Re: [Samba] Permissions problem with Windows Vista / 7 clients, Debian Samba 3.4.7 server
On Mon, Mar 15, 2010 at 3:24 PM, Josh Kelley josh...@gmail.com wrote: I'm having a very strange permissions problem with Samba 3.4.7 (installed via backports.org) running on Debian Lenny: If a Windows 7 or Windows Vista client tries to use Windows Explorer to access a user's home directory with permissions 0700, the client gets a permission denied error. If the directory is made world readable, it works. (For one user, group readable also works. For another user, it does not.) Accessing the same directory from the command prompt (dir \\server\username) instead of from Windows Explorer works. Accessing the same directory from Windows Explorer in Windows XP works. This problem started when we upgraded from Samba 3.2.5 to Samba 3.4.7. With Samba 3.2.5, our Vista users were fine, but Windows 7 was unable to connect (login failed, apparently due to the NTLMv2 / 128-bit encryption limitations that I read about online). I managed to fix this problem. I had been using a username map script since Samba 3.0.24 to change DOMAIN\username to username so that users wouldn't have to SSH in to the (Winbind plus) Samba system as DOMAIN\username. Apparently, with Samba 3.4.7, this kind of username map is no longer necessary, and it was keeping Samba from treating users as domain users and properly resolving their SIDs. The Samba logfile does say that this is happening (with references to the Unix User domain and use of a S-1-22-1-... SID), but I had not looked at that part of the logfile. I really don't understand why username map is acting differently now, but since disabling it seems to work, I'm happy. -- Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permissions problem with Windows Vista / 7 clients, Debian Samba 3.4.7 server
I'm having a very strange permissions problem with Samba 3.4.7 (installed via backports.org) running on Debian Lenny: If a Windows 7 or Windows Vista client tries to use Windows Explorer to access a user's home directory with permissions 0700, the client gets a permission denied error. If the directory is made world readable, it works. (For one user, group readable also works. For another user, it does not.) Accessing the same directory from the command prompt (dir \\server\username) instead of from Windows Explorer works. Accessing the same directory from Windows Explorer in Windows XP works. This problem started when we upgraded from Samba 3.2.5 to Samba 3.4.7. With Samba 3.2.5, our Vista users were fine, but Windows 7 was unable to connect (login failed, apparently due to the NTLMv2 / 128-bit encryption limitations that I read about online). Here's a snippet from the log file: [2010/03/15 15:09:58, 3] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 10955) conn 0x884d9d0 [2010/03/15 15:09:58, 4] smbd/uid.c:256(change_to_user) change_to_user: Skipping user change - already user [2010/03/15 15:09:58, 5] smbd/filename.c:148(unix_convert) unix_convert called on file [2010/03/15 15:09:58, 5] smbd/filename.c:181(unix_convert) conversion finished - . [2010/03/15 15:09:58, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/home/jkelley] [2010/03/15 15:09:58, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /home/jkelley [2010/03/15 15:09:58, 5] smbd/files.c:103(file_new) allocated file structure 11470, fnum = 15566 (2 used) [2010/03/15 15:09:58, 3] smbd/dosmode.c:149(unix_mode) unix_mode(.) returning 0700 [2010/03/15 15:09:58, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/home/jkelley] [2010/03/15 15:09:58, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /home/jkelley [2010/03/15 15:09:58, 4] smbd/open.c:1913(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x81, open_access_mask = 0x81 [2010/03/15 15:09:58, 5] smbd/files.c:474(file_free) freed files structure 15566 (1 used) [2010/03/15 15:09:58, 5] smbd/open.c:2391(open_directory) open_directory: opening directory ., access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x0 [2010/03/15 15:09:58, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RPMS and SRPM for RHEL-5/CentOS-5 available
On 11/28/07, Michael St. Laurent [EMAIL PROTECTED] wrote: I've just build 3.0.27a on a CentOS-5 system which is a respin/clone of RHEL-5. I would like to share them if someone on the team would tell me where to send them. Samba RPMs for CentOS are already provided by SerNet (at http://ftp.sernet.de/pub/samba/tested/centos/5/) and the KDE for RedHat project (http://apt.kde-redhat.org/apt/kde-redhat/centos/5/), and it looks like the Samba team is currently directing people to use SerNet's. Otherwise, I don't think there's a way for people to submit RPMs; you can always set up a publicly accessible yum repository yourself if you have time and bandwidth to do so, or you might see if the CentOS team would be interested in adding the latest version of Samba to the CentOS Plus repository. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access control question.
On Nov 26, 2007 3:13 PM, Matt Lozier [EMAIL PROTECTED] wrote: Thanks for this. I did think about using ACLs, but even if I set this up (for *every* directory that our users need access to) won't they still be able to *see* those directories even if they don't have r/w/x permission? Add hide unreadable = yes to your smb.conf. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help with Nitrobit Policy
On 11/9/07, Roylan Suarez Reyes [EMAIL PROTECTED] wrote: Someone on this list uses nitrobit policy? We used to, although we quit using it almost two years ago due to various reliability problems. What do you need help with? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re-Saving MS-Publisher files to Samba server prob
On 10/26/07, Barry Cisna [EMAIL PROTECTED] wrote: Run into a weird one. When students save their MS Publisher files to the samba server,they save fine. But,,,when they reopen them to edit them, then try to resave them they will not save. Even if they save with an extra number behind the original file name they do not save. I enabled hidden files and I do not see any lock files that have been placed into the Samba server /users/home folder? This is MS Office 2003, if that makes any diff. I never see any errors in the samba logs either right after doing the failed save.All other formats of MS Office save and re save fine. Anyone run into this before? What error message do you get when you try to save? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Misleading Password can change in pdbedit?
One of our users tried to change his password through Samba and was told that he was unable to do so. Samba logged the following error: user john.doe does not have permissions to change password I checked the Samba source code to see what this error meant, and I found that it meant that the password can change time was set to the maximum time allowed. However, when I ran pdbedit to verify, it said that the user could change his password whenever he wanted: Password last set:Mon, 03 Sep 2007 09:55:46 EDT Password can change: Mon, 03 Sep 2007 09:55:46 EDT I investigated further by checking the user's LDAP entry directly and by checking the source code for pdbedit and found that the user's sambaPwdCanChange was 2147483647 (the max time allowed, meaning no password change is permitted) and that pdbedit usually doesn't actually use the sambaPwdCanChange attribute in displaying Password can change and so may give no indication at all that password changes are disabled for an account. Is this a bug in pdbedit, or is it a misconfiguration or misunderstanding on my part? Thank you. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about samba.
On 8/28/07, Ross, Ronnie L (GNF) [EMAIL PROTECTED] wrote: I am running Samba 2.2.8 on a VMS 7.3-2 DS20. From the OpenVMS Freeware collection? Or from http://www.pi-net.dyndns.org/anonymous/jyc/? It looks like NMBD is in a tight loop. I can stop samba and start it back and it will go away for a short time. But, the problem comes back. We've seen this problem too, although it only happens once a month or so for us. Samba 2.2.8 is *extremely* old, and I don't think that it was ever officially ported to OpenVMS, so I'm afraid it's pretty unlikely that we'll find a fix. HP is working on an official port of Samba 3.x (see http://h71000.www7.hp.com/network/CIFS_for_Samba.html). Although it's still in testing, it could easily be more reliable than Samba 2.2.8. I've been meaning to test it for our office but haven't yet had time (or a spare Alpha to test it on). Also, you may not need to run NMBD at all. For example, if you're able to instead of a modern version of nmbd on a Linux or Unix box, I think that Samba on the Alpha will work even without NMBD. I could be wrong, however. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Too many 445 and 139 packets
On 16 Aug 2007 19:17:00 +0200, Helmut Hullen [EMAIL PROTECTED] wrote: And you shoudn't allow 445 - together with 139 (?) it produces other error messages, even listed in the Samba documentation. Port 445 is SMB over TCP/IP. In theory, at least, it's preferable to port 139 (SMB over NetBIOS over TCP/IP), since there's no NetBIOS overhead. While permitting both 445 and 139 causes error messages, the errors are completely and totally harmless (see http://wiki.samba.org/index.php/Samba_Myths), and IMO it's not worth disabling the more efficient TCP port 445. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba pdc/bdc and trust relationship
On 8/2/07, Mohammad Zohny [EMAIL PROTECTED] wrote: kindly try to help me in this problem, I need the solution urgently! On 7/31/07, Mohammad Zohny [EMAIL PROTECTED] wrote: Hi all, My environment consists of 2 locations. the first has a windows NT4 PDC (for domain EGVLE) and another SLES10 PDC server (for VLE domain).with a bi-directional trust relationship between them. the second location will have SLES10 server that will work as a BDC for the samba VLE domain. I want to know how the bdc server will take the trust relationship from the PDC server? and what is the optimum solution to do that? Domain trusts are explained in the Samba HOWTO Collection (http://samba.org/samba/docs/man/Samba-HOWTO-Collection/) and may also be covered in Samba By Example (http://samba.org/samba/docs/man/Samba-Guide/). Do you have specific questions not addressed in the docs? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permission denied when opening certain files - NT_STATUS_NOT_A_REPARSE_POINT
On 8/1/07, Daniel Bramkamp [EMAIL PROTECTED] wrote: I am experiencing a strange issue on our Samba PDC (3.0.24). Today I got called up by a user who was unable to open certain files from a samba share. He can open .doc, .xls, .pdf, etc. just fine, however, if he tries to open a .mdb file or an executable program from that share, he gets a permission denied message. Opening the same files from another user account logged into the same terminalserver works just fine. I have looked through the logs on the server and found a weird message: error packet at smbd/nttrans.c(90) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT As a wild guess, have you tried rebooting the client and then disconnecting and re-mapping the network drive? Samba 3.0.23-3.0.25 contain some changes to DFS settings that have caused some users problems, and although that doesn't sound like your problem, it might be worth a try. As a second wild guess... I wonder if some client software specific to that user is trying to interpret the file as a reparse point... A client-side tool like Sysinternals' Process Monitor (http://www.microsoft.com/technet/sysinternals/Utilities/ProcessMonitor.mspx) could show you the file operations that the client is attempting and might help show what's going on. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Receiving SMB: Server stopped responding
On 8/1/07, Turbo Fredriksson [EMAIL PROTECTED] wrote: I've upgraded to 3.0.25b, and I can't seem to get it running for more than a few minutes before it starts failing to find users... Since system-level username resolution is failing, could you provide a bit more information on your system? What OS? I'm assuming from your smb.conf file that you're using nss_ldap (or something equivalent)? Is nscd running? (And is it stable?) Is winbind running? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Modification Time Problem
On 7/31/07, Victor Cicero [EMAIL PROTECTED] wrote: Is this modification timestamp problem a known one? Or am I the first to experience it? If it is know, has it been fixed? If not fixed, is there a workaround I can use (short of working locally on the hard drive)? Samba has two timestamp options in smb.conf that are supposed to help with this sort of problem: dos filetime resolution and fake directory create times. Have you tried enabling those options? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory
On 8/1/07, Adriatik Allamani [EMAIL PROTECTED] wrote: So. How can I organize and configure the Cent OS to use it as Active Directory Server, and to open all the existing users there, and then to shut down the win2000 Server and to Activate the CentOS as domain controller? I want to use Red Hat Enterprise Linux 5.0.0. And Samba 4.0 Samba 4 is not out yet; the Samba 4 Technical Previews are not recommended for production use. I'm not aware of any docs or howtos on how to migrate from Windows AD to Samba 4 AD. (I *think* that I've seen comments about the Samba team working to get full-fledged AD replication working in Samba 4, which would mean that migrating to Samba should be as simple as promoting a Samba 4 DC then demoting the Windows DC. But I don't know that Samba 4 can do that yet.) Samba 3.x cannot serve as an Active Directory domain controller. It can serve as a NT4-style domain controller, but I suspect that you would need to rejoin all of your computers to switch from a Windows AD domain to a Samba NT domain. If your Active Directory domain is still in mixed mode, then I imagine that you could at least migrate users using Samba's net vampire command (http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html), but it's not something that I've tried. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba 4 svn23995 live CD release (maybe tp6?) dsa.msc works!
On 7/24/07, Andrew Bartlett [EMAIL PROTECTED] wrote: Keep testing and reporting issues, particularly on samba-technical and in bugzilla. We have a wide range of clients to keep working, so just checking all sorts of combinations is a great help. It's not just windows: - Samba 3.0 (latest) - Samba 3.0 (older) - someone can remind me when we changed the join code - Mac OSX Naturally, checking windows versions is also really helpful: - Win2k SP0 (tricky kerberos issues make it an interesting test) - win2k latest SP - winXP SP0 - winXP SP1 - winXP SP2 - win2k3 - win2k3 SP1 - win2k3 R2 with SP2 This is a bit of a tangent, but I've been curious how the Samba team does testing like this during development. Is it primarily done manually? Has anyone tried setting up something like VMware to do some automated testing? Were there any particular issues involved in doing so? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Pfr tmp files, FreeBSD and Linux
On 7/23/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I currently have 2 samba servers (3.0.25a) one running FreeBSD 6.2 and the other running CentOS 5. Both are setup the same and using the same smb.conf. The FreeBSD server works great, no problems. The linux server works great too except on logout. When a user goes to logout, windows errors with Windows was unable to save all the data for the file prf*.tmp. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. The odd part is that about 90% of the profile is written to the users home directory but it becomes corrupt with it not being usable again. Again, if the profile points to the FreeBSD server, we have no problems at all. Both servers are mounting home directories via nfs. Has anyone seen this behavior before? Athough FreeBSD and Linux are different, is there really that big of a difference that would cause the above problem? Or am I missing something simple? In my experience, adding veto oplock files = /prf*.tmp/ helps make profiles work more reliably. YMMV. Is anything logged to Windows' event log or to your Samba logs when this happens? Samba 3.0.25a has a few bugs related to its file change notify support, and the release notes mention that that feature uses Linux's inotify (which appears to not exist on FreeBSD). So I might guess that's what you're running into on your Linux server. You might want to try disabling that feature (change notify = no, kernel change notify = no) or upgrading to Samba 3.0.25b plus the patch at https://bugzilla.samba.org/show_bug.cgi?id=4796, which should contain all of the bugfixes needed to make file change notify work reliably. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.25b-1.1.72-1411 - copy from and to the same samba share
On 7/16/07, Jeremy Allison [EMAIL PROTECTED] wrote: On Mon, Jul 16, 2007 at 03:08:01PM +0200, Dragan Krnic wrote: WinXP logs an obscure NetBT Event ID 4322, which says NetBT could not process a request, because at least one OutOfResources-Exception occurred in the last hour. Open a bug and attach an ethereal/wireshare network trace please. I've been tracking this same problem and managed to get a Wireshark capture, so I posted it to https://bugzilla.samba.org/show_bug.cgi?id=4796. If there's any other information I can provide or testing I can perform, please let me know. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using setuid on smbd
On 7/12/07, Henrik Zagerholm [EMAIL PROTECTED] wrote: I wonder if it is a really bad idea to setuid bit on samba daemons to make them start with root privileges? I need it in an embedded systems where the daemons are started by a non root user and I don't have access to sudo etc and we all know that smbd should run under root. If setuid, any user with the ability to execute programs on the system could start Samba with the configuration file of their choosing, and smbd's flexible enough that this would translate into full control of the system. That sounds like a really bad idea to me, but _maybe_ there are enough mitigating factors for your embedded environment to make it not an issue. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap/pam authentication
On 7/13/07, Jeroen van Aart [EMAIL PROTECTED] wrote: Using ldapsam with an existing ldap setup is quite a pain and I'd rather avoid it (I have tried but yet did not succeed). I tried using pam, which did work, but only for plaintext passwords. Windows by default doesn't allow plaintext, so this would lock nout windows users unless windows is changed to use plaintext. There are many systems which can use ldap for authentication by just providing a server and distinguished name (dc=...) and such. I was hoping samba would be able to do just that, leaving out any other fancy things. Because Windows by default doesn't allow plaintext, it is _impossible_ for Samba to authenticate users using methods like PAM or generic LDAP; it needs a plaintext password to pass to one of those authentication mechanisms. Modifying an LDAP setup to add ldapsam can be tricky but is very doable, and there are several howtos available on the web and discussed on this list. What problems did you run into when trying to do it? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] replace w2k server dc by samba
On 7/11/07, Maxnux [EMAIL PROTECTED] wrote: Is posible replace a w2k by samba server, and cloning sid to no rejoined all pc to de domain?? If Win2K has been running as an NT domain server, then yes, this is possible. See http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html. If Win2K has been running as an Active Directory controller, then Samba 3.x lacks the capability to serve as an AD controller. That functionality is being worked on for Samba 4, which is not yet ready for production use. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DNS-error from one machine when trying to join domain
On 7/13/07, Huyth Jenssen [EMAIL PROTECTED] wrote: I finally managed to setup samba as a PDC and I was delighted to see that it actually worked this time, thanks to a few people here on the list. I could join the domain from the a computer running XP but I'm having some trouble when I try to connect from another computer. I get the following message; A domain controller for the domain could not be contacted The error was: 'DNS name does not exist.' (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.DOMAIN NAME Common causes of this error include the following: - The DNS SRV record is not registered in DNS. It's been a while since I've run Samba as a PDC, so my memory is fuzzy, but I do know that this error indicates that Windows is trying to join an Active Directory domain (which uses DNS). So either it's not configured to try joining an NT-style domain such as Samba runs, or it's failing to see your NT-style domain. I'd recommend that you start by checking your network settings on the client: check that NetBIOS over TCP is not disabled, and configure a WINS server, if necessary. Running Wireshark might help you see if the computer's even trying to find an NT-style domain and what's going wrong if it is. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: 3.0.25a closing network drive connections?
On 6/11/07, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: [2007/06/08 14:02:21, 10] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/06/08 14:02:21, 10] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length 0! [2007/06/08 14:02:21, 3] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). Is anyone else seeing similar problems? Should I open a Bugzilla or post the full debug logs here? The client disconnected. This is not smbd's fault. Upon further investigation, I think that smbd may be sending invalid NOTIFY responses to the client, causing the client to disconnect. I opened a Bugzilla with a level 10 debug log, Wireshark capture, and instructions to reproduce, since I thought that would be better than posting all of that stuff here: https://bugzilla.samba.org/show_bug.cgi?id=4689 I hope it's okay that I did so. Thank you for your time. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access Windows AD share From Linux
On 6/11/07, Kenneth R Leach [EMAIL PROTECTED] wrote: I was successful in mounting the share, using the following: mount -t smbfs -o username=myid,password=mypassword //AD Server/Share /mnt/app1 However, when I cd into the /mnt/app1 directory and try to list the contents I get a Permission Denied error. smbfs is generally deprecated in favor of cifs. Try mount -t cifs instead. I'm certain that you've already checked this, but just to make sure, I'm assuming that you checked the Linux permissions on the mounted filesystem to make sure that you have read access as far as Linux is concerned? mount.cifs supports uid, gid, file_mode, and dir_mode options to use different Linux permissions on mounted filesystems. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access Windows AD share From Linux
On 6/11/07, Kenneth R Leach [EMAIL PROTECTED] wrote: Well, I wanted to give cifs a try but it looks like it is not turned on in the current kernel. Therefore, I will have to see about recompiling the kernel with cifs support. You said that you're using RHEL 4, right? cifs is enabled by default in RHEL 4, and I've been using it for quite a while. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: msdfs root problems even after a reboot?
On 6/4/07, Josh Kelley [EMAIL PROTECTED] wrote: We upgraded from Samba 3.0.24 to 3.0.25a over the weekend and rebooted all of our clients afterwards. Since then, some of our clients are randomly getting the following error: Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. Unmapping and mapping the network drive fixes the problem, but one of the other admins in our office reports that after remapping a drive, it worked for a while, then the problem came back. Wireshark says that when the client generates this error, it's sending a GET_DFS_REFERRAL to the server, and the server is replying with a STATUS_NOT_FOUND. This sounds to me like the result of the change to msdfs root = no in Samba 3.0.25, but it seems that rebooting and even remapping network drives isn't necessarily fixing the problem for us. Any ideas? In case anyone else has similar problems, we (partially) figured out what was going on. If a user maps a network drive with the Reconnect at logon option checked or with net use /persistent:yes, then Windows caches whether or not that drive is a DFS root, even across reboots. This setting is kept in the registry under HKCU\Network; for a given network drive connection, if ProviderFlags is 1, it's a DFS root, and if it's 0, it is not a DFS root. We fixed the problem by updating our logon scripts to unmap and remap drives and by instructing users to remap drives if they encountered problems. I'm not sure what happened to cause a drive to not work after remapping, but that hasn't recurred. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Backends No Longer Supported
On 6/11/07, Matt Anderson [EMAIL PROTECTED] wrote: I have discovered the fact that since 3.0.23, multiple backends cannot bedefined by the passdb backend directive in smb.conf. I am currently using version 3.0.25 on AIX 5.3. Does anyone know of a way to use more than one backend? There's an external project, pdbsql, that aims to provide this functionality: http://pdbsql.sourceforge.net/ Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Multiple Backends No Longer Supported
On 6/11/07, Matt Anderson [EMAIL PROTECTED] wrote: Thanks for the project information. I was hoping to accomplish this using the existing local password backend currently in place along with the new LDAP backend we're in the process of creating. It looks like the pdbsql project is aimed toward using a mysql database... which would be helpful in using multiple backends, but I don't think I could use it to include the existing backend could I? pdbsql provides several different backends; one of the backends that it provides, pdb_multi, is supposed to provide support for chaining multiple backends. I haven't used it to know how well it works. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: 3.0.25a closing network drive connections?
On 6/7/07, Josh Kelley [EMAIL PROTECTED] wrote: Since upgrading from 3.0.24 to 3.0.25a this past weekend, network drive connections are randomly being closed and immediately reopened. This creates Delayed write failed errors for Firefox and Thunderbird, various errors for Outlook with its PST files on network drives, and errors from programs like InDesign that The network connection was lost for the file, or the file was modified by another process. I have a level 9 debug log from my computer when this happened. (I tried level 10 logs, but they ate up too much disk and rotated too fast.) Here are the relevant lines, from what I can tell: I've done some more investigating and managed to get a couple of level 10 debug logs from affected clients. I had originally wondered if this might be a networking issue, but I'm now pretty certain that it's a Samba issue. Each time the problem happens, from what I can tell from looking at the logs, the server sends the client a message as usual (reply_ntcreate_and_X in two instances, reply_ntcreate_and_X then call_nt_transact_notify_change (?) in another), then it tries and fails to read the next message: [2007/06/08 14:02:21, 10] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/06/08 14:02:21, 10] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length 0! [2007/06/08 14:02:21, 3] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). Is anyone else seeing similar problems? Should I open a Bugzilla or post the full debug logs here? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: 3.0.25a closing network drive connections?
On 6/11/07, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: [2007/06/08 14:02:21, 10] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/06/08 14:02:21, 10] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length 0! [2007/06/08 14:02:21, 3] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). Is anyone else seeing similar problems? Should I open a Bugzilla or post the full debug logs here? The client disconnected. This is not smbd's fault. Before upgrading from Samba 3.0.24 to Samba 3.0.25a, this happened never or virtually never; since upgrading, it's happening with multiple clients, sometimes several times a day for each client. Is it possible that something that Samba is sending is causing the client to disconnect? Thank you. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.25a closing network drive connections?
Since upgrading from 3.0.24 to 3.0.25a this past weekend, network drive connections are randomly being closed and immediately reopened. This creates Delayed write failed errors for Firefox and Thunderbird, various errors for Outlook with its PST files on network drives, and errors from programs like InDesign that The network connection was lost for the file, or the file was modified by another process. I have a level 9 debug log from my computer when this happened. (I tried level 10 logs, but they ate up too much disk and rotated too fast.) Here are the relevant lines, from what I can tell: [2007/06/07 10:54:46, 3] smbd/error.c:error_packet_set(106) error packet at smbd/notify.c(115) cmd=160 (SMBnttrans) NT_STATUS_OK [2007/06/07 10:54:46, 5] lib/util.c:show_msg(484) [2007/06/07 10:54:46, 5] lib/util.c:show_msg(494) size=71 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=7 smb_pid=3292 smb_uid=101 smb_mid=62151 smt_wct=18 smb_vwv[ 0]=0 (0x0) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]=0 (0x0) smb_vwv[ 4]=0 (0x0) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]=0 (0x0) smb_vwv[ 7]=0 (0x0) smb_vwv[ 8]=0 (0x0) smb_vwv[ 9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=0 (0x0) smb_vwv[16]=0 (0x0) smb_vwv[17]=0 (0x0) smb_bcc=0 [2007/06/07 10:54:46, 3] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/06/07 10:54:46, 5] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/06/07 10:54:46, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/06/07 10:54:46, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/06/07 10:54:46, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/06/07 10:54:46, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/06/07 10:54:46, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/06/07 10:54:46, 2] smbd/close.c:close_normal_file(399) josh closed file Downloads/SysInternals/psexec.exe (numopen=2) NT_STATUS_OK [2007/06/07 10:54:46, 5] smbd/files.c:file_free(451) freed files structure 11353 (2 used) [2007/06/07 10:54:46, 5] smbd/files.c:file_free(451) freed files structure 11191 (1 used) [2007/06/07 10:54:46, 5] smbd/files.c:file_free(451) freed files structure 11076 (0 used) [2007/06/07 10:54:46, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/06/07 10:54:46, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/06/07 10:54:46, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/06/07 10:54:46, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/06/07 10:54:46, 1] smbd/service.c:close_cnum(1230) pccomp8 (192.168.155.253) closed connection to service software At the same time when we upgraded Samba, we rearranged some servers and added a network switch. So it's possible that this problem is network related, but I don't think that it is; none of our switches are reporting any packet errors, for example. Any ideas or advice? Thanks. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] msdfs root problems even after a reboot?
We upgraded from Samba 3.0.24 to 3.0.25a over the weekend and rebooted all of our clients afterwards. Since then, some of our clients are randomly getting the following error: Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. Unmapping and mapping the network drive fixes the problem, but one of the other admins in our office reports that after remapping a drive, it worked for a while, then the problem came back. Wireshark says that when the client generates this error, it's sending a GET_DFS_REFERRAL to the server, and the server is replying with a STATUS_NOT_FOUND. This sounds to me like the result of the change to msdfs root = no in Samba 3.0.25, but it seems that rebooting and even remapping network drives isn't necessarily fixing the problem for us. Any ideas? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles in a home environment
On 5/31/07, Charles Marcus [EMAIL PROTECTED] wrote: I would recommend against doing this... Microsoft itself recommends against it, but I have also had problems with corruption in .pst files that are stored on a network share, both on Windows shares *and* Samba shares... Just to share my own experience, we've been running our PSTs off of Samba shares for several years now without seeing any corruption. We used to have some locking errors with this setup, but adding the following line to smb.conf stopped them: veto oplock files = /*.pst/*.PST/ Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smba with Amanda backup --- permissions
On 5/31/07, bhoomikasc [EMAIL PROTECTED] wrote: I am trying to create a Samba share on /media/winshare with the owner as amandabackup instead of root. But as soon as I mount the Samba share on to the mount point, the permissions for the owner get reverted back to root instead of amandabackup. Attaching a snapshot of how it looks like. http://www.nabble.com/file/p10894282/samba%2Bquery.jpg The permissions on the directory used as the mount point have no effect on the permissions of the mounted filesystem. This is the case for Linux and Unix in general and is not a Samba-specific issue. You should be able to add the uid= and gid= options to your mount command to change the permissions of the mounted filesystem: mount -t cifs -o username=linuxbak,uid=amandabackup,gid=root //10.80.101.15/linuxbak /media/winshare Note that the mount type smbfs is generally deprecated in favor of cifs. Amanda supports backing up Windows shares using smbclient; I've always used that method instead of mounting a SMB filesystem. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Any docs to convert samba server to Win2003 server?
On 5/23/07, Gary MacKay [EMAIL PROTECTED] wrote: Yeah I know. Not a good question to ask on a samba newsgroup. Unfortunately for this client, the software they use requires a Windows server. Since the box is less than a year old, they do not want to purchase a second server for two applications. So, I am left with the task of converting the linux/samba server to WinBloze 2003 Server. There are only 10 workstations so if I have to unjoin them from the current domain and rejoin them I guess I could, but just wondered if there was a way to migrate the SID and such over to the new server? The Active Directory Migration Tool (ADMT) off of Microsoft's web site can migrate users and computers from an NT 4 domain (including a Samba domain) to Active Directory. This can save you from disjoining and rejoining workstations and from recreating user accounts. However, since it is a Samba domain and not a true NT domain, there's no way that I'm aware of to migrate user passwords or SID histories. If there was a way to set SID history yourself, then that would work; however, Windows doesn't directly let the administrator set the SID history attribute on an account in Active Directory. I'm sure it's possible to work around that (maybe by running a process as the LOCALSYSTEM account?), but I don't know how. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Changing Windows password complexity error dialog box
On 5/11/07, Jerome Steunenberg [EMAIL PROTECTED] wrote: Thanks for the info Josh. I checked and there's only these options under Security Settings / Account Policies / Password Policy: * Enforce password history * Maximum password age * Minimum password age * Minimum password length * Password must meet complexity requirements * Store password using reversible encryption for all users in the domain But there's nowhere any option that allows to change the other complexity requirements that appear in the message box (i.e. contains at least three of the following four character groups...) Password complexity requirements are hard-coded by Windows (see http://technet2.microsoft.com/windowsserver/en/library/c835b4b2-e082-478f-bdf9-b0faaa654fad1033.mspx?mfr=true) if you enable the Password must meet complexity requirements setting. Setting up different complexity requirements (on a Windows server) requires installing your own password filtering DLL. Also, changes in the above mentioned settings are not reflected in the message box! Sorry, I'm not sure what to tell you there. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Changing Windows password complexity error dialog box
On 5/10/07, Jerome Steunenberg [EMAIL PROTECTED] wrote: I have a Samba PDC on which I use the check password script option in smb.conf to enforce a specific password complexity policy when the XP user changes his password with Ctrl-Alt-Del. This works fine, but when the password does not comply with the password complexity policy, XP shows the following dialog box: The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria: is at least 5 characters; has not been used in the previous 0 passwords [...] Type a password which meets these requirements in both text boxes I *think* that the details of this error message are determined by whatever Windows thinks the password security policy is. That's configured under Local Security Policy (which is under Control Panel, under Administrative Tools). Go under Account Policies, under Password Policy, and check the settings there. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: major cifs bug in 2.6.19+?
On 4/30/07, Jason Haar [EMAIL PROTECTED] wrote: However, this problem doesn't affect us under 2.6.18 - only the newer kernels. Maybe something was broken in the cifs kernel module in newer releases? How odd; I hadn't looked into version numbers enough. We're running 2.6.9-42.0.10.EL, as provided by CentOS 4.4, and I just assumed that it might have had some CIFS changes backported, but it looks like it comes with CIFS 1.34, which is several versions older than 2.6.18 or 2.6.19. Maybe the problem was fixed and then reintroduced, or maybe it's a closely related bug. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: major cifs bug in 2.6.19+?
On 4/30/07, Jason Haar [EMAIL PROTECTED] wrote: I can see Linux asking for ASG_SUPP\* when I did an ls -l ASG_SUPP - and I can see the Windows file server returning the contents of the directory above it!!! snip //server/share contains 74 subdirectories: attempts to do listings on any of those directories results in the same list of 74 top-level subdirs again. So maybe this problem only hits servers with DFS enabled? But it works under 2.6.18...? When DFS is enabled, the SMB protocol requires that the client send the full path to the network share (including server), rather than just the directory (e.g., \\server\share\parent\subdir1 instead of just parent\subdir1). This lets the DFS server know what DFS root was originally requested. The CIFS client fails to do that; it instead just sends parent\subdir1, which causes parent to be interpreted as a server name and subdir1 as a share name. This is why searching for parent\subdir1\parent\subdir1 works; the initial parent\subdir1 is parsed out as the server and share, then parent\subdir1 is correctly processed as the path. (If I remember correctly - it's been a little while since I looked at this.) I reported this as a bug a while ago, but it apparently hasn't been fixed yet. See https://bugzilla.samba.org/show_bug.cgi?id=4066. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BLOATED LDAP Traffic from Samba
On 4/24/07, Joseph Williams [EMAIL PROTECTED] wrote: My Samba PDC is sending tons of traffic my ldapserver(iplanet) and is causing the ldap server load to peak consitently over a ridiculous 91%. Logons come to a crawl because the ldap load is so high. I don't not have roaming profiles enabled. This doesn't directly answer your question, but I'm surprised that an LDAP server would max CPU usage if indexes and such are set up properly. Did you make sure to enable all of the recommended LDAP indexes (in particular, sambaSID)? (See chapter 2 of the Samba HOWTO Collection for a sample OpenLDAP slapd.conf file that lists recommended indexes.) Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] question re multiple backends and the 'guest' backend
On 4/26/07, J Xu [EMAIL PROTECTED] wrote: Just wonder if there is any sound reason why this feature is dropped, other than maybe making adding users/groups/machines comlicated for a PDC configuration? Is there any plan to re-enable this feature sometime later? It was decided that multiple passdb backends overly complicated things and were hardly ever used: http://marc.info/?l=sambam=113952596018519w=2 Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbstatus -B segmentation fault
On 1/17/07, Jeremy Allison [EMAIL PROTECTED] wrote: This is a bug in tdb_write that it's not checking for the tdb being read-only. Here's a patch. This has been fixed differently in the svn code (tdb_write is fixed). I'll give that a try; thanks. (It's a production server, so I'm not sure when I can try it.) Does this cause a problem outside of smbstatus? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbstatus -B segmentation fault
When using Samba 3.0.23b (slightly old, I know) on CentOS 4.4,
smbstatus -B fails with a segmentation fault. smbstatus works, and
tdbdump is able to dump brlock.tdb and locking.tdb without any errors
(which is not what I expected).
Here's the backtrace (non-ASCII characters replaced with 'X'):
#0 0x0017fa2c in memcpy () from /lib/tls/libc.so.6
#1 0x0029b19f in tdb_write (tdb=0x89b8608, off=3083693360, buf=0x89b8608,
len=144) at tdb/tdb.c:404
#2 0x0029d578 in tdb_store (tdb=0x89b7078, key=
{dptr = 0x89b8128 \005X, dsize = 16}, dbuf=
{dptr = 0x89b8608 XX\002, dsize = 144}, flag=1) at tdb/tdb.c:1101
#3 0x002611a2 in traverse_fn (ttdb=0x89b7078, kbuf=
{dptr = 0x89b8128 \005X, dsize = 16}, dbuf=
{dptr = 0x89b8608 XX\002, dsize = 612}, state=0x25b622)
at locking/brlock.c:1352
#4 0x0029ccd4 in tdb_traverse (tdb=0x89b7078, fn=0x2610f8 traverse_fn,
private_val=0x25b622) at tdb/tdb.c:1403
#5 0x002612b6 in brl_forall (fn=0x9d30) at locking/brlock.c:1381
#6 0x0025bdd8 in main (argc=2, argv=0xbffa9064) at utils/status.c:733
Any suggestions?
Thanks.
Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Identically named users and groups
We have a Linux user and group with the same name (username prox, group name prox) and a Samba share with force user = prox set. Since upgrading from Samba 3.0.21b to Samba 3.0.23a, that share no longer works. smbclient gives the following error when connecting to the share: tree connect failed: NT_STATUS_NO_SUCH_USER The Samba server logs the following error: [2006/08/07 09:38:26, 1] auth/auth_util.c:create_token_from_username(1060) prox is a Domain Group, not a user So Samba no longer likes having a user and group by the same name. Is this an intentional change in Samba 3.0.23, or is it a bug? I don't remember seeing anything about it in the release notes. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
On 8/7/06, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: Josh, So Samba no longer likes having a user and group by the same name. Is this an intentional change in Samba 3.0.23, or is it a bug? I don't remember seeing anything about it in the release notes. We think that we have this fixed in the current SAMBA_3_0_RELEASE. Would you mind testing this and letting me know? You can grab it from svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE or rsync;//rsync.samba.org/ftp/unpacked/samba_3_0_release. I'll hold 3.0.23b until I hear from you. Thanks. Sorry, I tried the SAMBA_3_0_RELEASE branch and am still seeing the same problem. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Server signing bugs with CIFS VFS client
Since upgrading to Samba 3.0.23a, mounting a Samba share using mount.cifs generates the following errors in the Samba server's logs: Aug 7 17:45:08 pccentos4 smbd[5345]: [2006/08/07 17:45:08, 0] libsmb/smb_signing.c:srv_check_incoming_message(720) Aug 7 17:45:08 pccentos4 smbd[5345]: srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of Aug 7 17:45:08 pccentos4 smbd[5345]: [2006/08/07 17:45:08, 0] libsmb/smb_signing.c:srv_check_incoming_message(724) Aug 7 17:45:08 pccentos4 smbd[5345]: srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of The errors appear to be harmless. I get similar errors even after applying the patch from https://bugzilla.samba.org/show_bug.cgi?id=4003 or trying SAMBA_3_0_RELEASE. (I was also getting permission denied errors using CIFS VFS to access a Samba 3.0.23a server, but those appear to be fixed in SAMBA_3_0_RELEASE.) Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems accessing shares with dollar signs
On 7/22/06, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: Josh Kelley wrote: From my CentOS 4.3 box running Samba 3.0.21b, mounting \\server\data$ (a Windows Server 2003 DC) or \\domain\data$ (the same share, shared over DFS) using mount.cifs doesn't give any errors, and I can do an ls of the top-level directory, but when I try to do an ls of a subdirectory, I get the top-level directory listing again. The CIFS fs did not support MS-DFS last I checked. It does; I am able to access other DFS shares (netlogon and sysvol are the only two I have configured), and I can see the top-level directory of data$ and software$, but I can't see any subdirectories. From the same box, using smbget or smbclient's mget command works. From the same box, using smbclient's tar command fails; What version of Samba are you using here ? 3.0.21b. I retested against 3.0.23a with the same results; I also noticed some errors similar to the following in smbclient's tar's output: Server packet had invalid SMB signature! opening remote file \Adobe\Adobe Acrobat 7.0 Professional\program files\Adobe\Acrobat 7.0\R (\Adobe\Adobe Acrobat 7.0 Professional\program files\Adobe\Acrobat 7.0\) (They were probably there earlier and I just overlooked them.) From my Fedora Core 5 box running Samba 3.0.23, mount.cifs gives the same symptoms. smbclient gives errors similar to the following upon cd'ing into most (but not all) subdirectories and then running ls: client_check_incoming_message: received message with mid 11 with no matching send record. SMB Signature verification failed on incoming packet! As a result, neither smbclient's mget nor its tar work. I'd file a bug. We will also need a level 10 debug log from the client and probably a raw network trace (included as attachments). Also please retest 3.0.23a (released yesterday). Thanks. I've been unable to replicate that exact error message in 3.0.23 or in 3.0.23a; I did take debug logs and network traces of the above errors and filed them as bug #3968. Thanks for your help. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems accessing shares with dollar signs
I'm having various problems accessing shares with dollar signs in their names (e.g., \\server\c$); however, there doesn't seem to be much consistency to the types of problems. Details: From my CentOS 4.3 box running Samba 3.0.21b, mounting \\server\data$ (a Windows Server 2003 DC) or \\domain\data$ (the same share, shared over DFS) using mount.cifs doesn't give any errors, and I can do an ls of the top-level directory, but when I try to do an ls of a subdirectory, I get the top-level directory listing again. From the same box, using smbget or smbclient's mget command works. From the same box, using smbclient's tar command fails; it gets a directory listing of the subdirectory, but it tries to open each file in that subdirectory as if it were a directory, and so it gives the following error, repeated for each file: NT_STATUS_FILE_IS_A_DIRECTORY opening remote file \WinAudit\wa_xml2html.xsl (\WinAudit\) On other directory trees, it gives errors similar to the following: NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file \Adobe\Adobe Acrobat 7.0 Pro fessional\Common\Adobe\Acrobat 7.0\Uninstall\UninstManager.dll (\Adobe\Adobe Acr obat 7.0 Professional\Common\Adobe\Acrobat 7.0\Uninstall\) (It looks like the first error message is for files in top-level subdirectories and the second error is for files nested more deeply in subdirectories.) Oddly enough, \\server\c$ appears to work, even though other shares (\\server\data$, \\server\software$) don't. From my Fedora Core 5 box running Samba 3.0.23, mount.cifs gives the same symptoms. smbclient gives errors similar to the following upon cd'ing into most (but not all) subdirectories and then running ls: client_check_incoming_message: received message with mid 11 with no matching send record. SMB Signature verification failed on incoming packet! As a result, neither smbclient's mget nor its tar work. I don't even know for sure that the dollar signs are the source of the problem, since some shares and some directories work and others don't. Any help would be appreciated. Packet dumps available upon request. Thanks. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain admins and samba
On 4/21/06, Ivan Ordonez [EMAIL PROTECTED] wrote: How can I give a user account the ability to join or add computer to the domain? Are privileges enabled? (enable privileges = yes in smb.conf) If not, then I believe that only root can join computers to the domain. If privileges are enabled, then see Chapter 14 of the Samba HOWTO-Collection for instructions on delegating privileges to your Domain Admins group. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE: [Samba] Not able to join domain
On 4/6/06, Eric Hines [EMAIL PROTECTED] wrote: The start of this error message implies that you have not yet changed your security level to user. Did you restart your Samba server after making that change? You must after every change to the smb.conf file, because Samba reads that file only on startup. This is incorrect. Samba periodically reloads its config file (every 1-5 minutes - I've seen conflicting answers for how often exaclty), and you can instruct it to immediately reload by sending it a HUP signal or by using the smbcontrol command. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] print server performance issues
On 3/17/06, Bruno Gomes Pessanha [EMAIL PROTECTED] wrote: I'm migrating a 1.000 queues windows print server with AD very critical enviroment to linux/cups/samba solution. Initially, everything working fine, but when reached paroximately 400 queues created the server is getting degradated. The browsing of printers shares is very low. Many times during the day smbd and winbindd need to be restarted to stop the degradation. I didn't found any bottleneck, memory, processor, disk i/o are fine. I have read a lot of tuning docs but nothing solved my problem. Some body knows where can I find more information? Or if there's any study case with 1000 queues in a enviroment with 10.000 workstations and aproximately 20.000 users registered in MS-AD. Is samba prepared to this kind of enviroment? According to this email, CUPS 1.1.x uses a linear lookup for printers, so it may just be too inefficient to handle 1000 print queues: http://marc.theaimsgroup.com/?l=sambam=113165829420082w=2 CUPS 1.2, which is supposed to fix this, is unfortunately still in beta. Another print server, such as LPRng, might be able to handle this better; I don't know. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backup Restore Samba Configuration
On 3/11/06, Stéphane Purnelle [EMAIL PROTECTED] wrote: Lake-Wind a écrit : The motherboard in our Samba server fried. I have re-installed our operating system (SUSE 10) and was wondering what is the best way to restore our Samba server? Can it be as simple as copying the smb.config and smbpasswd files back into the /etc/samba directory? That's what I am hoping. If I just copy the smb.config and the smbpasswd files back to the samba directory will the machine trusts, users and passwords just work? If not, what is the proper procedure for restoring. Thank you for your help! Mike add secrets.tdb and /etc/passwd for restoration. Depending on the server's use, you may also need .tdb files from the /var/lib/samba directory (or wherever SUSE keeps it). See http://marc.theaimsgroup.com/?l=sambam=48952808956w=2 for a list of which .tdb files are important. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getting rid of lmhashes?
On 3/2/06, Mark Proehl [EMAIL PROTECTED] wrote: is there a way of disabling the creation of the (insecure) lm-hash in the passdb backend of a samba3-pdc? The standard way to disable LM hashes in a Microsoft shop is to configure the clients to not save them (Local Security Policy - Security Options - Network security: Do not store LAN Manager hash value on next password change). I don't think they even offer a server-side option to do so. It does seem like a useful feature for Samba. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Passwords complexity with smbldap-passwd
On 2/24/06, mallapadi niranjan [EMAIL PROTECTED] wrote: I have samba PDC (3.0.21) with openldap 2.2.13 on Redhat Enterprise Linux 4. All my windows clients (2000 Professional, and xp) . Using pdbedit we can set policies, we have made passwords to be 8 characters and password history to be 4, is there any way we can add password complexity , ie when user changes his password we can make him add alphanumeric, characters and capital Letter also. ie now user types in any 8 letter dictionary words, is there any way in samba where we can set Password complexity. Use the check password script option in smb.conf. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain user notifications?
On 2/23/06, Mark Rutherford [EMAIL PROTECTED] wrote: Is there a method of notifying users of a domain about a server or print queue reboot/shutdown/maintenance/problem? Our old Netware servers used to do this, and everyone seems to rely on the fact that they will be told they have X minutes remaining on a power failure, ect. smbclient -M lets you send messages via the WinPopup / Messenger (not to be confused with Windows Messenger / MSN Messenger) service. You'll have to write a script to run it for each computer in your domain, AFAIK, and Messenger is disabled in XP SP 2, so you'll need to reenable it on any clients running that OS (and firewall the relevant ports off from the Internet to stop Messenger spam). Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Change smbpasswd in a cron job
On 2/20/06, Dennis Duggen [EMAIL PROTECTED] wrote: For a project we are trying to change the samba password automatically in a cron job. Since smbpasswd doesn't allow the password to be entered otherwise than though the console (user input). We found a solution to the input part though expect. But as thing go expect doesn't work in a cron job since it has no tty. Depending on your SAM backend, you may be able to edit the backend directly. For example, we have some perl scripts to change passwords by connecting directly to our LDAP server. I posted a copy of our script at http://www.jbc.edu/~josh/changepasswd.pl if you're interested. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to control who can log into the samba box
On 2/20/06, David Shapiro [EMAIL PROTECTED] wrote: I have samba set up using winbind so that I can ssh into the box with my DOMAIN\mylogin. That's great...kind of. How do I control which users can login to the box? As it stands now, all users in DOMAIN can log in, which is not desireable. Do I need to map domain groups to unix groups? Do I need to map domain users to the box some how? Even if I do that, how do I then set it up so some users can log into the server and others cannot? You should be able to use sshd_config's AllowUsers, DenyUsers, AllowGroups, and DenyGroups to do this. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3 simple questions
On 2/19/06, Peter [EMAIL PROTECTED] wrote: 2. I have disabled printing using: disable spoolss = yes My logs are filling up with messages (every 30 minutes): printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused How can I stop this from happening? disable spoolss doesn't disable printing completely, it just disables the newer SPOOLSS style of printing. To disable printing completely: load printers = no printing = bsd printcap name = /dev/null Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rejoining Computers to the domain
On 2/16/06, mallapadi niranjan [EMAIL PROTECTED] wrote: I have a query, I have a samba 3.0.21 with openldap, all my windows clients are joined to PDC. but suddenly now , all my windows clients uanble to login but when i do getent passwd on the server , i could see all my computer accounts . even when i do ldapsearch -x -b ou=Computers,dc=msdpl,dc=com , i could see the list of computer account names but my windows clients report error message that the compter name is missing from the domain . all the systems had to rejoin to the domain. even having the computer account names in the ldap database. Check that the computer accounts in LDAP have the appropriate Samba object class and attributes. (In other words, check that they're not just POSIX accounts.) Check that their RIDs are correct. Under the default setup, I think, a user account's RID = uid * 2 + 1000. Try turning up the log level to see if that gives any more information. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange messages in logs
On 2/16/06, Emmanuel Lesouef [EMAIL PROTECTED] wrote: I often have this type of message in my samba logs : Feb 16 18:06:42 lxdata smbd[3731]: read_socket_data: recv failure for 4. Error = No route to host and Feb 16 18:06:42 lxdata smbd[3731]: [2006/02/16 18:06:42, 0] lib/util_sock.c:read_socket_data(384) This seems to be a FAQ. If the messages are from 0.0.0.0, then the problem is that Windows clients by default open connections on both port 139 and port 445. When one connection succeeds, they silently drop the other connection. The messages that you're seeing are from Samba realizing the connection was dropped. You can get rid of the messages by setting smb ports = 139 (which will force Win2K and newer clients to use NetBT, even if they don't have to) or smb ports = 445 (which will break pre-Win2K clients), but they're harmless, and I'd recommend just ignoring them. If the messages are from another IP address, then that probably indicates a client problem or networking problem. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Xp Home hack + Domain join
On 2/9/06, Franck Y [EMAIL PROTECTED] wrote: Does anyone of you has found the hack to permit win xp home edition to join a domain controller. Would something like pGina (http://pgina.xpasystems.com/?page_id=3) meet your needs? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to remotely disconect user from samba
On 2/6/06, Maurizio Faccio [EMAIL PROTECTED] wrote: I need to disconnect from the server a user that is using files from the samba server to upgrade that files. How can i remotely disconnect that conection to the server smbcontrol smbd close-share sharename can close all clients using a particular share. kill pid-of-smbd-process can close a particular client's connection, but it may not give the smbd process or the client a chance to properly shut things down. However, either command may not do much good, because Windows automatically reconnects to the server if it needs to. Linux/Unix file semantics let you replace files while they're in use; whoever's using the old version of the files continues to see the old files, and when the client closes, the old files are automatically deleted. (This is handled transparently by the operating system.) If you're upgrading the files from Linux/Unix instead of over Samba, you shouldn't need to worry about disconnecting users. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba rpm and /var/*/samba directory for .tdb files
On 2/6/06, Oliver Schulze L. [EMAIL PROTECTED] wrote: I use CentOS4 (RHEL4) and it seems that I was using /var/lib/samba for storing the .tdb files. Then I compilled the fedora .src.rpm from samba.org and it points now to /var/cache/samba I noticed this too (and it tripped me up until I noticed it). Anyone can confirm this list of distro/.tdb directory: Fedora: /var/cache/samba CentOS4: /var/lib/samba RH9: /var/lib/samba Unless I'm missing something, samba-3.0.10-1.4E.2.i386.rpm, as included with CentOS 4.2, uses /var/cache/samba. Older Fedora .src.rpms from the Samba site used /var/lib/samba, so if you're upgrading from there, that explains the change. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Question
On 1/29/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I got a quick question to ask is there any possible way to have only specific users to be able to access the folder for example. if i have folder called SHARE and inside the SHARE folder i have folder called confidential can i set the permission only management to access the share folder? if so how can i do that. Set the Unix permissions on the confidential folder so that only the desired users can access it. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what with privileges
On 1/29/06, Playnet [EMAIL PROTECTED] wrote: Hello samba, I try add machine into domain. If i run smbldap-useradd manually, all ok. But from samba i get errors: Jan 29 22:47:04 sstand net: smbldap_open: cannot access LDAP when not root.. I think that this indicates that Samba isn't running smbldap-useradd as root because the account you're using doesn't have permission to add computers to the domain. If you don't have privileges enabled (enable privileges = no), then I think you need to use the root account to join the machine. If you do have privileges enabled (enable privileges = yes), then make sure that the account you're using has the SeMachineAccountPrivilege. See chapter 14 in the Samba HOWTO for details on privileges. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
On 1/23/06, Tomasz Chmielewski [EMAIL PROTECTED] wrote: Ilia Chipitsine schrieb: pdbedit it is beatiful thing for converting from anything to anything :-) Almost. I don't see if it can convert ldapsam to /etc/passwd and /etc/group. To get /etc/passwd and /etc/group from LDAP, run getent passwd and getent group on a computer that has LDAP/nsswitch configured. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] oplocks and Excel
On 1/25/06, Matt Morgan [EMAIL PROTECTED] wrote: When they save open Excel files from Windows, they are prompted to overwrite the existing file. I mean, when they click the little disk icon or use Ctrl-S or File--Save. Excel would normally just write over the file, not check with an are you sure? prompt. But that's what they get. This bug was fixed in Samba 3.0.11, IIRC. If you don't want to upgrade Samba, you should be able to get rid of the message by setting your Excel workbooks for sharing. (Under Excel's Tools menu, choose Share Workbook.) Microsoft's knowledgebase also describes the issue at http://support.microsoft.com/default.aspx/kb/324491/en-us?; I remember trying the fix they suggest there, but I can't remember if it worked or not. Regarding your oplocks question, we've left them on for everything but Outlook .pst files (which sometimes had locking errors with oplocks enabled) and have had no problems that I'm aware of, but others are probably more qualified to speak on this. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Novice question - How to completely disable printing and /etc/printcap errors ?
On 1/26/06, Elizabeth Schwartz [EMAIL PROTECTED] wrote: I got rid of the Unable to connect to CUPS Server errors by adding to smb.conf the line printing=bsd but I am still getting smbd[4809]: [ID 702911 daemon.error] Unable to open printcap file /etc/printcap for read! Is there a way to get rid of this error short of recompiling? (it is nice to be using the The following (or something like it) was suggested earlier on the list by Jerry Carter: load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error when using mount with smbfs
On 1/24/06, Mark R. White [EMAIL PROTECTED] wrote: I can use smbclient with no probs, can transfer files back and forth and it works flawlessly, but, when I try to use mount with smbfs or smbmount, it continuously gives me an error. See below. I would guess that your Windows server is set up with some security options (such as Digitally encrypt or sign secure channel data) that smbfs doesn't support but smbclient does. smbfs is outdated. Try using cifs instead (mount.cifs). Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Who or what is IP client 0.0.0.0?
On 1/16/06, James Peach [EMAIL PROTECTED] wrote: So, you have one or more clients on your network that disconnects from the server unexpectedly. You might be able to track them down by increasing the log level. This is typical; Windows clients attempt to connect on both ports 139 and 445, and when one succeeds, they immediately close the other. The error message is harmless and can be ignored, or you can configure Samba to only listen on one port using the smb ports option in smb.conf. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pseudo domain login (fast user switch)
On 12/28/05, Ben [EMAIL PROTECTED] wrote: I've got a bunch of Win XP Pro machines, and I setup domain logins to the samba server so I'd have roaming profiles, etc. Alas, I've now discovered that windows doesn't let you use fast user switching when you do domain logins. Try FrontMotion Login (http://www.frontmotion.com/FMLogin/index.htm); it adds Fast User Switching to domain environments. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Migration from 2.2.7a to 3.0.14a
On 12/20/05, Dan Johansson [EMAIL PROTECTED] wrote: I would like to migrate from an old Server running Samba 2.2.7a as Domain controller to a new one running version 3.0.14a. The new server (with a new hostname) should be the DC in the future as the old server is to be decommissioned. Now I am looking a good HOWTO or similar document describing such a migration - any suggestions? Samba 3 By Example has a section on upgrading from Samba 2.x to Samba 3.x; the relevant section is at http://us1.samba.org/samba/docs/man/Samba3-ByExample/upgrades.html#id2567854. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error in documentation: Samba 3 By Example: Chapter 5 - Making Users Happy in re: Outlook
On 12/19/05, Jonathan Johnson [EMAIL PROTECTED] wrote: Configuration of MS Outlook to Relocate PST File Microsoft Outlook can store a Personal Folders file, generally known as a PST file. It is the nature of email storage that this file grows, at times quite rapidly. So that users' email is available to them at every workstation they may log onto, it is common practice in well-controlled sites to redirect the PST folder to the users' home directory. Follow these steps for each user who wishes to do this. A few more notes on PST file location: (Some or all of this may be beyond the scope of the Samba docs.) Microsoft doesn't officially support storing PSTs on network drives (see http://support.microsoft.com/kb/297019/), although it seems to be a pretty popular setup. In addition to manually moving PST files, you can set the default PST location for new accounts by following instructions at http://www.windowsitpro.com/Windows/Article/ArticleID/48228/48228.html. This setting could presumably be done using NT4-style policies, but I haven't tried it. We found that disabling oplocks on PSTs cut down on some locking errors, and I've seen the suggestion from others on the mailing list as well: veto oplock files = /*.pst/*.PST/ 3.0.21 includes an oplock rewrite; maybe the above will no longer be necessary? The instructions that you provided for moving PST files don't work for PSTs that store IMAP account information. Those can be manually moved to network drives using a variation on your instructions: 1. Close Outlook. 2. From the control panel, launch the Mail icon 3. Click Email Accounts 4. Make a note of the location of the PST file(s). From this location, move the files to the desired location. 5. Back under Email Accounts, click Settings for the data file, and select the new location when Windows complains about the file missing. However, this breaks Outlook's Send/Receive button, so we quit doing it. I haven't figured out a fix for this. (From what I can tell, PSTs for IMAP accounts store message rules/filters related to that account, so they would be worth centralizing, even though the mail itself is on an IMAP server.) Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Error in documentation: Samba 3 By Example: Chapter 5 - Making Users Happy in re: Outlook
On 12/20/05, Alan Dodd [EMAIL PROTECTED] wrote: Tried using Thunderbird with Imap, but this was quite bulky, messages get cached locally, and if there is a lot of mail, when the roaming user changes workstation, he/she has to wait 'till the cache reloads (550M? 1G?). (And for security reasons we must delete the cache anyway, and if we don't use cache, the thing gets slow, and..) I then installed a web interface mail client which works quite well, but is not as complete as OE or Ms Outlook or Moz Thunderbird are. I think if some guy from Mozilla would want to build an option to store collected messages in a (centralized) database like Mysql, Thunderbird would become a killer app for roaming profiles! (already tried giving them a hint - no response yet) Thunderbird's profiles can be stored wherever you want; we store them on people's networked home directories, to avoid bloating the roaming profile. There are several ways to configure this; we did it by setting up the Thunderbird shortcuts with a -profile h:\Mozilla\Thunderbird parameter to force the use of that profile. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passwd program directive and windows
On 12/9/05, Jerome Tournier [EMAIL PROTECTED] wrote: I'd like to know: if the passord is not conformed with the policy, is there a way to return to the windows's user a popup to tell him that there's one upper case missing, or ... If this is not possible, is there a way to just tell him that security policy is not reached ? You can use the check password script smb.conf option to define a password policy. Users with too-simple passwords will get an error message, however, it's not particularly helpful: Your password must be at least 8 characters, cannot repeat any of your previous 0 passwords and must be at least 0 days old. Please type a different password. Type a password which meets these requirements in both text boxes. I unfortunately don't know a way around that. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [more info] getpwnam fails on ldap
On 12/6/05, tom burkart [EMAIL PROTECTED] wrote: Yet getent passwd | grep username returns the entry from the ldap directory. The only problem I have found is that getent shadow | grep username returns a username:x:::0 entry (ie cannot access shadow info). All these commands are run as root so this should not be an issue. But this seems to clear samba of being at fault and seems to point at nss_ldap. I am somewhat guessing so I could be wrong here. Did you make sure to set rootbinddn in /etc/ldap.conf and the root password in /etc/ldap.secret? Otherwise, getent shadow runs as an unprivileged user, even as root. Did you check permissions on /etc/ldap.secret (should be mode 0600)? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Build error of rpm for samba-3.0.21rc2 on Centos 4.2
On 12/8/05, Oliver Schulze L. [EMAIL PROTECTED] wrote: Hi, I'm trying to compile samba 3.0.21rc2 in Centos 4.2 and I get this errors: Which spec file / source RPM are you using? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP!
On 12/6/05, Marco Musico' [EMAIL PROTECTED] wrote: The stuff was running pretty well up until we tried to setup and install a printer on the Linux box; I saved the old configuration (smb.conf file) and then I started to change some lines in it to allow printer sharing... my nightmare started to be real since then!! Now no user on any pc can log into the domain; root can add machines in the domain (and the machine account is created too..) but cannot log in. Apparently the server behaves as a stand alone one even when testparm shows it's a PDC; infact I can log into any Windows machine with a local user and I am able to browse the server by running \\server: Samba asks me for user/password and the let me in; at that point I can brose the shares, open files, save files and so on. Now my question is: what have I done wrong? It's clearly something we changed in smb.conf or so that is making us having an headache. I am including smb.conf, log.smbd (with a level 5 debugging). It doesn't look like these files were attached. If you can add machines to the domain, then that suggests that the server is still acting as a PDC in some capacity. I'm not sure why it's not working; maybe your smb.conf would shed some light. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon drive = Z: causes problems
On 12/6/05, Brian Gewin [EMAIL PROTECTED] wrote: I've attempted many different solutions including the obvious logon drive = U: but that proved to be very unreliable and caused the U drive to disappear entirely in some cases. Sorry if this is asking the obvious, but did you make sure that you set logon path (either globally, in smb.conf, or per-user, using pdbedit or a similar tool) when you set logon drive? When we had logon drive but no logon path set, it caused similar problems with the logon drive disappearing entirely. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon drive = Z: causes problems
On 12/7/05, Brian Gewin [EMAIL PROTECTED] wrote: I left logon path to default. This is the config I WAS using: logon script = %U.bat logon path = logon home = \\%L\%U logon drive = U: In most cases it worked OK but with over 1000 users I got too many reports of U drive missing and had to revert back to the old config. Oops, I meant logon home, not logon path; your config looks good to me. No other suggestions, really; I might try replacing %L with %h or a hard-coded server name, in case there's some weird NetBIOS resolution problem going on, but that's really a shot in the dark. Craig White had a suggestion (which didn't seem to make it to the list?) to try first unmapping the drive in case persistent settings are causing problems: net use u: /delete net use u: \\server\homes\%U Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba related Student Project
On 12/2/05, Hisain Elshaafi [EMAIL PROTECTED] wrote: I am doing a final year project which is to develop a web-based application that allows accessing a samba PDC through a browser. The application is to allow an administrator to modify computer and user accounts in smbpasswd file and allow access to smb.conf. I am seeking help from you if you know an application like that already exist so that I can benefit from it. Note that I use java servlets to develop this application SWAT (part of the standard Samba distribution) and Webmin let you adminster Samba. Assuming an LDAP (rather than smbpasswd) backend, you can manage accounts through IDEALX's Samba Console (which can also , LAM (LDAP Account Manager), and probably some others I'm not aware of. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Auditing?
I'm trying to enable auditing on one of my shares, to help track down a software bug, but it isn't working. If I use vfs objects = audit, everything is logged to syslog, but no user or computer information is included. If I use vfs objects = extd_audit, opendir calls are logged, but open calls are not. Raising the log level (as the HOWTO suggests) did not help. If I use vfs objects = full_audit using the example config in modules/vfs_full_audit.c, entries are not logged in the listed format; in fact, the output looks very similar to audit's. My Samba logs contain the following error: Unable to open new log file /var/log/samba/log.pctest: Permission denied I'm not sure if this is related or not. Suggestions? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbfs and cifs
I periodically see smbfs questions get asked on this list, and they usually get one of two responses: 1. smbfs is a kernel module; this list is not the appropriate place to be asking smbfs questions. 2. You should be using cifs instead. (Please let me know if either if these is incorrect.) I was surprised to see, however, that the smbmount / mount.smbfs manpage makes no mention of cifs as being the recommended alternative, and it includes the following statement: The current maintainer of smbfs and the userspace tools smbmount, smbu- mount, and smbmnt is Urban Widmark. The SAMBA Mailing list is the pre- ferred place to ask questions regarding these programs. Out-of-date manpage? Could it be updated to hopefully stave off some of the smbfs questions? What's the best place to submit manpage updates like this? Bugzilla, this mailing list, somewhere else? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACL confusion
I'm seeing an oddity regarding ACLs. I have a user who wants others to be able to add stuff to her folder, but she wants to make sure that she has access by default to files added to her folder. The easiest way to do this, I thought, is to set the user's ACL to apply to this folder, subfolder, and files. (Right-click on the folder, choose Properties, click on Security, click Advanced, select the user's ACL, click Edit, and change Apply onto from This folder only to This folder, subfolder, and files.) However, this didn't work; instead of setting default permissions for the named user, it sets the default permissions the file owner (default:user::rwx in Linux terms, CREATOR OWNER in Windows terms). If I then repeat the above steps, it sets the default permissions for the named user in addition to the default perms for the file owner. This works, but it's very nonintuitive, and it's probably not something that the average user would get. Am I'm misunderstanding something, or do I have something misconfigured, or is this possibly a bug in Samba? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs and cifs
On 11/30/05, Eisenhut, Daniel (GE Healthcare) [EMAIL PROTECTED] wrote: What is the appropriate place to ask smbfs/cifs questions? I have a few questions that I'd like to ask... For cifs, the mount.cifs manpage says to use the Linux CIFS Mailing List, which is apparently located at https://lists.samba.org/mailman/listinfo/linux-cifs-client. Like Craig said, I don't think smbfs is maintained any more, so I'm not really sure where to go for an answer. You could probably get an answer here, even if it isn't the appropriate place for such questions,or you could try your distro's mailing list, if it has one. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] locked files that shouldn't be
On 11/30/05, Joe [EMAIL PROTECTED] wrote: The process cannot access the file because another process has locked a portion of the file. smbstatus does not show this file as being open and it is mode 777. It's probably a byte-range lock. Run smbstatus -B; it lists locked files by their device and inode, so you'll need that information for the file you're interested in. (Run ls -li on the file to get its inode number.) Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file mode creation at a directory level
On 11/29/05, Taolizhong [EMAIL PROTECTED] wrote: The above requirements seem simple, however, my problem is, because the share directory is neither under any of the members' home directory nor a seperate partition, and the system umask is set to 022, which is not supposed to be changed, whenever a new file is created, it automatically has permission as -rwxr--r--, not -rwxrwx--- that I desire. I guess my problem is related to how to file mode creation at a directory level. force create mode = 0770 Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba domian and running services on XP ws
On 11/27/05, maxxik [EMAIL PROTECTED] wrote: Ppl advice me how can I force every ws in domain have particular service running ? other words - when any station login to domain(samba based) it get running just services I want ? In a Windows environment, this would be handled with Group Policy. In a Samba environment, you could use a tool like WPKG to run a startup script every time the workstations are booted to start and stop the appropriate services (by invoking Windows' net or sc command). Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password complexity
I'm setting up password complexity requirements on our Samba server, using the check password script option, the provided crackcheck.c program, and the min password length account policy. Everything works; however, the error message that a Windows client gets when a new password fails to pass crackcheck is not terribly helpful: Your password must be at least 8 characters, cannot repeat any of your previous 0 passwords and must be at least 0 days old. Please type a different password. Type a password which meets these requirements in both text boxes. By contrast, the error message that a Windows client gets when trying to set a password that doesn't meet the password policy on a local account is very verbose: The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria: is at least 8 characters; has not been used in the previous 0 passwords; must not have been changed within the past 0 days; does not contain your account or full name; contains at least three of the following four character groups: English uppercase characters (A through Z); English lowercase characters (a through z); Numerals (0 through 9); Non-alphabetic characters (such as !, $, #, %). Type a password which meets these requirements in both text boxes. Is there any way to get the Samba server to give more descriptive your password is too simple messages to the Windows client? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what is the SID of the domain administrator?
On 11/17/05, Beast [EMAIL PROTECTED] wrote: However, to be a 'true' administrator (ie, able to join a pc to domain), you must give them unix uid of 0. This is no longer the case on recent versions of Samba, since support for Windows privileges was added in Samba 3.011. Now, anyone with the SeMachineAccountPrivilege can add PCs to the domain. See http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2 to Samba 3.0 migration - LDAP backend
On 11/15/05, Daniel Bramkamp [EMAIL PROTECTED] wrote: I am having some issues migrating a Samba 2.2 installation to Samba 3.0. I am using the LDAP backend and converted the LDAP database to the new schema using the provided convertSambaAccount script. As far as I can tell that worked fine. The new ldif file has everything in it. Populating the LDAP database with the converted ldif file works ok as well. However, when I try to login to the domain using a windows box the sambaNTpassword and sambaLMpassword attributes are deleted from the directory and I get an error. The same happens when I access Samba via smbclient -U administrator -L IP. Prior to that the attributes do exist. After using smbpasswd to set the password again everything works as expected. Any ideas what is causing this behaviour or if I made a mistake while migrating the database ? It sounds like you might be running into the issue described here: http://marc.theaimsgroup.com/?l=sambam=113207146109418w=2 Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows-style quota / profile size too big warning?
On 11/15/05, Tomasz Chmielewski [EMAIL PROTECTED] wrote: With Windows domain controllers with when the profile size is too big (and there are limits appled), when the user logs out, he/she gets a warning, and a list of files, sorted from the biggest, to the smallest. Is it possible to do something like that with a Samba domain controller? You can do this client-side with Group Policy; no server quota support is needed. (proquota, in the article you linked to, is apparently just a client-side tool, and it looks like it was replaced by Group Policy settings in Win2K and above.) Start - Run - gpedit.msc Go under User Configuration, Administrative Templates, System, User Profiles. Double-click on Limit profile size and reivew the options there. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows-style quota / profile size too big warning?
On 11/15/05, Jeremy Allison [EMAIL PROTECTED] wrote: On Tue, Nov 15, 2005 at 08:44:30PM +0100, Tomasz Chmielewski wrote: hmm don't know. I just saw a similar window here where I work, and searched the internet for something that looks similar. But AFAIK, we don't install any 3rd party tools here, just a pure XP SP2. Hmmm. If it's a group policy option we don't currently support it. It's Group Policy, but it's implemented entirely on the client. I just tested it out against a Samba PDC with no server-side quotas enabled, and it works. Setting each computer's group policy without an Active Directory is harder, but it's still doable. (You could do it manually in gpedit.msc, or try using a tool like Nitrobit, or try setting the registry keys manually or with a script.) Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] oplocks
On 11/9/05, Dennis Barch [EMAIL PROTECTED] wrote: I'm trying to disable oplocks on our system. Is it sufficient to set: oplocks = no level2 oplocks = no or do I need to also set kernel oplocks = no Changing kernel oplocks should be unnecessary; the smb.conf man page makes it sound like kernel oplocks only alters the behavior of oplocks, so if oplocks are off, it will have no effect. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba domain vs linux network security
On 11/9/05, mourik jan c heupink [EMAIL PROTECTED] wrote: Under windows, you have to add a machine to the domain first, and only THEN you are able to connect to your home drive. Unless I'm greatly mistaken, you can connect to network drives from a computer that's not joined to the domain. Suppose I (as a regular user) would install my own linux machine, and created users and groups with the same id's as the ldap users / groups. My understanding now is, that I would be able to read other people's data. (I would simply have to find out each users uid, and that would allow me to pretend to be that user, and read his/her data) Correct. However, this is a problem with NFS security in particular, not Linux network security in general. NFS has been known for a long time to be not very secure, for precisely the reasons you give. You have several options. First, there are steps that you can take to improve NFS security somewhat, such as restricting it to particular IP addresses (although IP addresses can be spoofed). Second, you can use NFSv4, which supports proper authentication. Third, you can use an alternative means of sharing drives to Linux. I've actually been using SMB to access my Linux server's drives from my Linux client, to avoid setting up a separate file-sharing service. Several other options exist - including SSHFS (for more of a quick-and-dirty approach), AFS, and Coda, but I don't have experience with any of them. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] setting file permissions
On 11/3/05, Gary MacKay [EMAIL PROTECTED] wrote: I have a very upset client and I can not find an answer. How do I set the read-only flag using the Windows Explorer? The simplest fix is to add store dos attributes = yes to your smb.conf file. You'll need to mount your server's drives with the user_xattr option, if they aren't mounted as such automatically. If you don't use store dos attributes, then Samba 3.0.20 sets the read-only flag based on whether or not the user has read permissions. So editing ACLs or changing the owner or group would probably be the only way to set read-only. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Avoiding the desktop.ini notepad popup on startup, and
On 11/1/05, Eric A. Hall [EMAIL PROTECTED] wrote: On 11/1/2005 1:23 PM, Tomasz Chmielewski wrote: and how do you do it? check the hide files option mine is hide files = /RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/ You can also use the map hidden or store dos attributes options to let individual files be marked as hidden. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + LDAP + TLS
On 10/24/05, Jukka Hienola [EMAIL PROTECTED] wrote: My question is, how changing passdb backend from ldap.server,name to 127.0.0.1 can have this effect, since the server name should have been resolvable with /etc/hosts file? Does it has something to do with my certificate files, which are generated using ldap.server.name? However, I was able to login with TLS and Apache, so I don't think that's the case. Some LDAP clients are more or less forgiving of certificate name mismatches. OpenLDAP 2.0.27 will work if the name mismatches; OpenLDAP 2.2.23 won't; IIRC, pam_ldap won't, even if linked against OpenLDAP 2.0.27 libraries. So that may explain why some software works and some doesn't. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [Possible BUG] Samba v3.0.20b and permissions POSIX/Samba
On 10/20/05, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: If you are using 'store dos attributes = yes' but have not specifically set any attributes on that file, then the alternatives I mentioned still apply. What do you have to do to specifically set attributes on the file? Do you have to do this yourself, or will the OS do it for you under certain circumstances? We have some files that need to never be read-only. We've been using fake_perms to work around this, but store dos attributes sounds like a better solution, if it will work. (Or I suppose I could just wait for 3.0.21.) Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions with samba shares
On 10/19/05, Jack Malone [EMAIL PROTECTED] wrote: I am wondering if there is a way I can setup permission on directories in the directory that I have setup for samba shares so that no one can move or delete them. The problem I am having of late is that someone from within windows will move the directories around Denying write permission to the parent directory should prevent someone from deleting or moving child directories. If that won't work, you might instead try using the audit or extd_audit vfs module to log directory moves and deletions. Then you could at least get after the responsible party. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory to OpenLDAP+Kerberos on Linux
Akshay Guleria wrote: You can setup Samba3 to honour an MIT kerberos realm (getting the clients to function is a different matter, but possible). You can also have Heimdal backed onto Samba3's LDAP database, which you can populate with the vampire tools. And yes,, the goal of Samba4 is to host an AD-like domain, using the AD protocols. so, as i understand this, one can setup samba+MIT kerberos to achieve authentication and file print services just like AD does. Right!? No, although Samba can interact with Kerberos, it can't actually control an AD domain. That's what Samba 4 is for. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
