[Samba] Re: Odd problem with samba v.3.0.20b
Andreas Oster wrote: | novaws20 (10.2.1.71) couldn't find service aoste | | The last five messages are the relavant ones. The share mentioned | (aoster) is the home share of user aoster. This not only happens with | the home share but with all other configured shares. The last letter | seems to truncated. | | Does anybody have a similar/same problem ? This is a Windows 2000 client bug. The client then tryies again with the corrcet name. Would this also affect XP clients? It seems more like a cosmetic issue (the log file gets clogged up). I have the same problem on my servers. Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Static Entries wins.dat/browse.dat
I've recently setup an iSCSI portal on my network and have taken some servers offline. However, due to the requirements of certain software programs I need to use UNC paths. I was able to fix this issue by adding CNAME into my DNS. I'm still finding that certain programs still require to view the browse list to find the appropriate server. Since CNAME doesn't link to the wins.dat or browse.dat lists I thought I could add a static entry into both. I followed the Samba-Howto on static entries but it seems that the entry disappears after a few minutes (the entry does appear on the Network Places browse list). Since the static entry is point to the same IP address as a physical server (iSCSI portal) could it be causing a conflict and therefore removed. Cheers, -- Jason Gray Bardel Entertainment Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Static Entries wins.dat/browse.dat
Well I found out how to fix the problem. I just needed to add netbios aliases = to my smb.conf file and the server name appeared in my browse list. If I could only learn to read the manuals : ) Jason Jason Gray wrote: I've recently setup an iSCSI portal on my network and have taken some servers offline. However, due to the requirements of certain software programs I need to use UNC paths. I was able to fix this issue by adding CNAME into my DNS. I'm still finding that certain programs still require to view the browse list to find the appropriate server. Since CNAME doesn't link to the wins.dat or browse.dat lists I thought I could add a static entry into both. I followed the Samba-Howto on static entries but it seems that the entry disappears after a few minutes (the entry does appear on the Network Places browse list). Since the static entry is point to the same IP address as a physical server (iSCSI portal) could it be causing a conflict and therefore removed. Cheers, -- Jason Gray Bardel Entertainment Inc. 604-669-5589 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Directory listing delay with WinXP and IPtables
I have made a change to my samba servers by placing smb port = 139. The effect I was trying to stop was a transport end point connect log error. This did stop the log error but I noticed zero difference in the behaviour on my win XP boxes. I have 120 XP, 10 win2k boxes 5 samba servers plus 2 samba servers as a clustered PDC on the network. I have read on groups else-where that if you stop port 445 on the PDC the XP boxes won't be able to communicate with the non-pdc samba servers. I haven't tried to stop port 445 on the PDC to see if this is the case. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, May 31, 2004 7:17 PM To: Randy S Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Directory listing delay with WinXP and IPtables I'd be curious to know whether the behaviour for XP Pro changes if you put the following parameter into smb.conf smb ports = 139 This tells samba not to respond to port 445 traffic. I'm assumming that samba is not participating in an active directory. Mark Sorry if this has been covered before. I setup a new Samba server using RedHat EL 3, and samba 3.0.2-6.3E (the version that comes with Redhat). We were seeing an intermittant 20 seconcd delay when grabbing a directory listing, but only from XP, win 2k was fine. I couldn't completely nail down when the delay occured but it seemed to be when the directory or share hadn't been accessed in a while, ~15mins ??. There was never a problem or delay seeing the samba server on the browse list. I turned off iptables and the delay has been drastically reduced, now down to 2 secs, which is acceptable. Obviously I'd like to turn iptables back on. I'm wondering if there are any special port openings or other iptables settings that need adjustments with XP; or if there are adjustments I need to make to the XP clients. I've already tried the RemoteComputer\NameSpace\ regkey fix to no avail. It's a very basic iptables setup. I opened up the standard samba ports. I've listed the output of 'iptables --list' below. Any ideas? TTIA /randoms/ 'iptables --list' output : Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ns ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds ACCEPT udp -- anywhere anywhere state NEW udp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:497 ACCEPT udp -- anywhere anywhere state NEW udp dpt:497 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Groups Under Domain Security
What password backend are you using to authenticate users? smbpasswd, ldapsam, tdb... Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua D. Scott Sent: Tuesday, June 01, 2004 12:06 PM To: Samba Mailing List Subject: [Samba] Groups Under Domain Security We are running Redhat 9, 2.4.20-30.9 kernel, Samba 3.0.0 and Winbind 3.0.0. Security is set to Domain and we are trying to set up shares which will be available to valid NT 4.0 users and groups. Winbind appears to be working, and you can use the commands getent group and getend passwd to see that it is communicating with the NT domain for user and group information. We successfully set up a share that only allowed the group Domain Users to connect and write to it. Our problem is that when we replace this group name with any other, they cannot access the share even if it's a known valid group. For example, we tried a test NT domain group called SMBWRITE. We managed to work around the problem by grabbing a lists of groups with the getent group command, changing all the group names to lowercase, and then writing the list to /etc/group on the samba server. Once this was done we could access a share as a SMBWRITE group member, or any other. Is there a bug in samba 3.0.0 or winbind which prevents domain authenticated groups from working properly? Do we need to continue this work around of keeping a local (to Redhat) group list, or have we simply misconfigured something? I can post our smb.conf if this will help. Thanks! -Joshua -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Transport End Point
I have four samba servers connecting into a samba PDC (using ldapsam as password backend) and all of the servers get the transport end point not connected error. I've looked in the groups but cannot find anything that helps. I've tried to set my oplocks=no and other similar settings but nothing seems to help. The only thing that seems to limit excessive sleeping smbd processes is the dead time = 1 option. I set this at a low value and it seems to have reduced the number of smbd process. I have 120 workstations that connect to the four servers and approx. 60 servers in a renderfarm that make connections every few minutes as each frame is rendered and the next one is started. So I get this transport end point error a lot. I'm concerned that this error might be slowing down the network with excessive re-connect requests. Any thoughts? Cheers...Jason Here's a sample of my log.smbd log: Doing spnego session setup [2004/05/27 11:37:56, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(549) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2004/05/27 11:37:56, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(616) Got user=[cphillips] domain=[BARDELCA] workstation=[FIREICE3] len1=24 len2=24 [2004/05/27 11:37:56, 3] libsmb/namequery_dc.c:rpc_dc_name(143) rpc_dc_name: Returning DC DC1BARDEL (192.168.2.17) for domain BARDELCA [2004/05/27 11:37:56, 3] libsmb/cliconnect.c:cli_start_connection(1337) Connecting to host=DC1BARDEL [2004/05/27 11:37:56, 3] lib/util_sock.c:open_socket_out(710) Connecting to 192.168.2.17 at port 445 getpeername failed. Error was Transport endpoint is not connected -- AC!!! [2004/05/27 11:37:56, 2] lib/smbldap.c:smbldap_search_domain_info(1324) Searching for:[((objectClass=sambaDomain)(sambaDomainName=BD5))] [2004/05/27 11:37:56, 2] lib/smbldap.c:smbldap_open_connection(626) smbldap_open_connection: connection opened [2004/05/27 11:37:56, 3] lib/smbldap.c:smbldap_connect_system(793) ldap_connect_system: succesful connection to the LDAP server [2004/05/27 11:37:56, 3] smbd/oplock.c:init_oplocks(1226) open_oplock_ipc: opening loopback UDP socket. [2004/05/27 11:37:56, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2004/05/27 11:37:56, 3] smbd/oplock.c:init_oplocks(1257) open_oplock ipc: pid = 8878, global_oplock_port = 57142 [2004/05/27 11:37:56, 3] smbd/process.c:process_smb(890) Transaction 0 of length 72 [2004/05/27 11:37:56, 2] smbd/reply.c:reply_special(105) netbios connect: name1=BD5 name2=FIREICE3 [2004/05/27 11:37:56, 2] smbd/reply.c:reply_special(112) netbios connect: local=bd5 remote=fireice3, name type = 0 [2004/05/27 11:37:56, 0] lib/util_sock.c:get_peer_addr(952) getpeername failed. Error was Transport endpoint is not connected [2004/05/27 11:37:56, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2004/05/27 11:37:56, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/05/27 11:37:56, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/05/27 11:37:56, 3] smbd/oplock.c:init_oplocks(1226) open_oplock_ipc: opening loopback UDP socket. [2004/05/27 11:37:56, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2004/05/27 11:37:56, 3] smbd/oplock.c:init_oplocks(1257) open_oplock ipc: pid = 8878, global_oplock_port = 57142 [2004/05/27 11:37:56, 3] smbd/process.c:process_smb(890) Transaction 0 of length 72 [2004/05/27 11:37:56, 2] smbd/reply.c:reply_special(105) netbios connect: name1=BD5 name2=FIREICE3 [2004/05/27 11:37:56, 2] smbd/reply.c:reply_special(112) netbios connect: local=bd5 remote=fireice3, name type = 0 [2004/05/27 11:37:56, 0] lib/util_sock.c:get_peer_addr(952) getpeername failed. Error was Transport endpoint is not connected -- ACKKK Again !!! [2004/05/27 11:37:56, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2004/05/27 11:37:56, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/05/27 11:37:56, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/05/27 11:37:56, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/05/27 11:37:56, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/05/27 11:37:56, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/05/27 11:37:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/05/27 11:37:56, 0] lib/util_sock.c:write_socket_data(388) And Again !!! write_socket_data: write failure. Error =
RE: [Samba] primary gid of user [username] is not a Domain group
What password backend are you using? I had the same problem with ldapsam until I altered the sambaPrimaryGroupSID so that it was sambaSID+GID. It looks like you are probably using local server accounts rather than an LDAP. You will need to create NT groups like 501, 512, 513 in your /etc/group file and map them to NT groups. The Samba How-to tells you how to do this. You will need to use something like: # net groupmap add SambaSID+GID unixgroup=string type=domain|local|builtin ntgroup=string Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of abebe lsslp Sent: Thursday, May 27, 2004 12:17 PM To: [EMAIL PROTECTED] Subject: [Samba] primary gid of user [username] is not a Domain group Hey, I have a samba 3.0.0. PDC on my Fedora Core server. I have one win 98, one XP and one NT clients. As I log on, I get primary gid of user [username] is not a Domain group error. I am sure gid is 100 (users) and my add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u If I login using the root account, I don't have this problem. What can I do to fix this? Ambex - Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Socket Errors
I'm trying to figure out what this error means. I've looked all over the groups and though there are people with the same errors, no one seems to know what the error is. I'm running Samba 3.0.2 with OpenLDAP 2.0.27. It might be related to Kerberos or to SSL. I've looked through my NMBD and SMBD logs and found very little as to what the problem could be. I've tried various things in my smb.conf like turing off file locking (oplock) and level2oplocks as some of the groups mentioned that this might be the cause. Any thoughts? I can forward more info if needed. Apr 20 13:27:22 bd4 smbd[30280]: [2004/04/20 13:27:22, 0] lib/util_sock.c:write_socket_data(388) Apr 20 13:27:22 bd4 smbd[30280]: write_socket_data: write failure. Error = Connection reset by peer Apr 20 13:27:22 bd4 smbd[30280]: [2004/04/20 13:27:22, 0] lib/util_sock.c:write_socket(413) Apr 20 13:27:22 bd4 smbd[30280]: write_socket: Error writing 4 bytes to socket 16: ERRNO = Connection reset by peer Apr 20 13:27:22 bd4 smbd[30280]: [2004/04/20 13:27:22, 0] lib/util_sock.c:send_smb(605) Apr 20 13:27:22 bd4 smbd[30280]: Error writing 4 bytes to client. -1. (Connection reset by peer) smb.conf: [global] workgroup = BARDELCA netbios name = BD4 server string = security = DOMAIN encrypt passwords = Yes null passwords = yes passdb backend = ldapsam:ldap://dc2.bardel.ca ldap suffix = dc=bardel,dc=ca ldap machine suffix = cn=Computers,ou=Systems,sambaDomainName=BARDELCA,dc=bardel,dc=ca ldap user suffix = cn=Users,ou=People,sambaDomainName=BARDELCA,dc=bardel,dc=ca #ldap group suffix = cn=Group,ou=Groups,sambaDomainName=BARDELCA,dc=bardel,dc=ca ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap admin dn = cn=Manager,dc=bardel,dc=ca ldap ssl = no log level = 1 log file = /var/log/samba/%m.log max log size = 0 preferred master = No local master = No domain master = No dns proxy = No #hosts allow = 192.168.1. interfaces = eth0 #include = /etc/samba/smb.conf.%m wins server = 192.168.2.17 admin users = administrator, root oplocks = False level2oplocks = False socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 guest account = nobody -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot Access LDAP when not root...
I'm trying to resolve an issue with Samba and LDAP. I'm using a program called Spider that provides network based rendering using domain logons to controll who can access the renders on the farm. It requires a group called SpiderAdmin to be setup (which I've done) and have added the users into the group. However, the only way that the SpiderAdmin users can access the renders on the network is if I also make them admin users in the smb.conf file. If they are not a member of admin users, when I check the log file I get: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)smbldap_open: cannot access LDAP when not root.. I've looked at the samba bug list and there was a reference to this problem. Has it been fixed? I know that the group works because the user cannot access SpiderAdmin if they are not in the group but are an admin users. However, this forces me to give root access to users that I do not wish to. It opens up a major hole in the network. It seems as if Samba cannot access LDAP unless the user has root access. Is there a way around this? Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User permissions with Cups
Is it possible to set user privileges for printers using LDAP/Samba/CUPS? I'm trying to limit who can use a certain type of printer by groups. When I try to set permissions using the windows GUI it does accept the group...it just gives me an unknown user link (similar to when a user is removed from the LDAP but the permission is still there). I'm I doing something wrong? Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind issue
I have 3 Linux rh9.0 servers on the network all using Samba/LDAP to authenticate. One is acting as the PDC and the other two are domain members. On one server I don't have winbind running and everything works great, however, on the other server, if I turn off the winbind I get a password prompt and cannot access the server. I have no need for winbind but I'm forced to keep it on. I'm using the PAM/NSS method to authenticate through the ldap server. I have the nsswitch set properly, all the library files are in the security folder and the login file in pam.d has all the necessary references, so I don't think it's related to LDAP. I am getting this error: make_server_info_info3: pdb_init_sam failed! but it seems to be related to winbind itself. How can I remove this systems need to use winbind? Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind issue
Just in case anyone is interested I found the problem...my /etc/ldap.conf file was not correct. Cheers, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Gray Sent: Monday, February 16, 2004 4:29 PM To: Smb_List Subject: [Samba] Winbind issue I have 3 Linux rh9.0 servers on the network all using Samba/LDAP to authenticate. One is acting as the PDC and the other two are domain members. On one server I don't have winbind running and everything works great, however, on the other server, if I turn off the winbind I get a password prompt and cannot access the server. I have no need for winbind but I'm forced to keep it on. I'm using the PAM/NSS method to authenticate through the ldap server. I have the nsswitch set properly, all the library files are in the security folder and the login file in pam.d has all the necessary references, so I don't think it's related to LDAP. I am getting this error: make_server_info_info3: pdb_init_sam failed! but it seems to be related to winbind itself. How can I remove this systems need to use winbind? Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Supplementary Group Issues
I was wondering if any one else is having issues with supplementary groups not being recognized. It seems as if Samba is ignoring the sup.groups. I'm using RH9.0 on Intel with samba-3.0.0-2_rh9 and OpenLDAP 2.0.27. When I do a id -a username the user is in all the necessary groups but when accessing shares the users' primary GID is used only. For example, uid=1001(jgray) gid=512(domainadmin) groups=512(domainadmin),0(root),513(domainusers),1536(SpiderAdmin) can only access shares that are defined this way: drwxrwx---2 jgray domainusers 48 Feb 5 18:12 test But not this way drwxrwx---2 root domainusers 48 Feb 5 18:12 test The user jgray should have access to the share as either root or domainuser but cannot. user jgray can only access if ownership is either jgray or part of group domainadmin. Thanks, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Forced to use Winbind?
I have a very wierd situation on one of my samba servers. It is setup as a member of a Samba/LDAP domain and I cannot browse the shares unless I have the winbind service running. I have 4 other servers that do not use winbind and I can see those shares perfectly. I trying to view the files from an XP box (which can browse the other servers just fine) and I get an access is denied pop-up. However, as soon as I restart winbind I can see the shares. I use similar smb.conf files for the servers, the nsswitch.conf file is the same and the /usr/pam.d/login file is the same. It seems as if fails the samba group mappings and skips to winbind. I don't want to use winbind as it creates funky permissions on the folders and files. I don't use a win2k PDC so there is no need to have it running...it does not make any sense. Here is the error: make_server_info_info3: pdb_init_sam failed! Any thoughts? Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Printing VIA Samba
I've was wondering if someone could help me out with some printing issues. I'm trying to store print drivers on my Samba PDC so that windows clients can access my network printers. I have 3 printers (X12 Fiery, HP 4000 PCL5, Epson). I used to use a Win2K server and I could add the printers through the usual method. I have created my [print$] share and the windows drivers directory on the Samba PDC. However, I'm having trouble displaying my printers so I can add them into the directory (as stated in the Samba how-to). How do I display the printers before I've added the drivers? Any help would be appreciated. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and TCP printing ports
I've read in the documentation that Samba does not use ports like Win2k. So how does Samba know where to find a network printer if it has it's own IP address (stand-alone printer)? I have created a printer in my /etc/printcap file: HP4000:\ :sd=/var/spool/lpd/hp4000:\ :mx#0: :sh:\ :rm:192.168.2.13:rp=raw: :rp=:\ added this to my smb.conf [printers] comment = All Printers printable = yes path = /var/spool/lpd browseable = no guest ok = yes public = yes read only = yes writable = no [print$] comment = Printer Download Area path = /etc/samba/drivers browseable = yes guest ok = yes read only = yes write list = @ntadmin, root, administrator I've used the APW to add the printer drivers into the appropriate directories: /etc/samba/drivers/W32X86/3: -rwxr--r--1 root domainadmin 136192 Aug 17 2001 HPCFONT.DLL -rwxr--r--1 root domainadmin21866 Jul 21 2001 hpcljx.hlp -rwxr--r--1 root domainadmin36622 Jul 21 2001 HPLJ4000.GPD -rwxr--r--1 root domainadmin 676352 Aug 17 2001 PCL5ERES.DLL -rwxr--r--1 root domainadmin14362 Jul 21 2001 STDNAMES.GPD -rwxr--r--1 root domainadmin 698 Jul 21 2001 TTFSUB.GPD -rwxr--r--1 root domainadmin 252416 Aug 29 2002 UNIDRV.DLL -rwxr--r--1 root domainadmin21225 Jul 21 2001 UNIDRV.HLP -rwxr--r--1 root domainadmin 197120 Aug 29 2002 UNIDRVUI.DLL -rwxr--r--1 root domainadmin 619520 Aug 17 2001 UNIRES.DLL and the driver has been assigned to the printer. I can add the printer to the workstations but the printer and the Samba PDC are not talking. How can I test this connection? Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and GroupMapping
I was wondering if anyone has come across an error in their winbindd log: could not lookup membership for group rid S-1-5-21-3506869558-4124343851-970148941-2025 in domain BOGUS (error: NT_STATUS_NO_SUCH_GROUP) I have all the mappings done correctly: domainadmin (S-1-5-21-3506869558-4124343851-970148941-512) - domainadmin domainusers (S-1-5-21-3506869558-4124343851-970148941-513) - domainusers domaincomputers (S-1-5-21-3506869558-4124343851-970148941-515) - domaincomputers SpiderAdmin (S-1-5-21-3506869558-4124343851-970148941-1536) - SpiderAdmin domainguest (S-1-5-21-3506869558-4124343851-970148941-514) - DomainGuest I assume that the gid -- rid conversion is gid*2+1000+1 If this is the case then why is the winbindd log giving me the error that no such group exists. Any thoughts? Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind and GroupMapping
I think I fix the problem...I had the parameter: winbind separator = + in my smb.conf file. It doesn't seem to like it very much. When I rem'ed it out the error disappeared. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Gray Sent: Thursday, January 29, 2004 3:01 PM To: Smb_List Subject: [Samba] Winbind and GroupMapping I was wondering if anyone has come across an error in their winbindd log: could not lookup membership for group rid S-1-5-21-3506869558-4124343851-970148941-2025 in domain BOGUS (error: NT_STATUS_NO_SUCH_GROUP) I have all the mappings done correctly: domainadmin (S-1-5-21-3506869558-4124343851-970148941-512) - domainadmin domainusers (S-1-5-21-3506869558-4124343851-970148941-513) - domainusers domaincomputers (S-1-5-21-3506869558-4124343851-970148941-515) - domaincomputers SpiderAdmin (S-1-5-21-3506869558-4124343851-970148941-1536) - SpiderAdmin domainguest (S-1-5-21-3506869558-4124343851-970148941-514) - DomainGuest I assume that the gid -- rid conversion is gid*2+1000+1 If this is the case then why is the winbindd log giving me the error that no such group exists. Any thoughts? Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] GroupMap Issues
I have been trying to figure out what this error is: Jan 29 18:23:07 dc2 smbd[20729]: [2004/01/29 18:23:07, 0] rpc_server/srv_util.c:get_domain_user_groups(371) Jan 29 18:23:07 dc2 smbd[20729]: get_domain_user_groups: primary gid of user [barbara] is not a Domain group ! Jan 29 18:23:07 dc2 smbd[20729]: get_domain_user_groups: You should fix it, NT doesn't like that Jan 29 18:23:08 dc2 smbd[20729]: [2004/01/29 18:23:08, 0] rpc_server/srv_util.c:get_alias_user_groups(219) Jan 29 18:23:08 dc2 smbd[20729]: get_alias_user_groups: gid of user barbara doesn't exist. Check your /etc/passwd and /etc/group files I thought I fixed the error but it keeps coming back. My only concern is that it is slowing network access down. Is this an error I should be worried about? I'm using LDAP as my backend so why Samba is checking the /etc/passwd and /etc/group files is strange. I have the nsswitch setup to check files ldap winbind. Is this error due to the fact that Samba checks the files first, can't kind the users, then goes onto ldap? It's kind of annoying cuz I don't know if the error is a problem or not. Any help would be appreciated. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Please Help!! need samba 2.2.7 server to use ldap
I have two servers running samba 2.2.7a and require them to join and use an LDAP passwd backend. My domain controller is running Samba 3.0 and OpenLdap 2.0.27 as the passwd backend. The two servers have joined the domain but for some reason they are not using the LDAP backend. [global] workgroup = SOMEDOMAIN netbios name = BD4 server string = security = DOMAIN encrypt passwords = Yes null passwords = yes password server = ldapsam:ldap://dc2.somedomain.ca log level =3 log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No #hosts allow = 192.168.1. interfaces = eth0 #include = /etc/samba/smb.conf.%m Can anyone suggest a solution? I can use smbclient from the command line to open the share but it only works as anoymous. If I try to use a password I get this error: session setup failed: NT_STATUS_LOGON_FAILURE Any ideas would be great... THanks Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDU
Hello all, I've been watching my log files for some time and every so often I get this message: failed to decode PDU process_request_pdu: failed to do schannel processing Does this mean anything? I've tried to locate some info on my own but there is nothing that I can find. Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Domains and Network Browsing
Hi all, I have been working on a multi-domain network (2 of them) with one domain being controlled by Samba/Openldap config and the other a standard Win2k AD. I have had success getting all computers on the Samba domain to see the Win2k controller via the Network browser but it does not seem to be working the other way around. My network config is split up into two separate VLANs using an extreme switch (192.168.1.0 and 192.168.1.0). They talk to each other through a router, have gateways out to a firewall and then pass into the internet. Both domains have WINS/DNS/DHCP running. Each domain has each others WINS/DNS in their config files. Both DHCP servers have propagated each others DNS/WINS to the various workstations (Each DHCP services only one sub-net). On workstations within the Win2k domain I can type in the desired workstation and it does appear or I can search for it. However, the Domain container for the SAMBA group is missing on workstations within the Win2k domain (hope that makes sense). Below is a version of my smb.conf file: server string = workgroup = BOGUSGROUP netbios name = BOGUSNAME null passwords = yes passdb backend = ldapsam:ldap://localhost log level =1 add user script = /usr/local/sbin/smbldap-useradd.pl -a -m %u add group script = /usr/local/sbin/smbldap-groupadd.pl -g %g add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u logon path = \{}\{}%L\{}profiles\{}$user logon drive = H: logon home = \{}\{}%L\{}$user\{}.profiles domain logons = yes os level = 64 preferred master =yes domain master = yes ldap suffix = dc=group,dc=ca ldap machine suffix = cn=Computers,ou=Systems,sambaDomainName=BOGUSGROUP,dc=group,dc=ca ldap user suffix = cn=Users,ou=People,sambaDomainName=BOGUSGROUP,dc=group,dc=ca #ldap group suffix = cn=Group,ou=Groups,sambaDomainName=BOGUSGROUP,dc=group,dc=ca ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap admin dn = cn=Manager,dc=group,dc=ca ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%D/%U template shell = /bin/bash winbind separator = + wins support = yes wins server = 192.168.2.17, 192.168.1.9 wins proxy = yes dns proxy = yes admin users = administrator, root remote announce = 192.168.1.9/SAMBADOMAIN interfaces = 192.168.2.16/24 192.168.2.17/24 I thought that maybe the remote announce would work but it hasn't seemed to. The problem is it is hard to tell which domain controller is at fault. I don't think that the Samba is the problem. The WINS on the win2k box was mangled until recently and the DNS is also flaky (hence the move over to Samba). But I have to keep both domains up for the next little while (production environment) and then we will slowly migrate everyone over. Any thoughts would be appreciated. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba