RE: [Samba] problem with smbldap-usermod for SOME users
dear jerome (and list) hostname:~ # smbldap-usermod -B1 user1 Use of uninitialized value in pattern match (m//) at /usr/local/sbin/smbldap-usermod line 355, DATA line 283. Can you test the attached patch please. that seems to have done the trick, yes. works now also for users that didn't work before. thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with smbldap-usermod for SOME users
dear readers, As the subject says: I'm having a problem for only some of my users. See below. My system: samba 3.0.11 on sles9 with latest smbldap-tools hostname:~ # smbldap-usermod -A1 user1 hostname:~ # smbldap-usermod -B1 user1 Use of uninitialized value in pattern match (m//) at /usr/local/sbin/smbldap-usermod line 355, DATA line 283. hostname:~ # smbldap-usermod -B1 user2 hostname:~ # Any ideas what could be the problem here? Searched the archive and a similar question was asked on 24-2-2005, but unfortunately no answers were posted... Thanks in advance, Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] syncing passwords
I would be interesed to read an answer to this question :) Here's the part I don't understand. How can this work with the NT user manager, if it doesn't transmit the clear text password to samba? How is the Unix password updated? My understanding is that you have to have the cleartext password to updat the Unix password. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] password ldap clarification requested...
thanks very much for the replies. this helps! and for the Heimdal Kerberos stuff: I'm very much trying to stick to the KISS principle, so that might be something for later. :) Thanks, mourik jan -Original Message- From: Gémes Géza [mailto:[EMAIL PROTECTED] Sent: 06 February 2005 21:47 To: [EMAIL PROTECTED] Cc: mourik jan c heupink; samba@lists.samba.org Subject: Re: [Samba] password ldap clarification requested... Adam Tauno Williams írta: I would like to know if the following statements are true, just to make sure that my understanding of passwords/ldap stuff is correct... Vampireing passwords from an nt4 pdc only populates the ldap server with windows passwords, and not the (linux) userPassword. Yes. Authenticating linux logons against this ldap server is therefore only possible using winbind. Not entirely true. 'Normal' ldap enabled software can NOT authenticate against this ldap, because they expect a userPassword, and by simply vampireing this password is left blank. Yes, but recent OpenLDAP servers support authenticating binds against a LANMAN hash. And what could be more inetresting, you could have a Heimdal Kerberos authenticating against the NT hash, see https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap for the details The ldap passwd sync = yes smb.conf option makes sure that when updating the 'windows' password (via idealx scripts, for example) the (linux) userPassword get's updated as well. Yep, via password-modify extended operation. So: suppose I migrate our domain to samba, and on the first samba day, I set all accounts to 'required to change password upon first login' I would end up having new passwords for everybody, both for windows and linux. Yes. And all normal ldap enabled software would then be able to use that ldap directory to authenticate to. Yes. Are these assumptions correct? Thanks very much for feedback. More or less. Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbldap-populate failure
oh yes, something important (maybe) that I forgot to mention... the howto's tell me that the command to 'vampire' is: net rpc vampire -Uadministrator%adminpassword this FAILS here. without an error or anything, the cursor is simply returned immediately, and nothing at all happened. then what did: added an administrator account to ldap, with my domain admin password, and then issued the following: net rpc vampire -S pdcname that works, but with the errors as indicated earlier. Apologies for not letting you know this in the first place. (I simply forgot to mention it.) Yours, Mourik Jan -Original Message- From: Heupink, Mourik Jan C. [mailto:[EMAIL PROTECTED] Sent: 03 February 2005 22:09 To: 'Bruno Guerreiro' Cc: 'samba@lists.samba.org' Subject: RE: [Samba] smbldap-populate failure Hi! You're missing UID_START= and GID_START= but i think that has been superseede by NextFreeUnixId. When you ran the script, the sid was already defined, right? As the error seems to occur when the userSID is beeing generated. You mean the sid of the current production nt4 domain in smbldap.conf, right..? That's there, yes. What would you like me to show you, that could help? smb.conf? smbldap.conf? /var/log/warn containing the errors? I'm NOT using start tls (yet), what else would you like to know? A bit off topic perhaps, but: I wonder: shouldn't there be a script to modify a user? there is add user script, delete user script, but no modify user script. Is that right..? Thanks for the help so far! mj -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbldap-populate failure
finally solved this. SOO happy. :) I'm posting it here, in case anyone else ever has this issue. It was my own fault... In the idealx howto, smb.conf has three entries commented out: # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) #delete user script = /usr/local/sbin/smbldap-userdel %u #delete group script = /usr/local/sbin/smbldap-groupdel %g I (accidentally?) uncommented the first one, so there was an ldap filter in place. (no idea what the filter exactly does, but the result was my having all these problems) Anyway, glad to be able to proceed again! Stupid me! :) Mourik Jan -Original Message- From: Heupink, Mourik Jan C. [mailto:[EMAIL PROTECTED] Sent: 04 February 2005 10:39 To: 'Bruno Guerreiro' Cc: 'samba@lists.samba.org' Subject: RE: [Samba] smbldap-populate failure oh yes, something important (maybe) that I forgot to mention... the howto's tell me that the command to 'vampire' is: net rpc vampire -Uadministrator%adminpassword this FAILS here. without an error or anything, the cursor is simply returned immediately, and nothing at all happened. then what did: added an administrator account to ldap, with my domain admin password, and then issued the following: net rpc vampire -S pdcname that works, but with the errors as indicated earlier. Apologies for not letting you know this in the first place. (I simply forgot to mention it.) Yours, Mourik Jan -Original Message- From: Heupink, Mourik Jan C. [mailto:[EMAIL PROTECTED] Sent: 03 February 2005 22:09 To: 'Bruno Guerreiro' Cc: 'samba@lists.samba.org' Subject: RE: [Samba] smbldap-populate failure Hi! You're missing UID_START= and GID_START= but i think that has been superseede by NextFreeUnixId. When you ran the script, the sid was already defined, right? As the error seems to occur when the userSID is beeing generated. You mean the sid of the current production nt4 domain in smbldap.conf, right..? That's there, yes. What would you like me to show you, that could help? smb.conf? smbldap.conf? /var/log/warn containing the errors? I'm NOT using start tls (yet), what else would you like to know? A bit off topic perhaps, but: I wonder: shouldn't there be a script to modify a user? there is add user script, delete user script, but no modify user script. Is that right..? Thanks for the help so far! mj -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-populate failure
dear list, I'm trying to migrate nt4 to samba3, and have two issues at the moment. First is: I'm getting two (small?) errors using smbldap-populate on my ldap database. At first I tried ignoring this, but now also rpc net vampire complains. (maybe because of this..?) This is the output of smbldap-populate: quote server:/usr/local/sbin # smbldap-populate Using builtin directory structure Use of uninitialized value in concatenation (.) or string at /usr/local/sbin/smbldap-populate line 126. adding new entry: dc=intech,dc=unu,dc=edu adding new entry: ou=Users,dc=intech,dc=unu,dc=edu adding new entry: ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: ou=Computers,dc=intech,dc=unu,dc=edu adding new entry: ldapidmapsuffix,dc=intech,dc=unu,dc=edu failed to add entry: invalid DN at /usr/local/sbin/smbldap-populate line 389, GEN1 line 6. adding new entry: cn=NextFreeUnixId,dc=intech,dc=unu,dc=edu adding new entry: uid=Administrator,ou=Users,dc=intech,dc=unu,dc=edu adding new entry: uid=nobody,ou=Users,dc=intech,dc=unu,dc=edu adding new entry: cn=Domain Admins,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Domain Users,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Domain Guests,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Domain Computers,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Administrators,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Print Operators,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Backup Operators,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Replicators,ou=Groups,dc=intech,dc=unu,dc=edu /quote searched the archives, but unsuccessfully... :( and later on, net vampire gives errors like: quote [2005/02/03 16:51:55, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = ghost (dn = uid=ghost,ou=Users,dc=intech,dc=unu,dc=edu) [2005/02/03 16:51:56, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = 1219$ (dn = uid=1219$,ou=Computers,dc=intech,dc=unu,dc=edu) /quote Since after completion the users/machines DO exist in the database, I guess it means failed to MODIFY. Using samba 3.0.10-SUSE, suse 9.0, most recent idealx ldap tools. Anyone here has an idea what is going wrong..? Yours, Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbldap-populate failure
Hi! Looked through the smbldap.conf, and indeed: i found the typo, and corrected it, thanks for pointing it out. Correcting this did NOT solve the other problem though... therefore, as requested, my smbldap.conf. As far as I can see, the accounts are created in ldap, but only with a username and only default values for the rest. Meaning updating the records with more information (such as: full username, etc, etc) does not work. The smbldap.conf is attached. Hope you have some ideas.. :) note: i replaced ip addresses and my SID with x. In the actual file, they are the actual values... :) Thanks for your input so far! Mourik Jan -Original Message- From: Bruno Guerreiro [mailto:[EMAIL PROTECTED] Sent: 03 February 2005 18:06 To: 'Heupink, Mourik Jan C.' Cc: samba@lists.samba.org Subject: RE: [Samba] smbldap-populate failure Hi, At least for the error after the ldaidmapsuffix, it's caused by a typo in your smbldap-tools, smbldap.conf, missing the ou= part. The other, may relate to another variable not beeing set in the same file. It would help posting that file. Best Regards, Bruno Guerreiro -Original Message- From: Heupink, Mourik Jan C. [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 3 de Fevereiro de 2005 15:52 To: samba@lists.samba.org Subject: [Samba] smbldap-populate failure dear list, I'm trying to migrate nt4 to samba3, and have two issues at the moment. First is: I'm getting two (small?) errors using smbldap-populate on my ldap database. At first I tried ignoring this, but now also rpc net vampire complains. (maybe because of this..?) This is the output of smbldap-populate: quote server:/usr/local/sbin # smbldap-populate Using builtin directory structure Use of uninitialized value in concatenation (.) or string at /usr/local/sbin/smbldap-populate line 126. adding new entry: dc=intech,dc=unu,dc=edu adding new entry: ou=Users,dc=intech,dc=unu,dc=edu adding new entry: ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: ou=Computers,dc=intech,dc=unu,dc=edu adding new entry: ldapidmapsuffix,dc=intech,dc=unu,dc=edu failed to add entry: invalid DN at /usr/local/sbin/smbldap-populate line 389, GEN1 line 6. adding new entry: cn=NextFreeUnixId,dc=intech,dc=unu,dc=edu adding new entry: uid=Administrator,ou=Users,dc=intech,dc=unu,dc=edu adding new entry: uid=nobody,ou=Users,dc=intech,dc=unu,dc=edu adding new entry: cn=Domain Admins,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Domain Users,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Domain Guests,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Domain Computers,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Administrators,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Print Operators,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Backup Operators,ou=Groups,dc=intech,dc=unu,dc=edu adding new entry: cn=Replicators,ou=Groups,dc=intech,dc=unu,dc=edu /quote searched the archives, but unsuccessfully... :( and later on, net vampire gives errors like: quote [2005/02/03 16:51:55, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = ghost (dn = uid=ghost,ou=Users,dc=intech,dc=unu,dc=edu) [2005/02/03 16:51:56, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = 1219$ (dn = uid=1219$,ou=Computers,dc=intech,dc=unu,dc=edu) /quote Since after completion the users/machines DO exist in the database, I guess it means failed to MODIFY. Using samba 3.0.10-SUSE, suse 9.0, most recent idealx ldap tools. Anyone here has an idea what is going wrong..? Yours, Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbldap-populate failure
Hi! You're missing UID_START= and GID_START= but i think that has been superseede by NextFreeUnixId. When you ran the script, the sid was already defined, right? As the error seems to occur when the userSID is beeing generated. You mean the sid of the current production nt4 domain in smbldap.conf, right..? That's there, yes. What would you like me to show you, that could help? smb.conf? smbldap.conf? /var/log/warn containing the errors? I'm NOT using start tls (yet), what else would you like to know? A bit off topic perhaps, but: I wonder: shouldn't there be a script to modify a user? there is add user script, delete user script, but no modify user script. Is that right..? Thanks for the help so far! mj -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] applying permissions to subdirectories using setgid doesn't do th e trick... :(
Dear list. I have a problem that I cannot seem to get rid of. I have a directory/share (on linux) called smb containing four subdirectories. This directory will be 'exported' using samba.I would like to have different permissions on the different subdirectories. This works, except for this one directory (called temp) that I want to be read/write for everybody. Using force user etc in smb.conf is not an option (afaik) because that only applies to a top level directory, and not to deeper directories, right..? (please do correct me if i'm wrong here already) So, I tried linux filesystem permissions setgid and setuid to this directory (temp). This works for the setgid part, but appearently setuid only works on files, not on directories. Setgid is NOT good enough, because all files now are owned by user 'users', but still have read only permissions to 'users' group. SO... Is there a way to make the directories below temp inherit all permissions from temp, INCLUDING read/write by a certain group? Or do you guys have other ways to get me where I would like to go...? Thanks very much for your input. Kindly yours, Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Web inteface for uploading?
i've been lokking for something simular, and came up with this: http://davenport.sourceforge.net/ it's a webdav gateway to smb. looks more recent than SMB2WWW, but still not very up-to-date... on sourceforge it says: Development Status: 4 - Beta, and the latest version is from july 2003... i would be EXTREMELY interested as well to find out how other people have done this. (provide remote acess to smb files on the network) an alternative could be to use sftp, filezilla for example. but the advantage of webdav is, that msoffice is webdav enabled, so opening and saving files can be done directly to webdav resources, as far as i know... (please correct me if i'm wrong) have a nice weekend, all of you. mourik jan -Original Message- From: Wayne Dozier(Samba) [mailto:[EMAIL PROTECTED] Sent: Friday, January 23, 2004 14:41 To: [EMAIL PROTECTED] Subject: [Samba] Web inteface for uploading? I was wondering if there is a web interface out there for uploading and downloading from samba shares? I found the SMB2WWW but it at the moment does not support upload nor does it seem very secure. I would like something that requires authentication. Has anyone done this or is it even possible yet? Wayne -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] best, safest and easiest way to provide remote access to files on linux machine
dear list. this question is rather related to samba, although not exclusively. I consider it related enough to ask here, please apologise if you don't. we are in the process of setting up a samba domain at my company. a goal is to replace our current nt4 servers. another goal is to provide an easy way to access the documents on the lan (and peoples home directories) from 'outside' (anywhere on the internet) A way to do this, seems to be the so called 'web folders', which appears to be the m$ name for webdav. Now the questions. I'm sure that wanting this is very common, I guess lot's of you experts have setup similar things in the places you work. So, the questions: Is web folders the way to go? And how to implement this server-side? (mod_dav does not seem to be able to do exactly what i want) (davenport, http://davenport.sourceforge.net/ doesn't seem very mature) What are the alternatives? (either open source, or paid software) (suse openexchange 4.1 (http://www.suse.com/us/business/products/openexchange/) seems to have some sort of webdav interface. any experiences if that will do what i want?) Any experiences in user authentication? Things I should keep into consideration when setting up my samba domain? (as nothing has been setup yet, so we can completely start from scratch) Any comments would be very much appreciated! Again apologies for the slight off-topic issue. Just pointers in the right direction would be appreciated, and, in case someone knows, but doesn't want to continue this discussion here, please don't hestitate to contact me directly. Have a nice weekend all of you! Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] suse 8.2 Samba 3 LDAP Domain Join Error : Logon failu re: unknown user name or bad password
dear list, first of all: a very happy new year to all of you :) 2004 is going to be the year of our institute migrating from nt4 to a samba domain Let's hope that move this will result in a good and successful year for us... :) and now for my two (small) questions... Yes. There is a bug there. I can give you RPMs for SuSE 8.2 that do work. You can download patched samba3-3.0.1 RPMs foe SuSE 8.2 (that is what I run) from: http://samba.org/~jht/files/RPMS/ i have not yet installed these packages, i just looked at them with a text editor, and noticed the following text: quote Achtung! This is samba3-3.0.1. Please do not run on production systems. You have been warned. /quote question: i thought that samba 3.0.1 was the most up-to-date version of samba, and that this version was really *the* version to use at the moment. Am i wrong..? (or is 3.1 going to be the new, stable version of samba, and should I use 3.0 for now..?) And the second question... How are these (http://samba.org/~jht/files/RPMS/) packages compiled..? For which suse version, and with what options? Looked at the files again, but couldn't find it... Right now downloading the .rsc.rpm, hope to get some of this info out of that file..? thanks very much. Learned a lot from you guys already by simply reading this list.. :) Greetings, mj -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba vs. Windows : significant difference intimestamphandli ng?
thanks very much for your kind and fast assistance! greetings from holland. mourik jan -Original Message- From: Dragan Krnic [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 11:19 To: mourik jan c heupink Cc: [EMAIL PROTECTED] Subject: Re: Samba vs. Windows : significant difference in timestamphandling? and (now that i have your attention... :)) what software do you use to backup your reisersf/acls partitions? Excellent question. I use tar, but before I start it I do a getfacl --skip-base -R . and save the output in a file that is bound to be the first on tape. When I restore such a tarball I do setfacl --restore= and all the ACLs are restored in a fell swoop. It is unbelievable how much faster both operations execute on a reiserfs as compared to any other fs (2 orders of magnitude faster). If you do a partial restore, you don't usually need explicit setfacl because the newly restored files inherit the correct ACLs from the parent dir, except if they themselves have additional irregular ACLs. Still, I'd rather the ACLs were singly backed up and restored, which according to a samba guy is what Sun does in their version of tar - each ACLs-infected file has 2 entries, the first contains only the ACLs, which an ACL-aware tar reads and uses to restore the original ACLs, and the second is the normal tar of the file. An ACL-unaware tar just overwrites the ACLs data with the data. For smb clients (WinDoze boxen) I use smbclient's tarmode extension and am about to add full ACLs support although in most cases all of the ACLs on an M$ system are totally predictable so backing them up is kinda redundant, but every now and then someone complains about it so let's get it behind us once. as what i read was that you can use basically any backup program to backup the data, but usually the acls are not backed up. i heard amanda is supposed to be good? I don't know what amanda does. Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba