it looks very good.
> >>
> >> Now I think I just need to do some "cleaning" (removing dns entries for
> >> the replaced windows dc, etc).
> >>
> >> Regards
> >> Peter
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> >
> >
> > --
> > Cumprimentos,
> > Sérgio Machado
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

I Peter i had just one problem i am unable to replicate ForestDns and
DomainDns zones!? How do you manage to do that?
also dns recursive queries = yes its being ignored...

Thank you in advanced.


On Fri, Feb 22, 2013 at 1:55 PM, Peter Beck  wrote:

> Federico Nan  quatschte am Fri, Feb 22, 2013 at
> 08:36:56AM -0300:
> > Wouw!
> >
> > And how do you handle the GPO and sysvol volumes? Did you copy them to
> the
> > samba sysvol?
> >
> > I扉e been trying and it always fails in the fsmo transferring. Did you do
> > this on the Windows MMC?
>
> Hi Federico,
>
> It was just a very basic test with a "naked" Windows 2003 DC and I did
> not test GPO/Sysvol transfers (only checked adding a GPO to the samba dc
> after removing the Windows DC, which was working perfect)
>
> If transferred the fsmo rules with samba-tool. fsmo seize did not work
> on my machine, there were always errors (can't remember excatly at the
> moment), transfer had a timeout the first try, but the second run was
> successful. I've also tried it with ntdsutil from Windows, exact the
> same behaviour (first try - timeout) so i think this is "normal".
> From what I have seen it's also working with samba-tool the first time,
> even when there is a timeout message (I've used --role=all). After one
> run I left the computer to get some coffee and when I came back and checked
> the roles I could see that every role was now transferred...
>
> The only thing I'm unsure is with dcpromo when demoting the Windows DC -
> I always get a message with "holds the last replication of Application
> Directory Partitions" - usually ForestDNS and DomainDNS partitions.
> I've just selected "delete them" and so far there was no issue.
>
> But as mentioned, I'm also doing this in a little test environment and
> have often switched back to an earlier snapshot to try again...no long
> term experience.. ;-) I'm still testing...
>
> Regards
> Peter
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [SOLVED] replace Windows 2003 dc

[Sérgio Henrique]

Awesome i will try to replicate in my test environment.


On Fri, Feb 22, 2013 at 2:23 AM, Peter Beck  wrote:

> Hi guys,
>
> weehoo! Samba4 rocks ! Great work!
>
> if someone is interested - I finally managed to replace a Windows DC
> successfully.
> (at least i hope so ;-)
>
> this is what I have done:
>
> * Windows DC: Domain and Forest Operation Level = 2003
> * Reboot Windows DC (always a good idea on Windows ;-)
> * joining the Samba Domain Controller to the existing 2003 domain
> * adding a Reverse zone for my network in DNS (on Windows)
> * replicating forestdnszones, domaindnszones
> * on the Windows DC i've changed the nameserver for each zone to the samba
>   domain controller (which automatically added an NS-record to dns)
> * samba_dnsupdate --all-names --verbose
> * removing the Global Catalog on the Windows DC (including reboot ;-)
> * transferring all fsmo roles to the samba dc (what's the differnce to
>   seizing ? for me transfer seems to work more reliable..)
> * demote the windows server
>
> Now I am able to add or remove records in dns (with samba tool and on
> Windows with the MMC-Snapin) and it looks very good.
>
> Now I think I just need to do some "cleaning" (removing dns entries for
> the replaced windows dc, etc).
>
> Regards
> Peter
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Complete migration Windows 2008 R2 PDC to samba4

[Sérgio Henrique]

Hi everbody,

i Am trying to perform a full migration from windows 2008 R2 x64 primary
domain controler (forest and domain at 2003 level) with DNS
AD integrated zone to samba4.

I have created a test environment to perform this task but i am unable to
execute a full migration to samba4.

I have tried to use DNS internal and Bind9 but in both case i get always
problems replicating two zones:

DomainDnsZone and ForestDomainZone.

How can i migrate to samba4 and fully demote windows PDC without recreate
AD?

Thank you in advanced

-- 
Cumprimentos,
Sérgio Machado
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] SAMBA4 AD addicional Domain Controler Outgoing ForestDNSZones, DomainDNSZones replication problem

[Sérgio Henrique]

Hi all,

First of all congratulations for reaching 4.0.0 stable version.
I have being testing for a while and it works great when using SAMBA4 as
PDC and add Windows or another samba4 as addicional domain .

But when i try to add samba4 as addcional domain of a Windows 2008 R2
PDC(2003 level) i am unable to replicate ForestDNS and DomainDNSZones from
Samba4 to Windows 2008R2 DC.

Environment:

Primary DC Windows 2008 R2 x64 with 2003 levels
Addcitional DC Samba4 on Ubuntu Server 12.10 compile samba 4.0.0
with  ./configure --enable-selftest --prefix=/opt/samba and join domain as
/opt/samba4/bin/samba-tool domain join test.lisbon.local DC -Uxpto
--realm=test.lisbon.local --dns-backend=SAMBA_INTERNAL

# Global parameters
[global]
workgroup = TEST
realm = TEST.lisbon.local
netbios name = DC02-LNXBDC
server role = active directory domain controller
debug level = 2
interfaces = 172.17.49.10
dsdb:schema update allowed = yes

[netlogon]
path = /opt/samba/var/locks/sysvol/TEST.LISBON.LOCAL/scripts
read only = No

[sysvol]
path = /opt/samba/var/locks/sysvol
read only = No

SAMBA4 incoming replication all ok:

Default-First-Site-Name\dc02-lnxbdc
DSA Options: 0x0001
DSA object GUID: 4347f5b6-1599-4eb3-bc4f-5d054961dae6
DSA invocationId: 56a23d6e-fe89-4b02-9e15-fa90154a2e6a

 INBOUND NEIGHBORS 

DC=DomainDnsZones,DC=test,DC=lisbon,DC=local
Default-First-Site-Name\dc01-winpdc via RPC
DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
Last attempt @ Tue Jan  8 13:40:15 2013 WET was successful
0 consecutive failure(s).
Last success @ Tue Jan  8 13:40:15 2013 WET

DC=test,DC=lisbon,DC=local
Default-First-Site-Name\dc01-winpdc via RPC
DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
Last attempt @ Tue Jan  8 13:40:15 2013 WET was successful
0 consecutive failure(s).
Last success @ Tue Jan  8 13:40:15 2013 WET

CN=Schema,CN=Configuration,DC=test,DC=lisbon,DC=local
Default-First-Site-Name\dc01-winpdc via RPC
DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
Last attempt @ Tue Jan  8 13:40:16 2013 WET was successful
0 consecutive failure(s).
Last success @ Tue Jan  8 13:40:16 2013 WET

CN=Configuration,DC=test,DC=lisbon,DC=local
Default-First-Site-Name\dc01-winpdc via RPC
DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
Last attempt @ Tue Jan  8 13:40:16 2013 WET was successful
0 consecutive failure(s).
Last success @ Tue Jan  8 13:40:16 2013 WET

DC=ForestDnsZones,DC=test,DC=lisbon,DC=local
Default-First-Site-Name\dc01-winpdc via RPC
DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
Last attempt @ Tue Jan  8 13:40:15 2013 WET was successful
0 consecutive failure(s).
Last success @ Tue Jan  8 13:40:15 2013 WET

SAMBA4 output replication NOK!(No DomainDNSzones or ForestDNSZones)

 OUTBOUND NEIGHBORS 

DC=test,DC=lisbon,DC=local
Default-First-Site-Name\dc01-winpdc via RPC
DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
Last attempt @ Fri Jan  4 01:49:45 2013 WET was successful
0 consecutive failure(s).
Last success @ Fri Jan  4 01:49:45 2013 WET

CN=Schema,CN=Configuration,DC=test,DC=lisbon,DC=local
Default-First-Site-Name\dc01-winpdc via RPC
DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
Last attempt @ Fri Jan  4 01:49:45 2013 WET was successful
0 consecutive failure(s).
Last success @ Fri Jan  4 01:49:45 2013 WET

CN=Configuration,DC=test,DC=lisbon,DC=local
Default-First-Site-Name\dc01-winpdc via RPC
DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
Last attempt @ Fri Jan  4 01:49:45 2013 WET was successful
0 consecutive failure(s).
Last success @ Fri Jan  4 01:49:45 2013 WET

 KCC CONNECTION OBJECTS 

Connection --
Connection name: 10fc6577-2bd9-45fa-86e6-74144ed64d84
Enabled: TRUE
Server DNS name : dc01-winpdc.test.lisbon.local
Server DN name  : CN=NTDS
Settings,CN=dc01-winpdc,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=lisbon,DC=local
TransportType: RPC
options: 0x0001
Warning: No NC replicated for Connection!

When trying to replicate on Win2k8 R2 the replication from winserver to
linux server is ok, but when trying to replicate from linux server to
windows server teh Domain and Forest DNS zones are not replicated.

Samba 4 Server Status -

System time  : 2013-01-08 

[Samba] Net rpc printer segmentation fault

[Túlio Henrique]

Hello everyone! 

I'm trying to use the command "net rpc printer migrate drivers" to migrate from 
a Windows print server, but all I got is a segmentation fault error. 

I'm using samba and samba-common version 3.4.8 under debian lenny 5.0.10. I 
have had googling already but nothing was found to help. Does it a known bug? 
Appreciate any kind of help. 

Thanks so much!

Enviado via iPhone
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Controlling network printer

[Túlio Henrique Alves dos Santos]

Hi everyone!

I'm trying to install a network printer (HP 2600n) in my primary domain
controller(samba+ldap), and control the printer, create a list of users able
to print and deny the others, etc.

I've been searching about in Internet, but didn't find anything good to
learn.

Somebody could tell me if is it possible and where can I find some good
material to study and do this using samba?

thanks a lot,

Túlio Henrique
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] ACLs with Problem

[Luis Henrique de Faria Guimarães]

I forgive me Paul, not wise person.  Well, the samba was compiled with support 
ACL, look out command:
[EMAIL PROTECTED] source]# strings $(which smbd) | grep HAVE_POSIX_ACLS
   HAVE_POSIX_ACLS
I didn't find no fail when I compiled the samba.  I go to send for you my file 
configure.log
Thanks,

Luís Henrique
Departamento de Tecnologia
Esporte Clube Pinheiros
Tel: 55 11 3817 3071
[EMAIL PROTECTED]

 <> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: RES: RES: RES: [Samba] Re: ACLs with Problem

[Luis Henrique de Faria Guimarães]

I have an environment to make test.  I go to try to mount a partition xfs in 
this server of test.  I thank its help.

-Mensagem original-
De: Paul Kölle [mailto:[EMAIL PROTECTED]
Enviada em: quarta-feira, 28 de setembro de 2005 10:53
Para: Luis Henrique de Faria Guimarães
Assunto: Re: RES: RES: RES: [Samba] Re: ACLs with Problem


Luis Henrique de Faria Guimarães wrote:
> I forgive me Paul, not wise person.  Well, the samba was compiled with 
> support ACL, look out command:
> [EMAIL PROTECTED] source]# strings $(which smbd) | grep HAVE_POSIX_ACLS
>HAVE_POSIX_ACLS
> I didn't find no fail when I compiled the samba.  I go to send for you my 
> file configure.log
Looks ok to me. One thing to try would be testing with another
filesystem. It seems you have XFS headers installed and samba recognised
them. If your kernel supports XFS or you have support as a module you
could try creating a small XFS partition (could be done in a file and
mounted with loopback, no need for a real partition then). I've used XFS
as an FS for samba and have had good results. You dont need to pass
special mount options as ACLs are enabled by default on XFS.

hth
 Paul
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: RE RES: [Samba] ACLs with Problem

[Luis Henrique de Faria Guimarães]

Hi,

I am trying with the user henrique, it isn´t administrator of windows, but I 
defined this user as administrator in the samba. (smb.conf - parameter: admin 
users = henrique)
Yes, the winbind is working correctly, command wbinfo returns all users without 
problem. I am using the users of windows 2003 to have access the server linux I 
through telnet.
You have plus some idea?

Thanks,

Luís Henrique

-Mensagem original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Enviada em: sexta-feira, 23 de setembro de 2005 09:45
Para: samba@lists.samba.org
Assunto: RE RES: [Samba] ACLs with Problem


Hi,

- With which user use try to change ACL ?
- is the admin users ?
- winbind work correctly ?
-wbinfo ???




---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
23/09/2005 14:39:10 :

> Hi Greg,
> Really, the first step to install filesystem it with support ACL. 
> It looks at my archive:
> LABEL=/ /   ext3defaults,acl 1 1
> LABEL=/boot /boot   ext3defaults 1 2
> LABEL=/data /data   ext3defaults,acl 1 2
> none/dev/ptsdevpts  gid=5,mode=620 0 
0
> none/proc   procdefaults 0 0
> none/dev/shmtmpfs   defaults 0 0
> /dev/cciss/c0d0p2   swapswapdefaults 0 0
> /dev/cdrom  /mnt/cdrom  udf,iso9660 noauto,
> owner,kudzu,ro 0 0
> /dev/fd0/mnt/floppy auto noauto,owner,kudzu 
0 0
> 
> My server samba is integrated with the server windows 2003 (PDC). 
> The server samba is using the users of windows 2003, catching using 
> the way winbind.
> When I try to change the permissions of an file of the server samba,
> in my workstation I appear a message "Denied Access". I perceived 
> that windows also does not obtain to catch the extendidas 
> permissions when I modified for the server linux.
> It looks at some parameters of my smb.conf:
> nt acl support = Yes
> acl compatibility = win2k
> acl map full control = yes
> acl check permissions = no
> acl group control = yes
> inherit acls = Yes
> profile acls = Yes
> map acl inherit = Yes
> force unknown acl user = Yes
> 
> You can help me?
> -Mensagem original-
> De: Greg Folkert [mailto:[EMAIL PROTECTED]
> Enviada em: quinta-feira, 22 de setembro de 2005 13:35
> Para: samba@lists.samba.org
> Assunto: Re: [Samba] ACLs with Problem
> 
> 
> On Thu, 2005-09-22 at 11:43 -0300, Luis Henrique de Faria Guimarães
> wrote:
> > Hi All,
> > 
> > I am with problem with the permissions of windows.
> > The samba is not getting the ACLs permissions.  I compiled version
> > 3.0.20, with the following options:
> > 
> [...]
> 
> Well the first thin we need to know, is the filesystem that you are
> sharing via samba mounted with the acl option in the /etc/fstab?
> 
> Here is what mine looks like and I get the ACLs just fine:
> 
> /dev/datavg/examplelv   /lf/db   ext3   rw,suid,nodev,exec,auto,
> nouser,async,acl,errors=remount-ro   1 1
> 
> I guess, I could have done "defaults,acl,nodev" and be-equivalent... but
> hey I guess I am a bit retentive.
> 
> > # file: teste.txt
> > # owner: root
> > # group: Domain Users
> > user::rwx
> > user:henrique:rw-
> > group::r--
> > mask::rw-
> > other::r--
> > 
> > The user henrique appears in linux, but he does not appear in windows.
> > When I try to add permissions through windows appears a message of
> > "denied access".
> > Somebody can help me
> 
> Well, as long as you have the filesystem mounted (assuming it is ext3
> with acl support compiled in) with the ACLs turned on... then things
> should work.
> -- 
> greg, [EMAIL PROTECTED]
> 
> The technology that is 
> Stronger, Better, Faster: Linux
> 
> Use Debian GNU/Linux, its a bazaar thing.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: RES: [Samba] Re: ACLs with Problem

[Luis Henrique de Faria Guimarães]

Paul,



>1. Which user is logged on the the windows workstation trying to modify
>a file on the samba share?
Henrique are user, this user is in the list of administrators of the samba, but 
he is not administrator of the PDC (windows 2003).
It looks at the parameters below of smb.conf:
 admin users = corniani, administrator, henrique

>2. What are the ACLs on that file before you try to change them and what
>are they after the operation failed?
Are the ACLs on that file before:
[EMAIL PROTECTED] teste]# getfacl teste.txt
# file: teste.txt
# owner: root
# group: Domain Users
user::rwx
user:henrique:rw-
group::r--
mask::rw-
other::r--

After:
[EMAIL PROTECTED] teste]# getfacl teste.txt
# file: teste.txt
# owner: root
# group: Domain Users
user::rwx
user:henrique:rw-
group::r--
mask::rw-
other::r--

Nothing one gets excited after the failed.

>3. What is the output of the samba log when you try to change ACLs on
>the file?

Look my big logs:

  unix_mode(teste.txt) returning 0744
[2005/09/26 17:11:44, 2] smbd/open.c:open_file(372)
  henrique opened file teste.txt read=No write=No (numopen=2)
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 156 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1965)
  call_nt_transact_query_security_desc: file = teste.txt, info_wanted = 0x4
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1992)
  call_nt_transact_query_security_desc: sd_size = 120.
[2005/09/26 17:11:44, 3] smbd/error.c:error_packet(147)
  error packet at smbd/nttrans.c(95) cmd=160 (SMBnttrans) 
NT_STATUS_BUFFER_TOO_SMALL
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 157 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1965)
  call_nt_transact_query_security_desc: file = teste.txt, info_wanted = 0x4
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1992)
  call_nt_transact_query_security_desc: sd_size = 120.
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 158 of length 92
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBntcreateX (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] smbd/dosmode.c:unix_mode(121)
  unix_mode(.) returning 0744
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 159 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1965)
  call_nt_transact_query_security_desc: file = ., info_wanted = 0x4
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1992)
  call_nt_transact_query_security_desc: sd_size = 120.
[2005/09/26 17:11:44, 3] smbd/error.c:error_packet(147)
  error packet at smbd/nttrans.c(95) cmd=160 (SMBnttrans) 
NT_STATUS_BUFFER_TOO_SMALL
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 160 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1965)
  call_nt_transact_query_security_desc: file = ., info_wanted = 0x4
[2005/09/26 17:11:44, 3] 
smbd/nttrans.c:call_nt_transact_query_security_desc(1992)
  call_nt_transact_query_security_desc: sd_size = 120.
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 161 of length 45
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBclose (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 17:11:44, 3] smbd/reply.c:reply_close(3233)
  close directory fnum=8243
[2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114)
  Transaction 162 of length 88
[2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900)
  switch message SMBnttrans (pid 1361) conn 0x8033e238
[2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0
[2005/09/26 

RES: [Samba] ACLs with Problem

[Luis Henrique de Faria Guimarães]

Hi Greg,
Really, the first step to install filesystem it with support ACL.  It looks at 
my archive:
LABEL=/ /   ext3defaults,acl1 1
LABEL=/boot /boot   ext3defaults1 2
LABEL=/data /data   ext3defaults,acl1 2
none/dev/ptsdevpts  gid=5,mode=620  0 0
none/proc   procdefaults0 0
none/dev/shmtmpfs   defaults0 0
/dev/cciss/c0d0p2   swapswapdefaults0 0
/dev/cdrom  /mnt/cdrom  udf,iso9660 
noauto,owner,kudzu,ro 0 0
/dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0

My server samba is integrated with the server windows 2003 (PDC). The server 
samba is using the users of windows 2003, catching using the way winbind.
When I try to change the permissions of an file of the server samba, in my 
workstation I appear a message "Denied Access". I perceived that windows also 
does not obtain to catch the extendidas permissions when I modified for the 
server linux.
It looks at some parameters of my smb.conf:
nt acl support = Yes
acl compatibility = win2k
acl map full control = yes
acl check permissions = no
acl group control = yes
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes
force unknown acl user = Yes

You can help me?
-Mensagem original-
De: Greg Folkert [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 22 de setembro de 2005 13:35
Para: samba@lists.samba.org
Assunto: Re: [Samba] ACLs with Problem


On Thu, 2005-09-22 at 11:43 -0300, Luis Henrique de Faria Guimarães
wrote:
> Hi All,
> 
> I am with problem with the permissions of windows.
> The samba is not getting the ACLs permissions.  I compiled version
> 3.0.20, with the following options:
> 
[...]

Well the first thin we need to know, is the filesystem that you are
sharing via samba mounted with the acl option in the /etc/fstab?

Here is what mine looks like and I get the ACLs just fine:

/dev/datavg/examplelv   /lf/db  ext3
rw,suid,nodev,exec,auto,nouser,async,acl,errors=remount-ro  1 1

I guess, I could have done "defaults,acl,nodev" and be-equivalent... but
hey I guess I am a bit retentive.

> # file: teste.txt
> # owner: root
> # group: Domain Users
> user::rwx
> user:henrique:rw-
> group::r--
> mask::rw-
> other::r--
> 
> The user henrique appears in linux, but he does not appear in windows.
> When I try to add permissions through windows appears a message of
> "denied access".
> Somebody can help me

Well, as long as you have the filesystem mounted (assuming it is ext3
with acl support compiled in) with the ACLs turned on... then things
should work.
-- 
greg, [EMAIL PROTECTED]

The technology that is 
Stronger, Better, Faster: Linux

Use Debian GNU/Linux, its a bazaar thing.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Re: ACLs with Problem

[Luis Henrique de Faria Guimarães]

I believe that you it did not understand my explanation.  I have a Linux server 
executing samba intergrated with a server windows 2003 (PDC).  Linux is using 
the users of windows 2003 saw winbind.  But, the permissions for these of 
archive do not function.  When I try to change the permissions of an archive in 
the sharing of the samba, it I do not function.  The part of ACL of the samba 
is not functioning, you understood me.
The command getfacl sample that support ACL is functioning in the server linux. 
 It sees my /etc/fstab:
LABEL=/ /   ext3defaults,acl1 1
LABEL=/boot /boot   ext3defaults1 2
LABEL=/data /data   ext3defaults,acl1 2
none/dev/ptsdevpts  gid=5,mode=620  0 0
none/proc   procdefaults0 0
none/dev/shmtmpfs   defaults0 0
/dev/cciss/c0d0p2   swapswapdefaults0 0
/dev/cdrom  /mnt/cdrom  udf,iso9660 
noauto,owner,kudzu,ro 0 0
/dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0

You can help this problem me?

Luís Henrique
-Mensagem original-
De: paul kölle [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 22 de setembro de 2005 13:15
Para: samba@lists.samba.org
Assunto: [Samba] Re: ACLs with Problem


Luis Henrique de Faria Guimarães wrote:
> With this configuration the users of the PDC (windows 2003) are 
> authenticantion way telnet 
> without problem.  However, the ACL do not function.  They see the exit with 
> command getfacl teste.txt:
> 
> [EMAIL PROTECTED] teste]# getfacl teste.txt
> # file: teste.txt
> # owner: root
> # group: Domain Users
> user::rwx
> user:henrique:rw-
> group::r--
> mask::rw-
> other::r--
Can you please describe what you expected to see here and why?

> 
> The user henrique appears in linux, but he does not appear in windows.
Then I'd say he's a linux user and not from AD via winbind right?

> When I try to add permissions through windows appears a message of "denied 
> access".
If that is a "correct" result largely depends which user is logged in to
the windows workstation. It would be helpful if you set samba to a
moderate debug level, and provide the relevant logs generated when the
desired operation(s) fail.


hth
 Paul


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ACLs with Problem

[Luis Henrique de Faria Guimarães]

Hi All,

I am with problem with the permissions of windows.
The samba is not getting the ACLs permissions.  I compiled version 3.0.20, with 
the following options:

./configure \
--prefix=/usr/local/samba \
--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--enable-cups \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=/usr/local/samba/share/swat/using_samba \
--with-swatdir=/usr/local/samba/share/swat \
--with-shared-modules=idmap_rid \
--with-libsmbclient \
--with-acl-support \
--with-winbind \
--with-ads \
--with-krb5=/usr/kerberos

Below mine smb.conf:

[global]
workgroup = ECPNET
netbios name = PINHEIROS_BETA
#   unix charset = iso8859-1
display charset = cp850
realm = ECP.ORG.BR
server string = Samba Server
security = ADS
auth methods = winbind
client schannel = No
password server = *
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *
passwd:*all*authentication*tokens*updated*successfully*
#username map = /usr/local/samba/etc/smbusers
password level = 8
username level = 8
log file = /var/log/samba/%m.log
log level = 3 auth:3 winbind:3
max log size = 50
nt acl support = Yes
domain admin group = admins
acl compatibility = win2k
acl map full control = yes
acl check permissions = no
acl group control = yes
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes
name resolve order = host wins bcast
server signing = auto
client use spnego = Yes
socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
addprinter command = addprinter
deleteprinter command = delprinter
add machine script = /usr/sbin/useradd -d /dev/null -g 504 -c
local master = No
dns proxy = No
wins server = 10.0.0.5, 10.0.0.4
ldap ssl = no
add share command = /usr/local/samba/share/modify_samba_config.pl
change share command = /usr/local/samba/share/modify_samba_config.pl
delete share command = /usr/local/samba/share/modify_samba_config.pl
idmap uid = 1-2
idmap gid = 1-2
template homedir = /data/users/%U
template shell = /bin/ksh
winbind use default domain = Yes
admin users = corniani, administrator, henrique
read only = No
force unknown acl user = Yes
guest ok = Yes
[Teste1]
comment = Teste de ACL Linux
path = /data/teste
browseable = Yes
admin users = ECPNET\henrique
read only = No

With this configuration the users of the PDC (windows 2003) are authenticantion 
way telnet without problem.  However, the ACL do not function.  They see the 
exit with command getfacl teste.txt:

[EMAIL PROTECTED] teste]# getfacl teste.txt
# file: teste.txt
# owner: root
# group: Domain Users
user::rwx
user:henrique:rw-
group::r--
mask::rw-
other::r--

The user henrique appears in linux, but he does not appear in windows.  When I 
try to add permissions through windows appears a message of "denied access".
Somebody can help me

Luís Henrique
Departamento de Tecnologia
Esporte Clube Pinheiros
Tel: 55 11 3817 3071
[EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with an old samba patch

[Henrique Cicuto Machado - SAO/Policia Federal]

Good morning

Some time ago, "googling" to solve a problem, I've found at the samba list a 
patch that allowed kerberized printing to the smb backend.
The link is the following:

http://lists.samba.org/archive/samba-technical/2005-April/040480.html

A sad thing that I noticed is that this patch doesn't seen to work anyomore 
with the latest release (3.0.20), and worked fine till 3.0.14.

Can anyone help me out with that? That patch pratically saved my day a few 
months ago :(
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Erro winbind and ACLs

[Luis Henrique de Faria Guimarães]

Hi Jeremy,

Really, i forgot to send the configurations of the Kerberos. However, the used 
packages are brought update, the used package is krb5-libs-1.2.7-47.  I am 
using the Red Hat Enterprise Linux AS 3 for x86.
Below it is the file /etc/krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm  = ECP.ORG.BR
 default_etypes = des-cbc-crc des-cbc-md5
 default_etypes_des = des-cbc-crc des-cbc-md5

[realms]
 ECP.ORG.BR = {
  kdc = 10.0.0.5
 }

[domain_realm]
 .ecp.org.br = ECP.ORG.BR
 ecp.org.br = ECP.ORG.BR

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
 pam = {
   debug = true
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }


You have some idea where you could be the problem?

Luis Henrique.

-Mensagem original-
De: Jeremy Allison [mailto:[EMAIL PROTECTED]
Enviada em: segunda-feira, 19 de setembro de 2005 18:26
Para: Luis Henrique de Faria Guimarães
Cc: samba@lists.samba.org
Assunto: Re: [Samba] Erro winbind and ACLs


On Mon, Sep 19, 2005 at 06:00:02PM -0300, Luis Henrique de Faria Guimarães 
wrote:
> Hi,
> I am configuring a machine with Red Hat Enterprise Linux 3 with samba 3.0.14 
> to be member of a domain with PDC windows 2003.
> However, the control of ACLCs is not functioning and winbind is interrupting 
> the service frequently.
> Below smb.conf follows mine and a part of the archive of log.

This looks like it may be a crash in the krb5 libs. Have you
got all the krb5 updates installed for that platform ?

Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Erro winbind and ACLs

[Luis Henrique de Faria Guimarães]

 winbindd[22844]:#17 winbindd [0x80791cc]
Sep 17 06:54:22 pinheiros winbindd[22844]:#18 winbindd [0x807aaa2]
Sep 17 06:54:22 pinheiros winbindd[22844]:#19 
winbindd(winbindd_lookup_name_by_sid+0x6e) [0x8076a4e]
Sep 17 06:54:22 pinheiros winbindd[22844]:#20 
winbindd(winbindd_getpwuid+0x196) [0x80712b6]
Sep 17 06:54:22 pinheiros winbindd[22844]:#21 winbindd(strftime+0x153b) 
[0x806f573]
Sep 17 06:54:22 pinheiros winbindd[22844]:#22 
winbindd(winbind_process_packet+0x21) [0x806f861]
Sep 17 06:54:22 pinheiros winbindd[22844]:#23 winbindd(strftime+0x20eb) 
[0x8070123]
Sep 17 06:54:22 pinheiros winbindd[22844]:#24 winbindd(main+0x41c) 
[0x80706bc]
Sep 17 06:54:22 pinheiros winbindd[22844]:#25 
/lib/libc.so.6(__libc_start_main+0x8d) [0x534bc1]
Sep 17 06:54:22 pinheiros winbindd[22844]:#26 winbindd(ldap_msgfree+0x79) 
[0x806ed51]

Thanks,



Luís Henrique
Departamento de Tecnologia
Esporte Clube Pinheiros
[EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind can't differ "ramifications" in a Active Directory "forest"

[Henrique Machado]

This has really been a problem to me.
I'm currently working in an AD forest with about 12 ramifications, all
of them with at least 2 DC (some of them have more).
The problem is: although I did set my local DC's in "password server",
in the smb.conf, after I start the winbindd daemon, my linux client
starts comunicating with all DC's over the "forest". wbinfo -t, -g, -u
and so on... they all take an average of 20 minutes to give me the
answer (although they do give me the right answers). I can't manage to
login either because of timeout, most probably.

I tried everywhere, and didn't manage to get my answers. I'm almost giving up.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Bad Performance with ACL's

[Luis Henrique de Faria Guimaraes]

Hi,

I have a RedHat server AS 3.0 with samba 3 and a server windows 2003.  I
configured the server linux to use the users of windows 2003.  However,
the authentication of this using way telnet was very slow, the creation
of new sharings and files also are slow.
Somebody has some idea.
Grateful,
Luis Henrique
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] OFF-TOPIC: Acrescentar uma HD no SCO

[Luis Henrique de Faria Guimaraes]

Bom dia pessoall,
Alguém sabe como funciona os dispositivos de bloco no SCO ou como faço
para instalar uma segunda H.D. nele?

-- 
Atenciosamente,

Luis Henrique de Faria Guimarães
Tecnologia
[EMAIL PROTECTED]
Tel.: 3961-3200

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba very sloss

[Luis Henrique de Faria Guimaraes]

I have configured the Samba3+winbind.  The samba is member of domain NT4
and the telnet was activated in it.  However, the authentication is very
slow and browser is very sloss. The command wbinfo -u is sloss too.
-- 
Atenciosamente,

Luis Henrique de Faria Guimarães
Tecnologia
[EMAIL PROTECTED]
Tel.: 3961-3200

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with winbind

[Luis Henrique de Faria Guimaraes]

I am with a problem to configure the authentication of user through
winbind.  The command "wbinfo -u" returns the following list:
ECP+luis
ECP+alda
ECP+jefferson
ECP+wedila
ECP+root
ECP+luana
ECP+Administrador
ECP+Convidado
ECP+TsInternetUser
ECP+NetShowServices
ECP+IUSR_SENEGAL
ECP+IWAM_SENEGAL
ECP+ASPNET
ECP+krbtgt
ECP+HOST/celta
ECP+HOST/ecp20
ECP+SENEGAL$
This windows 2000 is the PDC's users.  I enable the telnet and
configured I pam it to legalize through winbind.  The problem is that
necessary to use, for example, ECP+luis in login it saw telnet so that
winbind I found the user.  As I make to eliminate the "ECP+", leaving
using it to type only its login pure.  
I am thankful all.
-- 
Atenciosamente,

Luis Henrique de Faria Guimarães
Tecnologia
[EMAIL PROTECTED]
Tel.: 3961-3200

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] which fstype to use!

[henrique paiva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
i have a clipper 5.3 application running over samba 3.0.2a in mandrake10
system. But, i don't know which kind of files system works better in
clipper applications.
I was using fat partion, with "fstype = fat" in my smb.conf and samba
2.2.  Then i changed my server a installed mandrake10.
Right now i'm using reiserfs with "fstype = samba" in smb.conf.
So, is this a good idea for filesystem choice?
Which are your files system in clipper/foxpro application ?
thanx
- --
~ ___
~|  henrique paiva   |
~|___|
~| email: [EMAIL PROTECTED] |
~|___|
~|  icq: 320094827   |
~|___|
Este email foi assinado pelo Gnupg http://www.gnupg.com e
~ Mozilla Thunderbird Enigmail http://enigmail.mozdev.org
Solicite minha chave pública.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBA8WVeE6sZ+g/aaURAm+CAJ4sP/K/6+AMzRZKV7oZr2KZbs1vrACgmZvF
7C1MtuIFQ7JEP8cpSSY1Uuk=
=U5gC
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] system freeze

[henrique paiva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I have a samba server 3.0.2a running in mandrake10 dell power edge
server as a file server with clipper 5.3 application. I have 20 clients
running win98/95.
Normaly in the afternoon (once a day), sometimes the system just freeze,
all the clipper sessions just freeze, and when i do smb restart,
everything goes fine.
what is wrong with my system?
- --
~ ___
~|  henrique paiva   |
~|___|
~| email: [EMAIL PROTECTED] |
~|___|
~|  icq: 320094827   |
~|___|
Este email foi assinado pelo Gnupg http://www.gnupg.com e
~ Mozilla Thunderbird Enigmail http://enigmail.mozdev.org
Solicite minha chave pública.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA9KjieE6sZ+g/aaURAoRzAKCjdCBNZHI0rmnV8w4nLfpCgX0megCfQeQ1
mUkd6BXvwHXzFpiQ5UhFydU=
=SK5e
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] time server.

[henrique paiva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alex Satrapa wrote:
| On 13 Jul 2004, at 10:12, henrique paiva wrote:
|
|> Can i just add "time server = True" and "logon script = logon.bat" lines
|> in global conf? or should i add [netlogon] sharing too?
|
|
| You can't have a logon script without a netlogon share. From the manual:
|
|> The script must be a relative path to the [netlogon] service. If
|> the [netlogon] service specifies a path of /usr/local/samba/net-
|> logon,  and  logon script = STARTUP.BAT, then the file that will
|> be downloaded is:
|>
|> /usr/local/samba/netlogon/STARTUP.BAT
|
|
| HTH
| Alex Satrapa
|
I made something that i realy don't know if it's a good idea. I just put
~ a bat file in the startmenu/startup. wich the content is :
net time \\server /set /yes
it's working fine. but, is it a good idea ? or is better use the
[netlogon] way?
- --
~ ___
~|  henrique paiva   |
~|___|
~| email: [EMAIL PROTECTED] |
~|___|
~|  icq: 320094827   |
~|___|
Este email foi assinado pelo Gnupg http://www.gnupg.com e
~ Mozilla Thunderbird Enigmail http://enigmail.mozdev.org
Solicite minha chave pública.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA9GXUeE6sZ+g/aaURAmuSAJsHWf+ql18pEVstZ3E6j9BYMkRGqwCfX+VI
hJDLpdYh4FLYn2gQTC/DynI=
=Gq5E
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] time server.

[henrique paiva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
i have samba machine serving 25 clients win98/95, and i would like to
use the time server option. I want the clients  to sync time with the
server in logon. that is my smb.conf globals:
~ [global]
~ workgroup = ENTERPRISE
~ netbios name = SERVIDOR
~ server string = Samba Server %v
~ encrypt passwords = No
~ log file = /var/log/samba/log.%m
~ max log size = 50
~ deadtime = 5
~ socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
~ ldap ssl = no
Can i just add "time server = True" and "logon script = logon.bat" lines
in global conf? or should i add [netlogon] sharing too?
I dont have a domain configured, is it necessary ?
What should i do?
- --
~ ___
~    |  henrique paiva   |
~|___|
~| email: [EMAIL PROTECTED] |
~|___|
~|  icq: 320094827   |
~|___|
Este email foi assinado pelo Gnupg http://www.gnupg.com e
~ Mozilla Thunderbird Enigmail http://enigmail.mozdev.org
Solicite minha chave pública.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA8ykGeE6sZ+g/aaURAlm7AKC2Eu6YpADJ5MZg1VLjHfGaRywb4ACfUtRX
hfj31Ez3TRdEhC+axVNPaWU=
=LIBt
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA and NFS

[henrique paiva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think you won't have a performance problem. i have a DELL P4 2.8 with
256 ram rinning samba+rsync+heartbeat+nfs and 20 clients. everything is ok.
bastard operater wrote:
| Thank you for the response.  Would there still be a performance problem
| if I had two NICs in the PC?  One to connect to the NFS share and the
| second NIC to connect to the windows PCs?  I am talking about a maximum
| of 20 people connecting to the samba share with at most 5-6 people
| passing data over the share.  The samba server would be a 2.2GHz PC with
| 512MB of RAM.
|
| Thanks,
|
| BOFH1234
|
|> From: "Eric Boehm" <[EMAIL PROTECTED]>
|> Reply-To: "Eric Boehm" <[EMAIL PROTECTED]>
|> To: bastard operater <[EMAIL PROTECTED]>
|> CC: [EMAIL PROTECTED]
|> Subject: Re: [Samba] SAMBA and NFS
|> Date: Wed, 7 Jul 2004 13:35:28 -0400
|>
|> On Wed, Jul 07, 2004 at 01:23:37PM -0400, bastard operater wrote:
|> >>>>> "BOFH1234" == bastard operater <[EMAIL PROTECTED]> writes:
|>
|> BOFH1234> Can samba connect to an NFS share and then re-export
|> BOFH1234> that share so my windows XP users can connect to it?
|> BOFH1234> Basically I have a NFS share that all of my windows XP
|> BOFH1234> users need read-only access to.  The goal of this
|> BOFH1234> project is to replace an old MS Gateway Services for
|> BOFH1234> Novell server (using IPX) with something that can do the
|> BOFH1234> same thing but over IP.  I am pretty sure Novell and AD
|> BOFH1234> can share files using Native File Access, but that would
|> BOFH1234> require the Novell admins to get CIFS setup on the
|> BOFH1234> Novell side.  The Novell server we are using has NFS
|> BOFH1234> already setup and getting that much setup was like
|> BOFH1234> pulling teeth.
|>
|> Samba can share any filesystem that the Samba server can see. Your
|> performance will be degraded because you have the dual overhead of
|> Samba and NFS, but you can share the filesystem.
|>
|> --
|> Eric M. Boehm  /"\  ASCII Ribbon Campaign
|> [EMAIL PROTECTED]   \ /  No HTML or RTF in mail
|> X   No proprietary word-processing
|> Respect Open Standards / \  files in mail
|
|
| _
| Get tips for maintaining your PC, notebook accessories and reviews in
| Technology 101. http://special.msn.com/tech/technology101.armx
|
- --
~ ___
~|  henrique paiva   |
~|___|
~| email: [EMAIL PROTECTED] |
~|___|
~|  icq: 320094827   |
~|___|
Este email foi assinado pelo Gnupg http://www.gnupg.com e
~ Mozilla Thunderbird Enigmail http://enigmail.mozdev.org
Solicite minha chave pública.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA7GgmeE6sZ+g/aaURAj37AKCfFEBodopuepG9K27yFvH5yQnp6wCgm7CF
laGw0bZaxf7bWj3qR7pryEs=
=uUOR
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] ntlm_auth help

[Estevam Henrique Carvalho]

Isn't possible to test the ntlm_auth with the ntlmssp protocol in a command
line mode, you must use a browser able to handle ntlm because only this sort
of browser send the appropriate ntlm challenges, try IE.

Estevam Henrique

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
Champaka Guruge
Enviada em: quarta-feira, 7 de julho de 2004 09:25
Para: [EMAIL PROTECTED]
Assunto: [Samba] ntlm_auth help

Hi all

I am going to configure squid proxy server with smb
ntlm_auth.But when i try to test as follows it will
give  a err 

***
ntlm_auth --helper-protocol=squid-2.5-ntlmssp
username password
NA NT_STATUS_INVALID_PARAMETER
***
but,
ntlm_auth
--username==squid-helper-protocol=squid-2.5-basic

username password

OK

my smb.conf is

[global]
workgroup = mydomain
netbios name = PROXY_LINUX
security = DOMAIN
password server = 10.1.1.51
idmap uid = 1-2
idmap gid = 1-2
winbind use default domain = Yes

Hope your help

thank you
champaka Srinath





__
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with Samba x CUPS x win98 clients... (Help)

[Flávio Henrique]

Hi all!
I'm using Samba 3.0.2a with CUPS serving about 50 win98 clients...
All my printers works fine though samba/cups, but sometimes nobody can 
print in a certain netword printer.

I open my CUPS (http://localhost:631) and see the printer stoped (not 
always) and always with one of the errors messsages above:

Printer state: Idle, accepting jobs
"Unable to connect to SAMBA host, will retry in 60 seconds..."
Printer state: Idle, accepting jobs
"Unable to connect to SAMBA host, will retry in 60 seconds... ERROR:  
Connection failed with error NT_STATUS_UNSUCCESFUL"

Printer state: Idle, accepting jobs
"Unable to connect to SAMBA host, will retry in 60 seconds... ERROR:  
Connection failed with error NT_STATUS_BAD_DEVICE_TYPE"

Printer state: Idle, accepting jobs
"Unable to connect to SAMBA host, will retry in 60 seconds... ERROR:  
ERRSVR - ERRerror (Non-especific error code) opening remote file 
smbpm_0604 Without Name1"

And most of cases I need to delete the .tdb file in 
/var/cache/samba/printing to make the printer work again...

Someone can help with this? Why this happens and what can I do to avoid 
this ?

I post my smb.conf above too.
Thank you.
Flávio Henrique


# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2004/06/25 08:22:20
# Global parameters
[global]
   dos charset = 850
   unix charset = ISO8859-1
   workgroup =  MYGROUP
   netbios name = SERVIDOR
   log level = 1
   log file = /var/log/samba/log.%m
   time server = Yes
   printcap name = cups
   logon script = logon.bat
   logon home = \\%N\%U\profile
   domain logons = Yes
   os level = 100
   preferred master = Yes
   domain master = Yes
   wins support = Yes
   ldap ssl = no
   create mask = 02777
   force create mode = 02770
   directory mask = 02750
   printing = cups
[C]
   path = /server/sistemas
   read only = No
   browseable = No
[printers]
   comment = Todas as impressoras
   path = /var/spool/samba
   guest ok = Yes
   printable = Yes
   use client driver = Yes
   browseable = No
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbldaptools with SSHA

[Henrique]

Hello All!
im trying to get smbldap-tools to work with SSHA hash, but this not
working..
if i use clear text this work fine, all .confs and log is attached..

Some idea?-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbldaptools with SSHA

[Henrique]

Hello All!
im trying to get smbldap-tools to work with SSHA hash, but this not working..
if i use clear text this work fine, all .confs and log is attached..

Some idea?
-bash-2.05b# smbldap-populate
Using builtin directory structure
Use of uninitialized value in string ne at /usr/local/sbin/smbldap-populate line 107.
Use of uninitialized value in concatenation (.) or string at 
/usr/local/sbin/smbldap-populate line 111.
adding new entry: dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 2.
adding new entry: ou=usuarios,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 3.
adding new entry: ou=grupos,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 4.
adding new entry: ou=hosts,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 5.
adding new entry: uid=Administrator,ou=usuarios,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 6.
adding new entry: uid=nobody,ou=usuarios,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 7.
adding new entry: cn=Domain Admins,ou=grupos,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 8.
adding new entry: cn=Domain Users,ou=grupos,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 9.
adding new entry: cn=Domain Guests,ou=grupos,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 16.
adding new entry: cn=Print Operators,ou=grupos,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 17.
adding new entry: cn=Backup Operators,ou=grupos,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 18.
adding new entry: cn=Replicator,ou=grupos,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 19.
adding new entry: cn=Domain Computers,ou=grupos,dc=moove
failed to add entry: modifications require authentication at 
/usr/local/sbin/smbldap-populate line 344,  line 19.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Joining NT4 workstations to a Samba 3 Domain

[Henrique]

I have this problem. I solved deleting a line "set primary group script"
But, this is a samba3 bug? I can fix it. I need this line? What i can make?
Help!

- Original Message - 
From: "Chris Hobbs" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 25, 2004 12:18 PM
Subject: Re: [Samba] Joining NT4 workstations to a Samba 3 Domain


> Chris Hobbs wrote:
> 
> > Should I submit this to bugzilla? I'd hate to do that until I've 
> > exhausted my options on the mailing list.
> 
> Well this turned out to be an empty threat -- turns out the general
> public can't submit bugs at bugzilla.samba.org :)
> 
> I know (from private e-mail and IRC) that I'm not the only one with this
> issue. Is there anyone on the list that has NT4 clients working with a
> Samba3+LDAP domain?
> 
> Thanks in advance for your help,
> 
> >
> > Chris Hobbs wrote:
> >
> >> Linux: Fedora Core 2
> >> Samba: 3.0.3
> >> OpenLDAP: 2.1.29
> >>
> >> I've noticed a couple of other messages in this month's archives that 
> >> suggest they're having the same problem as I, but so far no 
> >> resolution has been reported.
> >>
> >> I've got a new Samba domain up and running with LDAP that allows me 
> >> to join Win2K and XP clients, but not NT4 workstations. I've added 
> >> the machine account with the command: smbldap-useradd -w MISTEST02
> >>
> >> An ldapsearch confirms that the machine account has been created. On 
> >> attmpting to join the domai nfrom the NT4 client I receive the 
> >> following error message:
> >>
> >> "The machine account for this computer either does not exist or is 
> >> inaccessible."
> >>
> >> Amazingly, the machine account has now disappeared from the LDAP 
> >> directory, as confirmed by running  ldapsearch.
> >>
> >> Trying to add the machine without first running smbldap-useradd 
> >> (which works fine for the 2K and XP clients) gives me the same error.
> >>
> >> I'll be happy to provide confs, debug logs and tcpdumps if those will 
> >> be helpful - simply let me know what needs to be captured. Thanks in 
> >> advance for your help.
> >>
> >
> >
> 
> 
> -- 
> Chris Hobbs   Silver Valley Unified School District
> Head geek:  Technology Services Coordinator
> webmaster:   http://www.silvervalley.k12.ca.us/~chobbs/
> postmaster:   [EMAIL PROTECTED]
> pgp:  http://www.silvervalley.k12.ca.us/~chobbs/key.asc
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roaming profiles. How to do it ?

[Flávio Henrique]

Hi TMI,
see below
Flávio Henrique a écrit :
Hi all..
I'm using Samba 3.0.2a on Mandrake 10, serving +/- 50 win98 clients.
I'm using this options:
logon path = \\%N\%U\profile
logon home =  \\%N\%U\profile
but the roaming profile seems do not working... at least the way that 
I want. (maybe this is the right behavior).
   What I want:
   -> When an user logins on MACHINE1 the profile that is saved in 
Linux begin download to MACHINE1
   -> When this user logoff from MACHINE1 the profile must update on 
linux server
   -> If this user logins on MACHINE2 the profile (updated) must be 
downloaded to MACHINE2

But is not happen like this. When the user logins for the first time 
on MACHINE1 a local profile is created using the "All users" folder 
(under \windows\profiles)

I'm not sure if the option " logon home = \\%N\%U\profile " tells 
Samba to do what I want.

Somone can help me ?
Thank you in advance.
Flávio Henrique

Hi,
It seems to me that your samba side parameters are good.
The logon path parameter won't be useful, it is only for win2k / winXP 
/ NT clients.
ok. thank you
You should now check:
1- permissions of the profile directory (be sure your users can write 
that directory)
the permissions is right (700 with owner .
the users can export the profile from win98, my problem is that they 
can't import the roaming profile when make login in another machine...
I read in somewhere that win98 can't deal correctly with roaming profiles...
I wish to know if someone is working with win98 roaming profile, 
importing the profile when logins in the first time...

2- did you activate the use of profiles in the nethood properties of 
the win98se clients ?
yes...
3- Check the samba-howto, chapters 22 and 23, it covers most of the 
basics for profiles to work (win98 included).
I will... thank you
hope it helps
TMI-Concept

Flávio Henrique
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roaming profiles. How to do it ?

[Flávio Henrique]

Matthias Spork escreveu:
Do not use one share for Home and Profile.
Read this:
http://www.idealx.org/prj/samba/smbldap-howto.en.html
matze

thank you for the answer, but like I said, I'm serving win98 clients, 
not WinNT/XP/2000, and the tutorial deals with theses clients

my big doubt is if the options that I discribe above is right or not to 
do what I want.
maybe I'm setting the wrong option.

Thank youy again.
Flávio Henrique

Flávio Henrique schrieb:
Hi all..
I'm using Samba 3.0.2a on Mandrake 10, serving +/- 50 win98 clients.
I'm using this options:
logon path = \\%N\%U\profile
logon home =  \\%N\%U\profile
but the roaming profile seems do not working... at least the way that 
I want. (maybe this is the right behavior).
   What I want:
   -> When an user logins on MACHINE1 the profile that is saved in 
Linux begin download to MACHINE1
   -> When this user logoff from MACHINE1 the profile must update on 
linux server
   -> If this user logins on MACHINE2 the profile (updated) must be 
downloaded to MACHINE2

But is not happen like this. When the user logins for the first time 
on MACHINE1 a local profile is created using the "All users" folder 
(under \windows\profiles)

I'm not sure if the option " logon home = \\%N\%U\profile " tells 
Samba to do what I want.

Somone can help me ?
Thank you in advance.
Flávio Henrique



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Roaming profiles. How to do it ?

[Flávio Henrique]

Hi all..
I'm using Samba 3.0.2a on Mandrake 10, serving +/- 50 win98 clients.
I'm using this options:
logon path = \\%N\%U\profile
logon home =  \\%N\%U\profile
but the roaming profile seems do not working... at least the way that I 
want. (maybe this is the right behavior).
   What I want:
   -> When an user logins on MACHINE1 the profile that is saved in 
Linux begin download to MACHINE1
   -> When this user logoff from MACHINE1 the profile must update on 
linux server
   -> If this user logins on MACHINE2 the profile (updated) must be 
downloaded to MACHINE2

But is not happen like this. When the user logins for the first time on 
MACHINE1 a local profile is created using the "All users" folder (under 
\windows\profiles)

I'm not sure if the option " logon home = \\%N\%U\profile " tells Samba 
to do what I want.

Somone can help me ?
Thank you in advance.
Flávio Henrique
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Fw: Error C000019B

[Henrique]

PLEASE!! can somebody help me?
I need much these!

- Original Message - 
From: "Henrique" <[EMAIL PROTECTED]>
To: "Samba Samba" <[EMAIL PROTECTED]>
Sent: Monday, June 21, 2004 3:35 PM
Subject: Error C19B


> Hi everyone! im having problems with Samba 3.0.4
>
> My PDC is samba+openldap+nss+pam+smbldaptools
>
> All work fine (posix account and logins in Win9x workstations)
> I can join in to my domain with WinNT4 but i can't login!
>
> Im get always this message: The system can not log you on (C19B).
Please
> try again or consult your system administrator.
>
> I have read the documents about this error around inet but, all docs tell
> about SID changes and/or netbios names. Im have make no changes in SID,
> netbios or domain name, i have setedup my FreeBSD 5.2.1, configured all
fine
> and instaled the apps (samba, ldap, etc...)
>
> Somebody can help me please?
>
> it's that appears in my log when i try to login:
>
>
> [2004/06/21 15:27:18, 10]
> lib/util_sock.c:read_smb_length_return_keepalive(488)
>   got smb length of 356
> [2004/06/21 15:27:18, 6] smbd/process.c:process_smb(889)
>   got message type 0x0 of len 0x164
> [2004/06/21 15:27:18, 3] smbd/process.c:process_smb(890)
>   Transaction 46 of length 360
> [2004/06/21 15:27:18, 5] lib/util.c:show_msg(456)
> [2004/06/21 15:27:18, 5] lib/util.c:show_msg(466)
>   size=356
>   smb_com=0x25
>   smb_rcls=0
>   smb_reh=0
>   smb_err=0
>   smb_flg=24
>   smb_flg2=32771
>   smb_tid=1
>   smb_pid=14336
>   smb_uid=100
>   smb_mid=2816
>   smt_wct=16
>   smb_vwv[ 0]=0 (0x0)
>   smb_vwv[ 1]=  272 (0x110)
>   smb_vwv[ 2]=0 (0x0)
>   smb_vwv[ 3]= 1024 (0x400)
>   smb_vwv[ 4]=0 (0x0)
>   smb_vwv[ 5]=0 (0x0)
>   smb_vwv[ 6]=0 (0x0)
>   smb_vwv[ 7]=0 (0x0)
>   smb_vwv[ 8]=0 (0x0)
>   smb_vwv[ 9]=0 (0x0)
>   smb_vwv[10]=   84 (0x54)
>   smb_vwv[11]=  272 (0x110)
>   smb_vwv[12]=   84 (0x54)
>   smb_vwv[13]=2 (0x2)
>   smb_vwv[14]=   38 (0x26)
>   smb_vwv[15]=30272 (0x7640)
>   smb_bcc=289
> [2004/06/21 15:27:18, 10] lib/util.c:dump_data(1864)
>   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P
.E.\
>   [010] 00 05 00 00 03 10 00 00  00 10 01 00 00 07 00 00  

>   [020] 00 F8 00 00 00 00 00 02  00 00 7F 14 00 09 00 00  

>   [030] 00 00 00 00 00 09 00 00  00 5C 00 5C 00 4D 00 41  
.\.\.M.A
>   [040] 00 4D 00 55 00 54 00 45  00 00 00 C9 11 B4 3C 95  .M.U.T.E
..<.
>   [050] 75 06 00 00 00 00 00 00  00 06 00 00 00 54 00 52  u...
.T.R
>   [060] 00 41 00 53 00 48 00 00  00 F8 F9 F9 00 7A FF 10  .A.S.H..
.z..
>   [070] 81 DC 91 EC 2B CD B7 D6  40 04 FA F9 00 25 6F F6  +...
@%o.
>   [080] 77 00 00 14 00 00 00 00  00 01 00 01 00 E4 FC F9  w...

>   [090] 00 0A 00 0A 00 AE 40 15  00 00 00 00 00 32 23 00  [EMAIL PROTECTED]
.2#.
>   [0A0] 00 00 00 00 00 10 00 10  00 9C 40 15 00 0A 00 0C  
[EMAIL PROTECTED]
>   [0B0] 00 38 3F 14 00 5B C9 83  DF 2D 33 D9 A0 85 66 CA  .8?..[..
.-3...f.
>   [0C0] 97 65 5E 50 EB 29 3B F3  8E 0A 0B 86 11 10 F1 53  .e^P.);.
...S
>   [0D0] A2 FB F0 69 AA 05 00 00  00 00 00 00 00 05 00 00  ...i

>   [0E0] 00 4D 00 4F 00 4F 00 56  00 45 00 15 00 08 00 00  .M.O.O.V
.E..
>   [0F0] 00 00 00 00 00 08 00 00  00 68 00 65 00 6E 00 72  
.h.e.n.r
>   [100] 00 69 00 71 00 75 00 65  00 06 00 00 00 00 00 00  .i.q.u.e

>   [110] 00 05 00 00 00 54 00 52  00 41 00 53 00 48 00 03  .T.R
.A.S.H..
>   [120] 00.
> [2004/06/21 15:27:18, 3] smbd/process.c:switch_message(685)
>   switch message SMBtrans (pid 519)
> [2004/06/21 15:27:18, 4] smbd/uid.c:change_to_user(186)
>   change_to_user: Skipping user change - already user
> [2004/06/21 15:27:18, 3] smbd/ipc.c:reply_trans(538)
>   trans <\PIPE\> data=272 params=0 setup=2
> [2004/06/21 15:27:18, 5] smbd/ipc.c:reply_trans(557)
>   calling named_pipe
> [2004/06/21 15:27:18, 3] smbd/ipc.c:named_pipe(334)
>   named pipe command on <> name
> [2004/06/21 15:27:18, 5] smbd/ipc.c:api_fd_reply(267)
>   api_fd_reply
> [2004/06/21 15:27:18, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1156)
>   search for pipe pnum=7640
> [2004/06/21 15:27:18, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1160)
>   pipe name NETLOGON pnum=7640 (pipes_open=1)
> [2004/06/21 15:27:18, 3] smbd/ipc.c:api_fd_reply(296)
>   Got API command 0x26 on pipe "NETLOGON" (pnum 7640)
> [2004/06/21 15:27:18, 10] smbd/ipc.c:api_fd_reply(301)
>   api_fd_reply: p:0x8315c00 max_trans_reply: 1024
> [2004/06/21 15:27:18, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(854)
>   write_to_

[Samba] Error C000019B

[Henrique]

pc_parse/parse_prs.c:prs_uint32(635)
  00e8 uni_str_len: 0005
[2004/06/21 15:27:18, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807)
  00ec buffer : T.R.A.S.H.
[2004/06/21 15:27:18, 5] rpc_parse/parse_prs.c:prs_uint16(606)
  00f6 validation_level: 0003
[2004/06/21 15:27:18, 5] libsmb/credentials.c:deal_with_creds(182)
  deal_with_creds: 182
[2004/06/21 15:27:18, 4] libsmb/credentials.c:cred_create(90)
  cred_create
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(92)
sess_key : 3EE2A9EB1F3F1C06
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(93)
stor_cred: 5421DE1D8EAE4150
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(94)
timestamp: 40d6b7cd
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(95)
timecred : 21D9B45E8EAE4150
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(96)
calc_cred: 7AFF1081DC91EC2B
[2004/06/21 15:27:18, 4] libsmb/credentials.c:cred_assert(121)
  cred_assert
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_assert(123)
challenge : 7AFF1081DC91EC2B
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_assert(124)
calculated: 7AFF1081DC91EC2B
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_assert(128)
  credentials check ok
[2004/06/21 15:27:18, 5] libsmb/credentials.c:deal_with_creds(198)
  deal_with_creds: new_cred[0]=5eb4d922
[2004/06/21 15:27:18, 5] libsmb/credentials.c:deal_with_creds(203)
  deal_with_creds: new_clnt_time=40d6b7ce
[2004/06/21 15:27:18, 4] libsmb/credentials.c:cred_create(90)
  cred_create
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(92)
sess_key : 3EE2A9EB1F3F1C06
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(93)
stor_cred: 5421DE1D8EAE4150
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(94)
timestamp: 40d6b7ce
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(95)
timecred : 22D9B45E8EAE4150
[2004/06/21 15:27:18, 5] libsmb/credentials.c:cred_create(96)
calc_cred: 5EC7C6EFB97FA79C
[2004/06/21 15:27:18, 5] libsmb/credentials.c:deal_with_creds(209)
  deal_with_creds: clnt_cred=5421DE1D8EAE4150
[2004/06/21 15:27:18, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(570)
  SAM Logon (Interactive). Domain:[MOOVE].  User:[EMAIL PROTECTED] Requested
Domain:[MOOVE]
[2004/06/21 15:27:18, 5] rpc_server/srv_netlog_nt.c:_net_sam_logon(594)
  Attempting validation level 1 for unmapped username henrique.
[2004/06/21 15:27:18, 5] auth/auth.c:make_auth_context_subsystem(477)
  Making default auth method list for DC, security=user, encrypt passwords =
yes
[2004/06/21 15:27:18, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match guest
[2004/06/21 15:27:18, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method guest has a valid init
[2004/06/21 15:27:18, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match sam
[2004/06/21 15:27:18, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method sam has a valid init
[2004/06/21 15:27:18, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2004/06/21 15:27:18, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match trustdomain
[2004/06/21 15:27:18, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method trustdomain has a valid init
[2004/06/21 15:27:18, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method winbind has a valid init
[2004/06/21 15:27:18, 5] auth/auth.c:get_ntlm_challenge(95)
  auth_get_challenge: module guest did not want to specify a challenge
[2004/06/21 15:27:18, 5] auth/auth.c:get_ntlm_challenge(95)
  auth_get_challenge: module sam did not want to specify a challenge
[2004/06/21 15:27:18, 5] auth/auth.c:get_ntlm_challenge(95)
  auth_get_challenge: module winbind did not want to specify a challenge
[2004/06/21 15:27:18, 5] auth/auth.c:get_ntlm_challenge(135)
  auth_context challenge created by random
[2004/06/21 15:27:18, 5] auth/auth.c:get_ntlm_challenge(136)
  challenge is:
[2004/06/21 15:27:18, 5] lib/util.c:dump_data(1864)
  [000] 0C 01 EC 4D 0B 2E CD 82   ...M
[2004/06/21 15:27:18, 5] auth/auth_util.c:make_user_info_map(225)
  make_user_info_map: Mapping user [MOOVE]\[henrique] from workstation
[TRASH]
[2004/06/21 15:27:18, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(999, 514) : sec_ctx_stack_ndx = 1
[2004/06/21 15:27:18, 3] smbd/uid.c:push_conn_ctx(351)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/06/21 15:27:18, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/21 15:27:18, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2004/06/21 15:27:18, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supple

[Samba] The Solution for: Samba+ADS, w2k clients can't access samba by ne tbios name

[Estevam Henrique Carvalho]

As many of us suffer this problem I would like to share my success with the
list. This weekend I made this configuration work !
After this procedure you can access the samba machine, from any client
(Win-XP, Win2k, Win2k3, Win9x and WinNT) using
\\samba-netbios-name\share-name (using kerberos) or
\\samba-ip-address\share-name (using NTLM)

Debian Woody 3.0R2
Samba-3.0.4
MIT Kerberos 1.3.4

Windows 2003
In Windows 2003 apply the fix described in the article:
KDC does not allow clients to specify an etype in Windows Server 2003
http://support.microsoft.com/default.aspx?kbid=833708

In Windows 2003 force Kerberos to use TCP instead UDP:
How to force Kerberos to use TCP instead of UDP
http://support.microsoft.com/default.aspx?scid=kb;en-us;244474

Remember to reboot Windows 2003 after this steps

Linux
Compile MIT with the options
configure -sysconfdir=/etc -localstatedir=/var/kerberos --enable-dns
--without-krb4 
make
make install
test Kerberos with klist/kinit/kdestroy
Ps.: use a very simple krb5.conf, see the attached sample

Compile SAMBA 
configure --localstatedir=/var/samba --sysconfdir=/etc/samba --with-ads
--with-ldap --with-krb5=/usr/local --with-winbind --with-pam
-with-pam_smbpass 
make 
make install
(don't forget to follow all the steps in
http://us1.samba.org/samba/docs/man/howto/winbind.html, and also take a look
at my smb.conf sample file)

(before proceed delete any previous machine account that belongs to this
samba machine in Active Directory)
/opt/samba/bin/net ads join -U 

Start the samba services (nmbd, smbd and winbindd)

That's all, I hope this help ! :-)


More reference about Kerberos and Windows integration can be found at:
Troubleshooting Kerberos Errors
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
security/tkerberr.mspx


Estevam Henrique



= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Internet access control through samba ?

[Estevam Henrique Carvalho]

Take a lot at http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#winbind


-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
Matthias Spork
Enviada em: segunda-feira, 14 de junho de 2004 19:30
Para: Nikhil Parva
Cc: Samba
Assunto: Re: [Samba] Internet access control through samba ?

Hello,

>
>Hi,
>is there a possibility to use a samba pdc for internet access control ?
>I want only machines, which are logged in to the domain, to have
>internet access.
>Currently everybody can use the Internet through the masquerading
>functionality
>on the server(also pdc).
>
>Thanks Jeremias M.
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>  
>

try mod_ntlm for Squid

matze

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with words accentuated

[Flávio Henrique]

Hi guys

I need help here:

I'm using Samba 3.0.2a serving about 50 win98 clients.

My problem is: 
If a client (win98) create a file/directory accentuated (with ` ' ç ^ ~ ") in Linux I 
see strange characters instead... 
The clients still see the words accentuated without problems, but in Linux server no...

If I create a file, from Linux server, with accents the clients see the file 
accentuated without problems

So I need to make some backups, from Linux server, but like this all files/directories 
accentuated will be stored with strange characters...

I'm using this, in my smb.conf:

dos charset = CP850
unix charset = UTF-8
display charset = LOCALE

I'm no expert in this options, so I need help...
Which option I need to use to resolve this problem ?

My idiom is Brazilian Portuguese.
I already try 'unix charset' and 'display charset' = pt_BR, ISO-8859-1, UTF-8 both and 
nothing helps...

I'll appreciate any help.

Thank you

Flávio Henrique
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap tool

[Henrique]

use cpan to download the module http://www.cpan.org/
or
http://dag.wieers.com/packages/perl-Net-LDAP/perl-Net-LDAP-0.2701-1.rhfc1.dag.noarch.rpm
to express :-)




- Original Message - 
From: "abebe lsslp" <[EMAIL PROTECTED]>
To: "Samba Samba" <[EMAIL PROTECTED]>
Sent: Friday, June 11, 2004 4:17 PM
Subject: [Samba] smbldap tool


> I have a Fedora Core 1 machine and I am trying to install
"smbldap-tools-0.8.4-1.1.fc2.dag.i386.rpm" However, I am having the
following problem:
>
> [EMAIL PROTECTED] root]# rpm -i smbldap*.rpm
>
> warning: smbldap-tools-0.8.4-1.1.fc2.dag.i386.rpm: V3 DSA signature:
NOKEY, key ID 6b8d79e6
> error: Failed dependencies:
> perl(Net::LDAP) is needed by smbldap-tools-0.8.4-1.1.fc2.dag
> perl(Net::LDAP::LDIF) is needed by smbldap-tools-0.8.4-1.1.fc2.dag
>
> [EMAIL PROTECTED] root]# rpm -qa | grep perl
> perl-DBI-1.37-1
> mod_perl-1.99_09-10
> perl-DateManip-5.40-30
> perl-URI-1.21-7
> perl-XML-Dumper-0.4-25
> perl-SGMLSpm-1.03ii-12
> perl-DBD-Pg-1.22-1
> perl-5.8.1-92
> perl-Filter-1.29-8
> perl-HTML-Tagset-3.03-28
> perl-Parse-Yapp-1.05-30
> perl-libwww-perl-5.65-6
> perl-libxml-perl-0.07-28
> perl-XML-Encoding-1.01-23
> perl-HTML-Parser-3.26-18
> perl-XML-Parser-2.31-16
> perl-libxml-enno-1.02-29
>
> [EMAIL PROTECTED] root]#
>
> what exactly do I need to do before installing this tool?
>
> Ambex
>
>
> -
> Do you Yahoo!?
> Friends.  Fun. Try the all-new Yahoo! Messenger
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] NT4 and Domain Member Samba 3.0.2 problem

[Luis Henrique de Faria Guimarães]

Hi,

I am with problem of slowness in my server samba.
I configured the samba following the official documentation.  I modified the
archives/etc/nsswitch and/etc/pam.d/login, but the navigation in the folder
and the authentication of using saw telnet is very slow.  I do not obtain to
authentication users who are not registered in cadastre in the NT4 and the
Linux.  I get the following error:

User not know to the underlying authentication module.

Somebody can help me?


This mail was sent by Results - Webmail 2.5

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind problem

[Luis Henrique de Faria Guimarães]

I have server with Fedora Core 1, samba 3 and kernel with support ACL. I am
using a NT4 as PDC.
My problem is after opening three telnet sessions, this nexts is very slow.
This is my smb.conf:

#
# Generated by /usr/local/samba/md_smb.conf.pl
#
[global]
passwdprogram = /usr/bin/passwd %u
nameresolveorder = host lmhosts wins bcast
addsharecommand = /usr/local/samba/md_smb.conf.pl
ntaclsupport = Yes
netbiosname = pinheiros
deletesharecommand = /usr/local/samba/md_smb.conf.pl
usernamemap = /etc/samba/smbusers
maxlogsize = 50
idmapuid = 1-2
deleteprintercommand = delprinter
addmachinescript = /usr/sbin/useradd -d /dev/null -g 100 -s /bi
n/false -M %u
addprintercommand = addprinter
read only = No
winbindcachetime = 10
logfile = /var/log/samba/log.%m
templatehomedir = /home/%U
#socketoptions = TCP_NODELAY SO_RCVBUF
printing = cups
inheritacls = Yes
updateencrypted = Yes
workgroup = ECP
authmethods = winbind
security = DOMAIN
profileacls = Yes
idmapgid = 1-2
ldapssl = no
#winbindusedefaultdomain = Yes
winbind enum users = yes
winbind enum groups = yes
mapaclinherit = Yes
dnsproxy = No
usernamelevel = 8
passwordlevel = 8
guestaccount = pcguest
localmaster = No
passwdchat = *New*UNIX*password* %nn *ReType*new*UNIX*pa
ssword* %nn *passwd:*all*authentication*tokens*updated*successfully*
changesharecommand = /usr/local/samba/md_smb.conf.pl
templateshell = /bin/sh
aclcompatibility = winnt
winbindseparator = +
serverstring = Samba Server
log level = 5
wins server = 192.168.1.237

## Section - [printers]
[printers]
comment = Printers
browseable = No
printable = Yes
path = /var/spool/samba

## Section - [C]
[C]
read only = No
writable = Yes
comment = Raiz do Server Linux ECP20
path = /
##
In the nsswitch.conf

passwd: files winbind
shadow: files
group: files winbind

#
And the /etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
##
Thanks



This mail was sent by Results - Webmail 2.5

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3 and OpenLDAP

[Henrique]

Its normal that my domain appears in same tree of users, groups and hosts?
Im using Jxplrer to look this, and this appears like it:


-World
|__mydomain
|_groups
|_hosts
|_mydomain (again?)
|_users

Somebody have an idea?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: RES: [Samba] Problem with authenticating a computer to a sam ba sh are

[Estevam Henrique Carvalho]

Have you ran "net ads join -U " ?
Did the machine name appear under Computer OU in the Active Directory ?
Could you, from the same Win box that runs NTBACKUP, run \\ ?
What are the results for the commands wbinfo -u, wbinfo -g, wbinfo -t ?
Before run NTBACKUP, have you mapped the samba share(s) with a valid domain
user ?


-Mensagem original-
De: Björn Giesler [mailto:[EMAIL PROTECTED] 
Enviada em: quarta-feira, 9 de junho de 2004 15:54
Para: Estevam Henrique Carvalho
Cc: [EMAIL PROTECTED]
Assunto: Re: RES: [Samba] Problem with authenticating a computer to a samba
sh are


Am 09.06.2004 um 19:55 schrieb Estevam Henrique Carvalho:
> What do you mean with ADC Slave, security=ads in smb.conf ?

Yes, exactly. Encrypt passwords=yes, password server=MACHINE from my 
previous mail.

Regards,
Björn


= 
Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você
não for o destinatário ou a pessoa autorizada a receber esta mensagem, não
deverá utilizar, copiar, alterar, divulgar a informação nela contida ou
tomar qualquer ação baseada nessas informações. Se você recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperação. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Problem with authenticating a computer to a samba sh are

[Estevam Henrique Carvalho]

What do you mean with ADC Slave, security=ads in smb.conf ? 

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de Björn
Giesler
Enviada em: quarta-feira, 9 de junho de 2004 12:32
Para: [EMAIL PROTECTED]
Assunto: [Samba] Problem with authenticating a computer to a samba share

Hi,

I have a Win2k Server Active Directory Domain Controller, and an 
Exchange server running on the same machine. I want to use NTBACKUP to 
back up the mailboxes to a Samba machine running as ADC slave. This 
doesn't work, and I get the message

Username DOMAIN\MACHINE$ is invalid on this system

in the Samba logs.

How can I make MACHINE known to Samba? Since MACHINE is the domain 
controller, I can't add it to the ADC host list, and it's the one that 
supplies the passwords...

Anyone seen/done this before?

Thanks a lot in advance,
Björn
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


= 
Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você
não for o destinatário ou a pessoa autorizada a receber esta mensagem, não
deverá utilizar, copiar, alterar, divulgar a informação nela contida ou
tomar qualquer ação baseada nessas informações. Se você recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperação. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] authentification in ads2003

[Estevam Henrique Carvalho]

I also have made this configuration working with w2k, the problem is related
do enc-types used by w2k3.
I have seen a lot of people complaining about the same issue. Can the samba
gurus help the community ??? What are the right configuration to put a Samba
3.0.x working as a Active Directory 2003 member and be accessible through
\\\ ?!

Please Jerry Carter, Andrew Batlett e other, gave us some light...

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
Christoph Scheeder
Enviada em: quarta-feira, 9 de junho de 2004 11:05
Para: Benoit Moeremans
Cc: [EMAIL PROTECTED]
Assunto: Re: [Samba] authentification in ads2003

Hi,

i got that working on woddy, but against a win2000 ADS.

How?
- fetched the latest soure of MIT-kerberos from mit-server
   and installed in /usr/local, as the version comming with woody
   is to old , it does not support the neede enc-types.
- fetched samba-3.0.5-pre2 from svn and compiled it against the kerberos
   in /usr/local, and installed it.
- deleted all old databases of samba
- delete the samba-server from the ADS and rejoin it.

i found for me that in nsswitch.conf the lines

passwd: compat winbind
group:  compat winbind

will not work, replace "compat" with "files"

this way you should be able to get it working, but no garanty.
Christoph

Benoit Moeremans schrieb:
> Hello,
> *This msg was already sent yesterday on this ml, but some i found some
> faults in the mail.*
> 
> **If anyone can help me... the only thing i'm thinking now is to throw
away
> the servers**
> 
> 
> I installed Samba 3.0.4 + kerberos 5 + winbind to make the debian woody
> server joining
> the Active directory service.
> 
> Everything seems to be ok, except the authentification. If i try to go to
> the share of the linux server from a windows box, it asks me the password.
> And of course, no
> way to log in.
> 
> Here is the config:
> 
> *nsswitch.conf*
> 
> passwd: compat winbind
> group:  compat winbind
> shadow: compat
> 
> hosts:  files dns
> networks:   files
> 
> protocols:  db files
> services:   db files
> ethers: db files
> rpc:db files
> 
> netgroup:   nis
> 
> 
> 
> 
> *samba*
> 
> [global]
> 
> 
>workgroup = TEST
>realm = CAR.BE.TEST.COM.LOCAL
>server string = %h server (Samba %v)
> ;  wins support = no
> ;  wins server = w.x.y.z
>dns proxy = no
> ;  name resolve order = lmhosts host wins bcast
>use spnego = yes
>log file = /var/log/samba/log.%m
>max log size = 1000
> ;  syslog only = no
>syslog = 0
>panic action = /usr/share/samba/panic-action %d
> 
> # separate domain and username with '+', like DOMAIN+username
> winbind separator = +
> # use uids from 1 to 2 for domain users
> idmap uid = 1-2
> # use gids from 1 to 2 for domain groups
> idmap gid = 1-2
> # allow enumeration of winbind users and groups
> winbind enum users = yes
> winbind enum groups = yes
> 
>security = ADS
>encrypt passwords = yes
>passdb backend = tdbsam guest
>obey pam restrictions = yes
>password server = car-pdc
>netbios name = rantanplan
> ;  guest account = nobody
>invalid users = root
> ;  unix password sync = no
> ;  passwd program = /usr/bin/passwd %u#   passwd chat =
> *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
> ;  pam password change = no
> ;  load printers = yes
> ;  preserve case = yes
> ;  short preserve case = yes
> ;  include = /home/samba/etc/smb.conf.%m
> # SO_RCVBUF=8192 SO_SNDBUF=8192
>socket options = TCP_NODELAY
> ;  message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
> 
> ;  domain master = auto
>idmap uid = 1-2
>idmap gid = 1-2
> ;   template shell = /bin/bash
> [admin]
> comment = Administration Directory
> path = /home/benoit
> admin users =  TEST+bmo
> browseable = yes
> public = no
> writable = yes
> guest only = no
> valid users = TEST+bmo
> 
> *kerberos*
> [libdefaults]
> default_realm = CAR.BE.TEST.COM
> 
> [realms]
> CAR.BE.TEST.COM = {
> kdc = car-pdc.car.be.test.com
> default_domain = car.be.test.com
> }
> #[domain_realms]
> #.kerberos.server=CAR.BE.TEST.COM
> 
> # The following krb5.conf variables are only for MIT Kerberos.
> default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> krb4_config = /etc/krb.conf
> krb4_realms = /etc/krb.realms
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
> 
> 
> v4_instance_resolve = false
> v4_name_convert = {
> host = {
> rcmd = host
> ftp = ftp
> }
> plain = {
> something = something-else

[Samba] Winbind very slow

[Luis Henrique de Faria Guimarães]

Hi,

I have server with Fedora Core 1, samba 3 and kernel with support ACL. I am
using a NT4 as PDC.
My problem is after opening three telnet sessions, this nexts is very slow.
This is my smb.conf:

#
# Generated by /usr/local/samba/md_smb.conf.pl
#
[global]
passwdprogram = /usr/bin/passwd %u
nameresolveorder  = host lmhosts wins bcast
addsharecommand   = /usr/local/samba/md_smb.conf.pl
ntaclsupport  = Yes
netbiosname   = pinheiros
deletesharecommand= /usr/local/samba/md_smb.conf.pl
usernamemap   = /etc/samba/smbusers
maxlogsize= 50
idmapuid  = 1-2
deleteprintercommand  = delprinter
addmachinescript  = /usr/sbin/useradd -d /dev/null -g 100 -s /bi
n/false -M %u
addprintercommand = addprinter
read only  = No
winbindcachetime  = 10
logfile   = /var/log/samba/log.%m
templatehomedir   = /home/%U
#socketoptions = TCP_NODELAY SO_RCVBUF
printing  = cups
inheritacls   = Yes
updateencrypted   = Yes
workgroup = ECP
authmethods   = winbind
security  = DOMAIN
profileacls   = Yes
idmapgid  = 1-2
ldapssl   = no
#winbindusedefaultdomain   = Yes
winbind enum users= yes
winbind enum groups   = yes
mapaclinherit = Yes
dnsproxy  = No
usernamelevel = 8
passwordlevel = 8
guestaccount  = pcguest
localmaster   = No
passwdchat= *New*UNIX*password* %nn *ReType*new*UNIX*pa
ssword* %nn *passwd:*all*authentication*tokens*updated*successfully*
changesharecommand= /usr/local/samba/md_smb.conf.pl
templateshell = /bin/sh
aclcompatibility  = winnt
winbindseparator  = +
serverstring  = Samba Server
log level = 5
wins server   = 192.168.1.237

## Section - [printers]
[printers]
comment   = Printers
browseable= No
printable = Yes
path  = /var/spool/samba

## Section - [C]
[C]
read only= No
writable = Yes
comment   = Raiz do Server Linux ECP20
path  = /
##
In the nsswitch.conf

passwd: files winbind
shadow: files
group:  files winbind

#
And the /etc/pam.d/login
#%PAM-1.0
auth   required pam_securetty.so
auth   sufficient   pam_winbind.so
auth   sufficient   pam_unix.so use_first_pass
auth   required pam_stack.so service=system-auth
auth   required pam_nologin.so
accountsufficient   pam_winbind.so
accountrequired pam_stack.so service=system-auth
password   required pam_stack.so service=system-auth
sessionrequired pam_stack.so service=system-auth
sessionoptional pam_console.so
##


Thanks


This mail was sent by Results - Webmail 2.5

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Can I deny access to a user/group on specific machine ?

[Flávio Henrique]

Hi all!!

the subject is clearly, but...

I'm running Samba 3.0.2 serving +/- 50 win98 clients...

Can I, on client logon, deny/allow access in a specific machine?

Let's say that I want that users from group students could be able to login only in 
machine1 and machine2

can I do something like this with samba??

Thanks in advance

Flávio Henrique
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Samba and Kerberos

[Estevam Henrique Carvalho]

I've done that using pam_winbind + courier.

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
[EMAIL PROTECTED]
Enviada em: quinta-feira, 3 de junho de 2004 11:06
Para: [EMAIL PROTECTED]
Assunto: [Samba] Samba and Kerberos


Is there anyway to have Samba auth against Kerberos?

I'm not looking for DC capability, or integration with AD, or 
anything fancy.  I don't want/need Samba to obtain K5 tickets on 
behalf of the client. All I want is to have Samba auth the username and 
password against an existing kerberos environment much like I have 
IMAP doing now.

Is it possible to have Samba auth against PAM, which could be 
configured to use pam_krb5.so?  If so, can someone point me to docs 
on doing this?  I found http://www.samba.org/samba/docs/man/pam.html
which seems to indicate it's possible, however, I'm also assuming 
that to use this, I'd need to have the Windows clients transmitting 
their passwords in cleartext, which I'm not so keen on (unless 
there's some way to run Samba over SSL or the like?)

Thanks for any pointers anyone can throw my way.
-- 
Seeya,
Paul

GPG Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

 If you're not having fun, you're not doing it right!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Same Problem.... RE: [Samba] Can see server, but can't see shares. Whazzup?

[Flávio Henrique]

Hi Jim

Sorry for inserting me in the discussion, but I have the same problem here
and I tryed to set
os level = 10
wins support = no
and nothing changes...
I tryed to disable the wins support in win98 clients... do not work too..
I don't have any WinNT/XP/2k in my network, just win98 clients

I will thank you for any tips...

I'm using Samba 3.0.2a on Mandrake 9.2

Flávio Henrique.

Here is my smb.conf

# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2004/05/28 08:41:01

# Global parameters
[global]
 workgroup = PROVENDA
 server string = Samba Server %v
 map to guest = Bad User
 passwd program = /usr/bin/passwd3 %u
 client plaintext auth = No
 log level = 1
 log file = /var/log/samba3/log.%m
 max log size = 1000
 time server = Yes
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 printcap name = cups
 logon script = logon.bat
 logon path =
 logon home =
 domain logons = Yes
 os level = 100
 lm announce = No
 preferred master = Yes
 domain master = Yes
 enhanced browsing = No
 dns proxy = No
 wins support = Yes
 ldap ssl = start tls
 printer admin = @adm
 create mask = 02777
 force create mode = 02777
 directory mask = 02777
 force directory mode = 02777
 printing = cups

[printers]
 comment = All Printers
 path = /var/spool/samba3
 create mask = 0700
 guest ok = Yes
 max print jobs = 5000
 printable = Yes
 print command = lpr-cups -P %p -o raw %s -r   # using client side printer
drivers.
 use client driver = Yes
 browseable = No

[print$]
 path = /var/lib/samba3/printers
 write list = @adm, root
 guest ok = Yes

[c]
 path = /servidor/c
 read only = No

[netlogon]
 path = /servidor/netlogon
 write list = root
 browseable = No

[openoffice]
 path = /servidor/openoffice

[iso9001]
 path = /servidor/c/iso9001
 read only = No
 inherit permissions = Yes

[win98]
 path = /servidor/win98

[documentos]
 path = /servidor/documentos
 read only = No

[d]
 path = /d
 read only = No

[homes]
 comment = Home Directories
 read only = No
 hide special files = Yes
 hide unreadable = Yes
 hide unwriteable files = Yes
 browseable = No

[drivers]
 path = /servidor/drivers

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 'veto oplock files' option in 3.0.2a broken ???

[Flávio Henrique]

Hi all..

I'm update my samba, from 2.2.8a to 3.0.2a, and now my 'veto oplock files' do no 
work...

I set my option like this: veto oplock files = /*.mdb/*.MDB/

but after the first user open our software (that opens a file .mdb in a samba share) 
the second user can't open... he gets the error message: 'Couln't lock the file'

Even setting all locking options = no, the error persists...

Someone already have the same problem ??

thanx

Hwo
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Experiences with Samba 3 in 'Windows Server 2003' mo de domains?

[Estevam Henrique Carvalho]

Hi Thomas,

I ran Samba-3.0.2a + MIT Kerberos 1.3.3 with Windows 2000 without any
problem, all the users was able to access the shares with their tickets,
after migrate my W2K server to Windows 2003 no one can access the shares on
the linux machine using its netbios name, it only works trough ip address.
I've been many people reporting the same issue, but no one was able do
answer.
Hi samba team can could you help us ?!

Tks,

Estevam Henrique

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
Thomas Maschutznig
Enviada em: quarta-feira, 19 de maio de 2004 10:39
Para: [EMAIL PROTECTED]
Assunto: [Samba] Experiences with Samba 3 in 'Windows Server 2003' mode
domains?

I have a RedHat ES3 with Samba 3 joined in a 'Windows 2000 Mixed Mode'
domain running on Win 2003 DCs; everything works perfectly fine - accounts
and groups all come from the DC through winbind and users can access the
shares with their kerberos ticket without having to re-authenticate.
Now, will all this still work if I switch to the "Windows Server 2003"
domain mode or are there known problems with this?Please point me to some
useful links or share your experience with such a
scenario!
I am using:
samba-3.0.2-6.3E
krb5-1.3.3


Thomas


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.2a password change issue (without win2k/xp clients)

[Flávio Henrique]

Hi all..

I having problems to change the client's autentication password (on Samba
pdc)
I have only win98 clients...
They can login, but can't change their passwords in Control Painel >
Passwords (the error message says that 'password is incorrect')

I'm running Samba 3.0.2a on Mandrake 9.2 with 50 win98 clients...

I know that this version has a bug for password changing with win2k/xp
clients, but someone knows if win98 clients is affected too ??

Or, please, some hint to how to resolve this ?

Thanx

Flávio

my smb.conf option is:

# Global parameters
[global]
workgroup = MYGROUP
server string = Samba Server %v
min passwd length = 5
map to guest = Bad User
passwd program = /usr/bin/passwd %u
unix password sync = Yes
ntlm auth = No
client plaintext auth = No
log level = 1
log file = /var/log/samba3/log.%m
max log size = 50
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
domain logons = Yes
os level = 100
preferred master = Yes
domain master = Yes
enhanced browsing = No
dns proxy = No
wins support = Yes
ldap ssl = no
printer admin = @adm
printing = cups
veto oplock files = /*.mdb/*.MDB/


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] My win98 clients can't change their autentication passwords

[Flávio Henrique]

Hi all

Hi use Samba as pdc with 50 win98 clients...
when the user tryies to change the password for domain autentication (in Control 
Painel, Passwords, Change the Windows Passoword), a message says the PDC Server was 
not found...

my settings, in smb.conf is :

encrypted passwords = yes
update encryped = no
unix password sync = yes
smb passwd file = /etc/samba/smbpasswd
passwd program = /usr/bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = no


I'm using Samba 2.2.8a on Mandrake 9.2

Someone can help me ?

Thanx in advance...

Hwoarang
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] I can't see any machines in neighborhood area anymore.

[Flávio Henrique]

Hi!

I'm running samba 2.2.8a as PDC on Mandrake 9.2, with 50+ win98 clients...

the autentications is ok, and the shares too...
but no client can browse the Neighborhood area... is empty.
if they hit \\server, e.g., works... but, we know, this is hard for final users to 
understand...

maybe a single option here can resolve this, but I can't see...

I don't know if helps but, from the clients I can see all shares in samba server, 
but from my linux server I can't see any share in my win98 clients... I can see the 
machines but the shares no...

and any clients can't print in share prints over the network... the printer always go 
offline...

plz

someone can help me with this ?

Thanx

Flávio
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Fw: [Samba] I'm losting the samba's shares automatically of time in time.. why?

[Flávio Henrique]

>
> adding:
>
> I can see in /var/log/samba/log.%m the error message:
>
> smbd.service.c:make_connection(599)
> %m (ip) Can't change directory to /share (Permission denied)
>
> but, like I said before, I already type 'chmod -R 777 /share'
>
> this is the only problem (until now) that do not allow me to change my
> server to Linux...
>
> plz
>
> some help ?
>
> Flávio Henrique
>
> - Original Message - 
> From: "Flávio Henrique" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, May 06, 2004 12:57 PM
> Subject: [Samba] I'm losting the samba's shares automatically of time in
> time.. why?
>
>
> Hi all
>
> I create some shares here and everything is right
> for begin I made a 'chmod -R 777 /share' to make sure that all users will
be
> access
> and ok, all users can use the share
>
> but sometimes the shares seems to be broken...
> nobody can use the share...
>
> to recover again, I must type chmod -R 777 again...
> 'service smb restart' do not work... only 'chmod -R 777'...
>
> someone can help me with this ???
>
> thanx
>
> Flávio Henrique
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] I'm losting the samba's shares automatically of time in time.. why?

[Flávio Henrique]

Hi all

I create some shares here and everything is right
for begin I made a 'chmod -R 777 /share' to make sure that all users will be access
and ok, all users can use the share

but sometimes the shares seems to be broken...
nobody can use the share...

to recover again, I must type chmod -R 777 again...
'service smb restart' do not work... only 'chmod -R 777'...

someone can help me with this ???

thanx

Flávio Henrique
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Blocking options !! I can't open the same file in two diferents clients (win98) in same time

[Flávio Henrique]

Hi all !


I changed my win2k server last night for Mandrake 9.2 and made my shares in Samba, and 
everything goes fine...

but today when we try to run our software, that access the database (data.mdb) in 
Linux server, the error: the file is locked...

Only one user can open the file...

Plz, someone can help me?? I'm in trouble!

thanx

Flávio Henrique

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] WINBIND HELP!!!!

[Estevam Henrique Carvalho]

Could you better describe your scenario ?

Where are you trying to logging on ?
>From where are you trying to logging on ?
What kind of service are you trying to access ?

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
Talwar, Puneet (NIH/NIAID)
Enviada em: terça-feira, 27 de abril de 2004 00:05
Para: '[EMAIL PROTECTED] '
Assunto: [Samba] WINBIND HELP

HI,

I am trying to setup winbind on Samba 3.0.2 running on Red Hat AS 3.0.  I
have completed most of the steps of setting up winbind successfully but when
it came for me to login in using the AD account username and password, it
didn't allow me to login.  the error message i am getting is incorrect
password or check username. During the setup i tested the wbinfo -u command
and i was successfully able to query the AD username list from the MS PDC
server.

if anyone is encountered similar problem i would glad to listen in on how
fix this issue.

thanks,
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


= 
Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você
não for o destinatário ou a pessoa autorizada a receber esta mensagem, não
deverá utilizar, copiar, alterar, divulgar a informação nela contida ou
tomar qualquer ação baseada nessas informações. Se você recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperação. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: RES: [Samba] Problems with ntlm_auth --helper-protocol=squid -2.5- ntlmssp

[Estevam Henrique Carvalho]

What do you mean with "... ntlm_auth --helper-protocol=squid-2.5-ntlmssp
does respond only BH..." ? Is it happing in a command line test ?
Remember that this helper wait for a NTLM "hash" not a clear user and
password, as basic helper does.
The best way of testing is to put in use, inside the squid.conf. I've be
using it for some months without problem.

-Mensagem original-
De: Riccardo Baldanzi [mailto:[EMAIL PROTECTED] 
Enviada em: sexta-feira, 23 de abril de 2004 11:48
Para: Estevam Henrique Carvalho; [EMAIL PROTECTED]
Assunto: Re: RES: [Samba] Problems with ntlm_auth
--helper-protocol=squid-2.5- ntlmssp

I'm using that in /usr/bin/ntlm_auth provided by samba 3.0.2
Any ideas?
Thanks
Rick

At 14.36 23/04/2004, Estevam Henrique Carvalho wrote:
>You should use the ntlm_auth module provided by samba.
>
>-Mensagem original-
>De: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] Em nome de
>Riccardo Baldanzi
>Enviada em: quinta-feira, 22 de abril de 2004 16:51
>Para: [EMAIL PROTECTED]
>Assunto: [Samba] Problems with ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
>
>Hi Guys,
>
>i've installed a Fedora Core 1 with samba 3 and squid 2.5 stable 3 (all
>with redhat rpms).
>Now i've joined our internal active directory and i see that "wbinfo -u",
>"wbinfo -g" and "wbinfo -a user%password" works great.
>
>ntlm_auth --helper-protocol=squid-2.5-basic works ok too but..
>
>ntlm_auth --helper-protocol=squid-2.5-ntlmssp does respond only "BH"...
>
>what's the problem? Any ideas?
>
>Thanks
>
>Riccardo
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>



= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Problems with ntlm_auth --helper-protocol=squid-2.5- ntlmssp

[Estevam Henrique Carvalho]

You should use the ntlm_auth module provided by samba.

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
Riccardo Baldanzi
Enviada em: quinta-feira, 22 de abril de 2004 16:51
Para: [EMAIL PROTECTED]
Assunto: [Samba] Problems with ntlm_auth --helper-protocol=squid-2.5-ntlmssp

Hi Guys,

i've installed a Fedora Core 1 with samba 3 and squid 2.5 stable 3 (all 
with redhat rpms).
Now i've joined our internal active directory and i see that "wbinfo -u", 
"wbinfo -g" and "wbinfo -a user%password" works great.

ntlm_auth --helper-protocol=squid-2.5-basic works ok too but..

ntlm_auth --helper-protocol=squid-2.5-ntlmssp does respond only "BH"...

what's the problem? Any ideas?

Thanks

Riccardo
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctype s

[Estevam Henrique Carvalho]

Hi Jim,

I did what the doc says but the problem is the same.

Does anybody saw this work ? I mean, is the Samba 3.0.2a+Kerberos MIT 1.3.3
able to be accessed by a WXP, W2K or W2K3 machine, using Kerberos tickets
generated in a Windows 2003 KDC (W2K3 AD) ?

Thanks

-Mensagem original-
De: Jim McDonough [mailto:[EMAIL PROTECTED] 
Enviada em: segunda-feira, 19 de abril de 2004 17:07
Para: Duran Munoz, Pedro
Cc: Estevam Henrique Carvalho; samba;
[EMAIL PROTECTED]
Assunto: RE: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes

This is a bug in Win2k3.  See knowledgebase KB833708.  The KB article 
itself isn't correct, because it states that if you request des-cbc-crc 
you'll get des-cbc-md5 tickets, but in reality you get rc4-hmac tickets.

The KB article points you to a hotfix or a registry setting.


Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA

[EMAIL PROTECTED] 
[EMAIL PROTECTED]

Phone: (207) 885-5565
IBM tie-line: 776-9984




"Duran Munoz, Pedro" <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED]
04/19/2004 09:42 AM

To
"Estevam Henrique Carvalho" <[EMAIL PROTECTED]>
cc
samba <[EMAIL PROTECTED]>
Subject
RE: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes






 


Saludos / Best Regards

Pedro Durán Muñoz
Hello Henrique

 Actually I have the same problem as you. Firts I had tried an ADS w2k3 
and Samba 3.0.2a integration without any success ( Only works IP NTML 
protocol, kerberos does not works ( hostaname instead IP address)) . After 
I tried w2k and Samba 3.0.2a integration and works fine. But I need an ADS 
w2k3 and Samba integration  and for the moment does not works. We need the 
Samba team help for solve this issue ASAP, Is it possible for us Samba 
Team?


-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On 
Behalf Of Estevam Henrique Carvalho
Sent: Monday, April 19, 2004 1:59 PM
To: samba
Subject: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes

Hi people,

I have a Linux box running Samba 3.0.2a in ADS mode MIT Kerberos 1.3.3. My 
W2K e WXP users can't access the linux box by netbios name, the only 
access that works is by IP address, I know that's caused because access 
thought IP address don't make use of Kerberos. The most strange for me 
it's that the same environment works fine with a W2K Active Directory, I 
read in same list the problem was the kerberos 1.2.x, then I changed to 
1.3.3, but the problem remains.
I also have tried the following combinations of parameters in the 
krb5.conf

Test 1 - No permitted_enctypes

[libdefaults]
 default_realm = HOME.EHC
# The following krb5.conf variables are only for MIT Kerberos.
 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc des-cbc-md5
 #permitted_enctypes = des-cbc-crc des-cbc-md5

Result

[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [18] failed to decrypt with error Bad 
encryption type
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [17] failed to decrypt with error Bad 
encryption type
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [16] failed to decrypt with error Bad 
encryption type
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [23] failed to decrypt with error Bad 
encryption type
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [1] failed to decrypt with error Bad 
encryption type
[2004/04/18 10:38:34, 3] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt 
integrity check failed
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [2] failed to decrypt with error Bad 
encryption type
[2004/04/18 10:38:34, 10] 
passdb/secrets.c:secrets_named_mutex_release(710)
  secrets_named_mutex: released mutex for replay cache mutex
[2004/04/18 10:38:34, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
  ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2004/04/18 10:38:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!


Test 2 - all enctypes that I know

[libdefaults]
 default_realm = HOME.EHC
# The following krb5.conf variables are only for MIT Kerberos.
 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc des-cbc-md5
 permitted_enctypes = aes256-cts-hmac-sha1-96 
aes128-cts-hmac-sha1-96 arcfour-hmac arcfour-hmac-exp arcfour-hmac-md5 des 
des-cbc-crc des-cbc-md4
des-cbc-md5 des-cb

RES: [Samba] squid authentication to samba 3

[Estevam Henrique Carvalho]

Yes, it is. I've made that some times...

After having the Samba infra-structure running (winbind -u, winbind -g,
winbind -a), you need to create some ACLs in squid.conf, take a look at:
http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#winbind

To check group membership you can use wbinfo_group or LDAP, I had some
problems setting wbinfo_group with Samba 3.0.2, that's why I use LDAP. If
you can I can send you a sample.

Estevam Henrique


-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
[EMAIL PROTECTED]
Enviada em: segunda-feira, 19 de abril de 2004 17:43
Para: [EMAIL PROTECTED]
Assunto: [Samba] squid authentication to samba 3

We have recently upgraded to samba3.0.2a.  It runs as a PDC with WINS
support.  For the past three years, we have used smb_auth within squid for
basic authentication for our students.

Is it now possible to use NTLM authentication directly to squid?  From
everything that I've read, it seems to me that a windows active directory
server and winbindd are needed to do NTLM authentication.

Mark
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes

[Estevam Henrique Carvalho]

4/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [16] failed to decrypt with error Bad
encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [16] failed to decrypt with error Bad
encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
  ads_verify_ticket: enc type [23] failed to decrypt with error Bad
encryption type
[2004/04/18 10:40:10, 10] passdb/secrets.c:secrets_named_mutex_release(710)
  secrets_named_mutex: released mutex for replay cache mutex
[2004/04/18 10:40:10, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
  ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2004/04/18 10:40:10, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!

Could anybody help me ? 
Does anybody have a list of MIT Kerberos 1.3.3 enctypes ?
Does anybody know what are the enctypes for Windows 2003 Active Directory ?
What does mean "...failed to decrypt with error Decrypt integrity check
failed" in the enctype 3 ?

Thanks

Estevam Henrique


= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Accessing samba machine with IP address but not with fqdn/hostnam e

[Estevam Henrique Carvalho]

I have a Debian woody running Samba 3.0.2a in ads security mode as member of
a Windows 2003 Active Directory, I run winbind+pam, wbinfo e net ads
testjoin, its all working fine. 

>From any workstation, or even from the W2003 domain controller itself, I
can´t access the samba server as \\linuxnetbiosname
 , as \\machine_ip_address
  works.

 

I also could see a error in the log. the messages:

[2004/04/04 00:20:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)

  Failed to verify incoming ticket!

 

After what the user is prompted with a logon screen, even if I type the
correct user and password, he it´s not able to browser in this server.

 

Any help ?

 

 

 

 

 



= 
Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você
não for o destinatário ou a pessoa autorizada a receber esta mensagem, não
deverá utilizar, copiar, alterar, divulgar a informação nela contida ou
tomar qualquer ação baseada nessas informações. Se você recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperação. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Samba3 with W2K Native Mode

[Estevam Henrique Carvalho]

Have you locked at samba-3.0.2a/source/nsswitch directory ? Normally the pam
modules and nss libs are there, you need manually copy that to /lib/security
(Debian system. maybe different in your distribution)
Also remember to run ldconfig after copy the files to the lib directory.
Make sure that you /etc/pam.d/login is, some like that:

passwd: winbind files
shadow: files 
group:  winbind files

Ps.: For more information Read
http://us1.samba.org/samba/docs/man/winbind.html


-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de Axel
Spallek
Enviada em: sexta-feira, 19 de março de 2004 05:41
Para: Samba
Assunto: AW: [Samba] Samba3 with W2K Native Mode

Hi.

I have news.
The Problem with  3.0.2-29 persisted, so I compiled 3.0.2a.
./configure --with-acl-support --with-winbind --with-ldap --with-ldapsam --w
ith-pam --with-pam_smbpass --with-krb5=/usr/local --with-ads

One problem after that was the missing pam_winbind.so used by
nssswitch.conf(?).
Now I am as far as with 2.0.2-29. I can get an kinit Administrator-Ticket
and can do a net join ads.
But when I try to click on s7 in the Network-Section of S4 I get a

[2004/03/19 09:33:06, 2] smbd/sesssetup.c:setup_new_vc_session(591)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/03/19 09:33:06, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed
to verify incoming ticket!
[2004/03/19 09:33:06, 2] smbd/server.c:exit_server(558) Closing connections

That worked with 3.0.2-29.
I can connect via net use m: \\\share.
I think there is a problem with
nsswitch
pam_*.so
/lib/security/samba
But how can I debug this?


Sincerly,

Axel Spallek
Hülenweg 21
89134 Blaustein
http://mail.map24.com/axel_spallek

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Auftrag von
Axel Spallek
Gesendet: Freitag, 27. Februar 2004 10:51
An: Samba
Betreff: [Samba] Samba3 with W2K Native Mode


Hi.
I use Samba 3.0.2-29 on Server S7.
In our network is a W2K Server named S4 running in Native Mode, Domain Name
hel.lan.
I tried to join the S4-Domain hel.lan.


s7:~ # kinit [EMAIL PROTECTED]
[EMAIL PROTECTED]'s Password:
s7:~ # net ads join
[2004/02/27 08:20:54, 0] libads/ldap.c:ads_add_machine_acct(1006)
  Host account for s7 already exists - modifying old account
Using short domain name -- HEL
Joined 'S7' to realm 'HEL.LAN'
s7:~ # klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: [EMAIL PROTECTED]

  Issued   Expires  Principal
Feb 27 08:20:12  Feb 27 18:20:12  krbtgt/[EMAIL PROTECTED]
Feb 27 08:20:19  Feb 27 18:20:12  [EMAIL PROTECTED]
Feb 27 08:20:19  Feb 27 18:20:12  kadmin/[EMAIL PROTECTED]

rcsmb restart
rcwinbind restart

Last two are needed (don't know why) otherwise the new Credentials are not
usable (getent gives error).
These steps I have to do every morning, because the credentials expired. Is
there a workaround?


So far so good.
Next I tried to use these

getent passwd
wbinfo -u
wbinfo -g
getent group


without any problem. They work fine, I can see all users and groups from
ADS.
Next I tried to use a share.
My smb.conf:

# Samba config file created using SWAT
# from 172.23.4.3 (172.23.4.3)
# Date: 2004/02/16 15:00:31

# Global parameters
[global]
unix charset = LOCALE
workgroup = HEL
realm = HEL.LAN
interfaces = 127.0.0.1, eth0
bind interfaces only = Yes
security = ADS
password server = s4.hel.lan
log level = 2
preferred master = No
local master = No
domain master = No
wins server = s4.hel.lan
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
winbind use default domain = Yes

[asx]
path = /mnt/testsamba
force user = root
read only = No

[test]
path = /mnt/Test
#   force user = root
read only = No
create mask = 0700
force create mode = 0700
directory mask = 0700
force directory mode = 0700




The directories definitively exist, but the only share I can use is the asx
with force user = root. No matter which other user I try (even without the
force user) I get the following error message in log.smbd:

[2004/02/27 08:22:38, 2] smbd/server.c:open_sockets_smbd(318)
  waiting for a connection
[2004/02/27 08:34:53, 2] smbd/sesssetup.c:setup_new_vc_session(591)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/02/27 08:35:19, 0] smbd/service.c:make_connection_snum(677)
  '/mnt/Test' does not exist or is not a directory, when connecting to
[test]
[2004/02/27 08:35:19, 0] smbd/service.c:make_connection_snum(677)
  '/mnt/Test' does not exist or is not a directory, when connecting to
[test]
[2004/02/27 08:35:19, 0] smbd/service.c:make_connection_snum(677)
  '/mnt/Test' does not exist or is not a directory, when connecting to
[test]
[2004/02/27 08:35:19

[Samba] Winbind x LDAP x Kerberos

[Estevam Henrique Carvalho]

Hi people,

 

What are the pros and cons of Winbind, LDAP and Kerberos in a Samba 3.0.2
plus Active Directory environment ? What could be the best design for this
scenario ?

 

Estevam Henrique

 

 



= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Howto give console access to a samba user ?

[Estevam Henrique Carvalho]

Hi people,

 

I have a Debian (Woody) 2.4.25+Samba 3.0.2a running, I've joined a Active
Directory domain (net ads join) and I can successfully browse the AD users
and groups with wbinfo -u and wbinfo -g. 

I need to give to the samba (Windows) users access do linux
console/terminal, I've read the samba documentation about pam_winbind (
http://us1.samba.org/samba/docs/man/winbind.html
<http://us1.samba.org/samba/docs/man/winbind.html>  ), but I found some
difficulties, in my system there is no pam_stack module, where I can find it
? In despite of that I did the rest of the procedure described in the doc
above and now when the samba users logon on the system they receive an error
regarding to the home directory and alerting the user that (HOME=/) will be
used instead (how can I give a home folder to windows users ?), after this
message linux returns the user to the first questions in the logon screen
(user name).

Reading the logon files (auth.log) I could see the pam_winbind successfully
authenticate the user, I also ran getent passwd and received a list with all
linux+windows users, I observed the windows users have as shell /bin/false,
and I think that is the root of the problem.

 

Any help ?

 

Thank you,

 

Estevam Henrique

 

 



= 
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 
= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba3+Openldap+FreeBSD4.x=PDC and BDC

[Henrique]

Hi for all! It has two weeks I am following some documents that I found in
the InterNet to make this configuration. The incomplete majority, and the
ones that are not incomplete, I did not obtain to make to function, beyond
all being for linux specifically. I would like to know if somebody, already
he configured something similar, or he has a good documentation to indicate
me. Very Obliged!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] How to configure the /etc/pam.d/login to allow ADS accounts to log on linux box

[Pedro Henrique Ponchio]

Hello, 

How can I configure my /etc/pam.d/login file to allow the users from the AD to log on 
a linux client?

Today I can log but I receive this message:

-
sisreg:~# su domainuser
su: Authentication service cannot retrieve authentication info.
(Ignored)
sisreg:/root$
sisreg:/root$ whoami
domainuser
sisreg:/root$
-

Is it possible to the login entry on the PAM to create the home directory 
automatically, and set everything else (like profiles)?

Thks a lot!!!

- Pedro
---
Pedro Henrique C. Ponchio
Sao Paulo - Brazil - Fundacao Atech
(5511) 3040-7300 ramal 150
---
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] getent passwd cannot list win2k ADS users

[Pedro Henrique Ponchio]

Hello maorui/all,

I have the same problem, with the Debian 3.0r2, using samba 3.0.1 compiled from 
sources, with the options:

./configure --with-ads --with-winbind --with-winbind-auth-challenge --with-smbmount 
--prefix=/usr --with-ldap --with-pam_smbpass --with-syslog --with-utmp 
--with-swatdir=/etc/samba/swat --with-libsmbclient --with-acl-support --with-quotas 
--with-pam --with-nisplus-home --with-configdir=/etc/samba 
--with-privatedir=/etc/samba --sysconfdir=/etc/samba

All the other conf files is looking exactly like yours, and I don´t know what to do to 
make it works. "wbinfo -u" and "wbinfo -g" is working fine ...

Thks to any reply to this. 
Regards,
---
Pedro Henrique C. Ponchio
Fundação ATECH Tecnologias Críticas
(5511) 3040-7300 ramal 150
---


maorui maorui at exavio.com.cn  
<mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20getent%20passwd%20cannot%20list%20win2k%20ADS%20users&In-Reply-To=>
Mon Dec 1 09:24:18 GMT 2003 


I'm using RH9, and install Samba 3.0.0 by using rpm package.



I use following configure files.



/etc/samba/smb.conf:

[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = Demo Samba Server
security = ADS
username map = /etc/samba/smbusers
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
domain master = No
dns proxy = No
idmap uid = 1-2
idmap gid = 1-2
template homedir = /home/windomain/%D/%U
template shell = /bin/bash
winbind separator = +


/etc/krb5.conf:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log



[libdefaults]
 ticket_lifetime = 24000
 default_realm = DOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false



[realms]
 DOMAIN.COM = {
  kdc = server.domain.com:88
  admin_server = server.domain.com:749
  default_domain = domain.com
 }



[domain_realm]
 .domain.com = DOMAIN.COM
 domain.com = DOMAIN.COM



[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf



[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }



/etc/nsswitch.conf:

passwd: files winbind
shadow: files
group:  files winbind

hosts:  files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks:   files
networks:   files
protocols:  files
rpc:files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:files nisplus

And I update MIT Kerberos package by following steps:

1.
./configure --prefix=/usr/kerberos --localstatedir=/var/kerberos --enable-dn
s

2. make

3. make install



I entered command 'kinit administrator', and got no error message.



'klist -5' returned:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal:  maor at DOMAIN.COM 
<http://lists.samba.org/mailman/listinfo/samba>



Valid starting ExpiresService principal
12/01/03 15:37:13  12/02/03 01:37:13  krbtgt/ DOMAIN.COM at DOMAIN.COM 
<http://lists.samba.org/mailman/listinfo/samba>
12/01/03 15:50:33  12/02/03 01:37:13  [EMAIL PROTECTED]

And commands

net ads join -S server.domain.com -U administrator

net rpc join -S server.domain.com -U administrator

worked fine.



I started winbindd. 'wbinfo -u' & 'wbinfo -g' can get all users & groups
from domain.







But the command 'getent passwd' could only show local accounts, without any
domain mapped accounts inside.

And /home had no any home directory created.



Who can tell me which step I made a mistake?





--- Logs -

/var/log/samba/log.winbindd:

[2003/12/01 15:48:45, 1] nsswitch/winbindd.c:main(832)
  winbindd version 3.0.0 started.
  Copyright The Samba Team 2000-2003
[2003/12/01 15:48:46, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
  Added domain DOMAIN.COM
[2003/12/01 15:48:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2003/12/01 15:48:46, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64)
  ads_connect for domain DOMAIN.COM failed: Operations error
[2003/12/01 15:48:46, 1] nsswitch/winbindd_util.c:init_domain_list(284)
  Could not fetch sid for our domain DOMAIN.COM
[2003/12/01 15:48:46, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
  scanning trusted domain list
[2003/12/01 15:48:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_pr

[Samba] samba x win2000

[HENRIQUE BIERWAGEN]

hi everybody...i am new here .

my name is henrique and I have tried for some days to configure a
smb.conf file of samba in a mandrake 9.1 linux to
share a printer located at a PC with a Windows NT 2000
professional

I can see the remote folder's names but it appears
empty to me

I can share files with a PC with a WIN '98... located
at the same local network.

Somebody can help me ?

thank you so much

henrique



-
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] mangling names

[Luiz Henrique]

I have samba 2.2.3a. I create folder more than 8 chars without problems. 
However when i try to open a .mdb file inside that folder it shows a erro 
message that could not open the file. I think that´s is about 8 caracters 
limit. What can I do to fix it ? Thanks!

_
O MSN Photos é o modo mais fácil de compartilhar e imprimir suas fotos: 
http://photos.msn.com/support/worldwide.aspx


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] filename more than 8 caract

[Luiz Henrique]

I upgraded my samba version 2.0.7 to 2.2.3. I am using the same smb.conf and 
realized that when I try to open a access file (.mdb) I get a error message. 
It´s because a folder name that is greater than 8 character. If I alter the 
folder name to 8 character it´s works ok. Which parameter is missing ? 
Thanks for help.

_
Chegou o novo MSN Explorer. Instale já. É gratuito: 
http://explorer.msn.com.br


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba