Re: [Samba] Users can't pause or cancel print jobs
Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joris De Pooter wrote: Jan 12 10:11:37 bernie smbd[28408]: Unable to cancel job 47201 - client-error-not-authorized I'll try to update my samba 3.0.14a-r2 to a newer release... Samba does use a username/password to access the cups server. smbd changes to root after making authorization checks and then assumes that root can do whatever it wants. Does your cups server require authentication? Hi, Sorry for the delay I missed your message... I don't understand how samba interacts with cups : By the means of some kind of interprocess communication ? Or by the cups webserver directly ? Actually my cupsd is configured to ask a password to gain access to administrative functions (add/del printer and accessing the job history) Is this incompatible with samba ? Thanks for your help, I think i'm going to see an end on this :) -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users can't pause or cancel print jobs
Charles McLaughlin a écrit : On 01/11/2006 07:16 AM, Joris De Pooter wrote: Adam Nielsen a écrit : I have looked everywhere. I can find anything on permissions with regards to Printing to a samba server. From what I ve read Googling around. This appears to be a current problem. I have the same problem and would really like to here from anyone with a fix. What happens if (through Windows) you run \\Samba, open Printers and Faxes then view the properties of the affected printer. On the security tab, make sure Manage Printers and Manage Documents are both ticked for all users in the list (especially Everyone.) Does that make a difference? You will probably need admin access to Samba to be able to do this. Cheers, Adam. Hi there, i also have this issue since the begining. I tried to tick Manage Printers and Manage Documents but when I click Apply they automaticcaly get unticked. I was able to change the setting on 3 out of 4 of my printers. I experienced the same problem on the 4th - the check box unchecked it self. However, I logged out and log in again and can see that the setting was saved. Thanks for your help. Charles Yes, but did you actually try to delete/manage print jobs ? Access denied is all I get and yes I was logged as Administrator on my domain. The samba logs tells me this : Jan 12 10:11:09 bernie smbd[28408]: [2006/01/12 10:11:09, 0] printing/print_cups.c:cups_job_delete(339) Jan 12 10:11:09 bernie smbd[28408]: Unable to cancel job 47201 - client-error-not-authorized Jan 12 10:11:32 bernie smbd[28408]: [2006/01/12 10:11:32, 0] printing/print_cups.c:cups_job_pause(431) Jan 12 10:11:32 bernie smbd[28408]: Unable to hold job 47201 - client-error-not-authorized Jan 12 10:11:35 bernie smbd[24860]: [2006/01/12 10:11:35, 0] smbd/service.c:make_connection(794) Jan 12 10:11:35 bernie smbd[24860]: csc-pbs (172.16.31.118) couldn't find service sav1700,winspool,ne02: Jan 12 10:11:37 bernie smbd[28408]: [2006/01/12 10:11:37, 0] printing/print_cups.c:cups_job_delete(339) Jan 12 10:11:37 bernie smbd[28408]: Unable to cancel job 47201 - client-error-not-authorized I'll try to update my samba 3.0.14a-r2 to a newer release... -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users can't pause or cancel print jobs
Adam Nielsen a écrit : I have looked everywhere. I can find anything on permissions with regards to Printing to a samba server. From what I ve read Googling around. This appears to be a current problem. I have the same problem and would really like to here from anyone with a fix. What happens if (through Windows) you run \\Samba, open Printers and Faxes then view the properties of the affected printer. On the security tab, make sure Manage Printers and Manage Documents are both ticked for all users in the list (especially Everyone.) Does that make a difference? You will probably need admin access to Samba to be able to do this. Cheers, Adam. Hi there, i also have this issue since the begining. I tried to tick Manage Printers and Manage Documents but when I click Apply they automaticcaly get unticked. -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Giving my users the right to manage their print jobs(cf. CreatorOwner msg)
Joris De Pooter a écrit : Hi, I already send the list an email about users not able to manage their print job (pausing, resuming and cancelling). Below is typical error I get in my logs : [2005/10/27 12:24:31, 0] printing/print_cups.c:cups_job_delete(339) Unable to cancel job 27827 - client-error-not-authorized I quote Jerry from a previous mail exchange : The current print security checks for removing jobs is based on matching the requesting client's user name against the owner of the job (sort of a built in creator owner) and then falling back to the manage documents permission in the security descriptor. OK, now why am I seeing this since I didn't send this job as root : #ls -l /var/spool/cups snip -rw-r- 1 root lp 48564 Oct 27 11:27 d27827-001 snip Changing permission with chown to force the job to match the creator owner doesn't work. Can anyone explain what steps should I verify to debug this annoying issue ? Cheers, joris ! PS: I'm using winbind. I have maybe a start of an answer : let's say domain user JOHN connects to my samba, a child process of smbd is created and started as JOHN. am I correct ? Up, I didn't find any solution yet :( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Giving my users the right to manage their print jobs (cf. CreatorOwner msg)
Hi, I already send the list an email about users not able to manage their print job (pausing, resuming and cancelling). Below is typical error I get in my logs : [2005/10/27 12:24:31, 0] printing/print_cups.c:cups_job_delete(339) Unable to cancel job 27827 - client-error-not-authorized I quote Jerry from a previous mail exchange : The current print security checks for removing jobs is based on matching the requesting client's user name against the owner of the job (sort of a built in creator owner) and then falling back to the manage documents permission in the security descriptor. OK, now why am I seeing this since I didn't send this job as root : #ls -l /var/spool/cups snip -rw-r- 1 root lp 48564 Oct 27 11:27 d27827-001 snip Changing permission with chown to force the job to match the creator owner doesn't work. Can anyone explain what steps should I verify to debug this annoying issue ? Cheers, joris ! PS: I'm using winbind. I have maybe a start of an answer : let's say domain user JOHN connects to my samba, a child process of smbd is created and started as JOHN. am I correct ? -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CREATOR OWNER with samba
Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joris De Pooter wrote: | It's me again, | | Today, I saw one of my user couldn't delete its own print job. | I think there's a problem with unix access rights, because | from my linux box as root I was able to delete that job | with lprm command. | | Here's a truncated listing of my /var/spool/cups directory : | | -rw--- 1 root lp 630 Aug 1 17:26 c13354 | -rw-r- 1 root lp 38346 Aug 1 17:22 d13352-001 | | As you can see, the job d13352-001 is owned by root:lp | although my user is logged (with winbind) as tartenpion. | Is this the reason why my user tartenpion can't delete his | own job ? I think this is strange, and moreover Cups is | setup to run as lp:lp | | What's the good way to fix this ? | Thanks for any help, cheers ! Newer versions of Samba should run the lprm command as root if you pass the print_access_check(). Have you tested the 3.0.14a release? I don't remember when I fixed that bug. Hi, It seems I never pass the print_access_check() : I tweaked the lprm command to write some debug info (likely lprm command = echo pass /tmp/toto) but no luck, the lprm command is never executed. Please can you help me ? -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] map to guest = bad password not working as expected
Guruswamy Namasivayam (gnamasiv) a écrit : Hi all, I had been trying to use map to guest = bad password to map users from other domains to guest to allow only guest access. But when I try to access the samba server from another domain, I get an error saying that it is not authorized from that machine. I am attaching the smb.conf. Please let me know if I am doing anything wrong. [global] idmap uid = 7-20 idmap gid = 7-20 winbind enum users = no winbind enum groups = no winbind cache time = 10 winbind use default domain = yes printcap name = cups load printers = yes printing = cups cups options = raw force printername = yes lpq cache time = 0 log file = /local/local1/errorlog/samba.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 50139 local master = no domain master = no preferred master = no dns proxy = no printer admin = @printeradmin client schannel = no guest ok = yes log level = 10 workgroup = LAB2003DOMAIN netbios name = ODI-MGT-CE1 wins server = server ip password server = password server ip security = domain [print$] path = /state/samba/printers guest ok = yes browseable = yes read only = yes write list = @printeradmin force user = root force group = root [printers] comment = All Printers path = /local/local1/spool/samba browseable = no guest ok = yes writable = no printable = yes Thanks, Guru. Hi, you didn't specify a guest account. typicaly, you should write : [global] guest account = nobody Hope this helps, cheers, joris -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] short ip range host allow in smb.conf
On Jeu 11 août 2005 17:32, Ken Walker a écrit : how would i put the following into smb.conf in a shorthand format host allow all ip's from 192.168.0.151 to 192.168.0.185 but non outside this range without putting them all in separately, is it host allow 192.168.0.151 - 192.168.0.185 ? Many thanks Ken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hum, not sure you can... Did you try 192.168.0.151-185 ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] phpBB forum
On Jeu 11 août 2005 18:54, CPNT : Eddy BOELS a écrit : Hi my name is Eddy I'm working with a samba serveur and 20 pc (windows xp). I would like to install a forum on intranet. I was trying to install phpBB but an error occured I had installed MySQL and APACHE but the error message is you seem not have a good database to work with phpBB An idea ? Thanks for help and sorry for my pity english Eddy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hi, Your problem isn't Samba related, and thus has nothing to do here ;) Try the phpBB mailling-list instead. Cheers. -- Salut, Ton problème n'a rien à voir avec Samba, et donc ton message n'a pas sa place ici ;) Essaye la liste de diffusion de phpBB à la place. Bye. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CREATOR OWNER with samba
Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joris De Pooter wrote: | It's me again, | | Today, I saw one of my user couldn't delete its own print job. | I think there's a problem with unix access rights, because | from my linux box as root I was able to delete that job | with lprm command. | | Here's a truncated listing of my /var/spool/cups directory : | | -rw--- 1 root lp 630 Aug 1 17:26 c13354 | -rw-r- 1 root lp 38346 Aug 1 17:22 d13352-001 | | As you can see, the job d13352-001 is owned by root:lp | although my user is logged (with winbind) as tartenpion. | Is this the reason why my user tartenpion can't delete his | own job ? I think this is strange, and moreover Cups is | setup to run as lp:lp | | What's the good way to fix this ? | Thanks for any help, cheers ! Newer versions of Samba should run the lprm command as root if you pass the print_access_check(). Have you tested the 3.0.14a release? I don't remember when I fixed that bug. Hello Jerry, I was using Samba 3.0.10 and i've just upgraded to samba 3.0.14b (which appears to be a 3.0.14a when I look in the logs) Still no luck : my jobs are undeletable, beside by root himself. I have however a behaviour that I haven't before : sometimes I can delete a job but soon after it gets renamed with remote downlevel document and still can't be deleted Can you tell what does print_access_check() checks ? Maybe I will find out where the problem is. Anyway, i join a copy of my smb.conf with the relevant parameters [global] security = domain name resolve order = wins bcast load printers = yes printing = cups lppause command = /usr/bin/lp -i%j -Hhold lpresume command = /usr/bin/lp -i%j -Hresume lprm command = /usr/bin/lprm -P%p %j template homedir = /dev/null template shell = /bin/false [print$] comment = Drivers Imprimantes path = /var/lib/samba/printers write list = @mydomain+domain admins guest ok = no browseable = yes read only = yes inherit permissions = yes [printers] comment = Toutes les imprimantes path = /var/spool/samba guest ok = no printable = yes browseable = yes Cheers! -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connecting to SAMBA shares
Ryan Beckett a écrit : Hi I have just configured a test machine to use winbind and samba so that I users can authenticate against my Win2003 SP1 AD controller. Everything seems to work great but I cannot seem to access any SAMBA shares that are created on the Linux machine. I constantly get asked for my username and password. I am trying to connect to the SAMBA share from a Windows XP client. I am assuming that the problem is because Windows is trying to authenticate me using DOMAIN\username while winbind and samba are using the format DOMAIN+username.. Has anyone encountered this before? Is there a way around this issue? I tried to change the winbind separator to a '\' but this did not seem to help either. Any assistance would be greatly appreciated Many thanks! RB Hi The winbind separator is only for easier handle from your linux box, as the escape char \ can cause trouble. Did your test machine join your domain ? (Using the net join command) Can you give us the relevant parameters of yor smb.conf ? -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CREATOR OWNER with samba
Joris De Pooter a écrit : Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joris De Pooter wrote: | It's me again, | | Today, I saw one of my user couldn't delete its own print job. | I think there's a problem with unix access rights, because | from my linux box as root I was able to delete that job | with lprm command. | | Here's a truncated listing of my /var/spool/cups directory : | | -rw--- 1 root lp 630 Aug 1 17:26 c13354 | -rw-r- 1 root lp 38346 Aug 1 17:22 d13352-001 | | As you can see, the job d13352-001 is owned by root:lp | although my user is logged (with winbind) as tartenpion. | Is this the reason why my user tartenpion can't delete his | own job ? I think this is strange, and moreover Cups is | setup to run as lp:lp | | What's the good way to fix this ? | Thanks for any help, cheers ! Newer versions of Samba should run the lprm command as root if you pass the print_access_check(). Have you tested the 3.0.14a release? I don't remember when I fixed that bug. Hello Jerry, I was using Samba 3.0.10 and i've just upgraded to samba 3.0.14b (which appears to be a 3.0.14a when I look in the logs) Still no luck : my jobs are undeletable, beside by root himself. I have however a behaviour that I haven't before : sometimes I can delete a job but soon after it gets renamed with remote downlevel document and still can't be deleted Oops my bad, it is a 3.0.14a-r2 , not 3.0.14b :p -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CREATOR OWNER with samba
Joris De Pooter a écrit : Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joris De Pooter wrote: Hi all, I just saw that my users don't have the right to manage their own printing job (pausing, deleting...) . I saw that a CREATOR OWNER token seems to do this job, but i'm not sure how I can implement it with my Samba box. Because CREATOR OWNER doesn't seem to be a regular NT4 group. Has somebody any advice with it ? The current print security checks for removing jobs is based on matching the requesting client's user name against the owner of the job (sort of a built in creator owner) and then falling back to the manage documents permission in the security descriptor. Pausing a job requires interaction with the underlying print system. To you have an lppause command defined in smb.conf? cheers, jerry Hello Jerry, I didn't setup lppause/lpresume commands, my bad. But, thanks for your explanation anyway, it's good to know how it works behind. Cheers :) It's me again, Today, I saw one of my user couldn't delete its own print job. I think there's a problem with unix access rights, because from my linux box as root I was able to delete that job with lprm command. Here's a truncated listing of my /var/spool/cups directory : -rw--- 1 root lp 630 Aug 1 17:26 c13354 -rw-r- 1 root lp 38346 Aug 1 17:22 d13352-001 As you can see, the job d13352-001 is owned by root:lp although my user is logged (with winbind) as tartenpion. Is this the reason why my user tartenpion can't delete his own job ? I think this is strange, and moreover Cups is setup to run as lp:lp What's the good way to fix this ? Thanks for any help, cheers ! -- Joris De Pooter Tél.: +33(0)164868319 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CREATOR OWNER with samba
Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joris De Pooter wrote: Hi all, I just saw that my users don't have the right to manage their own printing job (pausing, deleting...) . I saw that a CREATOR OWNER token seems to do this job, but i'm not sure how I can implement it with my Samba box. Because CREATOR OWNER doesn't seem to be a regular NT4 group. Has somebody any advice with it ? The current print security checks for removing jobs is based on matching the requesting client's user name against the owner of the job (sort of a built in creator owner) and then falling back to the manage documents permission in the security descriptor. Pausing a job requires interaction with the underlying print system. To you have an lppause command defined in smb.conf? cheers, jerry Hello Jerry, I didn't setup lppause/lpresume commands, my bad. But, thanks for your explanation anyway, it's good to know how it works behind. Cheers :) -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How do I get a literal '%' in smb.conf
Michael J. Wetmore a écrit : %prt - rt (%p expands to nothing because whatever it is supposed to go to is empty on this system) %%prt - %%prt (extra % must suppress expansion) %%pprt - %%pprt (see above - if expansion was not suppressed this should work in my case, with %p empty) Conclusions: (1)It looks like %% is supposed to work, expansion is supressed but one of the '%' should be dropped. (2)Version 2.2.0 of samba does not allow a symlink in a path statement of a share - earlier versions did. If (1) is a bug, has it been fixed in later versions? -Original Message- From: Jörn Nettingsmeier [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 10:28 AM To: Michael J. Wetmore Cc: samba@lists.samba.org Subject: Re: [Samba] How do I get a literal '%' in smb.conf Michael J. Wetmore wrote: I have tried 'path = /FIX010/%%prt' and 'path = /FIX010/\%prt' and also including a file with the path statement. That %p keeps getting expanded. (%p is empty). hmm. *if* samba uses the same semantics as c format strings, then %% should yield a single per-cent sign. but i can't test atm, and you might want to try it yourself on a test box before hosing your production system regards, jörn With a Samba 3.0.10, in the path attribute, the %% returns %%. I wonder if you can edit the Samba source to change the % special char to another that you like ? -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why winbind on a Samba Server?
Jim C. a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is there any good reason to run Winbind on an Samba LDAP PDC? I've never used winbind before and I'm wondering if there is a reason I should consider learning. I suppose one would be better server debugging. Jim C. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCpyTbB4AhF6wVFMERAnH+AKD9kPVBV4QSt/u05yttmMcWE8tu9wCeNoT0 l3V30jbaz1JQtYvNAHL0YLU= =tga9 -END PGP SIGNATURE- I use winbind on a domain member server. It provides me an easy way to gain access to NT users and groups as if they were unix users and groups. But on a Samba PDC, I don't see why you would use it. -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CREATOR OWNER with samba
Hi all, I just saw that my users don't have the right to manage their own printing job (pausing, deleting...) . I saw that a CREATOR OWNER token seems to do this job, but i'm not sure how I can implement it with my Samba box. Because CREATOR OWNER doesn't seem to be a regular NT4 group. Has somebody any advice with it ? Cheers :) -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can Samba Be a Backup Domain Controller to an NT4 PDC?
Hello people, taken from http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#minim-bdc Can Samba Be a Backup Domain Controller to an NT4 PDC? No. The native NT4 SAM replication protocols have not yet been fully implemented. Can I get the benefits of a BDC with Samba? Yes, but only to a Samba PDC.The main reason for implementing a BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to service logon requests whenever the PDC is down. I don't understand what this means. I have a NT4 PDC and a NT4 BDC : they are on a different network. The BDC is old and i'd like to upgrade to Samba3. Do you think it is possible or not ?? -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can Samba Be a Backup Domain Controller to an NT4 PDC?
Basil Copeland a écrit : On 6/6/05, Joris De Pooter [EMAIL PROTECTED] wrote: Hello people, taken from http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#minim-bdc Can Samba Be a Backup Domain Controller to an NT4 PDC? No. The native NT4 SAM replication protocols have not yet been fully implemented. Can I get the benefits of a BDC with Samba? Yes, but only to a Samba PDC.The main reason for implementing a BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to service logon requests whenever the PDC is down. I don't understand what this means. I have a NT4 PDC and a NT4 BDC : they are on a different network. The BDC is old and i'd like to upgrade to Samba3. Do you think it is possible or not ?? What it means is that if you want Samba to be a BDC, then the PDC has to be Samba also. So, no, it is not possible, as long as your PDC remains NT4. Now with this said, I need to reconsider the project (meaning, also upgrading my PDC)... Anyway, thank you for your quick reply :) -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Q: windbind, local groups and domain user membership?
Albrecht Dreß a écrit : Joris De Pooter schrieb: To manipulates a domain user, you have to use its FQN (fully qualified name): assuming you have a domain called CRAPULE and a user called brigand, and the winbind separator = + (in smb.conf) then, it's name is CRAPULE+brigand That doesn't work for me: [EMAIL PROTECTED] root]# wbinfo -C local-special-group [EMAIL PROTECTED] root]# wbinfo -o DOMAIN_user:local-special-group Could not add user to group The messages don't contain any further error information. I am sure, though, that the grouf has been created, as trying to add it again results in an error message there. Thanks, Albrecht Oops, i thought you wanted to create a local unix group. Why not consider this option ? -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Edit tool for ntprinters.tdb
Michelangelo Rezzonico a écrit : Hi all, here is my configuration: Linux: SuSE 9.1 Samba: 3.0.2a-SUSE I have a problem with a printer driver. I suppose I need to delete the information about this printer from the file ntprinters.tdb On my PC I do not have the command tdbtool and I did not find it on the Internet. My question is: how can I edit the file ntprinters.tdb ? Thanks for any help. Mike Hi, maybe you could edit this file via the rpcclient tool ? such as #rpcclient -h yourserver -UAdministrator -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Q: windbind, local groups and domain user membership?
Albrecht Dreß a écrit : Hi, I run a Fedora 2 box with Samba 3.0.10 as a domain member. The PDC is a Win server with AD. Running winbind, all domain users and groups are visible on the Samba box. To grant a special group of domain users access to parts of a samba share, I would like to - add a *local* group on the samba box (*not* in AD!) and - add some *domain* users to this new group. Unfortunately the trick of adding a local unix group doesn't work as samba apparently doesn't take them into account, so I guess I have to add the group to winbind. However, the wbinfo man page only describes how I could add a local user to a local group, not a domain user. Maybe I'm just too dumb to understand the man pages - any advice how to get this setup working would be really welcome! Cheers, Albrecht To manipulates a domain user, you have to use its FQN (fully qualified name): assuming you have a domain called CRAPULE and a user called brigand, and the winbind separator = + (in smb.conf) then, it's name is CRAPULE+brigand -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can really anyone help ?
Hello / Salut, That's odd indeed. Just an idea, maybe you should try to join the domain first using : # net join AD -Uadministrator and then mount the share. Hope this help ! CIKALA Frdric ROSI/SIPROD a crit : I know that it is the right way to use this ML but as nobody answered me, i repost this help ... in fact, it is quite hurry, and i want to understand ... Why do the mount -t smbfs just halfWork ?? can see some directories, but see no file ! :o ... Hello everyone, I'm having such a strange problem and i hope you'll understand the situation. I want to access files that are shared by a Windows server, from a linux box, by using a login/pwd. To be sure that these login/pwd has the good rights, i tested it. From a windows box (which is in the same active Directory domain of the file server -which is AD) i tried to mount the remote HD whith the login/pwd, and everything is ok. it works fine But when i use the mount command (from my linux Fedora box #mount -t smbfs ...) i get somme errors but in my /mnt/partage, i can see directories. I also can get trought these, but i cannot see any file quite strange isn't it. look : [EMAIL PROTECTED] html]# mount -t smbfs -o username=AD\user //10.169.244.244/shares /mnt/partage 27930: session request to 10.169.8.243 failed (Called name not present) 27930: session request to 10 failed (Called name not present) Password: [EMAIL PROTECTED] html]# ls /mnt/partage/ 01/ 5H/ 5Q/ 6S/ 9R/ D0/ J1/ Login/ 02/ 5M/ 6H/ 6X/ AA/ H3/ J2/ V0/ 4D/ 5P/ 6M/ 8A/ ADMINNT/ H5/ J4/ [EMAIL PROTECTED] html]# ls /mnt/partage/6H/ACG/Directions/ [EMAIL PROTECTED] html]# before the command, /mnt/partage is empty I'm not at all an expert of Active Directory but maybe it is impossible to see the files of a filer if the source machine doesn't belong to the same ActiveDirectory Domain. And the docs i found about kerberos or samba are about the users of a Samba SERVER, not about the client. Maybe can someone help me, i sincerly hope because i already spent 3 days about this problems. Moreover, i do not want to return to the old web/Php config (which was an NT4 +esayPhp :-/ ... but it worked ...) thanks -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can really anyone help ?
Oui, je parle franais :p Mais on peut continuer en anglais, pour que tout le monde en profite ;) So, first can you provide us your smb.conf ? Next, my first guess is samba can't find your AD controller. Have you set up the nsswitch.conf with winbind ? CIKALA Frdric ROSI/SIPROD a crit : salut, Apparement, tu parles franais, et c'est tant mieux =) Effectivement, il apparrait qu'a franceTlcom, il faut d'abord que la machine qui veuille accder a ces ressources soit d'abord dans le domaine concern (ici AD) Alors je n'ai pas le mot de passe administrateur du filer, cependant j'ai un login/password (non admin) qui me permet (en tout cas sous windauze) d'accder comme il faut aux fichiers .. mais lorsque je tente le net join ... l, cest le drame : [EMAIL PROTECTED] dl]# net join AD -U sero7472 sero7472's password: [2005/04/06 16:02:09, 0] utils/net_ads.c:ads_startup(186) ads_connect: No such file or directory Unable to find a suitable server Unable to find a suitable server [EMAIL PROTECTED] dl]# je ne comprend pas ces erreurs ... et toi ? Merci ^^ -Message d'origine- De : Joris De Pooter [mailto:[EMAIL PROTECTED] Envoy : mercredi 6 avril 2005 16:00 : CIKALA Frdric ROSI/SIPROD Cc : samba@lists.samba.org Objet : Re: [Samba] Can really anyone help ? Hello / Salut, That's odd indeed. Just an idea, maybe you should try to join the domain first using : # net join AD -Uadministrator and then mount the share. Hope this help ! CIKALA Frdric ROSI/SIPROD a crit : I know that it is the right way to use this ML but as nobody answered me, i repost this help ... in fact, it is quite hurry, and i want to understand ... Why do the mount -t smbfs just halfWork ?? can see some directories, but see no file ! :o ... Hello everyone, I'm having such a strange problem and i hope you'll understand the situation. I want to access files that are shared by a Windows server, from a linux box, by using a login/pwd. To be sure that these login/pwd has the good rights, i tested it. From a windows box (which is in the same active Directory domain of the file server -which is AD) i tried to mount the remote HD whith the login/pwd, and everything is ok. it works fine But when i use the mount command (from my linux Fedora box #mount -t smbfs ...) i get somme errors but in my /mnt/partage, i can see directories. I also can get trought these, but i cannot see any file quite strange isn't it. look : [EMAIL PROTECTED] html]# mount -t smbfs -o username=AD\user //10.169.244.244/shares /mnt/partage 27930: session request to 10.169.8.243 failed (Called name not present) 27930: session request to 10 failed (Called name not present) Password: [EMAIL PROTECTED] html]# ls /mnt/partage/ 01/ 5H/ 5Q/ 6S/ 9R/ D0/ J1/ Login/ 02/ 5M/ 6H/ 6X/ AA/ H3/ J2/ V0/ 4D/ 5P/ 6M/ 8A/ ADMINNT/ H5/ J4/ [EMAIL PROTECTED] html]# ls /mnt/partage/6H/ACG/Directions/ [EMAIL PROTECTED] html]# before the command, /mnt/partage is empty I'm not at all an expert of Active Directory but maybe it is impossible to see the files of a filer if the source machine doesn't belong to the same ActiveDirectory Domain. And the docs i found about kerberos or samba are about the users of a Samba SERVER, not about the client. Maybe can someone help me, i sincerly hope because i already spent 3 days about this problems. Moreover, i do not want to return to the old web/Php config (which was an NT4 +esayPhp :-/ ... but it worked ...) thanks -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can really anyone help ?
Well, after re-thinking of it, it seems OK since you can list the directories. Sorry, my bad... But, see anyway if you can browse using the smbclient tool # smbclient -UAD\user //10.169.244.244/shares CIKALA Frdric ROSI/SIPROD a crit : ok, lets go on in english (I precise that i'm quite a newbie with linux ...^^ but i want to learn) So i d not exactly know what is the use of these files ... So, here is my smb.conf : [global] workgroup = AD server string = Samba Server //(a SAmba Server ?? why, im just a client ...) printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ads encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories browseable = no [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes Now, Here is the nsswitch.conf : passwd: files shadow: files group: files #hosts: db files nisplus nis dns hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:files services: files netgroup: files publickey: nisplus automount: files aliases:files nisplus In fact, the only thing i did is to create the user who i want to join then mount the remote share ... but i cannot even join ... for information, when i type winbind here is what i got (nothing) [EMAIL PROTECTED] dl]# winbindd [EMAIL PROTECTED] dl]# Thank you for helping me because i'm such in trouble with this problem : I've told everyones of my new job that linux is The Solution (comparing to NT4 + easyPhp) ... and it doesn't work (yet ;)) -Message d'origine- De : Joris De Pooter [mailto:[EMAIL PROTECTED] Envoy : mercredi 6 avril 2005 16:29 : CIKALA Frdric ROSI/SIPROD Objet : Re: [Samba] Can really anyone help ? Oui, je parle franais :p Mais on peut continuer en anglais, pour que tout le monde en profite ;) So, first can you provide us your smb.conf ? Next, my first guess is samba can't find your AD controller. Have you set up the nsswitch.conf with winbind ? CIKALA Frdric ROSI/SIPROD a crit : salut, Apparement, tu parles franais, et c'est tant mieux =) Effectivement, il apparrait qu'a franceTlcom, il faut d'abord que la machine qui veuille accder a ces ressources soit d'abord dans le domaine concern (ici AD) Alors je n'ai pas le mot de passe administrateur du filer, cependant j'ai un login/password (non admin) qui me permet (en tout cas sous windauze) d'accder comme il faut aux fichiers .. mais lorsque je tente le net join ... l, cest le drame : [EMAIL PROTECTED] dl]# net join AD -U sero7472 sero7472's password: [2005/04/06 16:02:09, 0] utils/net_ads.c:ads_startup(186) ads_connect: No such file or directory Unable to find a suitable server Unable to find a suitable server [EMAIL PROTECTED] dl]# je ne comprend pas ces erreurs ... et toi ? Merci ^^ -Message d'origine- De : Joris De Pooter [mailto:[EMAIL PROTECTED] Envoy : mercredi 6 avril 2005 16:00 : CIKALA Frdric ROSI/SIPROD Cc : samba@lists.samba.org Objet : Re: [Samba] Can really anyone help ? Hello / Salut, That's odd indeed. Just an idea, maybe you should try to join the domain first using : # net join AD -Uadministrator and then mount the share. Hope this help ! CIKALA Frdric ROSI/SIPROD a crit : I know that it is the right way to use this ML but as nobody answered me, i repost this help ... in fact, it is quite hurry, and i want to understand ... Why do the mount -t smbfs just halfWork ?? can see some directories, but see no file ! :o ... Hello everyone, I'm having such a strange problem and i hope you'll understand the situation. I want to access files that are shared by a Windows server, from a linux box, by using a login/pwd. To be sure that these login/pwd has the good rights, i tested it. From a windows box (which is in the same active Directory domain of the file server -which is AD) i tried to mount the remote HD whith the login/pwd, and everything is ok. it works fine But when i use the mount command (from my linux Fedora box #mount -t smbfs ...) i get somme errors but in my /mnt/partage, i can see directories. I also can get trought these, but i cannot see any file quite strange isn't it. look : [EMAIL PROTECTED] html]# mount -t smbfs -o username=AD\user //10.169.244.244/shares /mnt/partage 27930: session request to 10.169.8.243 failed (Called name not present) 27930: session request to 10 failed (Called name not present) Password: [EMAIL PROTECTED] html]# ls /mnt/partage/ 01/ 5H/ 5Q/ 6S/ 9R/ D0/ J1/ Login/ 02/ 5M/ 6H/ 6X/ AA/ H3/ J2/ V0/ 4D/ 5P/ 6M/ 8A
Re: [Samba] Can really anyone help ?
And what's the smbclient tool behavior ?? Same as when you mount ? CIKALA Frdric ROSI/SIPROD a crit : Ok in fact, i wasnt clear enough After my mount -t smbfs ... (which telles me few errors), i can browse the 3 first degrees of the HD (and only see directories). Unfortunately (and i do not catch why) i cannot see the files or the above directories That very strange, it seems like a security module avod me to browse more and to get access to the file (that i do not even see) I think, this security module has something to do with the kerberos... pleaZ help =( -Message d'origine- De : Joris De Pooter [mailto:[EMAIL PROTECTED] Envoy : mercredi 6 avril 2005 17:05 : CIKALA Frdric ROSI/SIPROD Cc : samba@lists.samba.org Objet : Re: [Samba] Can really anyone help ? Well, after re-thinking of it, it seems OK since you can list the directories. Sorry, my bad... But, see anyway if you can browse using the smbclient tool # smbclient -UAD\user //10.169.244.244/shares CIKALA Frdric ROSI/SIPROD a crit : ok, lets go on in english (I precise that i'm quite a newbie with linux ...^^ but i want to learn) So i d not exactly know what is the use of these files ... So, here is my smb.conf : [global] workgroup = AD server string = Samba Server //(a SAmba Server ?? why, im just a client ...) printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ads encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories browseable = no [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes Now, Here is the nsswitch.conf : passwd: files shadow: files group: files #hosts: db files nisplus nis dns hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:files services: files netgroup: files publickey: nisplus automount: files aliases:files nisplus In fact, the only thing i did is to create the user who i want to join then mount the remote share ... but i cannot even join ... for information, when i type winbind here is what i got (nothing) [EMAIL PROTECTED] dl]# winbindd [EMAIL PROTECTED] dl]# Thank you for helping me because i'm such in trouble with this problem : I've told everyones of my new job that linux is The Solution (comparing to NT4 + easyPhp) ... and it doesn't work (yet ;)) -Message d'origine- De : Joris De Pooter [mailto:[EMAIL PROTECTED] Envoy : mercredi 6 avril 2005 16:29 : CIKALA Frdric ROSI/SIPROD Objet : Re: [Samba] Can really anyone help ? Oui, je parle franais :p Mais on peut continuer en anglais, pour que tout le monde en profite ;) So, first can you provide us your smb.conf ? Next, my first guess is samba can't find your AD controller. Have you set up the nsswitch.conf with winbind ? CIKALA Frdric ROSI/SIPROD a crit : salut, Apparement, tu parles franais, et c'est tant mieux =) Effectivement, il apparrait qu'a franceTlcom, il faut d'abord que la machine qui veuille accder a ces ressources soit d'abord dans le domaine concern (ici AD) Alors je n'ai pas le mot de passe administrateur du filer, cependant j'ai un login/password (non admin) qui me permet (en tout cas sous windauze) d'accder comme il faut aux fichiers .. mais lorsque je tente le net join ... l, cest le drame : [EMAIL PROTECTED] dl]# net join AD -U sero7472 sero7472's password: [2005/04/06 16:02:09, 0] utils/net_ads.c:ads_startup(186) ads_connect: No such file or directory Unable to find a suitable server Unable to find a suitable server [EMAIL PROTECTED] dl]# je ne comprend pas ces erreurs ... et toi ? Merci ^^ -Message d'origine- De : Joris De Pooter [mailto:[EMAIL PROTECTED] Envoy : mercredi 6 avril 2005 16:00 : CIKALA Frdric ROSI/SIPROD Cc : samba@lists.samba.org Objet : Re: [Samba] Can really anyone help ? Hello / Salut, That's odd indeed. Just an idea, maybe you should try to join the domain first using : # net join AD -Uadministrator and then mount the share. Hope this help ! CIKALA Frdric ROSI/SIPROD a crit : I know that it is the right way to use this ML but as nobody answered me, i repost this help ... in fact, it is quite hurry, and i want to understand ... Why do the mount -t smbfs just halfWork ?? can see some directories, but see no file ! :o ... Hello everyone, I'm having such a strange problem and i hope you'll understand the situation. I want to access files that are shared by a Windows server, from a linux box, by using a login/pwd. To be sure that these login/pwd has the good rights, i tested it. From a windows box (which is in the same active Directory domain of the file server -which
Re: [Samba] tunneling a connection to a samba server via vpn
Javier Cano a écrit : Hello to everyone in the list, i have a IPCop firewall with vpn service running and just one roadwarrior (xp sp2 pc), everything is fine, but when the remote pc tries to connect (or just view) to the samba file server shares there is no accessible. The other clients of the lan are all visibles. Is there any way to view and share the samba file server through the ipcop vpn or i need to setup a ssh tunnel..? Thanks for reading this... Hi, I may say bullshit, but I think I had something similar one day, i remember I had to install Client for MS networks (not sure about the exact words, cause i don't have englishes windows) for the network connection who use the vpn. Hope this helps ! -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hide files.
RBL (Martijn) a crit : Hello Samba, I have a question and I can not find it on the web. I have a share and that works fine but there as files in it I want to hide. (same share as the webserver) I want to hide the *.php files. My question isHow do I do that? Subdirs is already hidden but the files in the root/dir of the share not. The conf file is included. Kind regards, Martijn Zuiderwijk Hi, there's an option in smb.conf In your share, put hide files = /*.php Hope this helps :) -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as a Print Server : passthrough login problem
Paul Gienger a écrit : Please make sure to post your resolution, or next issue, to the list for posterity. I'm sure you just hit the wrong button... Winbind could very well be your problem as well. Joris De Pooter wrote: Paul Gienger a écrit : My problem is that I can't make it work, all I get is an NT_STATUS_LOGON_FAILURE. Please, given my smb.conf, can any guru help me with this ? [global] workgroup = ATEMPO netbios name = myprintserver server string = samba (%U) smb passwd file = /etc/samba/private/smbpasswd passdb backend = tdbsam log file = /var/log/samba3/log.%m printer admin = @adm, root load printers = yes printing = cups printcap = cups security = server password server = mypdcserver os level = 15 local master = no domain master = no encrypt passwords = yes I didn't notice at first, hence me posting to the parent again... you've got a few conflicting entries here: security = server passdb = tdbsam smb passwd file = /etc/samba/private/smbpasswd Yes you're right :) I've commented the passdb and smb passwd file params. But I still have no luck in authentication. You don't 'need' a passwd file when running in server security, although it apparently will fall back. I'm presuming that your smb passwd file parameter is the default anyway, but it's not used in tdbsam, which is another red herring to the setup. I'd drop all but your security mode. Also, you may want to get rid of it all and run with security = domain since you've got a (presumably) good PDC server running. This will mean that you'll have to join your samba box to the domain however, but that will help you to validate your setup. After some reading, I think my problem is because I don't have winbind on my samba print server. I'm investigating now. I keep you in touch :) Hi, you see I didn't forget you :p After some readings (that Using Samba book is really awesome), I changed the security type, installed winbind, and finally made it work flawlessly. Here's my smb.conf for your information # Global parameters [global] workgroup = ATEMPO netbios name = PAPYRUS2 server string = papyrus le retour (%v) log file = /var/log/samba3/log.%m max log size = 50 printer admin = ATEMPO+joris load printers = no printing = cups security = domain password server = * os level = 15 local master = no domain master = no encrypt passwords = yes winbind separator = + winbind cache time = 10 idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%D/%U template shell = /bin/false [print$] comment = Drivers Imprimantes path = /etc/samba/printer write list = ATEMPO+joris browseable = yes read only = yes # one printer [mis1700] comment = Dell 1700n - MIS - RDC path = /var/spool/samba printable = yes write list = ATEMPO+joris My bad was my misunderstood of the documentation I found @samba.org because as I said before, english isn't my native language. Anyway, thanks for your help all, i appreciated it really :) See you soon, that list is just great ;) PS: Sorry, i just saw that instead of replying to the list, I replied some of my mail to a person :( -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as a Print Server : passthrough login problem
Hello people, and thanks for this list :) I have a problem with samba, but first let me tell you the overall thing. I want to migrate my win2k print server to a Samba3 one ;) My willing is to make this print server available for our domain users. Thus, I decided to use these global settings security = server server = myPDCServer My problem is that I can't make it work, all I get is an NT_STATUS_LOGON_FAILURE. Please, given my smb.conf, can any guru help me with this ? [global] workgroup = ATEMPO netbios name = myprintserver server string = samba (%U) smb passwd file = /etc/samba/private/smbpasswd passdb backend = tdbsam log file = /var/log/samba3/log.%m printer admin = @adm, root load printers = yes printing = cups printcap = cups security = server password server = mypdcserver os level = 15 local master = no domain master = no encrypt passwords = yes [print$] comment = Printer drivers path = /etc/samba/printer write list = @adm, root guest ok = no browseable = yes read only = yes [mis1700] comment = Dell 1700n - MIS path = /var/spool/samba guest ok = Yes printable = Yes public = yes valid users = joris [printers] comment = Toutes les imprimantes path = /var/spool/samba guest ok = yes printable = yes browseable = No printer admin = root, @adm public = yes writable = no -- Joris De Pooter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
