Re: [Samba] Windows XP slow access to network places shortcut?
Clint Sharp wrote: Your fileserver already has wins support = yes, which means it's acting as a WINS server. Remove all the remote browse announce stuff from all your configs, set all your clients to use your fileserver as your WINS server, and see what happens to your performance. Let me know if it doesn't improve after doing that. This problem can be cured by setting the appropriate registry settings on the XP workstation to not try to use packet signing when talking to the Samba server. Search the list archives for that term, you should find the appropriate entries. If you have a W2K3 domain controller you can also do it via Group Policy there. The root cause appears to be that when XP is making a connection to the server it's trying to use packet signing even though Samba doesn't support what it wants, and it takes some time for the connection to fall back. When you browse via Network Places, the connection has to be made each time you click on a directory, rather than only once when you use a mapped drive. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Preserving ACL during NT-Samba file transfer
Emmanuel Lesouef wrote: I would like to know if someone knows how to transfer files between an existing WinNT4 PDC to a samba 3.0.2 on XFS Acl-enabled partition without losing the existing ACLs ? I believe the robocopy tool included in recent Windows 2K/2K3 resource kits can do this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2.6.1 kernel and acl support for samba3
Lancsr Roland wrote: where I can set acl support in the menuconfig? make O=/home/name/build/kernel menuconfig In the filesystems menu, under the filesystems you intend to use. If you are using ext3, I believe there's no option, ACLs are always supported. If you are using XFS, it's a submenu under the XFS menu item to turn on ACL support. I don't believe ACLs are supported on any other Linux filesystems at the present time. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Weird problem with ADS support - Samba 3.0.1 - win2k3
Ron Gage wrote: Ok, this one has me stumped... I am implementing 3.0.1 on a new machine - Slackware 9 based. Stop right there :-) I suspect if you open Windows Explorer on your W2K3 machine and put the IP address of your Samba host in, it will open right up. If so, this is a problem that is fixed in the pending 3.0.2 release, so you should try upgrading (even though it has not been officially released yet). If you can't do that, you'll have to back to 3.0.0, but that has other problems to deal with. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows 2003 Server ADS
Christian Arguello wrote: What do i have to do to make samba 3.0.1 work with windows 2003 server with ADS ?? Read the Samba-3 HOWTO, it explains everything required to make this work. There are a lot of steps, too many to repeat here. And you will experience fewer problems if you use 3.0.2rc1 (or whatever version is current now), there were ADS compatibility problems present in 3.0.1. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.0 - 3.0.1 upgrade causes Failed to verify
John H Terpstra wrote: I strongly suggest you use current CVS 3.0.2pre code. There are quite a few bug fixes and 3.0.1 has one that ited quite a few that feed it. :) Sorry, no luck. Downloaded CVS code about 30 minutes ago (SAMBA_3_0 branch), configured, installed, restarted daemons. Currently logged-in workstations generate Failed to verify incoming ticket! in samba logs; switching back 3.0.0 everything works fine. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.0 - 3.0.1 upgrade causes Failed to verify
Gerald (Jerry) Carter wrote: Sounds like ~ https://bugzilla.samba.org/show_bug.cgi?id=912 I don't think so... that bug shows an incorrect test in configure.in, which is already fixed in my copy of configure.in (someone already checked in a fix to CVS apparently). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.0 - 3.0.1 upgrade causes Failed to verify
Kevin P. Fleming wrote: Gerald (Jerry) Carter wrote: Sounds like ~ https://bugzilla.samba.org/show_bug.cgi?id=912 I don't think so... that bug shows an incorrect test in configure.in, which is already fixed in my copy of configure.in (someone already checked in a fix to CVS apparently). Oops, my bad, I was looking at the 3.0.0 source. I've manually reverted the HAVE_MEMORY_KEYTAB change that occurred between 3.0.0 and 3.0.1 and I'll retest 3.0.2pre1. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.0 - 3.0.1 upgrade causes Failed to verify incoming ticket!
OK, I spent a bunch of time reviewing the mailing list from the last month, and I see where this was discussed quite a bit, but there was no conclusive resolution found (that I could find anyway). I have a simple network: one machine running W2K3 Standard Edition, with AD active and in W2K compatibility mode, one machine running Linux with Samba 3.0.0/3.0.1, a number of W2K and WXP Pro workstations. Samba is compiled against MIT Kerberos 1.3.1. There is no /etc/krb5.conf file at all (intentionally). I had no trouble using kinit to get a krb5 ticket from the KDC, nor did I have any trouble with net ads join. The Samba server shows up in Active Directory, reporting itself properly. There is no WINS server at all (only DNS is used for host name resolution). client use spnego and use spnego are both set to yes. klist -e shows the ticket obtained by kinit as skey DES-CBC-CRC and tkt RC4-HMAC-MD5. winbindd is running and libnss_winbind.so is in place and working properly; getent shows the AD users and groups with no problems. Time is synchronized between the machines (the Linux box is running ntpd, and the W2K3 box is using it as a time source). With Samba 3.0.0 everything is cool and I can access the shares, security works properly, etc. Upgrading to 3.0.1 (compiled using the identical configure command) causes the workstations (and the AD DC) to no longer be able to connect to Samba shares; any attempt results in a username/password dialog box popping up, and no entry in that box will work. The workstations can connect to the Samba server by using the IP address, though, just not using browsing or the server name directly. Looking at the Samba logs, Failed to verify incoming ticket! appears each time a workstation attempts to connect to a share when 3.0.1 is running. I have another problem to report against Samba, and I suspect it may have been fixed already in 3.0.1, but I can't use 3.0.1 without a resolution to this problem. Anyone have a suggestion? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Group permissions with Samba
anth jaz wrote: We have 4 directories. Call them directory a, b, c, and d. We also have 4 groups. Lets call them admin, user, exec, db. We would want amdin group full control over all directories. Next we want group user to have read only rights to a b. No rights to c d. Group exec needs read only rights to c d but read write/modify priviledges to a b. And the db group needs write/modify priviledges to all directories but not full control. All of this can be accomplished using Samba-3 with POSIX ACL support and both a Linux kernel/filesystem that support POSIX ACLS (right now that appears to be only ext3 and XFS). If you set up Samba that way, the security permissions can be managed from a Windows client just as if it was a Windows server and the user really can't tell much difference. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 and Windows Files
Laurent Thiers wrote: Hello, I would like to propose a Linux/Samba Filer for people operating a Windows PDC + a bunch of W2K and Linux clients so far. OK. Request is create a new NAS storage pool under Linux/Samba 3.0 and to be able to keep existing NTFS file security settings (per user). OK. That means that people would progressively move their data to the Linux / Samba NAS, these data would be migrated to tape, but we need to maintain the current NTFS settings of the files. You mean the people would move their own files to the NAS? Linux / Samba NAS would use existing Active Directory data for user registration. OK. Is this possible with Samba ? How to format the NAS to do so ? (EXT3 XFS would wipe out current NTFS file settings ?) I just set up a server using XFS, libattr and libacl support and Samba configured to use all of that. With Samba joined to ADS, and using winbindd on the Samba server to get users and groups from ADS, the use of the Samba server is pretty much invisible to the users (other than it's faster and more stable than their old server :-), and it fully supports NTFS security and other attributes. If you want to copy the data in bulk over to the Samba server, check out the robocopy tool that is included in the Windows 2000/2003 Resource Kit. It knows how to copy files and also copy over the NTFS security settings. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: TR : RE : [Samba] winbind and getent - fix ...
gary ng wrote: However, to echo you, I see the same problem and I have tried everything (symbolink link, moving the file from /lib to /usr/lib and back etc.) but a simple 'getent passwd' command just don't give me the samba users and adding a new user with the same name in the samba name space does bark. So libnss_winbind is not completely ignored, just under some situation. I may need to browse the code to have some clue. You may have already known this, but when I set this up I found that it was absolutely mandatory that the name of the libnss_winbind module be (exactly): libnss_winbind.so.2 In my case, I have a symbolic link in /lib with this name pointing to where I have Samba installed (which is under /opt). After running ldconfig with this link in place, everything began working properly. Without the .2 suffix on the link name (or on the library name), libnss_winbind never got called no matter what I did. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba/Windows file synchronizer (like rsync)?
I have a need to (nightly) synchronize the contents of some shares between a Samba server and a Windows 2000 server. Ideally, the utility that does this would support all the Windows/CIFS file information, like ACLs, attributes, etc. We have about 100G to synchronize, but obviously once it's done the first time the daily changes won't be anywhere near that large... I've thought of doing this using smbclient on the Samba machine itself, with both shares mounted at once, but still not sure there's a Linux tool that will preserve all the relevant file information. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3.0.0rc4/ADS experience (with how-to change suggestion)
I'm nearly finished setting up a new Samba server in a Win2000 ADS domain. So far, things have been going quite well, the combination of Samba 3.0.0rc4 (with winbindd), krb5 1.3.1, CUPS 1.1.19, etc. has performed admirably and was easy to configure. I have only three issues to mention: - the HOWTO collection, in the section talking about joining an ADS domain as a member server, does not mention using the net ads join command, rather it uses net join. This really should be fixed, net ads join produces a much better result. - in the same HOWTO, there is mention of creating a krb5.conf file to tell the krb5 libraries where the KDC for the ADS domain is. With MIT krb5, this is completely unnecessary, and actually detrimental. All ADS domains will automatically create SRV records in the DNS zone _kerberos.REALM.NAME for each KDC in the realm. MIT's krb5 libraries default to checking for these records, so they will automatically find the KDCs. In addition, krb5.conf only allows specifying a _single_ KDC, even there if there is more than one. Using the DNS lookup allows the krb5 libraries to use whichever KDCs are available. I can't speak to the Heimdal implementation as I've never seen it, but I'd suggest modifying the HOWTO to suggest that the krb5.conf file is strictly optional for users using the MIT krb5 libraries. - when setting up some printers, and using driver upload from a Windows 2000 machine (which all worked as expected), I ended up with some smbd processes consuming lots and lots of CPU time but not accomplishing anything. I haven't been able to reliably reproduce the problem, so I guess this report is not very useful... Otherwise, kudos on a wonderful package. I've been an ardent Samba supporter and user for years now, but this was my first experience with Samba-3 and ADS. Well done! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
