Re: [Samba] Samba 2.2.3a and Windows Synchronization
On Fri, 7 Nov 2003, BN wrote: Hello I am running SuSE 8.0 and Samba 2.2.3a. I have a laptop that I want to use offline, and have enabled the synchronization utility in Windows XP. This works fine with the Windows NT server, but when going offline i get Access Denied trying to open the synchronized versions of the files on the Samba server. Can anyone help me..? You will need to add to your smb.conf file [globals]: log level = 5 log file = /var/log/samba/%m.log max log size = 0 Then try to synchronize the files and see what is reported in the log file produced. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Word 2000 problems
Kevin, I saw your prior posting. As a minimum you should update to samba-2.2.8a. The preferred version from a support perspective is samba-3.0.0 or later (CVS). If you want to solve this, a network trace or a detailed smbd log of activities will be required. We need to know precisely what operations Word is performing that are causing this problem. If your version supports the sendfile parameter you should try to disable that in [globals], and see if that gets rid of the problem. Also, suggest you carefully check your hardware. I helped someone who had a nasty file integrity problem. They built a test network for which they bought a new hub and were unable to reproduce the problem. It turned out to be defective hardware - when the HUB and server NIC were replaced the problem disappeared. Because the problem went away after replacing both items they did not isolate which was at fault. If you need further assistance contact me off-line. - John T. On Thu, 6 Nov 2003, Collins, Kevin wrote: About two weeks ago, I posted a message to the list describing an error that I've been getting with Word 2000 documents. The subject line of that mail was: Samba 2.2.7a and Word 2000 = Corrupted (?) files; I submitted it on 10/15/03. I've not heard from anyone with a response to that inquiry, so I'm yelling for help one more time. I've scoured Google, the mailing-list archives, and as many other sources as I can find and nothing that I've come across has been able to cure my problem. Can someone please help me? I've got an increasing number of people loosing work because of this problem. Thanks in advance for any help. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS vs lprng
On Thu, 6 Nov 2003, Douglas Phillipson wrote: Could I get some opinions on which type of Samba based printing is easier, CUPS or LPRNG, or just bybass Samba altogether. I'm looking at the Printing HOWTO by Kurt Pfeifle (Printing Support in Samba 3.0) and both look really complex. Anyone out there have any experience with printing services in Samba? Should I just stay away from samba printing and go direct to Network printers? Best is to use network printers, but have your samba server do all the spooling. If you have each client print directly to a network attached printer you will get lots of network traffic at times ot printer congestion. What are the advantages of a samba print server as opposed to installing printer drivers on the client and printing to a network printer? Any opinions are appreciated To a bushman from the heart of the jungle, driving and automatic car is VERY complex. Do you find it complex? Maybe you have learned enough that it no longer seems anywhere near as daunting. I prefer CUPS! It is really easy to configure. Takes very little imagination. Can be made as complex as you want. The easiest configuration is to use raw print-through. 1. Edit /etc/cups/mime.convs and uncomment the line at the end of the file that has: #application/octet- 2. Do the same for /etc/cups/mime.types. 3. Add a raw more printer using the Web interface. Point your browser at http://localhost:631, enter Adminstration, add the printer. Do NOT install any drivers for it. Choose RAW. Choose queue name Raw Queue. 4. In the samba [printers] section add: use client drivers = Yes In your [globals] section add: printing = CUPS printcap = CUPS Now just install printers on your windows machine as if they are a local printer. Then edit the configuration, in theDetail tab, set a local port pointing at your samba server: \\server\raw_q_name Where raw_q_name is the name you gave this raw queue in CUPS. This should work every times. PS: It is documented in the HOWTO (if you can find it!). :) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] clarify issues on joining Samba PDC, machines, RIDs,
On Thu, 6 Nov 2003, jonlists wrote: I'm running into issues trying to configure a server to be a Samba PDC in a small network that contains only Win2k/XP workstations. This will be going into an environment where there are no Windows server. There is a pre-existing Samba server that will be replaced, but it'll be easier to recreate user accounts than attempt migration (there were no machine accounts). Due to time/budget - we're not integrating this one with LDAP. We'll be sticking with smbpasswd. I'd like clarification on some things: - I did the net groupmap add commands, attempting to map a unix-created group - ntadmin - to the Domain Admins group. However, when i do a groupmap list, I get a double listing for the group, as is shown below. Domain Admins (S-1-5-21-4140922544-3110978470-4188555357-2005) - ntadmin Domain Admins (S-1-5-21-4140922544-3110978470-4188555357-512) - -1 I assume this will cause problems when attempting to join machines to the domain, as one or the other SID will be recognized as a member of domain admins. Am I correct, and if so, how do I fix this? Correct. You just hosed things here. To fix: net groupmap delete ntgroup=Domain Admins net groupmap modify ntgroup=Domain Admins unixgroup=ntadmin - If someone goes in and deletes the unix user - say jimmy without using pdbedit or the samba tools, pdbedit later complains that jimmy no longer exists, but will not allow me to delete him using pdbedit -r. How can I clean this up so that jimmy can be fixed - I'm not finding any info on how to rebuild or fix the samba information. (Administration of this system will be turned over to someone else, and I need to be sure I can help them fix if they do this). Add to your smb.conf [globals] passdb backend = tdbsam smbpasswd Run: pdbedit -i tdbsam -e smbpasswd Edit your the smbpasswd file to remove the dead entries. Remove the passdb.tdb file. Run: pdbedit -i smbpasswd -e tdbsam Edit smb.conf to have: passdb backend = tdbsam Delete the smbpasswd file. Done. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 and MMC (Microsoft Management Console)
On Thu, 6 Nov 2003, Jeremy Allison wrote: On Thu, Nov 06, 2003 at 10:34:35PM +, John H Terpstra wrote: You can NOT use the Computer Management MMC to manage a Sambae server. Are you sure about that ? I used it during Samba 3 development and definately parts of it worked. You can use it only to manage share ACLs. If in smb.conf there are scripts for creation of shares, etc. then it can be used for that also. It is not possible to use the Computer Management MMC to administer users and groups. It is not possible to do that for NT4 domains either using this tool. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Translation samba 3 how to in german, Übersetzung des Samab 3 How to ins deutsch
Folks, I'd like to encourage translation of the Samba-HOWTO-Collection into as many languages as we can get. If you are willing to dedicate some time to translation and have the capacity to assist let's get the ball rolling! Full marks to rruegner for stepping up to the bar! - John T. On Fri, 7 Nov 2003, rruegner wrote: Hallo Leute, ich möchte gerne die Samba Doku ins deutsch übersetzen. Ich arbeite schon lange mit Samba und denke es wäre kein übermässiger Aufwand. Da ich Samba aber meist als Pdc benutze bin ich mit einigen Features technisch nicht so vertraut. ( samba und ldap an einem win server etc ) Ich würde mich freuen wenn einige Deutsche mitmachen würden damit wir uns technisch und gramatikalisch gegenseitig verbessern könnten. Mfg RRuegner Hi Samabtistas, i am looking for some people which would help to translate the samba 3 doks to german. As i am working with samba for years i think this should not be a big problem. But most of the time i used samba as pdc , so i am afraid that i will do tec failures in some chapters i never used , so people who want to take part to make help in translations and debug each other will be needed Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] clarify issues on joining Samba PDC, machines, RIDs,
On Thu, 6 Nov 2003, jonlists wrote: John H Terpstra [EMAIL PROTECTED] wrote on 11/06/2003 04:00:54 PM: On Thu, 6 Nov 2003, jonlists wrote: [snip other issued resolved - thank you very much] - If someone goes in and deletes the unix user - say jimmy without using pdbedit or the samba tools, pdbedit later complains that jimmy no longer exists, but will not allow me to delete him using pdbedit -r. How can I clean this up so that jimmy can be fixed - I'm not finding any info on how to rebuild or fix the samba information. (Administration of this system will be turned over to someone else, and I need to be sure I can help them fix if they do this). Add to your smb.conf [globals] passdb backend = tdbsam smbpasswd Run: pdbedit -i tdbsam -e smbpasswd I get the error... Unable to open/create TDB passwd Can't sampwent! Try adding root with smbpasswd: smbpasswd -a root If that fails you have real issues! :) If it works, then try the migration process again. I have to believe I'm missing a required package, or is this all installed w/samba 3.0? Edit your the smbpasswd file to remove the dead entries. Remove the passdb.tdb file. Run: pdbedit -i smbpasswd -e tdbsam Edit smb.conf to have: passdb backend = tdbsam Delete the smbpasswd file. Done. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] Other naive question (I'm trying to RTFM, but I'm running out of time) - where can I find info on whether or not I need to add scripts to smb.conf for using tdbsam backend? Sure do need the scripts for tdbsam. - John T. Thanks for the pointers on tdbsam - shouldn't have overlooked that one. Jon Johnston Creative Business Solutions IBM, Lotus, Microsoft Consultants http://www.cbsol.com 952-544-1108 -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] clarify issues on joining Samba PDC, machines, RIDs,
On Thu, 6 Nov 2003, jonlists wrote: Add to your smb.conf [globals] passdb backend = tdbsam smbpasswd Run: pdbedit -i tdbsam -e smbpasswd I get the error... Unable to open/create TDB passwd Can't sampwent! Try adding root with smbpasswd: smbpasswd -a root Created the passwd database, pdb_getsampwnam: TDB passwd (/etc/samba/passdb.tdb) did not exist. File successfully created. Good. However, same failure when attempting the migration process. If that fails you have real issues! :) Then something is broken in your samba build. What is the origin or your samba-3.0.0 package? Oddly enough, doing a net user list asks for a password (even though I'm already in as root), and then does nothing. Doing a pdbedit -L gives: Unable to open/create TDB passwd Looks very broken. Replace the binaries with the RPMS from samba FTP sites. At least this isn't in production (yet). G You bet! - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Db3 data base is only availible to a single user at a time.
On Tue, 4 Nov 2003, John wrote: Hello, Having discovered the speed of SAMBA as a file share server I migrated our Db3 contact database (ACT) to a file share which is readable and writeable by all users. Only to discover that only one user could access it at a time. When a second user tries to use it the following error occurs. An error occured when opening the database. It may be damaged or missing a component The error is not linked to any particular user or client PC. I have disabled oplocks which has made no difference. I am using SAMBA 2.2.7 on Mandrake 9.1 with a Win2k PDC and Win2k clients. The only problem I am having is with multi user access to the same files. If any one can help I would be grateful. Suggest you update to Samba-3.0.0 is possible. Recent versions of Samba have eased quite some locking issues. Additionally, I recommend that you read the Samba-HOWTO-Collection.pdf available from: http://samba.org/~jht/HOWTO/Samba-HOWTO-Collection.pdf There is a complete chapter on File and Record Locking that may help you to solve your issues. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Groups problem
On Tue, 4 Nov 2003, Milos Webmail wrote: We would like to migrate grom Winnt 4.0 to Samba 3 with ldap support. We have installed openldap on Rh 2.1 AS and created starting databases with IDEALX.org scripts. Now i have added computer to domain no problems and than I tried to migrate users and groups, but only user migrate but there is a problem Primary group of Administrator has no mapping! ( this is error for every user). Then I try to assign Unix group to nt group: [EMAIL PROTECTED] milos]# net groupmap modify ntgroup=Domain Admins unixgroup=root NT Group Domain Admins doesn't exist in mapping DB That's correct. If you use tdbsam these are automatically created. You can then migrate them to LDAP using: pdbedit -i tdbsam -e ldapsam If you go directly to LDAP you have to create all group entries yourself. The right way to do that is: net groupmap add ntgroup=Domain Admins unixgroup=root rid=512 Or [EMAIL PROTECTED] milos]# net groupmap modify ntgroup=Domain Admins unixgroup=root rid=512 Bad option: rid=512 Yes, correct. You can not modify something that does not exist. :) Does any one have any idea what i'm doing wrong Did you check if ANY NT Group that has a space in the name created a UNIX group account? You will most likely find it did not because the groupadd utility will not allow you to do that. :) The work around is the script provided in the Samba-HOWTO-Collection. - John T. Regards, Milos [EMAIL PROTECTED] milos]# net rpc vampire -S server -U Administrator Fetching DOMAIN database SAM_DELTA_DOMAIN_INFO not handled Creating unix group: 'Domain Admins' Creating unix group: 'Domain Users' Creating unix group: 'Domain Guests' Creating unix group: 'Uprava' Creating unix group: 'Mail' Creating unix group: 'Spin' Creating unix group: 'MTS Trusted Impersonators' Creating unix group: 'Birpis' Creating unix group: 'Lirpis' Creating account: Administrator [2003/11/04 15:14:09, 0] utils/net_rpc_samsync.c:fetch_account_info(488) Primary group of Administrator has no mapping! Creating account: Guest [2003/11/04 15:14:09, 0] utils/net_rpc_samsync.c:fetch_account_info(488) -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: SV: [Samba] Samba-Citrix compatability
On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote: I have searched for some FAQ/HOWTO regarding Citrix/Metaframe to no avail. (Like this one http://samba.org/~jht/HOWTO/Samba-HOWTO-Collection.pdf ) What I would like to see in such a FAQ/HOWTO: Are you willing to help write this? You too can make a difference you know! - Compilation issues regarding Citrix/metaframe - - ie the need to increase the MAX_CONNECTION setting before compilation - - ie how to compile samba to a 64 bit application to get more available file descriptors (problem for solaris) - the need to tweak the /etc/system settings (ie set rlim_fd_max = number) - oplocks settings in smb.conf - the single smbd process issue and workaround(s) (wins and DNS-proxy/netbios names?) - the home-share issue and problem All these issues, and probably more, I feel are related to Citrix/metaframe vs. Samba. If I am wrong and somewhere there is a FAQ regarding this then all the better. Just need to find it. ;-) If not then it is most neeeded. Good points! Will you contribute some text that we can add to the HOWTO? Information like this gets documented when someone with your kind of passion writes some basic guidelines and contributes it to the HOWTO. Please do not leave this to others, while the needs are fresh in your mind please write a few paragraphs on each and send them to me for inclusion. Cheers, John T. And Samba4? What is this? :-) Due 2005? Kind regards Per Kjetil Grotnes Some governmental department in Norway Andrew Bartlett Sendt: 4. november 2003 02:20 On Tue, Nov 04, 2003 at 11:55:25AM +1100, DAVIES Rob wrote: G'day, We are having problems when connecting to our Solaris 8 server Zeus from our Windows 2000 Terminal Servers. I think you might be hitting two of the nastiest bugs with that combination. Firstly, there are issues with Solaris 8, and TDB locks, for which there is a solaris kernel patch (it's an fcntl issue). But more importantly, there is an issue caused by the way Windows Terminal Server clients connect - they all use the same smbd. This causes all their operations to be serialised, even worse if something blocks. The best solution is to call your system by as many names as possible. For example, call it by one name per user, particularly for roaming profiles. (So make a user's profile path/homedir \\zeus-username\username or the like). Use DNS (with a samba wins server set to 'dns proxy') or fixed entires in your wins.dat, or an lmhosts file, to force the multiple names. Samba doesn't mind what it gets called. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and private shares
On Tue, 4 Nov 2003, Thron Havens wrote: I know what everyone is busy and there are a lot of requests here but can someone give me any ideas why I can't get private shares to work? Right now I get prompted with a logon and password but I cannot connect. Under my share config I have used user(s) = user-name valid users = user-name and username = user-name None of them will let me in. Have you tried valid users = 'user_name'? - John T. I'm running samba 2.5 on a FreeBSD box using winbind to do authentication with my PDC/BDC and I'm able to configure global shares that everyone on the NT network can access. SMB.conf workgroup = domain-name netbios name = comp-name server string = comp-name security = domain log file = /var/log/sambalog.%m encrypt passwords = yes local master = no os level = 0 domain master = no preferred master = no wins support = no wins server = 0.0.0.0 wins proxy = no dns proxy = no log level = 3 max log size = 1 load printers = no winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind separator = . winbind use default domain = yes template homedir = /usr/share/%U template shell = /bin/false password server = * name resolve order = hosts lmhosts wins bcast nt acl support = yes [share] comment = temporary file space path = path browsable = yes read only = no public = yes printable = no writeable = yes [temp] comment = another share path = /usr/report username = user-name browsable = yes read only = no #public = yes printable = no writeable = yes Pam.conf auth requiredpam_nologin.so no_warn auth sufficient pam_winbind.so auth sufficient pam_opie.so no_warn no_fake_prompts auth requisitepam_opieaccess.sono_warn allow_local #authsufficient pam_krb5.so no_warn try_first_pass #authsufficient pam_ssh.so no_warn try_first_pass auth requiredpam_unix.so no_warn try_first_pass # account #account requiredpam_krb5.so account sufficient pam_winbind.so account requiredpam_unix.so # session #session optional pam_ssh.so session requiredpam_permit.so # password password requiredpam_permit.so Thanks Thron -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: SV: [Samba] Samba-Citrix compatability
On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote: From: John H Terpstra [mailto:[EMAIL PROTECTED] I have searched for some FAQ/HOWTO regarding Citrix/Metaframe to no avail. (Like this one http://samba.org/~jht/HOWTO/Samba-HOWTO-Collection.pdf ) What I would like to see in such a FAQ/HOWTO: Are you willing to help write this? You too can make a difference you know! Hehe. Hi John. I knew you would pop in here sooner or later. I am sure you have a default text you paste in for us silly enough to stick our nose out. ;-) Jokes aside. Yes, I could attempt to help with this as I told Andrew earlier. Your posting was too tempting to leave it alone. :) All these issues, and probably more, I feel are related to Citrix/metaframe vs. Samba. If I am wrong and somewhere there is a FAQ regarding this then all the better. Just need to find Information like this gets documented when someone with your kind of passion writes some basic guidelines and contributes it to the HOWTO. Please do not leave this to others, while the needs are fresh in your mind please write a few paragraphs on each and send them to me for inclusion. We do not have any _current_ need of a HOWTO. What I registred was a user question and an answer from one of the samba-team that I had seen before (with some additional info about dns-proxy that I had not seen before and still wonder about). Please document your thoughts. Send them in, ask others to help flesh it out. None of us knows enough, but by working together we can produce good information for our users. Thus I see that there is a need for such a Citrix-HOWTO, and I would have offered my services earlier if I felt confident that i could contribute to this document. As I said earlier - we have a running environment and its been awhile since i tweaked it. I am probably not the best to deliver such info, but I might do an attempt. If you have the passion to write something that is much better than a competent expert who writes nothing. - John T. Regards Per Kjetil Grotnes (PS: i think you do great work getting people to help the community with documenting samba) -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: SV: [Samba] Samba-Citrix compatability
On Tue, 4 Nov 2003, Eric Roseme wrote: John and/or Andrew, I created some slides diagraming this issue in simplistic terms for Microsoft management when I was attempting to persuede them to uncomment the MultipleUsersOnConnection code from the W2000 redirector (to no avail). If you think that they could be useful for officially documenting the issue, I can email you the pdf directly (I do not want to dump a big file in everyone's inbox). Eric, Please do send that to me. I'll extract and ammend the HOWTO from it. Thnx. - John T. Eric Roseme John H Terpstra wrote: On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote: I have searched for some FAQ/HOWTO regarding Citrix/Metaframe to no avail. (Like this one http://samba.org/~jht/HOWTO/Samba-HOWTO-Collection.pdf ) What I would like to see in such a FAQ/HOWTO: Are you willing to help write this? You too can make a difference you know! - Compilation issues regarding Citrix/metaframe - - ie the need to increase the MAX_CONNECTION setting before compilation - - ie how to compile samba to a 64 bit application to get more available file descriptors (problem for solaris) - the need to tweak the /etc/system settings (ie set rlim_fd_max = number) - oplocks settings in smb.conf - the single smbd process issue and workaround(s) (wins and DNS-proxy/netbios names?) - the home-share issue and problem All these issues, and probably more, I feel are related to Citrix/metaframe vs. Samba. If I am wrong and somewhere there is a FAQ regarding this then all the better. Just need to find it. ;-) If not then it is most neeeded. Good points! Will you contribute some text that we can add to the HOWTO? Information like this gets documented when someone with your kind of passion writes some basic guidelines and contributes it to the HOWTO. Please do not leave this to others, while the needs are fresh in your mind please write a few paragraphs on each and send them to me for inclusion. Cheers, John T. And Samba4? What is this? :-) Due 2005? Kind regards Per Kjetil Grotnes Some governmental department in Norway Andrew Bartlett Sendt: 4. november 2003 02:20 On Tue, Nov 04, 2003 at 11:55:25AM +1100, DAVIES Rob wrote: G'day, We are having problems when connecting to our Solaris 8 server Zeus from our Windows 2000 Terminal Servers. I think you might be hitting two of the nastiest bugs with that combination. Firstly, there are issues with Solaris 8, and TDB locks, for which there is a solaris kernel patch (it's an fcntl issue). But more importantly, there is an issue caused by the way Windows Terminal Server clients connect - they all use the same smbd. This causes all their operations to be serialised, even worse if something blocks. The best solution is to call your system by as many names as possible. For example, call it by one name per user, particularly for roaming profiles. (So make a user's profile path/homedir \\zeus-username\username or the like). Use DNS (with a samba wins server set to 'dns proxy') or fixed entires in your wins.dat, or an lmhosts file, to force the multiple names. Samba doesn't mind what it gets called. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2k clients not connecting
On Mon, 3 Nov 2003, Sashidhar HC wrote: My Win2k is not connecting to Samba 2.0.8 server running RH7.1 Update to samba-3.0.0. I could not set the EnableClearTextPassword=1 as suggested in one help site. Sugget you read the Samba-HOWTO-Collection. http://sg.samba.org/samba/docs/Samba-HOWTO-Collection.pdf - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Home and Samba? and: two network cards?
On Mon, 3 Nov 2003, Jonathan Johnson wrote: On Mon, 3 Nov 2003, John H Terpstra wrote: If both network cards are installed in your Samba server, then each network card must be configured for a different subnet. For example: CardIP Address Network --- -- --- eth0192.168.0.1 192.168.0.0/24 eth1192.168.1.0 192.168.1.0/24 To pick a nit, 192.168.1.0 is not a valid IP Address; it is the network address. 192.168.1.255 would be the broadcast address; everything in between would be valid. Yep. You, of all people, should know that, John. :-) Yep, sorry - too much pressure to meet deadlines, too little attention to details! :) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining smb server as a BDC for NT domain
On Mon, 3 Nov 2003, Lohan Spies wrote: Hi all, Currently i have a PDC and BDC NT Domain servers! I need to setup a smb server as another BDC for the domain. how will i go about to setup the smb server as a secondary BDC for the nt domain? Have you read the Samba-HOWTO-Collection.pdf? http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf There is a whole chapter on NT4Migration. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HowTo Chapter12 Group Mapping and LDAP
Matt, You must map NT Groups to UNIX groups. In particular, only Domain groups (not local groups in the Domain) that have been mapped to a UNIX group (no matter where it is stored - LDAPsam or tdbsam) will be available for domain client use. If you want to map the NT Domain Group called Domain Users to the UNIX users group, you will need to run: net groupmap modify ntgroup=Domain Users unixgroup=users if the NT Group does not exist in your LDAPsam, yo uwill need to run: net groupmap add ntgroup=Domain Users unixgroup=users rid=51x Where 51x is the well known RID for the Domain Users group. You can obtain this from the latest Samba-HOWTO-Collection.pdf available from: http://samba.org/~jht/HOWTO I hope this helps to clarify the issue for you. - John T. On Mon, 3 Nov 2003, Matt Pusateri wrote: Hello, I have a question about the documentation of the Samba Howto's. Specifically, I am not able to understand how group mapping ties into LDAP. I believe I understand the concept of unix to windows group mapping as laid out in chapter 12 as it relates a tdbsam, but get confused when dealing with a ldapsam back-end. There is a note listed When the passdb back-end uses LDAP (ldapsam) it is the administrators' responsibility to create the essential Domain Groups, and assign each its default RID. I am not sure what this note is to infer? Does net groupmap handle things or do I manually have to configure via LDIF entries? I have read chapters 1-12, 21, 25 of the howtos as well as Samba PDC LDAP howto by Ignacio Coupeau. Is there another document I am missing or am I just not getting it? I have not posted config files or system specifics because I feel this is more a problem understanding the concepts not configuring the system. If someone could either point me in the right direction or explain what I am missing I would be very much appreciate it(yes I realize that was an extremely open-ended plea for help). It seems to me that the documentation regarding Samba LDAP was very verbose up to this point, but then trails off a little bit in chapter 12 regarding configuring LDAP(maybe it's just me?) Anyhow thanks go out to all those on the documentation project. Matt Pusateri Systems Administrator Interactive Medical Systems, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange entries in logfiles
On Sun, 2 Nov 2003, Bart Haezeleer wrote: Recently I discovered some strange entries in my logfiles. Theses entries appears in /var/log/messages and /var/log/samba/log.nmbd Looks like you have configured your windows clients with the WINS address of your Samba server. Your Samba server is not a WINS server. To make it a WINS server add to your smb.conf file, [globals] section: wins support = yes That will improved the reliability of your networking and will eliminate this error report. - John T. ... Nov 2 17:27:32 pc00 nmbd[1093]: [2003/11/02 17:27:32, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(183) process_name_refresh_request: unicast name registration request received for name MYDOMAIN00 from IP IP_CLIENT on subnet UNICAST_SUBNET. [2003/11/02 17:27:32, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(184) Error - should be sent to WINS server ... Nov 2 17:27:32 pc00 nmbd[1093]: [2003/11/02 17:27:32, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(183) process_name_refresh_request: unicast name registration request received for name USERNAME03 from IP IP_CLIENT on subnet UNICAST_SUBNET. [2003/11/02 17:27:32, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(184) Error - should be sent to WINS server This is my global-section of smb.conf [global] add user script = /usr/sbin/useradd -d /dev/null -g NTMachines -s /bin/false -M %u admin users = @ntadmin bind interfaces only = Yes create mask = 0750 domain admin group = @ntadmin domain logons = Yes domain master = Yes encrypt passwords = Yes interfaces = IP_SERVER/24 local master = Yes lock directory = /var/spool/samba logon script = genlogon.bat logon path = \\%N\profiles\%u max xmit = 32767 message command = sh -c '/usr/local/samba/bin/winpopup %f %m %M %s' os level = 64 passwd program = /usr/bin/passwd %u passwd chat = New\sUNIX\spassword* %n\n *Retype\snew\sUNIX\spassword* %n\n passwd chat debug = Yes preferred master = Yes printer admin = @ntadmin read size = 8192 security = user server string = Redhat 7.1 running Samba %v socket options = IPTOS_LOWDELAY TCP_NODELAY username map = /etc/samba/smbusers unix password sync = Yes write list = root writeable = Yes workgroup = MYDOMAIN Does anyone know which options causes theses entries? My system is a RedHat 7.1 upgraded 2.2.1a and later to 2.2.8a All with RPMs found on RPMFIND.NET -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] error message after long connect with windows client(s)
On Sun, 2 Nov 2003 [EMAIL PROTECTED] wrote: I am running Samba version 2.2 on RH9 with a 800mhz w/ 384 SDRAM. My Windows XP clients can connect and map my shares to drives on their machines with no problems, but sometimes after being connected for a couple days they suddenly cannot access the share. They receive an error message stating that it cannot connect to the server. This is only solved by rebooting the RH server, which is problematic because this is in an office with around 8 clients and it also runs the web and email server. Any help would be *greatly* appreciated. Update to samba-2.2.8a or samba-3.0.0, this should solve this problem. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] please help with samba 3.0
On Sun, 2 Nov 2003 [EMAIL PROTECTED] wrote: hi all dose any one know if the recycle bin works on solaris, if yes please if you could tell me how to get it to work. Eli, Please tell me what is not clear in our documentation, we dearly want to improve the quality of it if it is inadequate. You will find a description of how to set up the recycle bin facility in chapter 20 or the Samba-HOWTO-Collection.pdf that shipped with your samba-3.0.0. In case you can not find it, it is also available from: http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE: [Samba] XP Home and Samba? and: two network cards?
On Sun, 2 Nov 2003, Markus Vorpahl wrote: Dan, Don, if you have applied the SignOrSeal registry hack, you should be able to get your XP Home system to see Samba shares. You will be prompted for a user name and password to access these shares. I applied the SignOrSeal registry change manually, but still no shares. Until now, in smb.conf there was security = user set, so there was no domain logon by the WIN98 stations either. Reading the text in http://samba.kn.vutbr.cz/samba/devel/docs/html/domain-member.html: if I only want to share shares, files and printers, let people read and write, is domain logon really needed? Aparently, until now there was none. [global] workgroup = BAERSCH netbios name = server security = user os level = 65 ... In fact, the problem might be related to the fact that the running win98 stations are still connected to the BNC ethernet card in the server, without any WINS server installed, whereas I need to connect the XP stations to another card. Perhaps I should upgrade to 2.2.8a, and then set up a WINS server - any suggestions where I find documentation on this? http://de.samba.org/samba/docs/Samba-HOWTO-Collection.pdf It might help you. If not, tell us what we left out or what is not clear. Most of it applies to Samba-2.2.x, but I'd advise you to update to samba-3.0.x anyhow. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Share ACLs
On Wed, 29 Oct 2003, Douglas Phillipson wrote: Please See ACL related questions below... John H Terpstra wrote: On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote: Hi all, I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls. Chapter 13.1 of Samba-HOWTO-Collection describes: Samba offers a lot of flexibility in file system access management. These are the key access control facilities present in Samba today: 1) UNIX File and Directory Permissions 2) Samba Share Definitions 3) Samba Share ACLs Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it is possible to do this in Samba. Few people make use of this facility, yet it remains on of the easiest ways to a ect access controls (restrictions) and can often do so with minimum invasiveness compared with other methods. 4) MS Windows ACLs through UNIX POSIX ACLs I have a question about Point 3 Samba Share ACLs. Do I need Linux file system ACLs in order to be able to define Samba Share ACLs. No, you do not! You need to use the Server Tools, or the Nexus package from Microsoft as documented in the HOWTO. Are you saying here that you don't need the ACL patch in linux to do ACL's? How much more clear do I need to be? I have written the HOWTO and clearly explained what you need to do to set ACLs on Shares. Then you ask about this because it is not clear enough. Let me try one final time: 1. If you want to set ACLs on Files and Directories, then you must have ACLs support in your OS. 2. If you want to set ACLs on Shares, then you do NOT need ACLs support in your kernel, you DO need to use the MS Server Manager to set ACLs on a share. 3. If you want to force permission in a share definition you do NOT need ACLs in your kernel. I hope this is clear enough? If not I have problems to define ACLs on shares via Windows Explorer from a Windows XP Workstation. my environment: Using the files extracted from the SRVTOOLS.EXE installation, in particular the Server Manager, you must edit the permissions on the Shares themselves. Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8 OpenLDAP 2.1.4 as suer repository. Samba 3.0 is configured as PDC. I can log from a Windows XP workstation in Samba Domain. I can connect to shares defined in smb.conf. All defined access controls in smb.conf works fine. You must log on as the Administrator for the Domain (root). I try to set ACLs on following Share: [Test-Share] path=/home/Test-Share public = yes printable = no writeable = yes Do you have to have nt acl support = yes in any share that will have it's acl's changed by the server tools? No, you do NOT need to set nt acls support = yes to set ACLs on shares. This feature has been deprecated and is no longer supported in Samba-3.0.0. This is an example of setting share definition controls. - John T. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Request for ACL experiences
On Wed, 29 Oct 2003, Douglas Phillipson wrote: I'm having trouble with ACL's and wonder how many others are too. I see conflicting answers and comments about different aspects of ACL's from many prople on the list. I was wondering if ANYONE is successfully using ACL's with Samba 3.0 or above. Yes. I am successfully setting ACLs with Samba-3.0.0. I have the ACLs patch in my kernel so that I can set ACLs on Linux files. Setting ACLs on Shares does NOT AT ALL use kernel ACLS. Were there any commands/configurations you had to use to make ACL's work that were not covered in the 3.0 HowTo? I think we could use some real world working examples here. Please be VERY explicit and complete with concrete examples. Assume those reading your answers are NOT experts! If you see any missing questions that you think might be useful to using ACL's, please add them! Please explain to me what part of the Samba-HOWTO-Collection.pdf, chapter 12 you can ont understand. Precisely what is the problem - I want to fix it. I totally belive you that this chapter is not clear enough. What is not working for you? I do not understand what we are missing. I want to help you. Please give us detailed, step-by-step instructions for how to reproduce your problem. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Share ACLs
On Thu, 30 Oct 2003, Adam Williams wrote: I have a question about Point 3 Samba Share ACLs. Do I need Linux file system ACLs in order to be able to define Samba Share ACLs. No, you do not! You need to use the Server Tools, or the Nexus package from Microsoft as documented in the HOWTO. Are you saying here that you don't need the ACL patch in linux to do ACL's? How much more clear do I need to be? I have written the HOWTO and clearly explained what you need to do to set ACLs on Shares. Then you ask about this because it is not clear enough. Let me try one final time: 1. If you want to set ACLs on Files and Directories, then you must have ACLs support in your OS. 2. If you want to set ACLs on Shares, then you do NOT need ACLs support in your kernel, you DO need to use the MS Server Manager to set ACLs on a share. 3. If you want to force permission in a share definition you do NOT need ACLs in your kernel. I hope this is clear enough? Huh? So do I need ACL support in Samba. :) If you have ACLs support in your kernel, and you want to access them from a Windows client (ie: using Samba), then YES you need to link Samba with the acls-devel libraries. If all that you want is ACLs on shares, then NO, you do not need to link samba with the acls-devel libraries. Do you have to have nt acl support = yes in any share that will have it's acl's changed by the server tools? No, you do NOT need to set nt acls support = yes to set ACLs on shares. This feature has been deprecated and is no longer supported in Samba-3.0.0. Oops! Poops! You've all got me! Sorry. nt acls support is still in use. I checked the smb.conf man page and found it missing. This proves that the docs need to be updated - there's a bug in the docs. Table 13.3 still lists nt acl support listed, and it is mentioned several times in 13.4 13.5 (at least in my version of the HOWTO PDF). Yup. Correct. Thanks for speaking up! It is not listed in the Removed Parameters (30.3.1) section; which it should be if it is deprecated?\ Nor should it be. I goofed up! Maybe this facilitates some of the confustion. Oh, yes! Or my version of the PDF is too old. They all are. A new one will be issued with samba-3.0.1. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Share ACLs
I try to set ACLs on following Share: [Test-Share] path=/home/Test-Share public = yes printable = no writeable = yes Do you have to have nt acl support = yes in any share that will have it's acl's changed by the server tools? No, you do NOT need to set nt acls support = yes to set ACLs on shares. This feature has been deprecated and is no longer supported in Samba-3.0.0. Douglas, Apologies, I misled you. This feature has not been deprecated and it is still supported. The default is Yes so it is not normally necessary to set it. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Share ACLs
On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote: Hi all, I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls. Chapter 13.1 of Samba-HOWTO-Collection describes: Samba offers a lot of flexibility in file system access management. These are the key access control facilities present in Samba today: 1) UNIX File and Directory Permissions 2) Samba Share Definitions 3) Samba Share ACLs Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it is possible to do this in Samba. Few people make use of this facility, yet it remains on of the easiest ways to a ect access controls (restrictions) and can often do so with minimum invasiveness compared with other methods. 4) MS Windows ACLs through UNIX POSIX ACLs I have a question about Point 3 Samba Share ACLs. Do I need Linux file system ACLs in order to be able to define Samba Share ACLs. No, you do not! You need to use the Server Tools, or the Nexus package from Microsoft as documented in the HOWTO. If not I have problems to define ACLs on shares via Windows Explorer from a Windows XP Workstation. my environment: Using the files extracted from the SRVTOOLS.EXE installation, in particular the Server Manager, you must edit the permissions on the Shares themselves. Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8 OpenLDAP 2.1.4 as suer repository. Samba 3.0 is configured as PDC. I can log from a Windows XP workstation in Samba Domain. I can connect to shares defined in smb.conf. All defined access controls in smb.conf works fine. You must log on as the Administrator for the Domain (root). I try to set ACLs on following Share: [Test-Share] path=/home/Test-Share public = yes printable = no writeable = yes This is an example of setting share definition controls. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Share ACLs
On Wed, 29 Oct 2003, Douglas Phillipson wrote: Please See ACL related questions below... John H Terpstra wrote: On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote: Hi all, I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls. Chapter 13.1 of Samba-HOWTO-Collection describes: Samba offers a lot of flexibility in file system access management. These are the key access control facilities present in Samba today: 1) UNIX File and Directory Permissions 2) Samba Share Definitions 3) Samba Share ACLs Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it is possible to do this in Samba. Few people make use of this facility, yet it remains on of the easiest ways to a ect access controls (restrictions) and can often do so with minimum invasiveness compared with other methods. 4) MS Windows ACLs through UNIX POSIX ACLs I have a question about Point 3 Samba Share ACLs. Do I need Linux file system ACLs in order to be able to define Samba Share ACLs. No, you do not! You need to use the Server Tools, or the Nexus package from Microsoft as documented in the HOWTO. Are you saying here that you don't need the ACL patch in linux to do ACL's? No. I am saying that you do NOT need the ACLs patch in order to be able to set ACLs on shares using the Server Manager tool. If you want file system ACLs, you DO need the ACLs patch in your kernel. You asked specifically about ACLs on shares! - John T. If not I have problems to define ACLs on shares via Windows Explorer from a Windows XP Workstation. my environment: Using the files extracted from the SRVTOOLS.EXE installation, in particular the Server Manager, you must edit the permissions on the Shares themselves. Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8 OpenLDAP 2.1.4 as suer repository. Samba 3.0 is configured as PDC. I can log from a Windows XP workstation in Samba Domain. I can connect to shares defined in smb.conf. All defined access controls in smb.conf works fine. You must log on as the Administrator for the Domain (root). I try to set ACLs on following Share: [Test-Share] path=/home/Test-Share public = yes printable = no writeable = yes Do you have to have nt acl support = yes in any share that will have it's acl's changed by the server tools? This is an example of setting share definition controls. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Upgrading to Samba 3
On Tue, 28 Oct 2003, M Gill wrote: Hello We would like to upgrade our Samba 2.2.7 software on Solaris 8 (Sparc) to version 3. We are currently using the server as a member server in a NT4 domain and are using winbindd and have not setup any user/group mappings ourselves as security is set to DOMAIN and we are using our PDC to provide authentication. We have a basic setup (as below). Can we upgrade to V3 and keep the same settings (smb.conf) and not have to add users to smbpasswd? Yes. By default samba-3.0.x should work as close as possible to samba-2.2.x default settings. Your old smb.conf should work just fine. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Account Control Flags in Samba 3.0
On Tue, 28 Oct 2003, Viktor Posta wrote: Hello All ! Can anyone tell me that in the SAMBA 3 the what the account-control flags in pdbedit n,d,h,l,x mean? I haven't found any info on this... Its docuemented in the Samba-HOWTO-Collection.pdf for Samba-3. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] v3.0.0, AD, 2k3 mumbles
Magnus, I can confirm that you need MIT KRB5 1.3.1. I have not yet had sucess with Heimdal 0.6. On Tue, 28 Oct 2003, Magnus B{ckstr|m wrote: I'm running a Samba 3.0.0 server in production in security = ADS mode against a W2k ADS server. Works just fine, thanks! We're sort of under pressure to regrade to a 2003 AD server, which sent me trying stuff out a bit. Meager results. The 3.0.0 I have (linked with MIT krb5-1.2.8) refuses to verify incoming tickets: [2003/10/28 16:27:36, 3] libads/kerberos_verify.c:ads_verify_ticket(317) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) Some frantic googling later it is clear that Windows -really- wants to use kerberos keytype 23, a. k. a. arcfour-hmac-md5, which that particular version of MIT kerberos won't digest. My doubt right now concerns a statement that this arcfour-hmac-md5 choice applies already in AD2000 -- so howcome it works? (A) The 2k AD supports other types as well and makes peace with MIT krb5 whereas 2k3 AD has been lambasted out of such fraternizing habits, (B) The 2k3 AD would support other types after the proper Magic Handwaving, i. e., tweaking of some well chosen registry keys. Does anybody know to enlighten us on this? It seems heimdal-0.6 and MIT 1.3.1 do support arcfour-hmac-md5; tomorrow I will journey up the Repent, Recompile, Restart mountain and then hopefully be one Microsoft wiser. Magnus - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to compile Samba with SSL
On Tue, 28 Oct 2003, [koi8-r] Pavel Shmidt[koi8-r] wrote: Hello! I failed to compile Samba with SSL on Mandrake 8.2 - error while make all in following sequence: ... snip ... Log of the last command attached. What's wrong? Please, help me! Thank you in advance. Pavel. Microsoft Windowss clients do not support SSL. Support for SSL was only ever experimental, has not been maintained, suffered bit rot, and was removed from Samba in Samba-3.0.0. - John T. -- John H Terpstra Email: [EMAIL PROTECTED]Using FLAGS = -DHAVE_CRYPT_DECL -I/usr/local/ssl/include -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE=/usr/local/samba/var -DCONFIGFILE=/usr/local/samba/lib/smb.conf -DLMHOSTSFILE=/usr/local/samba/lib/lmhosts -DSWATDIR=/usr/local/samba/swat -DSBINDIR=/usr/local/samba/bin -DLOCKDIR=/usr/local/samba/var/locks -DCODEPAGEDIR=/usr/local/samba/lib/codepages -DDRIVERFILE=/usr/local/samba/lib/printers.def -DBINDIR=/usr/local/samba/bin -DPIDDIR=/usr/local/samba/var/locks -DLIBDIR=/usr/local/samba/lib -DHAVE_INCLUDES_H -DPASSWD_PROGRAM=/usr/bin/passwd -DSMB_PASSWD_FILE=/usr/local/samba/private/smbpasswd -DTDB_PASSWD_FILE=/usr/local/samba/private/smbpasswd.tdb Using FLAGS32 = -DHAVE_CRYPT_DECL -I/usr/local/ssl/include -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE=/usr/local/samba/var -DCONFIGFILE=/usr/local/samba/lib/smb.conf -DLMHOSTSFILE=/usr/local/samba/lib/lmhosts -DSWATDIR=/usr/local/samba/swat -DSBINDIR=/usr/local/samba/bin -DLOCKDIR=/usr/local/samba/var/locks -DCODEPAGEDIR=/usr/local/samba/lib/codepages -DDRIVERFILE=/usr/local/samba/lib/printers.def -DBINDIR=/usr/local/samba/bin -DPIDDIR=/usr/local/samba/var/locks -DLIBDIR=/usr/local/samba/lib -DHAVE_INCLUDES_H -DPASSWD_PROGRAM=/usr/bin/passwd -DSMB_PASSWD_FILE=/usr/local/samba/private/smbpasswd -DTDB_PASSWD_FILE=/usr/local/samba/private/smbpasswd.tdb Using LIBS = -lssl -lcrypto -ldl -lnsl -lcrypt -lpopt Compiling smbd/server.c Compiling smbd/files.c Compiling smbd/chgpasswd.c Compiling smbd/connection.c Compiling smbd/utmp.c Compiling smbd/session.c Compiling smbd/dfree.c Compiling smbd/dir.c Compiling smbd/password.c Compiling smbd/conn.c Compiling smbd/fileio.c Compiling smbd/ipc.c Compiling smbd/lanman.c Compiling smbd/mangle.c Compiling smbd/mangle_hash2.c Compiling smbd/mangle_hash.c Compiling smbd/mangle_map.c Compiling smbd/negprot.c Compiling smbd/message.c Compiling smbd/nttrans.c Compiling smbd/pipes.c Compiling smbd/reply.c Compiling smbd/trans2.c Compiling smbd/uid.c Compiling smbd/dosmode.c Compiling smbd/filename.c Compiling smbd/open.c Compiling smbd/close.c Compiling smbd/blocking.c Compiling smbd/sec_ctx.c Compiling smbd/vfs.c Compiling smbd/vfs-wrap.c Compiling smbd/statcache.c Compiling smbd/posix_acls.c Compiling lib/sysacls.c Compiling smbd/process.c Compiling smbd/service.c Compiling smbd/error.c Compiling printing/printfsp.c Compiling lib/util_seaccess.c Compiling libsmb/cli_pipe_util.c Compiling msdfs/msdfs.c Compiling param/loadparm.c Compiling param/params.c Compiling libsmb/clientgen.c Compiling libsmb/cliconnect.c Compiling libsmb/clifile.c Compiling libsmb/clirap.c Compiling libsmb/clierror.c Compiling libsmb/climessage.c Compiling libsmb/clireadwrite.c Compiling libsmb/clilist.c Compiling libsmb/cliprint.c Compiling libsmb/clitrans.c Compiling libsmb/clisecdesc.c Compiling libsmb/clidgram.c Compiling libsmb/namequery.c Compiling libsmb/nmblib.c Compiling libsmb/clistr.c Compiling libsmb/nterr.c Compiling libsmb/smbdes.c Compiling libsmb/smbencrypt.c Compiling libsmb/smberr.c Compiling libsmb/credentials.c Compiling libsmb/pwd_cache.c Compiling libsmb/clioplock.c Compiling libsmb/errormap.c Compiling libsmb/doserr.c Compiling libsmb/passchange.c Compiling libsmb/unexpected.c Compiling rpc_parse/parse_prs.c Compiling rpc_parse/parse_sec.c Compiling rpc_parse/parse_misc.c Compiling libsmb/namecache.c Compiling ubiqx/ubi_BinTree.c Compiling ubiqx/ubi_Cache.c Compiling ubiqx/ubi_SplayTree.c Compiling ubiqx/ubi_dLinkList.c Compiling ubiqx/ubi_sLinkList.c Compiling ubiqx/debugparse.c Compiling rpc_server/srv_lsa.c Compiling rpc_server/srv_lsa_nt.c Compiling rpc_server/srv_lsa_hnd.c Compiling rpc_server/srv_netlog.c Compiling rpc_server/srv_netlog_nt.c Compiling rpc_server/srv_pipe_hnd.c Compiling rpc_server/srv_reg.c Compiling rpc_server/srv_reg_nt.c Compiling rpc_server/srv_samr.c Compiling rpc_server/srv_samr_nt.c Compiling rpc_server/srv_srvsvc.c Compiling rpc_server/srv_srvsvc_nt.c Compiling rpc_server/srv_util.c Compiling rpc_server/srv_wkssvc.c Compiling rpc_server/srv_wkssvc_nt.c Compiling rpc_server/srv_pipe.c Compiling rpc_server/srv_dfs.c Compiling rpc_server/srv_dfs_nt.c Compiling rpc_server/srv_spoolss.c Compiling rpc_server/srv_spoolss_nt.c Compiling rpc_client/cli_spoolss_notify.c Compiling rpc_parse/parse_lsa.c Compiling rpc_parse
[Samba] Re: HowTo 3 book?
On Tue, 28 Oct 2003, jonlists wrote: John. when is your book (and your co-author's G) available? Amazon says November, but early november, late, or plan for a christmas present for myself?? Jon, Thanks for getting in touch. I have had a number of emails asking about the availability of the book. I can only respond with what I know. The book went to the printer exactly on time on September 24th. The books left the printer right on time on October 15th. They then shipped from the Prentice Hall ware house right on time. I am not able to comment further as I do not know what is happening. I am copying your email to Prentice Hall in the hope that this will help to expedite things. I assure you the book is available - I am at Usenix LISA'2003 in San Diego, USA, signing books that people are buying at the conference. I am following up with Prentice Hall in the hope that they can shed light on the information on the Amazon web site and will report findings to the samba mailing list when I get word back. Apologies for the delays. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can Samba export 2TB+ filesystems?
On Mon, 27 Oct 2003, Greg Freemyer wrote: Does Samba have any max filesytem limitations. In particular can both 2.2.8 and 3.0 support 2TB+ filesystems. Samba is limited by the underlying OS alone. Samba places no limits on the size of a file system. For now, I am thinking of 6TB max, so I don't need to know about Petabytes or Exabytes. The other side of the question, is can Win9x, Win2K, etc. work with filesystems over 2 TB. Yes. They just report a strange storage capacity. If the above is in a FAQ somewhere, a url would be great. Greg - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba dhcp issue
On Mon, 27 Oct 2003, Daniel Buchanan wrote: I have sort of the same problem that other people have reported with nmb. Only in my case i'm running dhcp client. It appears that the ip address is not being assigned quickly enough as this is what nmb complains about in the log:no local interfaces. Once i login to kde and su to root in a term session, I can issue the restart command and it works very nicely:). So what,if any, is the workaround for this timing issue? This is a Linux system configuration issue. This is a Samba issue IF you are using the official Samba-Team RPM. If you are using a vendor supplied RPM you need to take this up with the vendor. You need to make sure that Samba is not started up before your networking has been correctly started. Your choices are: - Contact your Linux Vendor for a fix _OR_ - Fix it yourself If you want to fix it yourself, you must: chkconfig nmb stop Edit the nmb file in the Init Scripts directory. At the top you will find the control settings for run levels and dependencies. These need to be adjusted so that nmb will start at the correct time. chkconfig nmb start You should do the same for smb. Note some vendors use different names for the control scripts that are run as part of the SysV InitScripts process. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles in Samba 2.2 vs 3
On Mon, 27 Oct 2003 [EMAIL PROTECTED] wrote: Hi, I'm getting a bit further but now I get the message; Windows did not load your profile because a server copy already exsists that does not have the correct security. Either the current user of Administrators group must be the owner of the folder. You will need to log onto the Windows client as Administrator for the local machine and delete the existing profile. Hint: Right click on My computer, select properties, find the tab that leads to the profile manager. Cheers, John T. This happens if the profile folder exsists or not. The Unix perms are chowned to the user logging in and I've tried; chown profile chmod -R 700 chmod -R 777 I've also mapped the NT group to the Unix group via the net groupmap add facility. I did compile with --with-automount and --with-acl-support. I'm not sure if Samba 2.2.7 with Redhat had these features. Bri- -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profile question
On Sun, 26 Oct 2003, kenjie Trillanes wrote: Everyone, I didn't know where else to call for help. Here it goes. I trying to replace our Win2k PDC with a combination of Samba3-LDAP-PDC. But I'm not having much luck in retaining my user's local profiles, I want this PDC migration to be as simple and transparent as possible, but the new samba pdc doesn't seem to want to recognize the old profiles (same with the clients,even with the same domain name they would not recognize the PDC as the old one). Can anyone help? What must I do to retain my user's local profiles ??? (and I don't want to store the profiles on the server since some of them are huge profiles). Your choice is either obtain the old PDC SID and store that into your Samba server (See man page for 'net getlocalsid', 'net rpc' sid stuff) or else you need to use the 'profiles' tool to change the SID in the profile NTUser.DAT files to match your Samba domain SID. The 'net' command and the 'profiles' tool are part of Samba-3.0.x. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 - ldap backend and idmap?
On Sat, 25 Oct 2003, Eddie Lania wrote: Hello people, Can somebody answer my question? Is it so that using samba 3.0 with ldap backend requires idmap backend also? Thus for mapping unix ID's to Smaba ID's? My thanks in advance for an answer. The passwd backend is a separate issue from the idmap backend. Of you will never need more than just a PDC, then there is no compelling reason to store idmap backend in an ldap database. On the other hand, if you do need more than a single Samba PDC (ie: PDC and one or more BDCs) and you need consistant UID/GIDs across the whole network, then an idmap backend in ldap is a must. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advice needed for Samba 3 setup for multiple Linux boxes in established Win2k AD domain...
On Fri, 24 Oct 2003, VR-Bug Support wrote: Hi all, I have the lucky task of being able to set-up a DEV environment for our developers. We plan on using redhat 9 with Samba 3 and making each server an AD domain member of an established Win2K domain. The advice I would like is the best way to implement this, I'd like to hopefully leave the Win2K domain admins power to create users on the Win2K domain, and automatically add users to the Linux Samba servers, if it's possible. Samba does not do account synchronisation with UNIX. That would be a bad solution from an administrative perspective. Samba allows you to use NT4 domain, or Active Directory, accounts without requiring local /etc/passwd entries. Winbind is the tool that handles that. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A workstation w2k is into domain samba3+ldap but during login, it fail.
On Fri, 24 Oct 2003, suppressor_g3 wrote: Hello all, A workstation w2k is into samba domain, but during login, it fail. But in the samba server logs this user auth in the w2k with success, no error return. And don´t login. Sorry. You will need to provide much more information that this if you want help from this list. Debug logs are needed, configuration information is needed, and so on. Have you read the Samba-HOWTO-Collection.pdf chapter Domain Control? You can obtain it from http://samba.org/~jht/HOWTO/Samba-HOWTO-Collection.pdf - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Should I use winbind in this case
On Fri, 24 Oct 2003, Douglas Phillipson wrote: I can't seem to get an answer to this question... Should I use winbind if my Domain Controller is a samba machine? Or is it only useful if my DC is a real MS DC and I have other unix/linux client machines? Winbind works with both Windows and Samba. If you want a distributed Samba environemnt you want samba and winbind. Is that definitive enough yet? I'm strictly wanting to provide file and domain logon services to Win2000 machines via a samba DC. There are no other DC's involved. After reading the 3.0 HowTo on winbind all I see are references to winbind helping linux/unix resolve usernames from a Windows DC. If I'm using a linux/samba box as the DC I don't need this for my win2000 users, in a domain on the Samba DC, to gain access to shares, right? Would winbind help me in any other way in trying to use ACL's? Yes. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles in Samba 2.2 vs 3
On Fri, 24 Oct 2003 [EMAIL PROTECTED] wrote: Hi, Below is a snippet of my .conf file that worked in 2.2.7a; If it worked it did so despite being broken! See fixes below. [netlogon] comment = network logon service path = \\stuff\people\netlogon path = /stuff/people/netlogon read only = no browseable = no guest ok = yes [profile] comment = user profiles path = \\stuff\people\%U path = /stuf/people/%U writeable = yes browseable = no Using v3.0 during a logon session from a 2K ws I get; Windows cannot create profile directory \\% N\username\profile.pds Any ideas what in I need to do? See above. Samba share specs read UNIX paths - not Windows UNC names. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configure file sharing for Samba...
On Thu, 23 Oct 2003, Matt Beglinger wrote: Hello, I'm setting a PDC/fileserver for my company. All the files are being hosted on the Samba PDC server. We have a single company directory that everyone in the company has full access to. Inside the shared company directory is a directory (among many others) that I would only like certain users to be able to view. I know this is possible but here's the problem: As far as I know, for everyone to share files happily I had to set the force create mask option to 0777. Without this option set whenever an employee would save a Word document and another employee were to load that document it would load as read only. If I manually changed the permission to 777 for that file and that same employee were to reopen the file, it would open just fine without read only status. That's where I got the idea of forcing permissions to 777. So maybe I'm going about this all the wrong way, but to recap: We have a company directory that we want all employees to be able to view/edit/change whatever. But there is a directory within this shared directory that we would only like a certain list of people to have access to. But I've found it necessary to force create mask of 777 because of the read only problem. Anyone have a idea. I'm stumped and haven't had any success yet. Have you tried setting the user and group ownership of hte directory to what you want, and then setting SUID/SGID on the dierectory? This way all files in the directory get written with the ownership of the directory. You can then have sub-directories that have differing user and group ownership providing the exact effect you want. Samba is share settings are a poor substitute for what is easily done in the OS. If you need further info check out the Samba-HOWTO.Collection.pdf for Samba-3. It's available from the Samba Web site. You need to check the chapter titled File, Directory and Share Access Controls. Cheers, John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 in MIT Kerberos Realm
On Wed, 22 Oct 2003, Aaron Rosenblum wrote: I would be willing to write up docs on this and send them to the community, should I get it working (with your help)... Please send me your notes in any form convenient to you. I can convert them to XML and will include them in the HOWTO. Thanks for offering to help. - John T. aaron On Oct 21, 2003, at 8:07 PM, Aaron Rosenblum wrote: Hi, I have been reading through the docs for Samba 3, and there is a lot of talk about how samba 3 can function in an AD domain as a member server and accept kerberos service tickets issued by an MS KDC. (net ads join, etc...) I have a slightly different twist on a similar situation. I have an MIT kerberos realm set up and my Windows2000 PCs get tickets from this realm on login just fine. I would like to set up a samba server as purely a fileserver, and I want my PC clients to be able to mount samba shares using Kerberos service tickets issued by my MIT KDC. I know many more people are probably using AD as their KDC, but we want to decrease our reliance on AD. (That is the idea, isn't it? :-) ) It seems like this should work. Is this possible? If so, how do I configure the samba server? What do I tell my Kerberos admin to put in the keytab for samba? ie smbserver/[EMAIL PROTECTED] ??? As an addition, I am fine with managing my users locally on this samba server (as opposed to binding to an LDAP server). Our KDC has a large number of users in it, and I only want to give access to a very small subset of these users. I just want these users to be able to present a service ticket from our MIT realm as authentication instead of being prompted for a password. any input would be greatly appreciated.. thanks Aaron -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More than one wins server - Samba Version 2.2.8a?
On Wed, 22 Oct 2003 [EMAIL PROTECTED] wrote: Can I specify more than one wins server in smb.conf to use both primary and secondary wins servers? If so, is this comma or space separated: e.g. wins server = xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx This is not supported in 2.2.8a, it is in Samba-3.0.0. I am running Samba Version 2.2.8a from the www.sunfreeware.com packages on Solaris 9 on a Sun-Blade-100. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More than one wins server - Samba Version 2.2.8a?
On Wed, 22 Oct 2003, [ISO-8859-1] Gémes Géza wrote: John H Terpstra írta: On Wed, 22 Oct 2003 [EMAIL PROTECTED] wrote: Can I specify more than one wins server in smb.conf to use both primary and secondary wins servers? If so, is this comma or space separated: e.g. wins server = xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx This is not supported in 2.2.8a, it is in Samba-3.0.0. I am running Samba Version 2.2.8a from the www.sunfreeware.com packages on Solaris 9 on a Sun-Blade-100. - John T. Can samba-3.0.* act as primary/secondary wins server? There is a utility called 'wrepld' that does WINS replication but it is not complete and needs further work. Samba-3 does support WINS fail over as a WINS client. nmbd does not do active WINS replication. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More than one wins server - Samba Version 2.2.8a?
On Wed, 22 Oct 2003, Adam Williams wrote: Can I specify more than one wins server in smb.conf to use both primary and secondary wins servers? If so, is this comma or space separated: e.g. wins server = xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx This is not supported in 2.2.8a, it is in Samba-3.0.0. I am running Samba Version 2.2.8a from the www.sunfreeware.com packages on Solaris 9 on a Sun-Blade-100. Can samba-3.0.* act as primary/secondary wins server? There is a utility called 'wrepld' that does WINS replication but it is not complete and needs further work. Samba-3 does support WINS fail over as a WINS client. nmbd does not do active WINS replication. Just curious how possible it would be to use an alternate (say LDAP) backend for the WINS data, much like what can be done with the SAM? Yes. It is possible. We had a tdb backend during early Alpha test - works fine, but we did not have tools to manage static entries and therefore backed it out. If this is really an URGENT issue then file a bug report. If this is just a nice to have feature let me suggest that we leave it lie. We have very pressing priorities already. The issues we are working on have for more reaching and penetrating importance than WINS replication and fail-over WINS type concerns. Then again, if you want to code it up and submit to samba-technical then more power to you! - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 -- ACLs are unusable due to UID/SID mapping weirdness :(
On Wed, 22 Oct 2003, Eric Horst wrote: By consistent and simple I mean, something like -- you have a Windows user that needs to get to a Samba share? Create a UNIX account with the *same name* and you will get an smbd process with the UID and hence the permissions of that user accessing the files on the server (ok not always). The authentication will be done on the NT side though. Nope. You should use winbind for that. Any other way will cause you problems when you try to use ACLs. I think I understand at least a part of Anton's issue. It's one that I've been thinking about as we deploy Samba 3.0. We never really thought much about ACLs until now and have never run winbindd. The problem boils down to this: We currently have a group of seven Samba/NFS file servers which are members of a Windows domain. The Windows usernames and group names are synchronized. The numeric UIDs and GIDs are uniform across all of them by virtue of the fact that they have a common /etc/passwd. We want to jump on the ACL bandwagon and do things right using winbindd. However, in a distributed environment the official way of mapping SIDs to UIDs consistently across the servers involves an 'idmap backend'. All of the idmap backends involve ldap. It is frustrating that I have to introduce the overhead of deploying an LDAP server and populate it with UID mappings even though the file servers already have an /etc/passwd which has enough information to map numeric Unix UIDs consistently. I know idmap'ing was a hot topic during development so you have probably already considered all of this. At the time, watching the discussion I didn't follow it all but now starting to consider deployment the issues are becoming clearer. Equally, the real issues, where the rubber meets the road, are becoming clearer also. We anticipated these concerns correctly. I am glad we have only a simple problem today. It could have been much more challenging. We are now at a point where if the current limitations are too restrictive we must know that very soon. I do not know if this can be changed for 3.0.1 (Jeremy will have to weigh in on that), but if the case is strong enough it may be addressed for 3.0.2 (even that depends on what sort of ground-swell there is for a change). So here is my take: If this is a big show stopper issue please file a bug report on https://bugzilla.samba.org. Please, if this is NOT a show-stopper, then let's not pressure the developers too hashly - we pay them peanuts and expect them to work night and day already! :) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : RE : [Samba] Xp without netbios - few questions with samba 3 - smbldap_open: cannot access LDAP when not root
JM, Suggst you file a bug report on http://bugzilla.samba.org - at least that way it will get looked at. Suggest you put a relatively low priority on it unless it really is a life threatening issue. - John T. On Tue, 21 Oct 2003, jean-marc pouchoulon wrote: Thanks for all your answers. I am not sure how well this would work in the absence of Active Directory and the AD DNS entries. The registry entry HKEY_CURRENT_USER/VOLATILE ENVIRONNEMENT store the LOGONSERVER for a user. With a new user I can't log to the domain. Tghat's clear now. The error message smbldap_open: cannot access LDAP when not root.. Has no explain ? Link with netbios ? From this it appears you have configured Samba-3 to use ldapsam and have not provided the administrative password for LDAP in your secrets.tdb file. Use the smbpasswd command with the '-w' option to set that. I am sure that the password is store in secrets.tdb. In fact the problem happens every time I search for a group in my xp client (I found the group): So no link with netbios. ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1 -XXX-XXX-513))] [2003/10/14 16:50:03, 0] lib/smbldap.c:smbldap_open(799) smbldap_open: cannot access LDAP when not root.. In smbldap.c I found : #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { DEBUG(0, (smbldap_open: cannot access LDAP when not root..\n)); return LDAP_INSUFFICIENT_ACCESS; } #endif Bug ? Jean-Marc Pouchoulon. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3+Win9x userlist, Bug?!
On Tue, 21 Oct 2003, [ISO-8859-2] Gémes Géza wrote: Dear List, Few days ago I've posted, that my Win9x boxes are unable to get the list of domain users and groups from samba-3.0.0 server (for details see bug 596). Unfortunately the same is true for samba-3.0.1pre1. Please people also having win9x boxes and Samba3 PDC confirm that it is a bug, or a configuration error. Looks like a configuration error at your end. I just checked with My Windows Me and with Windows 98 - both work just fine against 3.0.1pre. Thanks for any suggestion. Email me your smb.conf file and I'll look at it when I get a moment. I'm getting crazy, 3/4 of my windows boxes are win9x :-( Now we can understand why you are going crazy. :) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3+Win9x userlist, Bug?!
On Tue, 21 Oct 2003, Gémes Géza wrote: |Few days ago I've posted, that my Win9x boxes are unable to get the list |of domain users and groups from samba-3.0.0 server (for details see bug |596). Unfortunately the same is true for samba-3.0.1pre1. |Please people also having win9x boxes and Samba3 PDC confirm that it is |a bug, or a configuration error. | | Looks like a configuration error at your end. I just checked with My | Windows Me and with Windows 98 - both work just fine against 3.0.1pre. | |Thanks for any suggestion. | | Email me your smb.conf file and I'll look at it when I get a moment. | |I'm getting crazy, 3/4 of my windows boxes are win9x :-( | | Now we can understand why you are going crazy. :) | | - John T. I forgot to mention, it works with tdbsam, but doesn't with ldapsam. Here is my smb.conf with ldapsam (the only relevant diferences are in domain name, netbios name, passdb backend, and add, modify or delete user, group and machine scripts): And I did not mention that my production network uses tdbsam. You config looks Ok. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba]Samba3+Win2k/XP profiles issues caused by my stupidity
On Wed, 22 Oct 2003, [ISO-8859-1] Gémes Géza wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear List, Thereby sorry for being stupid ;-). All my Win2k/XP profile issues were caused by forgetting to specify writable = yes on the profiles share. Geza, Someone who has made many mistakes has learned a LOT! :) Keep going, it's a long road to genius status. :))) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WIN XP Logging on after joining domain
On Tue, 21 Oct 2003, Rich Webb wrote: Rich, My purpose is not to criticise, just to respond to the implied question regarding the comprehensiveness of the documentation. We all recognize that the quality of our documentation can be improved. The only way we can improve out documentation is when our users either contribute updates or provide definitive feedback that helps us to determine what parts of the documentation need to be extended/updated. Please see my comments below. - Original Message - From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: Rich Webb [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 9:49 AM Subject: Re: [Samba] WIN XP Logging on after joining domain -- possible bug? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich Webb wrote: | I am running samba version 3.0.1pre1 | | I was able to join my XP machine to my samba domain without problems, | however after joining, I cannot log in. ... | [2003/10/16 19:50:46, 1] auth/auth_util.c:make_server_info_sam(821) | User nobody in passdb, but getpwnam() fails! ~ error message is pretty clear here. Looks like your have a problem with your guest account. Thanks Jerry, that was the fix. This might be a clear message to you, however I did not know (and I don't know if it is clear in the docs) that Samba-HOWTO-Collection.pdf: See Section 10.7.2, 10.8.2, 18.4.1.2 samba uses the nobody account for guest. Further, I am running this on a home built linux from scratch (LFS)box that prior to tonight did not have a nobody account. Most all the documentation assumes that the user is running some main line distribution of linux (which probably most are) and leaves out some details that are important, yet are default in a main line distro. I have yet to find any Linux Standards Base compliant Linux system that does not include the nobody account. In any case, I really appreciate you helping me out with this one. I can now log in. The fix was that I created a nobody user in my /etc/passwd and added it to my samba passdb, however now that I think about it, I probably don't need it in the passdb as the error says it is already there. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connecting XP pro to Linux
On Tue, 21 Oct 2003, Matt Home wrote: I am trying to get my XP pro machine to share files and printers with a Linux system. The XP laptop computer is part of my companies domain (abcdef), no workgroup is specified. What I have: All of my boxes are DHCP with a Linksys Firewall/router. All machines can see the internet. I can see the Linux machine in the XP network neghborhood. But when I try to browse the Linux system my system cannot see the shared directories. Where do I find instructions to let my XP and Linux boxes share files, printers etc? Have you read the Samba-HOWTO-Collection.pdf? It's available from: http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf Chapters 33 and 34 may help you - after you have read the chapters on Server Types and Security Modes, Network Browsing. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Documentation
Someone wrote in: It was not my intent to question the comprehensiveness of the documentation. Nothing in Samba is sacrosanct. It is my purpose to question the quality of all work I do. I will not rest until the HOWTO is complete and can not be improved upon. To achieve that I need help from real people, like you. The fact that I took pride in the work done is self evident, that does not give me the right to a king sized ego about the HOWTO. I do however believe that I have every responsibility to continue to improve the documentation until everone who reads it writes to this list and says, Wow! I found exactly what I needed after opening the first page!. Until that happens, please keep the feedback coming so we can improve it further. Spare nothing in telling me what needs to be improved. If you find an error, or just something that is not clear to you, tell me. Above all, please be sure to contribute all tips, nifty techniques, perls of wizdom (however small), pointers to valuable information, and anything that saved you even one minute. The quest to improve the documentation has barely begun. Anyone, everyone, tell me more of what information you need to help you to get more value out of Samba. This is a community effort, you can make a difference - do not let the opportunity go by. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] swatlib?
On Mon, 20 Oct 2003, Alex wrote: Hi, Anyone have by any chance created a swatlib? I'm curious about maybe making a swatlib that can be used as the basis to make a php loadable module to control Samba's config file No. Not takers for this yet. SWAT really needs a make-over. Are you interested? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting a list of all possible smb mounts (and bug report on smbtree)
On Mon, 20 Oct 2003, Buchan Milne wrote: It seems to be a bit broken in samba-3.0.1pre1 though ... firstly it wants to be able to write to the log directory, and after changing the perms on the log directory, it dies loading codepages: Buchan, I just tried this with CVS checkout from 8 hours ago and it works fine on SuSE 8.2. [EMAIL PROTECTED]:~ smbtree -Ujht Password: MIDEARTH \\FRODO Samba3 \\FRODO\jht Home Directories \\FRODO\raw raw \\FRODO\photo Hewlett-Packard PhotoSmart P1000 \\FRODO\normal_gray Hewlett-Packard PhotoSmart P1000 \\FRODO\normal Hewlett-Packard PhotoSmart P1000 \\FRODO\lp lp \\FRODO\high_gray Hewlett-Packard PhotoSmart P1000 \\FRODO\highHewlett-Packard PhotoSmart P1000 \\FRODO\draft_gray Hewlett-Packard PhotoSmart P1000 \\FRODO\draft Hewlett-Packard PhotoSmart P1000 \\FRODO\ADMIN$ IPC Service (Samba3) \\FRODO\IPC$IPC Service (Samba3) \\FRODO\cdr CDR Production Files \\FRODO\dataData Stuff \\FRODO\media Public Stuff \\FRODO\ProfilesRoaming Profile Share \\FRODO\print$ Printer Drivers Share [EMAIL PROTECTED]:~ smbtree -V Version CVS 3.0.1pre2 I'm not sure what the problem might be at your end as I can not reproduce the failure. Anyone else having problems with smbtree? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba very, VERY slow ...
On Mon, 20 Oct 2003, David Brodbeck wrote: -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Eric, Suggest you replace the ethernet card and/or the network cable. Sounds like a hardware issue. Mismatched duplex settings (full vs. half) can also do this. Not all hubs/switches auto-detect the ethernet card's setting properly. Classic symptoms of a duplex mismatch are that pings and small transfers to/from the machine work fine, but large transfers (with FTP, samba, or anything else) bog down badly. Oops. Correct. Sorry for leaving that out. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Network Trash Folder - how to do it?
On Mon, 20 Oct 2003 [EMAIL PROTECTED] wrote: Hello,I saw on Apple mashines connected to AppleShare Server that they had something called 'Network Trash Folder'. That is if some is working on a server volume and deletes a file from the volume, the file appears in user's Trash on his Desktop (butit is really placed on the server in volume's special folder called 'Network Trash Folder'). So he can restore the file if he needs.And when the user purges his Trash, the file is permanently deleted from server.Is it possible to make the same thing with Samba (running on Linux server) and MS Windows users? Refer to the Samba-HOWTO-Collection.pdf that shipped with Samba-3.0.0 and can be obtained from: http://pl.samba.org/samba/docs/Samba-HOWTO-Collection.pdf See Chapter 20.3.4 - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Xp without netbios - few questions with samba 3 - smbldap_open: cannot access LDAP when not root
On Mon, 20 Oct 2003, jean-marc pouchoulon wrote: Hi, On samba 3 winserver enabled On xp I can work with smb on 2 ways 1 ) smb over tcpip without netbios. I was suprised because I can logged onto the domain. Xp client found the primary domain controler. I am not able to add permissions ( only the local machine domain is visible ). How xp client found the DC ( cache DC name on the client , wins answer on port 445 ?) Correct. NetBIOSless SMB uses port 445. Refer to the Samba-HOWTO-Collection.pdf - chapter 10.3.2, see also chapter 6.2.5.2. On review of the information I refer you to above, it is clear that we need to provide more information. I guess that means there is more writing to be done. :( - John T. 2 ) smb over netbios. Samba works with port 139. Ok clear for me. 2 bis ) smb over netbios with value coming from the dhcp. I was also suprised that samba use port 445. It's true that the only parameter is the netbios node type (h-node). It works. But why 1) way is not working to retrieve users? I can see in the log : [2003/10/20 15:00:49, 0] lib/smbldap.c:smbldap_open(799) smbldap_open: cannot access LDAP when not root.. I have this message only in this case. Jean-Marc Pouchoulon -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba very, VERY slow ...
On Mon, 20 Oct 2003, Eric Maisonobe wrote: Eric, Suggest you replace the ethernet card and/or the network cable. Sounds like a hardware issue. Mismatched duplex settings (full vs. half) can also do this. Not all hubs/switches auto-detect the ethernet card's setting properly. [...] Thanks for your help ! I've found a solution to my problem : I've added the option : socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 What is your platform and kernel version? It will help to know that so I can document this. - John T. instead of only : socket options = TCP_NODELAY Now, the clients open the appli under 4 seconds !!! (instead of 40 before!). And moreover : i think they open under 4 seconds because they are slow and they have to analyse the data sended by samba. Samba should bring them the data under a much more short delay !!! -- oO--Oo Eric MAISONOBE [EMAIL PROTECTED] oO--Oo -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] Xp without netbios - few questions with samba 3 - smbldap_open: cannot access LDAP when not root
On Mon, 20 Oct 2003, jean-marc pouchoulon wrote: Bonsoir John Refer to the Samba-HOWTO-Collection.pdf - chapter 10.3.2, see also chapter 6.2.5.2. On review of the information I refer you to above, it is clear that we need to provide more information. I guess that means there is more writing to be done. :( I Read them carefully ( and cris hertel book implementing cifs too), but maybe I misunderstood or you misunderstood my basic english. New formula for my question : I have no windows 2000 dns , how the xp client found the domain if it has no netbios layer? using wins ? I think wins was working on port tcp 137 and was linked with netbios. No netbios no wins no ? No wins no DC ? WINS is an atifact of NetBIOS over TCP/IP. In the absence of NetBIOS over TCP/IP the Windows 200x/XP client can use only DNS to lookup names (ie: to find servers as well as essential services that they provide). That is why the DNS server you use must include all the special entries that are shown in chapter 10.3.2. Of course, only those that are applicable should be added to the DNS database. ie: To find a DC the Windows 200x/XP client will need to resolve the following records: ldap._tcp.pdc.ms-dcs.Domain ldap._tcp.writable.ms-dcs.Domain ldap._tcp.GUID.domains.ms-dcs.DomainTree I am not sure how well this would work in the absence of Active Directory and the AD DNS entries. In any case, for server configurations without NetBIOS over TCP/IP understand that the name resolution mechanism relies on DNS. The error message smbldap_open: cannot access LDAP when not root.. Has no explain ? Link with netbios ? From this it appears you have configured Samba-3 to use ldapsam and have not provided the administrative password for LDAP in your secrets.tdb file. Use the smbpasswd command with the '-w' option to set that. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain groups
On Mon, 20 Oct 2003, Douglas Phillipson wrote: I have ACL's enabled and am getting a new error, in the Samba log (V 3.0.1Pre1, when attempting to set permissions on a file through Win2000: get_domain_user_groups: primary gid of user [terry] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that The primary UNIX group for each user must map to a Domain group. That's all it means. Do I need to create a group on the windows(2000) side? The entries in the domaingroup.map don't do this? Please be verbose in answering. A couple of good example wouldn't hurt also. I have a domain group map: domain group map = /etc/samba/domaingroup.map Contents of this map are: domuser = Domain User domadmin = Domain Admin This is NOT supported in Samba-3. Instead you need to use the 'net groupmap' facility to map UNIX groups to NT Groups. This is well documented in chapter 12 of the Samba-HOWTO-Collection.pdf. I presume you did read it? To map the UNIX domuser group to Domain Users: net groupmap modify ntgroup=Domain Users unixgroup=domusers I have terry in /etc/group and passwd as such: /etc/passwd: terry:x:505:1::/home/terry:/bin/bash /etc/group: domuser:x:1:terry, phillipd These entries are Ok. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA 3 and Windows2000 mixed mode trust
On Mon, 20 Oct 2003, Phil Quinney wrote: Excuse me for possibly being stupid, but is winbindd necessary for the trust between a samba domain and a windows domain? In one word: Yes. How else would Samba be able to map foriegn SIDs to local UID/GIDs? - John T. Thanks for everyone's help, Phil. On Monday, October 20, 2003, at 03:20 PM, [EMAIL PROTECTED] wrote: I have add this line in my smb.conf and I have start also winbind daemon, and the trust work. winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = Yes Bye Giovanni -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 -- ACLs are unusable due to UID/SID mapping weirdness :(
On Mon, 20 Oct 2003, Anton Solovyev wrote: Having read your posting, I believe I need your help to fix our documentation. Are you willing to help me to do that? Hi, I am sure somebody asks this question about once a week. Since I have not found an answer I assume the worst -- it just does not work. Please do not assume that because something does not work the way you have tried it that this means that Samba is broken. That is a bit like failing a driving test and then claiming that the test vehicle must have been defective! Have you read the Samba-HOWTO-Collection.pdf? Did you understand it all? Did you red the chapter on Group Mapping? Did it help you any? What do we need to add to the documentation to help someone else to understand the issues and to help them to find a solution. I need your feedback to help improve our documentation. Perhaps it is all wrong. It could be you know! So, here goes my problem. I am testing Samba 3.0.0. I have got UNIX and Windows domain users matching each other one-to-one. Here we go! What do you mean by: users matching each other one-to-one? Please explain this fully. I do not want to jump to conclusions, but my reading is that you have added users to the Samba server while it is a domain member server. Is my interpretation correct? The server is running with security = domain. Everything works fine and all Windows users connecting to Samba get mapped into their respective UNIX user ids. Everything is nice, simple and consistent. So you have a Windows NT4 Domain, or Active Directory? I can't really tell from your description. It does matter - it would certainly help me to help you. I have to tell people time and again that my crystal ball is worn out and my guessing is lousy! :) How did you join the domain? What precise steps did you take? Help me to reproduce your problem! What information can you glean from the samba log files to confirm that everything is nice, simple and consistent? Now I want to enable ACLs and fortunately the host OS supports them fine. Here the trouble starts. It looks like ACLs refuse to work in the absense of winbindd. Precisely, which user identities (or group identities) do you want to include in the ACLs? Accounts that are in /etc/passwd on the Samba server, or Domain Accounts? If you have a johndoe account in the Samba /etc/passwd, and a johndoe account on the Domain as well, then you need to realise that they are two totally different users. One is machine local and tied to the SID of your Samba server, the other is Domain Global, and is tied to the Domain SID. Do you recognize that? If you want to be able to use Domain accounts then you must have winbindd running. So I start winbindd and... get random mapping of NT domain accounts into UNIX ids in the range of idmap uid/gid. So, for example, if I create a file from the windows side it gets ownership of: solovam/uid=1001 on the UNIX side. Windows says the owner is: \SAMBA-SERVER\solovam Which is already strange, I expect \DOMAIN\solovam like on all NT boxes. No. As I mentioned, a Samba server /etc/passwd account called 'solocam' is an entirely different user account from user 'solovam' on a Domain Controller. If I try to add and ACL entry for myself to this file, I get a POSIX acl entry for: ???/uid=4 Thanks to NSS (entry in /etc/nsswitch.conf) this is a domain account. which is what winbindd assigned for my SID. At this point Windows says this was an ACL entry for user: \DOMAIN\solovam Right. As expected. So, this is basically the problem. When I connect to Samba server I connect as \DOMAIN\solovam and use domain password. The files I create belong to my UNIX account solovam. At the same time if I check ownership, I see that I act as \SAMBA-SERVER\solovam! If I try to change ACLs, I am back to being \DOMAIN\solovam, but my SID is now mapped by winbindd to something randomly selected. Nope. I already explained that. Well, there are a lot of funny implications at this point (like change UNIX permissions to 000 and try to add full control ACL for the domain user, which resets UNIX permissions again!), but the bottom line is that Samba in this area is completely broken and horribly inconsistent. Alternatively, could it possibly be that your understanding of how this ought to work is completely uninformed, or completely unrealistic, or maybe just a little bit off. I hope I am missing something really obvious, but after a day of looking at documentation I doubt it is so. What documentation did you look at? What documentation (specific pages etc.) did you look at that allowed you to come to the conclusions you have arrived at. Maybe, just maybe, your conclusions are perfectly valid and the documentation is completely wrong. Which ever it is, will you help me to fix it? Thanks. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http
Re: [Samba] Re: swatlib?
On Tue, 21 Oct 2003, Alex wrote: Hi John, Well... that's a tough one. :-) I'm under the gun to do some php thing with samba's config. Either template based, or something off of loadparm.c. It just strikes me that the guts of the config file loading, saving and parsing are already implemented in C, yet are only used in cgi.c by swat. My C is VERY rusty (haven't coded a good solid app in about 8+ years)... On the other hand, getting a php module out of that code would be pretty sweet and make a lot of people's life easier. :-) So what I'm gonna do is 2 things. First, make a little parser bridge for testparm's output (php-ize the output and use that for constraints checking), and try to make a loadparm lib.. it won't be a try swat replacement, just something to deal with samba's config file.. I'll give a stab at it.. nothing official. :-) Unless it a success. :-) I am lookingforward to your contribution. Cheers, John T. Alex John H Terpstra wrote: On Mon, 20 Oct 2003, Alex wrote: Hi, Anyone have by any chance created a swatlib? I'm curious about maybe making a swatlib that can be used as the basis to make a php loadable module to control Samba's config file No. Not takers for this yet. SWAT really needs a make-over. Are you interested? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 -- ACLs are unusable due to UID/SID mapping weirdness :(
On Mon, 20 Oct 2003, Anton Solovyev wrote: John, John H Terpstra wrote: Having read your posting, I believe I need your help to fix our documentation. Are you willing to help me to do that? I could try. Thanks.[B I am sure somebody asks this question about once a week. Since I have not found an answer I assume the worst -- it just does not work. Please do not assume that because something does not work the way you have tried it that this means that Samba is broken. That is a bit like failing a driving test and then claiming that the test vehicle must have been defective! Absolutely. My fault. No problem. Have you read the Samba-HOWTO-Collection.pdf? Did you understand it all? Did you red the chapter on Group Mapping? Did it help you any? What do we need to add to the documentation to help someone else to understand the issues and to help them to find a solution. Yes, I did notice that it was close to what I was looking for. I could not find anything about *user* mapping though. It is not going to help me with *users*, is it? :) You do not need to configure local users on a Samba domain member server, winbind is the best tool for such interoperability. Use of winbind will ensure unified user and group identities for MS Windows users. User name mapping can be done with the parameter (in [globals]): username map = /etc/samba/smbusers Check the man page for smb.conf foe syntax etc. I need your feedback to help improve our documentation. Perhaps it is all wrong. It could be you know! The first (silly) suggestion -- make the link to Samba-HOWTO-Collection.html on the front page more visible. Took me a while to get to it. I have made it more prominent on the Documentation page. So, here goes my problem. I am testing Samba 3.0.0. I have got UNIX and Windows domain users matching each other one-to-one. Here we go! What do you mean by: users matching each other one-to-one? Please explain this fully. I do not want to jump to conclusions, but my reading is that you have added users to the Samba server while it is a domain member server. Is my interpretation correct? There is a set of users common to the NT domain and the UNIX NIS environment. That is the usernames are the same in both. Yes, Samba is a domain member (security = domain), so the passwords for these users are verified against the NT domain. My question was: Did you add local users on the Samba server into the /etc/passwd database? The server is running with security = domain. Everything works fine and all Windows users connecting to Samba get mapped into their respective UNIX user ids. Everything is nice, simple and consistent. So you have a Windows NT4 Domain, or Active Directory? I can't really tell from your description. It does matter - it would certainly help me to help you. I have to tell people time and again that my crystal ball is worn out and my guessing is lousy! :) There I am a little unfirm. As far as I know it is an AD domain that still supports NT style authentication. If your Win2K domain is Active Directory based then you should configure Samba-3 as an ADS member server. See chapter 7.4 of the Samba-HOWTO-Collection. I tried to make the message as short as possible to make it more readable. Very gew people read messages that do not fit into single screen. Plus, I could not state the problem quite clearly. So, I was just hoping to get attention of a guru and give the details later. Ok. How did you join the domain? What precise steps did you take? Help me to reproduce your problem! I installed Samba and executed something like: === net join -Uanadmin%password -W domain -S windows-dc === Ok. But you will have better results following Chapter 7.4. What information can you glean from the samba log files to confirm that everything is nice, simple and consistent? Well, it just worked most of the time the way we expected. By consistent and simple I mean, something like -- you have a Windows user that needs to get to a Samba share? Create a UNIX account with the *same name* and you will get an smbd process with the UID and hence the permissions of that user accessing the files on the server (ok not always). The authentication will be done on the NT side though. Nope. You should use winbind for that. Any other way will cause you problems when you try to use ACLs. Now I want to enable ACLs and fortunately the host OS supports them fine. Here the trouble starts. It looks like ACLs refuse to work in the absense of winbindd. Precisely, which user identities (or group identities) do you want to include in the ACLs? Accounts that are in /etc/passwd on the Samba server, or Domain Accounts? I do not want to see on the UNIX side any UIDs that are not listed in /etc/passwd. I do not want to differentiate between NT domain users and matching users in /etc/passwd. Why do you
Re: [Samba] Stuck on Problem with Joining Domains...please help!
Orn, Here is my smb.conf for a fully functional PDC. Granted that I do not use LDAP on this particular system, but the LDAP part is easy once you get the rest of it working. My advice to anyone who is building a Samba server is to start with a simple solution and granudally build in the complexities needed. That makes it so much easier to figure out when and where things might be breaking. The migration of the database is a simple matter. If you have passdb backend = ldapsam:ldap://server.myorg.ext:636, tdbsam then you can migrate a tdbsam to LDAP by: pdbedit -i tdbsam -e ldapsam pdbedit -g -i tdbsam -e ldapsam My smb.conf file: # Global parameters [global] workgroup = MIDEARTH server string = Samba3 interfaces = eth0, lo bind interfaces only = Yes obey pam restrictions = Yes passdb backend = tdbsam pam password change = Yes passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers password level = 8 username level = 8 log level = 1 syslog = 0 log file = /var/log/samba/%m smb ports = 139 445 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupadd %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = scripts\logon.bat logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes utmp = Yes panic action = export DISPLAY=localhost:0; /usr/bin/X11/xterm -e gdb /proc/%d/exe %d || /bin/sleep idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + winbind use default domain = Yes hosts allow = 127., 192.168.1. use sendfile = Yes printing = cups veto files = /*.eml/*.nws/riched20.dll/*.{*}/ veto oplock files = /*.doc/*.xls/*.mdb/ include = /etc/samba/machine.%m [homes] comment = Home Directories read only = No browseable = No Share definitions for [netlogon], [profiles], etc. deleted to reduce size of this message. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] I've been fighting the same problem myself, and others too, alas with ldap backend. Here's what I've come by, so far, and might be useful to you. 1. You need to provide admin users in the global section, and make sure the user there exists in smbpaswd. This is the user, you type in when adding the machine to the domain. You can't use root as with 2.x. 2. The script you are using, to add machines ... you need to make sure that it creates the trailing dollar sign to the name. I don't think samba provides the username$ for the machine at that point, and you need to provide it by issuing %u$, but check this to be sure. On Sunday 19 October 2003 05:04, [EMAIL PROTECTED] wrote: after many hours of tries, I am still stuck with a simple: I have Samba 3.0.1 ore running fine on a red hat 9.0 box (installed from RPM) when I try to join a domain I get the infamous invalid user name or bad password error from the Win2K SP2 machines. I am really getting lost here, I have checked the root password in smbpasswd database and have used the smbpasswd command, I still get that error. Any help would be greatly appreciated this is my smb.conf as given by testparm # Global parameters [global] workgroup = LPHGROUP server string = Samba Server passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\\n *ReType*new*UNIX*password* %n\\n*passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers password level = 8 username level = 8 unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon path = %L\\Profiles\\%U domain logons = Yes os level = 33 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes remote announce = 172.16.2.255 hosts allow = 172.16. printing = lprng preserve case = No short preserve case
[Samba] Samba+e-Directory Working! (fwd)
-- Forwarded message -- Date: 19 Oct 2003 22:29:01 -0500 From: Chuck Stuettgen [EMAIL PROTECTED] To: John H Terpstra [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Samba+e-Directory Working! John, I am sending this to you as my posts are still not making it to the list and I have not heard from Martin Pool. Is he still the list admin? Anyway, I thought I would bring you up-to-date on my project to get Samba 2.2.8a to use Novell's e-Directory 8.71 running on a NetWare 6.0SP3 server for authentication. The exciting news is; I have Samba+e-Directory authentication working! I have been able to successfully authenticate 2 different e-Directory user accounts to a Samba server and access a printer and the users respective Samba home directories for saving files, using a Windows 2000 SP3 workstation. The ONLY local Linux account on the Samba server (RH8) is the root account. At this point the users Samba home directory is not being created automatically the first time the user connects to the Samba server, however, as I mentioned in a earlier post, my goal is to setup dedicated Samba print servers that require a user be authenticated before they can print, so home directories are not a requirement for me. But, if someone else needed auto-created home directories, I think it might be able to be accomplished by utilizing the exec parameter. Or maybe a mod to the samba file in /etc/pam.d/ such as this. session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0077 Anyway, as in a Windows Domain, you must use LDAP to access e-Directory. But, the really interesting part is, you do NOT need to create machine accounts in e-Directory or import the samba schema into it. I believe the key to getting Samba+e-Directory implemented is getting Linux to use e-Directory first. Here is a quick synopsis of the Samba configuration steps. 1. I had to rebuild the Samba-2.2.8a-2 RPM to include LDAP support. 2. I added these lines to the smb.conf #comments below some parameters. ldap admin dn = cn=admin,o=context #e-Directory context where users account reside ldap server = ipaddress of server ldap suffix = o=context #same as above. ldap port = 686 #I'm using SSL ldap ssl = on Make this change to a default setting encrypt passwords = no 3. Execute smbpasswd -w adminpassword Three really simple steps. Over the next few days I will be putting together a more complete HOW-To that will include all the steps necessary to get it working. Also, I want to make sure this isn't a fluke and that I can repeat it, so I am going to setup a second Redhat 8 Samba server from bare metal. That is it for now. -- Like the dinosaur, Windows on the desktop is destined to become extinct... Chuck Stuettgen [EMAIL PROTECTED] http://www.cfs-tech.homelinux.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] window 2000 policy changes with a samba pdc
On Sat, 18 Oct 2003, Gordon Heydon wrote: Hello, With the release of samba 3.0 I was vey excited with the new features and decided to experiment with it. I set my server up as a pdc which I am still working out some of the bugs but all and all I have it going and have a windows 2000 pro client join the domain and login and out very easy. The one problem is that before I roll this out to my other comptuers I need to change the policy on changing of passwords so that they will never expire. I read the how-to's and then once I had found the Active Users and Computers on windows 2000 pro I triied to follow the FAQ and connect to the Domain Server and it keeps coming up Cannot connect to pre-2000 Domain: ... Gordon, I checked the HOWTO and it seems we have yet some more work to do to make it clearer. You can manage your users from a Windows domain member by using only the SrvTools package. See page 75 of the HOWTO (page 70 of the book, The Official Samba-3 HOWTO and Reference Guide) for details on how to obtain this toolset. Please bear in mind that Samba-3 can not be an ADS server, thus you can not use the ADS management tool to manage it. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] interdomain trust relationships
On Sat, 18 Oct 2003, Gordon Heydon wrote: Hello, I am also triing to set up a interdomain relationship with a NT domain and I can't create the user, I execute the following command and I get this. smbpasswd -a -i xxx New SMB password: Retype new SMB password: Failed initialise SAM_ACCOUNT for user xxx$. Failed to modify password entry for user xxx$ I have samba set up so that I can set up users and machine automatically, so I am not sure what is wrong. Please file a bug report on https://bugzilla.samba.org this is most likely a bug. As a work-around you can manually create the trust account in /etc/passwd and then the above process will work. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba very, VERY slow ...
Joseph, I'd like to thank you for your diligent attention to detail and particularly for reporting your findings. This is a real gem of a contribution that may save someone else many days of frustration. Cheers, John T. On Wed, 12 May 2004, Joseph Healy wrote: Hi, We had similar, very baffleing symptoms with MYOB Premier opening and accessing it's datafiles. operations on the file would take between 40 and 45 seconds. It turned out that it was a printer monitor program running on the clients causing the problems. Looking at the logs, we saw them coming through with pauses of about 1 second between groups. Stopping the monitor software resulted in the networks access at normal (quick) speed. Restarting the program caused the speed to slow down again. The printer was a cannon lbp810 and the relevant task was something like CAPON (not sure on spelling). The monitor software displayed a printing now dialog on the client when they printed. We only discovered this by starting with a clean install of windows and trying the app at every step of the installation of other software process. (had to do this many times) Moral of the story, check everything (other software included)! Hope it is not something like this (it will be painful to find) Joe Healy On Fri, Oct 17, 2003 at 10:59:35AM +0200, Eric Maisonobe wrote: Hello ! I've installed serveral servers under Linux in my association with samba on it, without any problem. But, for the latest application we need to use, samba has to share about 800 borland data files. All goes right, but the systeme (P3-800Mhz-256Mo RAM for 8 users) is very, VERY slow (about 40 second to open the application). I've take a look at the system use, even when a client open a session, and : - the processor is use about ... 3% (97%free) !!! - Mem : 23Mo used...233Mo free !!! - average load : about 0,01 !!! I've putlog level = 0, correct wins server adress, socket options = TCP_NODELAY and my share is : [c] comment = Disk C path = /home/c browseable = yes admin users = guest nobody # I know, it's bad ;-)) but requiered by the appli writable = yes public = yes create mode = 777 Any help would be welcome ! Eric MAISONOBE -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'passwd chat' for Debian Woody password sync
: local 1000 - S-1-5-21-2542762088- 1498583555-2696612650-3000 [2003/10/18 11:08:40, 10] smbd/uid.c:gid_to_sid(597) gid_to_sid: local 1000 - S-1-5-21-2542762088- 1498583555-2696612650-3001 [2003/10/18 11:08:40, 10] smbd/uid.c:gid_to_sid(597) gid_to_sid: local 108 - S-1-5-21-2542762088- 1498583555-2696612650-1217 [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255) user token sid S-1-5-21-2542762088- 1498583555-2696612650-3000 [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255) user token sid S-1-5-21-2542762088- 1498583555-2696612650-3001 [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255) user token sid S-1-5-21-2542762088- 1498583555-2696612650-1217 [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255) user token sid S-1-1-0 [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255) user token sid S-1-5-2 [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255) user token sid S-1-5-11 [2003/10/18 11:08:40, 3] smbd/password.c:register_vuid(328) uid 1000 registered to name p [2003/10/18 11:08:40, 3] smbd/password.c:register_vuid(330) Clearing default real name [2003/10/18 11:08:40, 3] smbd/password.c:register_vuid(332) User name: pReal name: ,,, [2003/10/18 11:08:40, 18] tdb/tdbutil.c:tdb_pack(354) tdb_pack(fffdd, 1024) - 26 [2003/10/18 11:08:40, 6] smbd/reply.c:reply_sesssetup_and_X(1080) Client requested max send size of 65535 [2003/10/18 11:08:40, 3] smbd/process.c:chain_reply(1005) Chained message any help would be appreciated, thanks pete -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.8a and 3.0.0
On Sat, 18 Oct 2003, William Jojo wrote: Samba Team, How do I create simulated load on a samba server? I wish to use feedback-directed program restructuring on AIX 5.2 to determine if performance can be improved by rearranging the executable generated by the IBM 6.0 compiler. I am forwarding this reply to someone who may be prompted to follow up with you regarding performance metrics. Mostly I'm determining what the upper bound on smbd's is in a multiprogramming environment. I'm currently running about between 800 and 1000 smbd's a day on a 6-way 6H1 (RS64-III) with 24GB memory and 800 GB of attached SSA disk for roaming profiles. All of this is being done with 2.2.8a. I'd love to see what your resource consumption levels are. I'm setting up my 3.0.0 test area on similar hardware, but wanted insight from the experts on what you've done already to improve internal performance as my approach is to improve cache hit ratio and translation look-aside. I've already tuned every piece of hardware to my abilities and even implemented write-behind algorithms. I'm basically wringing out the towel to see if there are any drops of peformance left to be found. Are there any internal limitations with the TDB's, et al, where there may be an upper bound on concurrent smbd's? I have done some limited qualitative work only with tdbsam compared with smbpasswd. The performance improvement with about 1100 entries was significant. Parsing of the smbpasswd file causes quite a hit when there are gazillions of entries. Use of tdbsam or ldapsam becomes quite attractive as the number of account entries increases. Also are there any internal performance enhancements for smbpasswd files of 15000 entries? We are looking at LDAP for storing passwords. What kind of improvement can I expect when moving passwords from a flat file to a dynamic container? You might also check the performance of the 'tdbsam' facility that is available with samba-3.0.x. You can use the 'pdbedit' tool to migrate your existing smbpasswd file to the tdbsam passdb.tdb file. In the Samba-HOWTO-Collection.pdf you will see a recommendation to use LDAP if there are more than 250 users. This recommendation has nothing to do with the efficiency of tdbsam, but was made considering the likelihood that with 250 or more users you may need to use PDC/BDC configuration. When you need a Samba-BDC it becomes essential that you have the ability to synchronize the password database - something that becomes very difficult with tdbsam, but is easily accomplished with an LDAP backend. On a related note, you guys rock! You are the reason we can do the above with one server! You have saved us hundreds of thousands of US $'s on licensing and servers alone! Your technical prowess is appreciated far more than you know! Blushing - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] window 2000 policy changes with a samba pdc
On Sun, 19 Oct 2003, Gordon Heydon wrote: hello, Thanks for this, but from what I can tell I need to change the domain's password policy for windows 2000 computers. In the how to it says I need to run the Active Directory Users and Computers so I can edit the group policy. To create a policy control file (NTConfig.POL) you need the NT4 Grop Policy Editor. You can not do this using the Active Directory Tools. - John T. Thanks * John H Terpstra ([EMAIL PROTECTED]) wrote: On Sat, 18 Oct 2003, Gordon Heydon wrote: Hello, With the release of samba 3.0 I was vey excited with the new features and decided to experiment with it. I set my server up as a pdc which I am still working out some of the bugs but all and all I have it going and have a windows 2000 pro client join the domain and login and out very easy. The one problem is that before I roll this out to my other comptuers I need to change the policy on changing of passwords so that they will never expire. I read the how-to's and then once I had found the Active Users and Computers on windows 2000 pro I triied to follow the FAQ and connect to the Domain Server and it keeps coming up Cannot connect to pre-2000 Domain: ... Gordon, I checked the HOWTO and it seems we have yet some more work to do to make it clearer. You can manage your users from a Windows domain member by using only the SrvTools package. See page 75 of the HOWTO (page 70 of the book, The Official Samba-3 HOWTO and Reference Guide) for details on how to obtain this toolset. Please bear in mind that Samba-3 can not be an ADS server, thus you can not use the ADS management tool to manage it. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] implementing ldap and samba
Mr, You can find many good hints to this from the following: http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf You should look at chapter 10. - John T. On Tue, 14 Oct 2003, Mr eric salayon wrote: gurus, i want to implement ldap authentication server and also a samba server, but in different computer. Is it possible? How should go with this? tnx in advance! eric __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Edirectory and Samba - Call for Documentation
Would the kind soul who has Samba working against eDirectory please email me off-list with the steps (details please) of how you made it work. I would like to add this to the Samba-HOWTO-Collection. Cheers, John T. On Wed, 15 Oct 2003, Troy.A Johnson wrote: I am also interesting in good docs on this... anyone got any? Is it in the grand howto? :-) Troy Joe Stuart [EMAIL PROTECTED] 10/15/03 08:27AM I was wondering if anyone has gotten samba to authenticate to Edirectory? If so is there any good docs anywhere online on how to do it? I've done some searching, but can't seem to find a whole lot. Thanks -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Some simple (I hope) questions
On Tue, 14 Oct 2003, Joshua Tarplin wrote: I'm new to Samba, and I have a few minor questions for which I need answers before I start this grandiose adventure in connectivity. I current have a small home network, consisting of: (1) Mandrake Linux 9.1 workstation (1) Windows 2000 Pro workstation (1) Windows XP Pro file/print server (1) LinkSys 4-port (ethernet) router My goal is to be able to use Samba to access the files in and the printers attached to the Windows XP server from my Linux workstation. The impression I'm getting from everyone I ask is that Samba was designed to allow Windows-based workstations to access fioles/printers on Linux/Unix servers. If this is the case, then I'm sunk. Samba provides a facility to allow your Linux/UNIX system to print to a Windows attached printer. The utility it will use is called smbprint. - John T. I would appreciate any and all advice you can offer in this situation. Much thanks in advance... Joshua Tarplin, MCSE [EMAIL PROTECTED] _ Fretting that your Hotmail account may expire because you forgot to sign in enough? Get Hotmail Extra Storage today! http://join.msn.com/?PAGE=features/es -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] QUESTION: security=ads vs. security=domain
On Wed, 15 Oct 2003 [EMAIL PROTECTED] wrote: Can someone explain to me what ADS buys me over Domain for a member server? We just started implementing Samba 3.0 and want to understand what the new ADS security buys us. Have you read the Samba-HOWTO-Collection.pdf that ships with Samba-3.0.x? It might answer your question. Quote: 4.3.4 ADS Security Mode (User Level Security) Both Samba-2.2, and Samba-3 can join an Active Directory domain. This is possible if the domain is run in native mode. Active Directory in native mode perfectly allows NT4-style Domain Members. This is contrary to popular belief. Active Directory in native mode prohibits only the use of Backup Domain Controllers running MS Windows NT4. If you are using Active Directory, starting with Samba-3 you can join as a native AD member. Why would you want to do that? Your security policy might prohibit the use of NT-compatible authentication protocols. All your machines are running Windows 2000 and above and all use Kerberos. In this case Samba as an NT4-style domain would still require NT-compatible authentication data. Samba in AD-member mode can accept Kerberos tickets. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.x client - Samba 2.2.x server authentication?
Ken, In case you have not received a reply: Add to your smb.conf [globals] idmap uid = 15000-2 idmap gid = 15000-2 That should solve your problem. - John T. On Wed, 15 Oct 2003 [EMAIL PROTECTED] wrote: Hey, all. I've upgraded my workstation (Debian) to the Debian Samba 3.x install. I decided to start from scratch with my smb.conf, because I didn't know enough to be wary of what parameters were deleted, etc. So I put password server = sambapdc into my smb.conf, and figured it would Just Work. No dice. A glance at the log file shows [2003/10/15 12:11:08, 1] sam/idmap_tdb.c:db_idmap_init(331) idmap gid range missing or invalid idmap will be unable to map foreign SIDs Some Googling showed this to be some sort of issue with the passdb backend (which Debian set to smbpasswd guest), so I commented it out, thinking it might be conflicting with the password server directive. Nothing doing. Any hints? Thanks, Ken D'Ambrosio Sr. SysAdmin, Xanoptix, Inc. P.S. I have to assume that this has already been mentioned, but the smb.conf manpage -- at least in the Debian version that I have -- has almost none of the directives listed; an obvious editing boo-boo... -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 + OpenLDAP 2.1 Saga (LDAP Attacks!)
On Wed, 15 Oct 2003, Sorisio, Chris wrote: Oh Wise Ones, For the past two days, I have contested with the Samba documentation and other sources of lore in a vain attempt to achieve Samba/LDAP integration. My test system is running RedHat 9 with updates applied, along with OpenLDAP OpenSSL from redhat-rawhide, and the Samba 3.0.1pre1 RPM from the Samba website. A couple of questions: The HOWTOs instruct one to slapadd a file which, among other entries, contains: # Setting up container for groups dn: ou=Groups,dc=quenya,dc=org objectclass: top objectclass: organizationalUnit ou: People Is it intentional that the container group setup references 'ou: People' or is that a typo? That is a typo. Sorry. It will be fixed in the next exciting edition of the Samba-HOWTO-Collection. :) Thanks for the heads up. - John T. I've gotten as far as having Samba try to add a machine or user account. Before I started again from scratch, I was as far as getting errors like: Failed initialise SAM_ACCOUNT for user Failed to modify password entry for user But everything else seemed to work - it was binding to the LDAP server, etc. Any ideas? Are the LDIF's in the HOWTO all that are necessary to setup an LDAP server for use with Samba 3? Sincerely, Chris -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.0/source/ 1GB+ after compiling
On Fri, 17 Oct 2003, Alex Shine wrote: Hello, I am running solaris 7 on a sparcstation 5. We want to test out the pdc capablities on this test machine before we deploy this on our network. I installed gcc version 3.2.2. untared the source and did ./configure ; make everything seemed to go fine, but the source dir is over a gig in size now. I did make install, and ran out of disk space. this is what it was trying to install, these binaries are all between 20 and 57 MB. This can't be right? can it? Looks like you compiled with the -g option. Suggest you remove that and strip the binaries. - John T. {SUPERUSER}-builder:/usr/local/samba/bin-89 ls -la total 451624 drwxrwxr-x 2 root other512 Oct 17 08:48 . drwxrwxr-x 10 root other512 Oct 17 08:51 .. -rwxr-xr-x 1 root other 4522 Oct 17 08:48 findsmb -rwxr-xr-x 1 root other57557216 Oct 17 08:44 net -rwxr-xr-x 1 root other 418864 Oct 17 08:48 profiles -rwxr-xr-x 1 root other36132828 Oct 17 08:43 smbclient -rwxr-xr-x 1 root other26744244 Oct 17 08:46 smbcontrol -rwxr-xr-x 1 root other3452 Oct 17 08:44 smbspool -rwxr-xr-x 1 root other26121616 Oct 17 08:46 smbstatus -rwxr-xr-x 1 root other 4899 Oct 17 08:48 smbtar -rwxr-xr-x 1 root other 689392 Oct 17 08:46 tdbbackup -rwxr-xr-x 1 root other24540384 Oct 17 08:45 testparm -rwxr-xr-x 1 root other23756052 Oct 17 08:45 testprns Thanks for your help, Alex -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The Official Samba 3 How-To and Reference Guide
On Fri, 17 Oct 2003, Dan Shadix wrote: I pre-ordered the book from Amazon and their shipping estimate was October 6, 2003. It hasn't shipped yet. Any idea when it'll be ready to go? The book has left the Prentice Hall Printers and should by now be in their distribution warehouse. It is my understanding that Amazon will start shipping around Oct 24th. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.0/source/ 1GB+ after compiling
On Fri, 17 Oct 2003, Alex Shine wrote: I don't know how I could have added the -g option. I typed the commands just like this ./configure ; make I didn't add any switches. Does it have something to do with the precompiled version of gcc I installed? How do I remove the -g option? Check out what is in the CFLAGS line in the Makefile that got generated. - John T. Thanks, Alex At 12:35 PM 10/17/2003, John H Terpstra wrote: On Fri, 17 Oct 2003, Alex Shine wrote: Hello, I am running solaris 7 on a sparcstation 5. We want to test out the pdc capablities on this test machine before we deploy this on our network. I installed gcc version 3.2.2. untared the source and did ./configure ; make everything seemed to go fine, but the source dir is over a gig in size now. I did make install, and ran out of disk space. this is what it was trying to install, these binaries are all between 20 and 57 MB. This can't be right? can it? Looks like you compiled with the -g option. Suggest you remove that and strip the binaries. - John T. {SUPERUSER}-builder:/usr/local/samba/bin-89 ls -la total 451624 drwxrwxr-x 2 root other512 Oct 17 08:48 . drwxrwxr-x 10 root other512 Oct 17 08:51 .. -rwxr-xr-x 1 root other 4522 Oct 17 08:48 findsmb -rwxr-xr-x 1 root other57557216 Oct 17 08:44 net -rwxr-xr-x 1 root other 418864 Oct 17 08:48 profiles -rwxr-xr-x 1 root other36132828 Oct 17 08:43 smbclient -rwxr-xr-x 1 root other26744244 Oct 17 08:46 smbcontrol -rwxr-xr-x 1 root other3452 Oct 17 08:44 smbspool -rwxr-xr-x 1 root other26121616 Oct 17 08:46 smbstatus -rwxr-xr-x 1 root other 4899 Oct 17 08:48 smbtar -rwxr-xr-x 1 root other 689392 Oct 17 08:46 tdbbackup -rwxr-xr-x 1 root other24540384 Oct 17 08:45 testparm -rwxr-xr-x 1 root other23756052 Oct 17 08:45 testprns Thanks for your help, Alex -- John H Terpstra Email: [EMAIL PROTECTED] -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] System error 1314 has occurred
On Fri, 17 Oct 2003 [EMAIL PROTECTED] wrote: Hello all, I am using Samba on a Debian GNU/Linux box. I am trying to create a netlogon.bat file that will execute whenever a user logs in to the domain. However, I am getting a strange error message on the client workstations. The following is the netlogon.bat: echo Setting Current Time... net time \\xavier /set /yes echo Mapping Network Drives to Samba Server Xavier... net use Z: \\xavier\home\samba\profiles\%U PAUSE __ However, I get the following error messages when the user logs in to the domain: Setting Current Time... C:\Documents and Settings\jarednet time \\xavier /set /yes Current time at \\xavier is 10/17/2003 1:51 PM System error 1314 has occurred. A required privilege is not held by the client. By default MS Windows NT/2KX/XP systems do NOT allow normal usres to reset the system time. To permit this you must use the appropriate tool n your Windows client to assign the privilidge to set the system time to Domain users. - John T. C:\Documents and Settings\jaredecho Mapping Network Drives to Samba Server Xavi er... Mapping Network Drives to Samba Server Xavier... C:\Documents and Settings\jarednet use Z: \\xavier\home\samba\profiles\U System error 67 has occurred. The network name cannot be found. _ Here is my smb.conf: Sample configuration file for the Samba suite for Debian GNU/Linux. Id: smb.conf,v 1.2.4.6 2002/03/13 #Global Settings === [global] #basic server settings workgroup = wolverine netbios name = xavier server string = Samba PDC running %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 domain logons = yes #PDC and master browser settings os level = 64 preferred master = 64 local master = yes domain master = yes #security and logging settings security = user encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 max log size = 50 #user profiles and home directory logon home = \\%L\%U logon drive = Z: logon script = netlogon.bat logon path = \\%L\profiles\%U #keeping user accounts in sync unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: *all* authentication*tokens*updated*successfully* #setting up the time server in order for clients to sync w/ server time server = yes #===shares=== [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /home/netlogon read only = yes browseable = no write list = jared [profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600 directory mask = 0700 To me, it looks like everything should be working, but apparently, I am unable to sync the time with the Samba server, and I am unable to map the drive automatically. Is there anyone that might have an idea about what to do? I would appreciate it! -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP SP2: problem loggint into domain
On Fri, 17 Oct 2003, ayach-asu wrote: I have applied the registry patch: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\ parameters RequireSignOrSeal=dword: Fine add my machine to the domain (Samba 2.2.8-3.0.0). When I reboot machine and login to the domain from a Windows XP Professional SP2 I get the following message: Windows cannon connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Help me. Your best solution is to update to samba-3.0.1pre1. This will avoid the need to apply registry changes. Also, make sure that you have used the SWAT wizard to enable your Samba server as a Domain Controller. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba very, VERY slow ...
Eric, Suggest you replace the ethernet card and/or the network cable. Sounds like a hardware issue. - John T. On Fri, 17 Oct 2003, Eric Maisonobe wrote: Hello ! I've installed serveral servers under Linux in my association with samba on it, without any problem. But, for the latest application we need to use, samba has to share about 800 borland data files. All goes right, but the systeme (P3-800Mhz-256Mo RAM for 8 users) is very, VERY slow (about 40 second to open the application). I've take a look at the system use, even when a client open a session, and : - the processor is use about ... 3% (97%free) !!! - Mem : 23Mo used...233Mo free !!! - average load : about 0,01 !!! I've putlog level = 0, correct wins server adress, socket options = TCP_NODELAY and my share is : [c] comment = Disk C path = /home/c browseable = yes admin users = guest nobody # I know, it's bad ;-)) but requiered by the appli writable = yes public = yes create mode = 777 Any help would be welcome ! Eric MAISONOBE -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3: is LDAP required?
On Wed, 15 Oct 2003, tvsjr wrote: Yes or no - is OpenLDAP required to be on the SAMBA 3.0 server in order for Active Directory support to work? Active Directory support == security = ads. Are you trying to make Samba act as an Active Directory server? If so, then Samba won't do that, you're SOL. If you're trying to make your Samba machine join an Active Directory, no, OpenLDAP is not required. The Active Directory must be running in Mixed or Native mode, not in Native 2003 (2k3 Server only) mode. Not quite! Samba-3.0.x can join a Win2K3 AD Domain that is in Native Mode. This is documented in the Samba-HOWTO-Collection.pdf available with Samba-3 in the chapter on Domain Membership. PS: You can obtain this document from: http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf It is also available from Amazon.Com as The Official Samba-3 HOWTO and Reference Guide for those who want a hard copy. The book has more information in it than the HOWTO. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using User Manager for Domains against a Samba PDC
On Wed, 15 Oct 2003, Jared Rypka-Hauer wrote: Is there a way to use User Manger for Domains against a Samba PDC? I'm running Samba 2.2.8 on Suse 8.0 with a Win2k workstation as a testbed. I can open UMfD and view all users as well as all groups, however when trying to change group memberships or add users, I am given the message incorrect function. I can present logs, etc, if that's needed. I do not recall if this works with Samba-2.2.x series. It will work with Samba-3.0.x series. Any chance of updating to 3.0.1pre1? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to call an executable script each time a file is created or modified
On Wed, 15 Oct 2003, dave giffin wrote: is it possible to have a samba daemon call an executable script each time a file within one of it shares is modified or a new file is created? Yes. You will need to write a VFS module to do that. Suggest you start with Samba-3.0.1pre CVS code. Look in the directory: ~samba/sources/modules There are a few sample modules in that directory that will give you the idea. I'm looking to develop a file catalogging system for my file server which depends on my software being notified each time a file is modified or a new file created. You will need to craft your own module. Please do contribute your solution to add to the choices already there. - John T. This allows the modified/new file to be scanned for relavent information. :) __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 PDC - WinXP question
On Thu, 16 Oct 2003, Alecsandru Chirosca wrote: Can someone please tell me why samba PDC only accepts winXP clients while compiled wih LDAP support (even when the LDAP backend is not used) ? I do not have that problem at my end. I use tdbsam and Windows clients are perfectly happy with it. Perhaps you could send me your smb.conf file? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cannot locate roaming profile
On Fri, 17 Oct 2003, Daniel Kasak wrote: Hi all. I've just installed samba-3.0.1-rc1 as a PDC and I can add computers ( win2k ) to the domain, but when users log on, they get an error: ... windows cannot locate your roaming profile ... or words to that effect. My smb.conf is: # Global parameters [global] workgroup = NUS server string = Samba Server %v bind interfaces only = true interfaces = 192.168.0.10/24 passdb backend = tdbsam pam password change = Yes unix password sync = Yes log level = 3 log file = /var/log/samba3/log.%m max log size = 50 name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add user script = /usr/sbin/useradd -s /bin/false '%u' delete user script = /usr/sbin/userdel '%s' add group script = /usr/sbin/groupadd %g getent group '%g'|awk -F: '{print $3}' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/bin/gpasswd -a '%u' '%g' delete user from group script = /usr/bin/gpasswd -d '%u' '%g' set primary group script = /usr/sbin/usermod -g '%g' '%u' domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins support = Yes printer admin = @adm printing = cups preserve case = No To disable roaming profile usage add: logon drive = logon home = ie: leave the field after the '=' blank. PS: Also make sure that the user in pdbedit -Lv 'username' does not specify a profile path. [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /usr/local/smb_shares/netlogon guest ok = Yes I've read the docs that state that it is not recommended to use roaming profiles, and I agree. How do I stop windows from trying to locate one? Oh? What documentation says that you should not use roaming profiles? I'd like to know where we slipped up! - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How install samba-swat-2.2.3a-6.i386.rpm ???
On Fri, 17 Oct 2003, Angel Simbaqueba wrote: Hello, I have downloaded samba-swat-2.2.3a-6.i386.rpm , What can I do in order to install it ? What directory I need to install in ? rpm -Uvh samba-swat-2.2.3a-6.i386.rpm That should do the trick. Then you need to enable SWAT in /etc/inetd.conf or /etc/xinetd.d/{swat,samba}. Best is to enable swat using the Red Hat 'chkconfig' tool. Any help is greatly appreciated. Hope that helps. -= John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 and 2003 server integration
On Fri, 17 Oct 2003 [EMAIL PROTECTED] wrote: Hi, Is it possible to have a Windows 2003 server as the PDC and corresponding Exchange server while having domain members being Samba 3? Yes. I read in the how to that it can be done with a 2000 PDC but not sure about 2003 PDC. Does it specifically say 2000? Or does it say 200x? This way, I reached a compermise with my client as to having 2003 mail server/PDC while using open source stuff for the high speed file serving production end. It will work. I may even have to use ldap and sendmail anyways for the production end which is Linux/Irix based but the glue between Openldap AD and Sendmail Exchange will be fun. Good luck with this part. Any feedback is appreciated as usual, Oooo. The feedback could be interesting! :) Bri- PS Is any of this stuff regarding interoperability in the how to or how to book (that I ordered :) Yes. Chapter 6 of the book (7 of the HOWTO) deals with domain membership. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 issue
On Fri, 17 Oct 2003, Joe Daily wrote: I am haveiing asmall problem with samba 3.0.0 as a PDC. The machine joins the domain fine and but when I try to on sign the domain i get an error message saying that Windows can not sign onto the domain, A device is not functioning properly. I have a couple laptops (1 Win 2k and 2 WIN XP) that work fine with it and device manager on the desktop (Win XP) in question says that every thing is fine. Why is windows crapping itself? Please send me you smb.conf off-line and I'll help you with it. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Installation question
On Fri, 17 Oct 2003, Guess Logi wrote: I wan to download samba from samba.org. If I have installed Linux 8.0, do i need to remove smaba stuff ( pkg, other files ) before i insall new version from web ?. I heard Linux does come with samba by default. You should be able to download and install the samba-team package. Doing so should auto-uninstall the Red Hat packages. If not, then you can always uninstall the original RPMs. OR Is it okay to just install new version even though we have older version which came with Linux ? Yes. Any input would be appreciated. Any amount of input is available at standard hourly rates and a minumum of 4 hours per billing. :) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 issue
On Fri, 17 Oct 2003, Joe Daily wrote: My smb.conf and logs are availbe at http://qnetalpha.com/linux/samba/ Please send me output of: testparm -s foobar ie: email me your foobar file please. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Help,mix environment browsing
On Tue, 14 Oct 2003, Larry Liu wrote: Thanks, John, for the quick reply. My test environment is like you recommended, only one WINS running on Samba 3.0.0. The interesting part is: on the server subnet, we can see all the win32 and samba clients from other subnets which have at least one samba client on each, but can not see any subnets that have win32 clients only. However, if I go down all those subnets, I can see all the win32 and samba clients that are using this only WINS. Any idea ? What are your Windows clients? 9x/Me or 2KX/XPP? IT makes a difference. For Win9x/Me to be visible across the entire network you must export a share on each. Win 2Kx/XPP should be visible without this hack. - John T. John H Terpstra wrote: On Mon, 13 Oct 2003, Larry Liu wrote: The How-To writes : nmbd can be configured as a WINS server, but it is not necessary to specifically use Samba as your WINS server. MS Windows NT4, Server or Advanced Server 200x can be configured as your WINS server. In a mixed NT/200x server and Samba environment on a Wide Area Network, it is recommended that you use the Microsoft WINS server capabilities. In a Samba-only environment, it is recommended that you use one and only one Samba server as the WINS server. in chapter 10. We found that each of our subnets has to have at least one Samba client pointing to the same Samba WINS server, if we have to make enterprise WINS(running on Samba 3.0.0) working, in a mixed environment as described above, even though all the Win9x,Winnt, Win2k, XP clients point to the same Samba WINS server. Has anyone had the similar experience? Or, any work-around instead of using MS WINS server(s)? You should be able to run with just one Samba WINS server for your whole network. All clients (Samba as well as Windows) must be configured to use that same WINS server. The reason for the recommendation is that MS Windows based WINS servers typically use WINS-WINS replication protocols that Samba does not support. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a way to enforce a single login domain wide
On Mon, 13 Oct 2003, Douglas Phillipson wrote: I didn't get any hits on this. Does that mean it's not possible??? Has anyone enforced a single instance login policy somehow? Is this a reasonable question to ask? This is not possible. There is no way to do this with MS Windows 200x server - and there is no way to do this with Samba. - John T. DSP Douglas Phillipson wrote: I would like to enforce a policy for a user being only able to login once anywhere in the Domain. When you use roaming profiles, the system gets confused and leaves the local profile on the client PC if the same user logs in on a second machine while they are still loggewd in on the first one. This then causes the Samba profile to NOT get updated on logout. If a user is currently logged on a domain, I need that user to be refused if they logon to a second machine until they logoff the first machine. Is this possible with Samba, or would I use some sort of logon script to query something and force the user off at their second login attempt? When this problem occurs you have to reboot the machine and remove the users local profile so it will again use the roaming profile on the samba DC. Very irritating... Thanks DSP -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Help,mix environment browsing
On Mon, 13 Oct 2003, Larry Liu wrote: The How-To writes : nmbd can be configured as a WINS server, but it is not necessary to specifically use Samba as your WINS server. MS Windows NT4, Server or Advanced Server 200x can be configured as your WINS server. In a mixed NT/200x server and Samba environment on a Wide Area Network, it is recommended that you use the Microsoft WINS server capabilities. In a Samba-only environment, it is recommended that you use one and only one Samba server as the WINS server. in chapter 10. We found that each of our subnets has to have at least one Samba client pointing to the same Samba WINS server, if we have to make enterprise WINS(running on Samba 3.0.0) working, in a mixed environment as described above, even though all the Win9x,Winnt, Win2k, XP clients point to the same Samba WINS server. Has anyone had the similar experience? Or, any work-around instead of using MS WINS server(s)? You should be able to run with just one Samba WINS server for your whole network. All clients (Samba as well as Windows) must be configured to use that same WINS server. The reason for the recommendation is that MS Windows based WINS servers typically use WINS-WINS replication protocols that Samba does not support. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba