Re: [Samba] /var/lock/samba filling up /run/lock
Thanks Achim, especially for pointing out where we can set the size of /run/lock and have it stick after a reboot. We hadn't gotten that far yet, but we did expand the size of /run/lock on Friday by hand and do some testing. We ended up chasing an unrelated wild goose, but realized this morning that simply expanding /run/lock does look like a viable workaround. Also, in exploring the problem, we're seeing about 300KB being chewed up in /run/lock with every new user that logs in. To be clear, this only seems to happen the first time a user logs in. I'm not sure if that is a symptom of a problem, or just normal operation. We've also noticed that a version of Samba 4 built from source taken from the Git repository puts its lock files under /usr/local/samba, completely avoiding the problem. Since the Sernet packages use /run/lock, I imagine this will be a problem for anyone with more than about a dozen users. They might want to point Samba somewhere else to store its locks. Mark A. Fox, M.Sc. Director of Technology East Central Alberta Catholic Schools Cell: 403-740-6101 Office: 780-842-3992 On Fri, Aug 16, 2013 at 6:28 PM, Achim Gottinger ac...@ag-web.biz wrote: Am 16.08.2013 17:49, schrieb Mark Fox: A couple of days ago, we noticed the following message appearing in syslog: Aug 14 15:09:35 zadok smbd[16067]: tdb(/var/lock/samba/locking.**tdb): expand_file write of 8192 bytes failed (No space left on device) Had this issue on my debian setup. /run/lock is a tmpfs volume. It's size is defined in /etc/defaults/tmpfs on debian. I increased it from 5 to 50Mib (LOCK_SIZE=52428800) and had no isses since. achim+ Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Redirected folders and mental health
Just following up myself. Quick summary: Roaming profiles and redirection were breaking down for us on certain users. We think it could have been that all GPOs were misbehaving, but aren't quite sure. The symptoms were that the profile and redirected folders were created on the Samba4 server, exactly as they should be, but that the user couldn't see them from the workstation. In trying to determine which users were the issue, we noticed that any account created on two of our three test workstations exhibited the problem. The problem machines had our regular suite of software installed and many tweaks applied. The machine that worked was a nearly virgin Windows 7 install. On identical hardware to the problem machines, we installed Windows 7 from scratch and confirmed that the problem didn't manifest. So something about our standard software suite and configuration is causing the problem. If we happen to figure it out, I'll share our findings here. However, we're under some time pressure and don't have time to focus on finding the problem. (Instead, we just have to focus on building workstation images that work.) At this point, I have no reason to believe that this is a Samba problem. Mark A. Fox, M.Sc. Director of Technology East Central Alberta Catholic Schools Cell: 403-740-6101 Office: 780-842-3992 On Wed, Aug 14, 2013 at 4:15 PM, Mark Fox mark@ecacs16.ab.ca wrote: We are very close to being comfortable enough with Samba4 to begin moving it into production. We've got a PDC and AD running, machines can join the domain, authentication works, but we're having some fun with profiles. We're running 4.0.5 via the Sernet PPA on Ubuntu 12.04LTS. Workstations are Windows7. We require roaming profiles with redirection of the obvious sub-folders. We've deployed GPOs to do just this and it works...except when it doesn't. The symptoms are that everything just works for some users, roaming profiles work nicely along with redirection, but for others the user sees an empty profile from their Windows workstation. From the server, the redirected folders appear on the server on log in and the profile is created on logout as one would expect. But when it doesn't work on the workstation, if the user clicks on the start button, then on their username, they see an empty folder. When it works, they see the usual Desktop, My Documents, Downloads, and associated folders, all with the available symbol in the folder's icon. Users that work seem to consistently work. Users that don't consistently don't. Or so it seems. We are just now beginning to think the problem is with certain machines and are reinstalling Windows 7 on a couple of machines from scratch to test this. The one thing that worries me about our setup is that we have a Samba3 PDC on the same VLAN/subnet as the new Samba4 PDC. But this VLAN/subnet is separate from the workstations. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] /var/lock/samba filling up /run/lock
A couple of days ago, we noticed the following message appearing in syslog: Aug 14 15:09:35 zadok smbd[16067]: tdb(/var/lock/samba/locking.tdb): expand_file write of 8192 bytes failed (No space left on device) Similar messages would show up for several of the files under /var/lock/samba. Running df showed that /run/lock was full. Not having ever paid any attention to /run/lock before, I thought that this was normal, but RiXtEr clued me in on #samba. There was a difference in the reported size of the lock files in /var/lock/samba depending on whether we used 'ls -l' or 'du -s'. Two files were about 4GB in size as reported by 'ls' and well under 5MB (the size of /run/lock) as reported by 'du'. The big files were locking.tdb and smbXsrv_open_global.tdb, Restarted Samba brought those files down to...very small. But we've noticed that they grow quite quickly, seemingly whenever a new user logs in (but we're really nt sure of that). Right now, /run/lock is sitting at 54% (2.7MB). This is just in a testing environment, with four workstations and twenty test users. Some of the production environments that we are aiming to roll out real soon would have more than 100 workstations and several hundred users. The Samba4 server is running Ubuntu 12.04LTS and the Sernet packages from the PPA. Our configuration is quite simple, just a Samba4 PDC/AD with a share for redirected user folders using the built-in LDAP and DNS. We will have two more test environments up and running shortly and could use them to test, compare, and contrast. Any suggestions for what to try are welcome. If we see that one of the test environments doesn't exhibit these symptoms, we'll try to home in on the difference. Should this be posted to samba-technical? Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Options for paid Samba (4) support
Hi, After years of Samba 3 working great, we are trying to move a testing Samba 4 AD system into production and have been making progress, but keep hitting show stoppers. (For example, roaming profiles with redirected folders usually work for most users. However, some users consistently can't see their profile on some machines, despite the profile and redirected folders looking fine on the server.) It occurred to me that after setting up a Samba 4 environment so many times, we can now do it in minutes. I'm sure if the right person were looking over our shoulder, they would spot our mistake. But a little Googling hasn't turned up any options to buy that person's time. The link to the support website (http://www.samba.org/samba/support.html) in the Samba Guide is broken. Surely, there must be some options to buy support. I must be looking in the wrong place. I'd love to throw some money at the Samba community, and am in a position to do so, but can't just donate... For that matter, I can't find a place where I could donate either. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Redirected folders and mental health
We are very close to being comfortable enough with Samba4 to begin moving it into production. We've got a PDC and AD running, machines can join the domain, authentication works, but we're having some fun with profiles. We're running 4.0.5 via the Sernet PPA on Ubuntu 12.04LTS. Workstations are Windows7. We require roaming profiles with redirection of the obvious sub-folders. We've deployed GPOs to do just this and it works...except when it doesn't. The symptoms are that everything just works for some users, roaming profiles work nicely along with redirection, but for others the user sees an empty profile from their Windows workstation. From the server, the redirected folders appear on the server on log in and the profile is created on logout as one would expect. But when it doesn't work on the workstation, if the user clicks on the start button, then on their username, they see an empty folder. When it works, they see the usual Desktop, My Documents, Downloads, and associated folders, all with the available symbol in the folder's icon. Users that work seem to consistently work. Users that don't consistently don't. Or so it seems. We are just now beginning to think the problem is with certain machines and are reinstalling Windows 7 on a couple of machines from scratch to test this. The one thing that worries me about our setup is that we have a Samba3 PDC on the same VLAN/subnet as the new Samba4 PDC. But this VLAN/subnet is separate from the workstations. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Removing password complexity requirements under Samba4
We had problems removing password complexity, and I noticed a lot of confusion on the list about exactly this topic. So I thought I would post our success. We're talking about a Samba4 PDC/AD here. Once we got Samba installed and provisioned, we used samba-tool from the command-line on the Samba box to change the domain password settings: sudo samba-tool domain passwordsettings set --complexity=off sudo samba-tool domain passwordsettings set --history-length=0 sudo samba-tool domain passwordsettings set --min-pwd-age=0 sudo samba-tool domain passwordsettings set --max-pwd-age=0 Restarted Samba, did a gpupdate /force on the workstation, and it worked. No need to set up a GPO (although that would sometimes be preferable). We tried the samba-tool method initially, as well as a GPO, and were baffled when neither worked. I think we had our minumum password age at the default value (1 day) and were trying to reset the password the same day we created the accounts. In any case, we're able to change passwords with reckless abandon in our test environment at the moment. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win8 account sees its home share, but does not have permissions to access
[root@v64-sw-dev003-mark /]# ls -alhZ /home | grep mark drwx--. mark mark unconfined_u:object_r:user_home_dir_t:s0 mark On Wed, Jul 3, 2013 at 6:26 AM, Ricky Nance ricky.na...@gmail.com wrote: So what is the output of `ls -alhZ /home | grep mark` ? Ricky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win8 account sees its home share, but does not have permissions to access
how do I check this? On Wed, Jul 3, 2013 at 7:18 AM, Dale Schroeder d...@briannassaladdressing.com wrote: This being a Red Hat derivative, is selinux configured to allow this? On 07/02/2013 2:54 PM, Mark Galeck wrote: Fedora release 17 (Beefy Miracle) On Tue, Jul 2, 2013 at 12:16 PM, Ricky Nance ricky.na...@gmail.com wrote: Mark, which distro are you running? On Tue, Jul 2, 2013 at 2:00 PM, Mark Galeck m...@xpliant.com wrote: Can you log into the linux machine with the user mark and write files to /home/mark without issue? Certainly. I don't know Samba, but I do know Unix/Linux and as far as I can tell, everything on Linux is working fine, as well as on the Windows 8 side. What is the output of smbclient //localhost/homes -Umark -d5 (then at a smb:\ do ls) ?? Command not found - I can't execute this on Linux. I use /bin/systemctl status smb.service to get status On Tue, Jul 2, 2013 at 11:52 AM, Ricky Nance ricky.na...@gmail.com wrote: Can you log into the linux machine with the user mark and write files to /home/mark without issue? What is the output of smbclient //localhost/homes -Umark -d5 (then at a smb:\ do ls). Just a couple of things I would look at\try. Ricky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win8 account sees its home share, but does not have permissions to access
Dale, thank you for your help! However... I had already checked all the things you are asking. Permissions are good, I tried without this parameter, and there is not any error indication in the logs. Still the same problem. On Mon, Jul 1, 2013 at 9:11 AM, Dale Schroeder d...@briannassaladdressing.com wrote: Mark, First verify that the posix permissions are good for your home directory: ls -lA /home/mark If those are good, then I would try removing the hosts allow parameter in [global]. If that doesn't work, checking the Samba logs is always a good idea. Dale On 06/28/2013 6:03 PM, Mark Galeck wrote: Hello, I am a beginner to Samba and I RTFMd carefully but cannot get started. I want to access my user account mark home directory on Linux, with the same account name on Windows 8. The user mark has the same password on Linux and Windows 8. In addition I did this on Linux smbpasswd -a mark and gave the same password. Following the manuals on samba website I edited the samba configuration smb.conf file so: [global] hosts allow = ALL client signing = no # log files split per-machine: log file = /var/log/samba/log.%m # maximum size of 50KB per log file, then rotate: max log size = 50 security = user [homes] valid users = %S read only = No and successfully started the samba service. I can then see mark share on that Linux machine from Windows, I can map it to a drive letter in Windows Explorer, and I also see this: [root@v64-sw-dev003-mark /]# smbstatus Samba version 3.6.12-1.fc17 PID Username Group Machine --**--**--- 14678 mark mark mark-pc (192.168.221.76) Service pid machine Connected at --**- mark 14678 mark-pc Fri Jun 28 15:56:39 2013 No locked files This all looks very good to me, as Samba server sees my client with the correct username, Windows machine name and IP address. YET, when I actually try to double-click on the share in the Windows Explorer, I get an error dialog: Windows cannot access \\192.168.221.32\mark You do not have permission to access \\192.168.221.32\mark\. Contact your network administrator to request access. 192.168.221.32 is the Linux machine address. Please, what am I doing wrong?? Thank you, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win8 account sees its home share, but does not have permissions to access
Can you log into the linux machine with the user mark and write files to /home/mark without issue? Certainly. I don't know Samba, but I do know Unix/Linux and as far as I can tell, everything on Linux is working fine, as well as on the Windows 8 side. What is the output of smbclient //localhost/homes -Umark -d5 (then at a smb:\ do ls) ?? Command not found - I can't execute this on Linux. I use /bin/systemctl status smb.service to get status On Tue, Jul 2, 2013 at 11:52 AM, Ricky Nance ricky.na...@gmail.com wrote: Can you log into the linux machine with the user mark and write files to /home/mark without issue? What is the output of smbclient //localhost/homes -Umark -d5 (then at a smb:\ do ls). Just a couple of things I would look at\try. Ricky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win8 account sees its home share, but does not have permissions to access
Fedora release 17 (Beefy Miracle) On Tue, Jul 2, 2013 at 12:16 PM, Ricky Nance ricky.na...@gmail.com wrote: Mark, which distro are you running? On Tue, Jul 2, 2013 at 2:00 PM, Mark Galeck m...@xpliant.com wrote: Can you log into the linux machine with the user mark and write files to /home/mark without issue? Certainly. I don't know Samba, but I do know Unix/Linux and as far as I can tell, everything on Linux is working fine, as well as on the Windows 8 side. What is the output of smbclient //localhost/homes -Umark -d5 (then at a smb:\ do ls) ?? Command not found - I can't execute this on Linux. I use /bin/systemctl status smb.service to get status On Tue, Jul 2, 2013 at 11:52 AM, Ricky Nance ricky.na...@gmail.comwrote: Can you log into the linux machine with the user mark and write files to /home/mark without issue? What is the output of smbclient //localhost/homes -Umark -d5 (then at a smb:\ do ls). Just a couple of things I would look at\try. Ricky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win8 account sees its home share, but does not have permissions to access
Also, does it work from windows 8 if you do a start - run - \\ 192.168.221.32\homes instead of \\192.168.221.32\mark ? No. Same error. The output from smbclient which I now installed, that you requested, is below. Thank you very much Ricky. [root@v64-sw-dev003-mark /]# smbclient //localhost/homes -Umark -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] doing parameter client signing = no doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter security = user pm_process() returned Yes Substituting charset 'UTF-8' for LOCALE added interface eth0 ip=fe80::5054:ff:fe2c:3d38%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth0 ip=192.168.221.32 bcast=192.168.221.255 netmask=255.255.254.0 Netbios name list:- my_netbios_names[0]=V64-SW-DEV003-MARK Client started (version 3.6.12-1.fc17). Enter mark's password: Opening cache file at /var/lib/samba/gencache.tdb Opening cache file at /var/lib/samba/gencache_notrans.tdb sitename_fetch: No stored sitename for no entry for localhost#20 found. resolve_lmhosts: Attempting lmhosts lookup for name localhost0x20 resolve_lmhosts: Attempting lmhosts lookup for name localhost0x20 getlmhostsent: lmhost entry: 127.0.0.1 localhost namecache_store: storing 1 address for localhost#20: 127.0.0.1 Connecting to 127.0.0.1 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 663750 SO_RCVBUF = 262006 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 session request ok Substituting charset 'UTF-8' for LOCALE Doing spnego session setup (blob length=58) got OID=1.3.6.1.4.1.311.2.2.10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x608a8215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.12-1.fc17] session setup ok tconx ok smb: \ do ls do: command not found smb: \ ls NT_STATUS_ACCESS_DENIED listing \* smb: \ On Tue, Jul 2, 2013 at 2:08 PM, Ricky Nance ricky.na...@gmail.com wrote: Try yum install samba-client as root, then see if that command will work. If smbclient works then, it would probably be best to see if we can get a packet capture of when you try to access the share from the windows 8 machine (btw, which version of windows 8 are you running?). Also, does it work from windows 8 if you do a start - run - \\192.168.221.32\homes instead of \\192.168.221.32\mark ? Ricky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Win8 account sees its home share, but does not have permissions to access
Hello, I am a beginner to Samba and I RTFMd carefully but cannot get started. I want to access my user account mark home directory on Linux, with the same account name on Windows 8. The user mark has the same password on Linux and Windows 8. In addition I did this on Linux smbpasswd -a mark and gave the same password. Following the manuals on samba website I edited the samba configuration smb.conf file so: [global] hosts allow = ALL client signing = no # log files split per-machine: log file = /var/log/samba/log.%m # maximum size of 50KB per log file, then rotate: max log size = 50 security = user [homes] valid users = %S read only = No and successfully started the samba service. I can then see mark share on that Linux machine from Windows, I can map it to a drive letter in Windows Explorer, and I also see this: [root@v64-sw-dev003-mark /]# smbstatus Samba version 3.6.12-1.fc17 PID Username Group Machine --- 14678 mark mark mark-pc (192.168.221.76) Service pid machine Connected at --- mark 14678 mark-pc Fri Jun 28 15:56:39 2013 No locked files This all looks very good to me, as Samba server sees my client with the correct username, Windows machine name and IP address. YET, when I actually try to double-click on the share in the Windows Explorer, I get an error dialog: Windows cannot access \\192.168.221.32\mark You do not have permission to access \\192.168.221.32\mark\. Contact your network administrator to request access. 192.168.221.32 is the Linux machine address. Please, what am I doing wrong?? Thank you, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + cups - it is working for someone?
On 06/08/2013 10:45 AM, Adam Sienkiewicz wrote: Hi I'm tryyng to add printing to my AD domain based on samba4. My config now looks like [global] workgroup = SZYB realm = SZYB.LOCAL netbios name = DEB7SMB4AD server role = active directory domain controller server string = Samba4_AD_server server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate log level = 1 log file = /usr/local/samba/var/%U_%I.log [netlogon] path = /usr/local/samba/var/locks/sysvol/szyb.local/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [home2] path=/home/samba comment=homes read only = No [printers] comment = All Printers path = /usr/local/samba/var/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print read only = No [pdfprinter] path = /var/spool/samba/ browseable = yes printable = yes printer name = PDF [profiles] path = /usr/local/samba/var/profiles read only = no but after run testparm -v commad I always get printing = bsd I tryed to add into my config line printing = cups but after this change I got in samba log: Unknown enumerated value 'cups' for 'printing' I tried to recompile samba4 with otion --enable-cups but it didn't help. in cups log there is no lines about printing jobs from samba side but it is possible to print with cups. It means that now there is no possibility to run samba with cups ? Is anybody run similar configuration to my ? for clarification - I used newest version of samba via git, compiled it on debian 7 wheeze I had quite a time getting my printer to share. This is what I have in my config file that relates to my printer. I hope this helps you. [global] load printers = Yes printing = cups printcap name = cups show add printer wizard = Yes disable spoolss = No max print jobs = 100 lpq cache time = 20 use client driver = yes max reported print jobs = 1000 [printers] comment = All Network Printers printable = yes path = /var/spool/samba browseable = No guest ok = yes public = yes read only = yes writable = no create mode = 0777 lpq command = /usr/bin/lpq -P '%p' lprm command = /usr/bin/lprm -P '%p' %j lppause command = /usr/sbin/lpc hold '%p' %j lpresume command = /usr/sbin/lpc release '%p' %j queueresume command = /usr/sbin/lpc start '%p' queuepause command = /usr/sbin/lpc stop '%p' -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desperate plea for help with printer share (SOLVED)
-Oorspronkelijk bericht- Van: Mark LaPierre [mailto:marklap...@aol.com] Verzonden: donderdag 4 april 2013 3:07 Aan: L.P.H. van Belle CC: samba@lists.samba.org; Mark LaPierre Onderwerp: Re: [Samba] Desperate plea for help with printer share On 04/03/2013 02:56 AM, L.P.H. van Belle wrote: -Oorspronkelijk bericht- Van: marklap...@aol.com [mailto:samba-boun...@lists.samba.org] Namens Mark LaPierre Verzonden: woensdag 3 april 2013 4:46 Aan: David Kuntadi; Mail List Samba Onderwerp: Re: [Samba] Desperate plea for help with printer share On 04/02/2013 09:38 PM, David Kuntadi wrote: On Sun, Mar 31, 2013 at 7:38 AM, Mark LaPierre marklap...@aol.com mailto:marklap...@aol.com wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. If only to share to one computer, how about trying to use IPP printing instead? http://hostname:631/printers/printername So far for me it is the easiest way to share printer to windows. DK Hey Dave, Thank you for the interesting proposal. If all I had share to the Windows machine was the printer I would consider doing that but as have to share some files too then Samba is probably my best solution. I've received some help on my issue from others on this thread. The Windows machine can now send print jobs to the shared printer but is still unable to status the print queue. I'm getting closer. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hai, But what do you want? how is it to be used. and what os are you running? Do you want to use windows drivers or the linux drivers? some checks, post them back. the output of. net -S PDC -U root%PASSWORD rpc rights list DOMAINNAME\Administrator ( of root if you dont have administrator ) you should see at least SePrintOperatorPrivilege read http://lists.samba.org/archive/samba/2005-December/114817.html Point 6 and the part just above point 6. and, whats the output of lpstat -a this is 1 the my /etc/printcap entries. HP040|Hostname|Description Printer HP 040:\ :lp=192.168.249.40%9100:\ :rp=Hostname:\ :sd=/var/spool/lpd/040:\ :sh: make sure the hostname resolves, else use ip. set this up with the cups wizard, for the windows spooler choose RAW queue. and the last thing, is in /etc/cups/cupsd.conf this part, ( the Allow from all part is what you need. ) Location /printers AuthType None Order Deny,Allow Deny From None Allow From All /Location Gr. Lois But what do you want? I want to be able to print jobs from my wife's Win XP machine, and manage those print jobs from the print manager on Win XP machine. Right now I can print jobs from the Win XP machine but can not read the status of jobs in the Win XP print queue. and what os are you running? [mlapier@mushroom ~]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom ~]$ Do you want to use windows drivers or the linux drivers? The Win XP machine has it's own driver installed. [mlapier@mushroom ~]$ lpstat -a HP-Color-LaserJet-cp2025dn accepting requests since Tue 26 Mar 2013 06:06:44 PM EDT HP_Color_LaserJet_CP2025dn accepting requests since Tue 12 Mar 2013 06:19:36 PM EDT Samsung-ML-1740 accepting requests since Wed 03 Apr 2013 05:58:33 AM EDT WorkForce-1100 accepting requests since Sat 01 Dec 2012 12:07:03 PM EST [mlapier@mushroom ~]$ [mlapier@mushroom ~]$ cat /etc/printcap # This file was automatically generated by cupsd(8) from the # /etc/cups/printers.conf file. All changes to this file # will be lost. Samsung-ML-1740|Samsung ML-1740:rm=mushroom.patch:rp=Samsung-ML-1740: HP-Color-LaserJet-cp2025dn|HP Color LaserJet cp2025dn:rm=mushroom.patch:rp=HP-Color-LaserJet-cp2025dn: HP_Color_LaserJet_CP2025dn|Color Laser Printer:rm=mushroom.patch:rp=HP_Color_LaserJet_CP2025dn: WorkForce-1100|EPSON WorkForce 1100:rm=mushroom.patch:rp=WorkForce-1100: [mlapier@mushroom ~]$ [nllapie@mushroom ~]$ net rpc rights list Enter nllapie's password: SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares SeSecurityPrivilege System security [nllapie@mushroom ~]$ In /etc/cups/cupsd.conf I have three Location
Re: [Samba] Desperate plea for help with printer share
On 04/03/2013 02:56 AM, L.P.H. van Belle wrote: -Oorspronkelijk bericht- Van: marklap...@aol.com [mailto:samba-boun...@lists.samba.org] Namens Mark LaPierre Verzonden: woensdag 3 april 2013 4:46 Aan: David Kuntadi; Mail List Samba Onderwerp: Re: [Samba] Desperate plea for help with printer share On 04/02/2013 09:38 PM, David Kuntadi wrote: On Sun, Mar 31, 2013 at 7:38 AM, Mark LaPierre marklap...@aol.com mailto:marklap...@aol.com wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. If only to share to one computer, how about trying to use IPP printing instead? http://hostname:631/printers/printername So far for me it is the easiest way to share printer to windows. DK Hey Dave, Thank you for the interesting proposal. If all I had share to the Windows machine was the printer I would consider doing that but as have to share some files too then Samba is probably my best solution. I've received some help on my issue from others on this thread. The Windows machine can now send print jobs to the shared printer but is still unable to status the print queue. I'm getting closer. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hai, But what do you want? how is it to be used. and what os are you running? Do you want to use windows drivers or the linux drivers? some checks, post them back. the output of. net -S PDC -U root%PASSWORD rpc rights list DOMAINNAME\Administrator ( of root if you dont have administrator ) you should see at least SePrintOperatorPrivilege read http://lists.samba.org/archive/samba/2005-December/114817.html Point 6 and the part just above point 6. and, whats the output of lpstat -a this is 1 the my /etc/printcap entries. HP040|Hostname|Description Printer HP 040:\ :lp=192.168.249.40%9100:\ :rp=Hostname:\ :sd=/var/spool/lpd/040:\ :sh: make sure the hostname resolves, else use ip. set this up with the cups wizard, for the windows spooler choose RAW queue. and the last thing, is in /etc/cups/cupsd.conf this part, ( the Allow from all part is what you need. ) Location /printers AuthType None Order Deny,Allow Deny From None Allow From All /Location Gr. Lois But what do you want? I want to be able to print jobs from my wife's Win XP machine, and manage those print jobs from the print manager on Win XP machine. Right now I can print jobs from the Win XP machine but can not read the status of jobs in the Win XP print queue. and what os are you running? [mlapier@mushroom ~]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom ~]$ Do you want to use windows drivers or the linux drivers? The Win XP machine has it's own driver installed. [mlapier@mushroom ~]$ lpstat -a HP-Color-LaserJet-cp2025dn accepting requests since Tue 26 Mar 2013 06:06:44 PM EDT HP_Color_LaserJet_CP2025dn accepting requests since Tue 12 Mar 2013 06:19:36 PM EDT Samsung-ML-1740 accepting requests since Wed 03 Apr 2013 05:58:33 AM EDT WorkForce-1100 accepting requests since Sat 01 Dec 2012 12:07:03 PM EST [mlapier@mushroom ~]$ [mlapier@mushroom ~]$ cat /etc/printcap # This file was automatically generated by cupsd(8) from the # /etc/cups/printers.conf file. All changes to this file # will be lost. Samsung-ML-1740|Samsung ML-1740:rm=mushroom.patch:rp=Samsung-ML-1740: HP-Color-LaserJet-cp2025dn|HP Color LaserJet cp2025dn:rm=mushroom.patch:rp=HP-Color-LaserJet-cp2025dn: HP_Color_LaserJet_CP2025dn|Color Laser Printer:rm=mushroom.patch:rp=HP_Color_LaserJet_CP2025dn: WorkForce-1100|EPSON WorkForce 1100:rm=mushroom.patch:rp=WorkForce-1100: [mlapier@mushroom ~]$ [nllapie@mushroom ~]$ net rpc rights list Enter nllapie's password: SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares SeSecurityPrivilege System security [nllapie@mushroom ~]$ In /etc/cups/cupsd.conf I have three Location tags. None of them are Location /printers. I think that covers all your information requests. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL
Re: [Samba] Desperate plea for help with printer share
On 04/03/2013 09:02 AM, Gary Dale wrote: On 01/04/13 07:55 PM, Mark LaPierre wrote: On 03/30/2013 11:45 PM, Gary Dale wrote: On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? Sure enough. The printer shared check box is checked so that's not the problem. That's not good enough. Has the cups configuration been set to allow users to connect from the LAN? How might you suggest that I check that setting? -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desperate plea for help with printer share
-Oorspronkelijk bericht- Van: marklap...@aol.com [mailto:samba-boun...@lists.samba.org] Namens Mark LaPierre Verzonden: dinsdag 2 april 2013 1:56 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] Desperate plea for help with printer share On 03/30/2013 11:45 PM, Gary Dale wrote: On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? Sure enough. The printer shared check box is checked so that's not the problem. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba On 04/02/2013 02:47 AM, L.P.H. van Belle wrote: Hai, recheck your settings in smb.conf This is a working setup with cups for example. ## PRINTING Section 1 !! Global Settings !! ## printing temporary disabled load printers = Yes printing = cups printcap name = cups show add printer wizard = Yes disable spoolss = No max print jobs = 100 lpq cache time = 20 use client driver = No max reported print jobs = 1000 # PRINTING Section 2 !! # users are able to connect to any printer specified in the Samba host's # printcap file ( /etc/printcap ) provided through cups [printers] comment = All Network Printers printable = yes path = /home/samba/spool browseable = No guest ok = yes public = yes read only = yes writable = no create mode = 0777 lpq command = /usr/bin/lpq -P '%p' lprm command = /usr/bin/lprm -P '%p' %j lppause command = /usr/sbin/lpc hold '%p' %j lpresume command = /usr/sbin/lpc release '%p' %j queueresume command = /usr/sbin/lpc start '%p' queuepause command = /usr/sbin/lpc stop '%p' ### Printing Section 3 The Windows Printer drivers # Required permissions # The account used to connect to the Samba host must have # a UID of 0 (i.e., a root account). ( or Administrator ) # The account used to connect to the Samba host must be # named in the printer adminlist. # Or The account used to connect to the Samba host must have # SEPrintOperatorRights [print$] comment = Printer Drivers Download Area path = /home/samba/printers browseable = no guest ok = yes read only = yes write list = @Print Operators,@Domain Admins,Administrator,root create mask = 0664 directory mask = 0775 valid users = @Domain Users,@Print Operators,@Domain Admins,Administrator,root This smb.conf file seems to be for a specific hardware environment that is no similar to mine. Could you explain what hardware configuration this file is configured for? In the mean time, I'll paste in your printer sections, both global and printers, and I'll let you know how it works out. -- _ °v
Re: [Samba] Desperate plea for help with printer share
-Oorspronkelijk bericht- Van: marklap...@aol.com [mailto:samba-boun...@lists.samba.org] Namens Mark LaPierre Verzonden: dinsdag 2 april 2013 1:56 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] Desperate plea for help with printer share On 03/30/2013 11:45 PM, Gary Dale wrote: On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? Sure enough. The printer shared check box is checked so that's not the problem. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba On 04/02/2013 02:47 AM, L.P.H. van Belle wrote: Hai, recheck your settings in smb.conf This is a working setup with cups for example. ## PRINTING Section 1 !! Global Settings !! ## printing temporary disabled load printers = Yes printing = cups printcap name = cups show add printer wizard = Yes disable spoolss = No max print jobs = 100 lpq cache time = 20 use client driver = No max reported print jobs = 1000 # PRINTING Section 2 !! # users are able to connect to any printer specified in the Samba host's # printcap file ( /etc/printcap ) provided through cups [printers] comment = All Network Printers printable = yes path = /home/samba/spool browseable = No guest ok = yes public = yes read only = yes writable = no create mode = 0777 lpq command = /usr/bin/lpq -P '%p' lprm command = /usr/bin/lprm -P '%p' %j lppause command = /usr/sbin/lpc hold '%p' %j lpresume command = /usr/sbin/lpc release '%p' %j queueresume command = /usr/sbin/lpc start '%p' queuepause command = /usr/sbin/lpc stop '%p' ### Printing Section 3 The Windows Printer drivers # Required permissions # The account used to connect to the Samba host must have # a UID of 0 (i.e., a root account). ( or Administrator ) # The account used to connect to the Samba host must be # named in the printer adminlist. # Or The account used to connect to the Samba host must have # SEPrintOperatorRights [print$] comment = Printer Drivers Download Area path = /home/samba/printers browseable = no guest ok = yes read only = yes write list = @Print Operators,@Domain Admins,Administrator,root create mask = 0664 directory mask = 0775 valid users = @Domain Users,@Print Operators,@Domain Admins,Administrator,root Okay, I pasted in your global and printers section, restarted smb service, deleted the printer from the Win XP machine, and then reconnected to it with the add printer tool on XP. Now when I send a test file the file is accepted but does not print. [root@mushroom samba]# testparm Load smb config files from /etc/samba
Re: [Samba] Desperate plea for help with printer share
On 04/02/2013 09:38 PM, David Kuntadi wrote: On Sun, Mar 31, 2013 at 7:38 AM, Mark LaPierre marklap...@aol.com mailto:marklap...@aol.com wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. If only to share to one computer, how about trying to use IPP printing instead? http://hostname:631/printers/printername So far for me it is the easiest way to share printer to windows. DK Hey Dave, Thank you for the interesting proposal. If all I had share to the Windows machine was the printer I would consider doing that but as have to share some files too then Samba is probably my best solution. I've received some help on my issue from others on this thread. The Windows machine can now send print jobs to the shared printer but is still unable to status the print queue. I'm getting closer. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desperate plea for help with printer share
On 03/30/2013 11:45 PM, Gary Dale wrote: On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? Sure enough. The printer shared check box is checked so that's not the problem. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Desperate plea for help with printer share
Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 server IP change
On 03/27/2013 04:45 AM, samba-de...@gbif.org wrote: Hello, A perhaps silly but hopefully easy to answer question: does a server running Samba4 with a provisioned domain (upgraded from Samba3) mind if its IP address is changed? Is there anything special to do apart from obviously modifying Samba's internal DNS record for the Samba4 server? Thanks! Best regards, Andrei The server probably won't much care, but the clients might take a hissy fit. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] not permitted to access this share
Hello all, Been fighting with this all day and I am at a loss. Maybe I've been staring at it too long. I'm getting a not permitted to access this share error where I think I should be getting in no problem. user 'fizbin' (from session setup) not permitted to access this share (logs) Configuration: Two AIX 6.1 (6100-06-06) LPARs both running Samba 3.3.12 binaries from IBM. LPAR1 is working great. No problem accessing the shares created there. On LPAR2 I cannot access any shares. Both are configured for domain authentication and that seems to be working. wbinfo -u returns a list of domain users. On both systems I get: check_ntlm_password: authentication for user [fizbin] - [fizbin] - [fizbin] succeeded The global sections of smb.conf are the same on both machines. Not sure where to go from here. The two systems seem to be identical. Any tips would be appreciated. - Mark The content of this message is subject to our e-mail confidentiality policy. http://www.empire.ca/docs/email/conf Le contenu de ce message est assujetti à notre politique en matière de confidentialité des courriels. http://www.empire.ca/docs/email/conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Sernet samba3-cifsmount
I upgraded a samba 3.5 installation to 3.6 and I noticed that there is no samba3-cifsmount package for 3.6 so now my system has mixed versions: [root@mysystem]# rpm -qa | grep samba3 samba3-cifsmount-3.5.20-44.el5 samba3-client-3.6.12-44.el5 samba3-3.6.12-44.el5 Is this the correct way to set this up? Thanks, -- Mark Nienberg Sent from an invalid address. Please reply to the group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (Trying) to understand Print properties saving
I have a similar issue with Ubuntu 12.04 based system , not sure of Samba version but it keeps changing default paper to Postscript custom which seems almost square. I change it in windows and apply and it always reverts to postscript custom again On Tue, Jan 1, 2013 at 5:01 PM, Alessandro Dentella san...@e-den.it wrote: Hi, some weeks ago I wrote to this list about a problem I have saving print properties (samba 3.4.7 - ubuntu-lucid + XP-pro) I never managed to solve it, I also tried with samba 3.6+ (Ubuntu precise) but had aother problems I wrote about in this list ending opening a bug [1]. Now I had to go back to my 3.4.7 installation. I'd like at least to bettere understand how print properties work so that I can cope better with the situation. In my setup the drivers are distributed by the server, client do realize they need the driver and server correctly serves them, the problem is that the page format is alwayes set to 'letter' rather than 'A4'. I have roaming profiles. I really need to fix this even thought some workaround. Can someone tell me which are the components that store the print properties? If this is already explained somewhere, please give me the URL, I wasn't able to find it. 1. If I browse \\server\(server and fax) and I configure properties, where are the changes saved? 2. When an end user configures the printer where does ther properties should go (I have roaming profiles)? In the profile? in a registry? 3. If the domain/local Administrator changes the properties in the printer on the client via settings | printers how does that change relate to settings in 1 and 2? 4. In a working setup, is there a way to force the paper format *after* a user has already logged in and changed the properties? thanks in advance for any explanation thanks sandro *:-) [1] https://bugzilla.samba.org/show_bug.cgi?id=9468 -- Sandro Dentella *:-) http://www.reteisi.org Soluzioni libere per le scuole http://sqlkit.argolinux.orgSQLkit home page - PyGTK/python/sqlalchemy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Update A Compiled Version
He could be using an older distro that never will have it in the repos. I think the bigger question is how will he update it once an update is released if he does compile it, and a I see it that remains unanswered, as I too share the same question. I never trust version X.00, as it is never long before the fixes make it X.01 On Tue, Dec 25, 2012 at 11:24 PM, Robert Heller hel...@deepsoft.com wrote: At Thu, 20 Dec 2012 11:20:40 -0700 Zane Zakraisek doublez...@gmail.com wrote: I'm pretty new to compiling software, although I would rather compile my own Samba 4.0.0 server rather than wait for it to become available in the repositories of my distribution. How do you update compiled software. Like if I compile and install Samba 4.0.0, and then 4.0.1 comes out, Is there a way to update to that without starting from scratch and having to rebuild my domain? Thanks Most (all?) Linux distributions include a compiled version of Samba as part of the distriution's software repository. Check to see what your distribution makes available. -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NEED Windows 7 64 bit Postscript drivers
Alas I am having success on my third install. I am however missing the Windows 7 64 Bit Postscript drivers. I have the 32 bit but have only one copy of windows that is 32 bit and use mostly Linux It would be greatly appreciated if someone could take them off of an ENGLISH system, and zip and email them to me. They come from \Windows\System32\spool\drivers\x64\PCC\ntprint.inf_random-stuff.cab the names are ps5ui.dll pscript.hlp pscript.ntf pscript5.dll MUST BE Windows 7 English 64 bit system Thanks much! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba and CUPS pushing generic windows drivers
I have spent weeks battling with Samba and CUPS to get seamless windows printing, and keep hitting bumps along the way So far of two printers on a test systsm, and hp deskjet 920c and a PDF writer on the CUPS machine , only one will export printer drivers _ # rpcclient -U root localhost -c enumdrivers Enter root's password: [Windows NT x86] Printer Driver Info 1: Driver Name: [HP_DESKJET_920C] _ # rpcclient -U root localhost -c enumprinters Enter root's password: flags:[0x80] name:[\\LOCALHOST\] description:[\\LOCALHOST\,HP_DESKJET_920C,HP DESKJET 920C] comment:[HP DESKJET 920C] flags:[0x80] name:[\\LOCALHOST\] description:[\\LOCALHOST\,,PDF] comment:[PDF] As you can see this is a problem. However I did not have this problem on a previous installation I tried and ended up breaking., IN order to install the drivers for windows I had to add the last line in the printer$ and printers section in the smb.conf below My biggest issue is the following: How do I get the driver for the PDF virtual printer to write out for windows auto-download? My second purpose follows and may negate all of this and it is is. I also want to know why I can not install a generic postscript or PDF driver auto-download that would apply for all printers as CUPS 1.61 allows these formats. It would seem to simplify point and print printing to have one driver that applied to all printers rather than a separate PPD for each . On my current install there are files for HP DESKJET 920C.ppd. One of the reasons I chose to go this route was for CUPS rendering. I know that they will use standard postscript rendering at least because I printed with a postscript driver to the HP previously with no printer specific PPD I would ideally lie to be able to install a printer in CUPS and have it automatically available via SMB with a generic driver with no printer specific ppd. I need this to be as idiot proof as possible! I know that new cups printers on the Mac are automatically available via samba when it is activated so it should be feasible to do that part in linux as well. The bigger issue remains a gneric postscript or pdf driver that applies to all printers. Thanks Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0 Available for Download!
Congratulations team! Thank you all for your hard work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DC with external LDAP
Hi! Is there a way to use an external LDAP server with Samba4 (eg. openldap) to authenticate users or alternatively to sync Samba's internal LDAP with other services like Radius? My goal is to enter all user credentials to either an external or Samba4 internal LDAP and make Samba, Radius, etc. use it for authentication / as a master when synchronizing user data. I already tried: 1. http://techminded.net/blog/install-samba-pdc--ldap-on-debian-squeeze.html (server: Debian 6.05) --gt; worked with XP clients, but Win7 clients couldn't join to the domain. 2. https://wiki.samba.org/index.php/Samba4/HOWTO (server: RHEL 6.3) --gt; works fine with all clients, but I can't communicate with internal LDAP, I get this error message when I try a simple ldapsearch: ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired) I googled around a lot, but haven't found any working solutions yet. Do you know any answer to this problem? Or can you advise an alternative solution? Thanks in advance, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
Have you tried adding a machine account for your CLIENTPC i.e. # pdbedit -a -m -u CLIENTPC This will create the CLIENTPC$ account it was squawking about. In my experience, the machine needs a Samba account too. Cheers, Andrew Mark | Development Analyst | www.aimsystems.ca local: 519-837-1072 | fax: 519-837-4063 | int'l 800-465-2961 12-350 Speedvale Ave. W. | Guelph, ON | N1H 7M7 | Canada On 12-08-09 09:28 AM, Brandon wrote: Here's some more information on my problem: smb.conf: --- begin smb.conf --- [global] workgroup = MYWORKGROUP server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon script = logon.cmd logon path = logon home = domain logons = Yes dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /srv/samba/netlogon guest ok = Yes [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers --- end smb.conf --- Here's the pdbedit -Lv spitout for my user: --- begin output--- Unix username:myadmin NT username: Account Flags:[U ] User SID: S-1-5-21-2762049607-2166809996-183419993-1000 Primary Group SID:S-1-5-21-2762049607-2166809996-183419993-513 Full Name: Home Directory: HomeDir Drive: Logon Script: logon.cmd Profile Path: Domain: MYWORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set:Wed, 08 Aug 2012 17:54:50 EDT Password can change: Wed, 08 Aug 2012 17:54:50 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- end output --- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba won't honour group permissions on my share directory
Hi, I have a share set up in smb.conf as follows .. security = user guest account = ftp .. [incoming] comment = Incoming files path = /var/local/share/incoming public = yes guest ok = yes read only = no browseable = yes .. the permissions on the shared directory are set recursively as follows - drwxrwxr-- root ftp incoming If I try and write to the share from an anonymous windows login, I get a warning that I do not have the required permissions. Looking at the permissions tab on Windows I see that the unix group 'ftp' only has read privileges. My understanding was that because the guest account is a member of the 'ftp' group it would get write privileges. Evidently this is not the case. If I set the permissions on 'var/local/share/incoming' to world writable then this gets round the problem, but I'd still like to know why using group permissions does'nt seem to work. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Packet Size 'Tuning'
Thanks for your suggestion of WireShark. I'm hesitant to adjust the MTU of PPP0 too much as I'll have to ifdown/ifup the ppp0 interface and this is a live environment. Also, data packets travelling not on port 137-139 or 445 do not emit the displayed error. I will implement WireShark and post my findings Cheers, Andrew Mark | Development Analyst | www.aimsystems.ca local: 519-837-1072 | fax: 519-837-4063 | int'l 800-465-2961 12-350 Speedvale Ave. W. | Guelph, ON | N1H 7M7 | Canada On 12-08-07 04:20 AM, Andrew Bartlett wrote: On Wed, 2012-08-01 at 13:36 -0400, Andrew Mark wrote: Hi all, I'm hoping someone has gone through the pain I'm going through in trying to 'tune' the packet size Samba uses such that we don't get packet overflow errors. I'm getting these error when I perform: # tcpdump -i ppp0 -n -n Isn't this a matter of your MTU on your PPP link if anything? Is this a real error you are seeing, or just an artifact of tcpdump? Do you see any real issues with a more modern sniffer, such as wireshark (such as fragmentation at the other end)? Andrew Bartlett -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Packet Size 'Tuning'
Hi all, I'm hoping someone has gone through the pain I'm going through in trying to 'tune' the packet size Samba uses such that we don't get packet overflow errors. I'm getting these error when I perform: # tcpdump -i ppp0 -n -n 12:08:48.376944 IP (tos 0x0, ttl 63, id 170, offset 0, flags [DF], proto TCP (6), length 1405) 10.30.7.2.445 205.150.122.19.55639: Flags [.], cksum 0x4e9f (correct), seq 2733191:2734544, ack 13597, win 147, options [nop,nop,TS val 414105512 ecr 23936171], length 1353SMB-over-TCP packet:(raw data or continuation?) 12:08:48.376962 IP (tos 0x0, ttl 63, id 171, offset 0, flags [DF], proto TCP (6), length 1405) 10.30.7.2.445 205.150.122.19.55639: Flags [.], cksum 0x2be8 (correct), seq 2734544:2735897, ack 13597, win 147, options [nop,nop,TS val 414105512 ecr 23936171], length 1353SMB-over-TCP packet:(raw data or continuation?) 12:08:48.376981 IP (tos 0x0, ttl 63, id 172, offset 0, flags [DF], proto TCP (6), length 1405) 10.30.7.2.445 205.150.122.19.55639: Flags [.], cksum 0xba2f (correct), seq 2735897:2737250, ack 13597, win 147, options [nop,nop,TS val 414105512 ecr 23936171], length 1353SMB-over-TCP packet:(raw data or continuation?) 12:08:48.376999 IP (tos 0x0, ttl 63, id 173, offset 0, flags [DF], proto TCP (6), length 1405) 10.30.7.2.445 205.150.122.19.55639: Flags [.], cksum 0x0485 (correct), seq 2737250:2738603, ack 13597, win 147, options [nop,nop,TS val 414105512 ecr 23936171], length 1353SMB-over-TCP packet:(raw data or continuation?) my smb.conf is pretty plain: [global] workgroup = IPM server string = Condo Fileserver netbios name = Condo interfaces = lo eth0 10.30.6.0/24 10.30.7.0/24 10.30.251.0/24 205.150.122.0/24 hosts allow = 127. 10.30.6. 10.30.7. 205.150.122. 10.30.251. socket options = SO_RCVBUF=13504 SO_SNDBUF=13504 nt acl support = yes inherit acls = yes map acl inherit = yes aio read size = 13472 aio write size = 13472 # log files split per-machine: log file = /var/log/samba/%m.log # maximum size of 50KB per log file, then rotate: max log size = 50 security = user passdb backend = tdbsam domain master = yes local master = yes os level = 66 preferred master = yes wins support = yes dns proxy = yes load printers = yes cups options = raw [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [Quickbooks] comment = Everyone's QuickBooks path = /Shares/public/Quickbooks public = yes writable = yes printable = no read only = No guest ok = Yes force create mode = 0755 force directory mode = 0777 [shared] comment = Shared Stuff path = /Shares/public public = yes writable = yes printable = no read only = No force create mode = 0777 force directory mode = 0777 guest ok = Yes ##end smb.conf ### If I am correct, I'm transmitting a packet length of 1405 (kb?) but it's receiving a packet of 1353 (kb?) My question is two-fold: - How do you read a tcpdump of Samba activity? - How to you tune the packet size that Samba uses? Cheers, Andrew Mark | Development Analyst | www.aimsystems.ca local: 519-837-1072 | fax: 519-837-4063 | int'l 800-465-2961 12-350 Speedvale Ave. W. | Guelph, ON | N1H 7M7 | Canada -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Netbios over VPN
I am attempting to utilize BackupPC on a Fedora 14 server to backup a remote client. As I understand, it's primary mechanism for finding clients is performing a nmblookup clientname This works fine for computers connected to the local network. My issue is extending ?Samba's? search to encompass our other network - the point-to-point VPNs Using OpenVPN, we have a number of road warriors who connect their VPN to gain access to the samba server. Each has a unique static IP address in the 10.30.251 range and when connected, I can find them but not samba i.e. # ping john_laptop --- john.inspirah.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 9.900/14.764/24.388/6.805 ms # nmblookup john_laptop querying john_laptop on 127.255.255.255 querying john_laptop on 10.30.7.255 name_query failed to find name john_laptop How to I configure Samba or whatever Linux service is necessary to query the 10.30.251.255 network as well -- Cheers, Andrew Mark | Development Analyst | www.aimsystems.ca local: 519-837-1072 | fax: 519-837-4063 | int'l 800-465-2961 12-350 Speedvale Ave. W. | Guelph, ON | N1H 7M7 | Canada -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] CTDB and IPv6
I am attempting to enable IPv6 on our CTDB setup. I have placed the IPv6 address in the public_addresses file with the correct prefix. The addresses never come up and I recieve these messages in the log 2012/06/28 10:54:43.313227 [ 1820]: Async operation failed with ret=0 res=1 opcode=0 2012/06/28 10:54:43.313918 [ 1820]: Async operation failed with ret=0 res=1 opcode=0 2012/06/28 10:54:43.313929 [ 1820]: Async wait failed - fail_count=2 2012/06/28 10:54:43.313934 [ 1820]: server/ctdb_takeover.c:1517 Async control CTDB_CONTROL_TAKEOVER_IP failed 2012/06/28 10:54:43.313941 [ 1820]: server/ctdb_recoverd.c:1588 Unable to setup public takeover addresses 2012/06/28 10:54:44.316099 [ 1820]: Taking out recovery lock from recovery daemon 2012/06/28 10:54:44.316129 [ 1820]: Take the recovery lock 2012/06/28 10:54:44.317788 [ 1820]: Recovery lock taken successfully 2012/06/28 10:54:44.317839 [ 1820]: Recovery lock taken successfully by recovery daemon I am running version 1.0.114.3-3.el6 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] CTDB and IPv6
I am attempting to enable IPv6 on our CTDB setup. I have placed the IPv6 address in the public_addresses file with the correct prefix. The addresses never come up and I recieve these messages in the log 2012/06/28 10:54:43.313227 [ 1820]: Async operation failed with ret=0 res=1 opcode=0 2012/06/28 10:54:43.313918 [ 1820]: Async operation failed with ret=0 res=1 opcode=0 2012/06/28 10:54:43.313929 [ 1820]: Async wait failed - fail_count=2 2012/06/28 10:54:43.313934 [ 1820]: server/ctdb_takeover.c:1517 Async control CTDB_CONTROL_TAKEOVER_IP failed 2012/06/28 10:54:43.313941 [ 1820]: server/ctdb_recoverd.c:1588 Unable to setup public takeover addresses 2012/06/28 10:54:44.316099 [ 1820]: Taking out recovery lock from recovery daemon 2012/06/28 10:54:44.316129 [ 1820]: Take the recovery lock 2012/06/28 10:54:44.317788 [ 1820]: Recovery lock taken successfully 2012/06/28 10:54:44.317839 [ 1820]: Recovery lock taken successfully by recovery daemon I am running version 1.0.114.3-3.el6 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 how to remove a machine from the domain
Active directory users and computers. (dsa.msc) Just right-click the computer you want to delete and hit delete. On 3/8/2012 9:47 AM, steve wrote: Hi How do I remove a machine which is o longer connected to the domain? e.g. the has been stolen or just moved without having unjoined before. I want to be able to replace the machine with with a new box with same hostname. Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 how to remove a machine from the domain
Hmmm possibly. I just use the windows tools to manage AD myself. A quick look at the functionality of samba-tool does not yield anything that looks like a way to delete a machine account. You can probably do this with LDAP but the safest way would probably be by using the AD tools from MS. I am sure someone will chime in if this is possible. On 3/8/2012 10:04 AM, steve wrote: On 08/03/12 15:49, Mark Rutherford wrote: Active directory users and computers. (dsa.msc) Just right-click the computer you want to delete and hit delete. On 3/8/2012 9:47 AM, steve wrote: Hi How do I remove a machine which is o longer connected to the domain? e.g. the has been stolen or just moved without having unjoined before. I want to be able to replace the machine with with a new box with same hostname. Thanks, Steve Thanks Mark. Is there a samba-tool cli way to do that? Cheers, steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] maximum password age question
Hello List I am working on upgrading a older Samba 3.0.16 setup that uses openldap as its back-end for passwords and users. I built a clone of our setup using CentOS 5.6 and Openldap 2.4.20 , with Samba 3.6.1 . My issue. After successfully building and install Samba users can not authenticate to the server. They are prompted with errors about Needing to change their password. Looking at my user info on the samba server I see the following issue. # pdbedit -vu msaad Unix username:msaad NT username: msaad Account Flags:[U ] User SID: S-1-5-21-64374432-364290046-3597965222-2970 Primary Group SID:S-1-5-21-3988802677-3356876598-2018608366-513 Full Name:Mark Saad Home Directory: \\nycifs3\msaad HomeDir Drive: Logon Script: Profile Path: \\nycifs3\msaad\profile Domain: NYCIFS3 Account desc: hardluck Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 01 Jan 1970 00:00:10 GMT Password can change: Thu, 01 Jan 1970 00:00:10 GMT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF So I tried to set the max password age to -1 # pdbedit -P maximum password age -C -1 valid account policy, but unable to fetch value! account policy maximum password age description: Maximum password age, in seconds (default: -1 = never expire passwords) account policy maximum password age value was: 4294967295 valid account policy, but unable to set value! Does anyone know what the root issue is ? -- mark saad | nones...@longcount.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] maximum password age question
On Tue, Dec 27, 2011 at 11:54 AM, TAKAHASHI Motonobu mo...@monyo.com wrote: From: Mark Saad nones...@longcount.org Date: Tue, 27 Dec 2011 11:03:53 -0500 I am working on upgrading a older Samba 3.0.16 setup that uses openldap as its back-end for passwords and users. I built a clone of our setup using CentOS 5.6 and Openldap 2.4.20 , with Samba 3.6.1 . My issue. After successfully building and install Samba users can not authenticate to the server. They are prompted with errors about Needing to change their password. (snip) So I tried to set the max password age to -1 # pdbedit -P maximum password age -C -1 valid account policy, but unable to fetch value! account policy maximum password age description: Maximum password age, in seconds (default: -1 = never expire passwords) account policy maximum password age value was: 4294967295 valid account policy, but unable to set value! Does anyone know what the root issue is ? After Samba 3.0.21, those policies are stored in LDAP, but before 3.0.21, they were always stored in local tdb file. I guess that you have to manually create those account policies on your LDAP directory. Do you know if there was anything created to migrate the tdb files to ldap ? --- TAKAHASHI Motonobu mo...@samba.gr.jp -- mark saad | nones...@longcount.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgraded samba, mostly still works, but have one issue
Hello list, I recently upgraded an Ubuntu 8.04 LTS samba server to 10.04 LTS which took the installed version of samba from version 3.0.28a to version 3.4.7. The server is an AD member using idmap-rid. I have updated the idmap directives in the config and it mostly worked (winbind works, Windows users can get to their shares with their correct permissions, etc.). The only thing that got broken is the ability of our IP security cameras to store data directly to the server through samba. I believe this may have been caused by a change to a default setting, such as the allowed authentication methods or possibly something like 'allow trusted domains', since these cameras are not capable of actually joining the domain. I've looked at some of the in-between release notes but no changes have jumped out at me. The cameras are configured to connect to the given smb/cifs server and share (which exists and can be mapped from Windows if you use the right user). The share ('camshare') has share-level permissions set such that DOMAIN\camera should have full access. I have winbind set to use the default domain so the cameras are configured to connect as 'camera' instead of 'DOMAIN\camera' (but I've tried both anyway, to no avail). I have checked the password on the 'camera' account repeatedly. However you can see that something isn't right when the cameras try to mount the share: root@server:~# tail -f /var/log/samba/log.smbd | grep camera check_ntlm_password: Authentication for user [camera] - [camera] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [camera] - [camera] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [camera] - [camera] FAILED with error NT_STATUS_NO_SUCH_USER If I use that username with the password when mapping the share from Win7, it works and the correct permissions are there. Here is the smb.conf: [global] server string = File Server workgroup = DOMAIN realm = DOMAIN.COM security = ADS password server = * #password server = dc1.domain.com username map = /etc/samba/smbusers obey pam restrictions = Yes enable privileges = Yes map to guest = Bad User client NTLMv2 auth = Yes log level = 2, vfs:1 syslog = 0 max log size = 0 load printers = No preferred master = No local master = No domain master = No dns proxy = No disable netbios = yes ldap ssl = no host msdfs = No template shell = /bin/false winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes idmap backend = tdb idmap uid = 10-19 idmap gid = 10-19 idmap config DOMAIN:backend = rid idmap config DOMAIN:range = 10 - 50 idmap config DOMAIN:default = yes hosts allow = 10.0.1.0/255.255.255.0 10.1.1.0/255.255.255.0 10.2.0.0/255.255.255.0 10.0.8.0/255.255.255.0 10.1.8.0/255.255.255.0 10.2.8.0/255.255.255.0 172.10.0.0/255.255.255.0 172.11.0.0/255.255.255.0 map acl inherit = No hide special files = Yes map archive = No map readonly = No map system = No map hidden = No force create mode = 707 force directory mode = 707 ea support = No store dos attributes = No wide links = No follow symlinks = No dos filemode = No add share command=/etc/samba/command.pl delete share command=/etc/samba/command.pl change share command=/etc/samba/command.pl [camshare] comment = Camera data share path = /home/camshare read only = No writeable = Yes inherit owner = Yes guest ok = No [mainshare] comment = Main Fileshare path = /home/mainshare read only = No writeable = Yes inherit owner = Yes guest ok = Yes vfs objects = recycle extd_audit recycle:repository = Recycle Bin recycle:directory_mode = 707 recycle:keeptree = yes recycle:versions = no recycle:touch = yes recycle:touch_mtime = no recycle:maxsize = 209715200 recycle:exclude = *.tmp *.temp ~$* *.~?? I've left off some other shares that don't seem relevant. I can provide other info and or more logs if needed. Thanks in advance for any assistance you may be able to provide. Thank you, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Upgraded samba, mostly still works, but have one issue
Forgot to cc list. Sorry Sent via mobile Begin forwarded message: From: Mark Casey ma...@unifiedgroup.com Date: December 12, 2011 1:25:34 PM CST To: Dale Schroeder d...@briannassaladdressing.com Subject: Re: [Samba] Upgraded samba, mostly still works, but have one issue Dale, That fixed it. Thanks very much for your time in looking at this issue! That leads to another question though. I don't get why 'winbind use default domain' did not cover the issue, since I have it set to yes. I assumed I could leave off the DOMAIN\ portion and it would add it for me...but more specifically, even using DOMAIN\camera wouldn't work. I should clarify though that nowhere in my config am I actually typing DOMAIN\; I'm only swapping that in on the mailing list as a redaction. When I tried the fully qualified user account in the IP camera's config the domain matched the one that this samba server is joined to. I did note this part in smb.conf's man page about 'winbind use default domain': While this does not benifit Windows users, it makes SSH, FTP and e-mail function in a way much closer to the way they would in a native unix system. This would all make more sense if that line means that 'winbind use default domain' excludes not only Windows users but all smb/cifs authentication attempts. Then, it wouldn't apply the the IP cameras at all. However even if that were the case I still can't explain the failure when I tried the user DOMAIN\camera. Would you (or anyone) be able to provide any insight? Regardless, thanks again for your help thus far as I can now get this out of the urgent section of my list! Thank you, Mark On 12/12/2011 12:23 PM, Dale Schroeder wrote: On 12/12/2011 10:14 AM, Mark Casey wrote: Hello list, I recently upgraded an Ubuntu 8.04 LTS samba server to 10.04 LTS which took the installed version of samba from version 3.0.28a to version 3.4.7. The server is an AD member using idmap-rid. I have updated the idmap directives in the config and it mostly worked (winbind works, Windows users can get to their shares with their correct permissions, etc.). The only thing that got broken is the ability of our IP security cameras to store data directly to the server through samba. I believe this may have been caused by a change to a default setting, such as the allowed authentication methods or possibly something like 'allow trusted domains', since these cameras are not capable of actually joining the domain. I've looked at some of the in-between release notes but no changes have jumped out at me. The cameras are configured to connect to the given smb/cifs server and share (which exists and can be mapped from Windows if you use the right user). The share ('camshare') has share-level permissions set such that DOMAIN\camera should have full access. I have winbind set to use the default domain so the cameras are configured to connect as 'camera' instead of 'DOMAIN\camera' (but I've tried both anyway, to no avail). I have checked the password on the 'camera' account repeatedly. However you can see that something isn't right when the cameras try to mount the share: root@server:~# tail -f /var/log/samba/log.smbd | grep camera check_ntlm_password: Authentication for user [camera] - [camera] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [camera] - [camera] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [camera] - [camera] FAILED with error NT_STATUS_NO_SUCH_USER If I use that username with the password when mapping the share from Win7, it works and the correct permissions are there. Here is the smb.conf: [global] server string = File Server workgroup = DOMAIN realm = DOMAIN.COM security = ADS password server = * #password server = dc1.domain.com username map = /etc/samba/smbusers obey pam restrictions = Yes enable privileges = Yes map to guest = Bad User client NTLMv2 auth = Yes log level = 2, vfs:1 syslog = 0 max log size = 0 load printers = No preferred master = No local master = No domain master = No dns proxy = No disable netbios = yes ldap ssl = no host msdfs = No template shell = /bin/false winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes idmap backend = tdb idmap uid = 10-19 idmap gid = 10-19 idmap config DOMAIN:backend = rid idmap config DOMAIN:range = 10 - 50 idmap config DOMAIN:default = yes hosts allow = 10.0.1.0/255.255.255.0 10.1.1.0/255.255.255.0
Re: [Samba] getent passwd not returning users/groups
Shot in the dark.. is nscd running? I have been bitten by that a few times. On 11/1/2011 5:04 PM, James Chase wrote: I'm trying to get my CentOS 5.6 machine setup as a Active Directory Domain Member with Windows 2008 level domain and samba 3.5. I haven't tried this before. I can successfully join the domain and return users using 'wbinfo -u' and groups with 'wbinfo -g' but when I try 'getent passwd' I only get the local users. I'm not sure what element that indicates is failing in the process. I'm not confident in my pam.d/ setup since different guides show different methods of setting this up. The /etc/nsswitch.conf file has been edited to include winbind as a source for passwd/shadow/group. The only insightful error message I see in the samba logs is this (repeated over and over in all the logs) but I haven't found the solution. Is this the cause of my problems? How do I disable spinlocks? I'm using a prebuilt package from sernet [2011/11/01 16:46:19.979981, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: spinlocks no longer supported Here is my samba configuration dumped from smbtest: [root@sambatest ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [test] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = SHAMOFFICE realm = SHAMBHALA-OFFICE.LOCAL interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS printcap name = cups idmap backend = ad idmap uid = 1-2 idmap gid = 3-4 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config SHAMOFFICE : schema_mode = rfc2307 idmap config SHAMOFFICE : range = 4000-5000 idmap config SHAMOFFICE : backend = ad idmap config * : range = 2000-3000 idmap config * : backend = tdb [test] comment = Directory for storing pictures by jims users path = /local/test read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }Hi, I've seen many people complain about this error message by Googling around, but I've never found a satisfactory explanation as to the cause and resolution. I'm hoping someone on the list will be able to point me in the right direction? I'm attempting to get a RHEL 5.5 client configured to use winbind auth against Windows 2003 R2 AD (in fact my end game is to get all NIS maps served from AD, but one step at a time). I've been following these steps: http://wiki.samba.org/index.php/Samba__Active_Directory But when I come to issue the 'net ads join' command: # net ads join -U administrator administrator's password: [2011/09/20 10:57:00, 0] libads/sasl.c:ads_sasl_spnego_bind(330) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials Failed to join domain: Invalid credentials So having manually configured it, I decided maybe 'authconfig' could help. I have no graphics here, so tried a command-line approach: # authconfig --enablecache --enablewinbind --enablewinbindauth --smbsecurity ads --smbrealm FMTEST.NET --smbidmapuid=100-4294967294 --smbidmapgid=100-4294967294 --enablewinbindusedefaultdomain --enablewinbindoffline --winbindjoin=Administrator --update This made no difference (same error when trying to join). Apart from adding the 'winbind offline logon' option which I omitted from my manual approach, using the old idmap features instead of the new ones, and setting up PAM for winbind (which I hadn't got around to yet) there was no difference in config. Debug modes, RHEL logs, Windows event logs, network traces - I've looked at them all and can't find anything that points to the exact problem. Some pertinent info: # cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.5 (Tikanga) # rpm -qa | egrep 'samba|libsmb' libsmbclient-3.0.33-3.29.el5_5.1 samba-client-3.0.33-3.29.el5_5.1 samba-3.0.33-3.29.el5_5.1 samba-common-3.0.33-3.29.el5_5.1 # testparm Load smb config files from /etc/samba/smb.conf Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = FMTEST realm = FMTEST.NET server string = Linux Test Machine security = ADS passdb backend = tdbsam log file = /var/log/samba/%m.log preferred master = No idmap domains = ALLDOMAINS winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 winbind offline logon = Yes idmap config ALLDOMAINS:default = yes idmap config ALLDOMAINS:backend = ad idmap config ALLDOMAINS:range = 100-4294967294 idmap config ALLDOMAINS:schema_mode = rfc2307 # cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = FMTEST.NET dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] FMTEST.NET = { default_domain = fmtest.net } [domain_realm] .fmtest.net = FMTEST.NET fmtest.net = FMTEST.NET [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Can you advise? Thanks, Mark. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB2 weird behavior with samba 3.6 PDC
What I meant to say is that Thunderbird downloads every message every time it is launched when I have max protocol = smb2 enabled. Without that line it checks the headers and is done. Even if it's not efficient I don't mind it downloading and caching the message once, but having to do so on every launch takes a lot of time and a lot of bandwidth. --- But SMB2 wouldn't affect the IMAP protocol. Is your local Thunderbird dir stored on a network share? If that's the case, then it's probably the same problem that others are experience about UID's not being resolved consistently (if at all)...that would cause possible file read/write problems and it might think it needs to d/l again. The thunderbird profile is stored on the users home share. This still seems like a SMB2 problem rather than a UID/GID problem since samba 3.6 works fine and thunderbird doesn't try and download every message again as soon as max protocol = smb2 is removed from smb.conf. Wouldn't a UID problem remain regardless of what the max protocol setting was? I don't have a windows server to test against, but surely this isn't acceptable behavior from a windows server. Hopefully one of the samba team members could help debug why all common browsers are unable to download files to a samba share. --- I'ts not just browsers. I was saving a large file (maybe that's the key -- a file that takes a long time to write -- was saving a 2GB image from from photoshop -- couldn't save it AT all.. Had to pull it out of the vfs_recycle to put it in place. I think you're right about many more programs being affected than just browsers. Notepad and thunderbird both seem to have serious problems and not just with large files. I was unable to open a very small html file with notepad and couldn't save my thunderbird preferences so long as smb2 was enabled. Have you opened a bug regarding any of your issues (specifically not being able to save files and them showing up in the samba recycle bin)? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB2 weird behavior with samba 3.6 PDC
On Mon, Aug 15, 2011 at 5:28 PM, Linda Walsh sa...@tlinx.org wrote: ` Mark Reidenbach wrote: I tried enabling SMB2 on our network after upgrading to samba 3.6 and experienced the following problems. Commenting out Max Protocol = SMB2 makes the windows7 and vista clients happy. - [homes] Trying to open a html file in notepad fails on Windows7 Pro SP1. Opening it in Firefox (default browser) or Open Office works ok. - [homes] Mozilla Thunderbird insists on downloading all the IMAP headers each time it is launched on Vista Pro SP2. What is it supposed to do? My client checks for new headers and downloads them all on each launch. Of course what's really fun is when you get to TB3 or above and it copies all of your IMAP folders into your local roaming profile by default (and it isn't easy to disable unless you already know how to do it). Great design...down load all IMAP messages from local server, and then entire mail store gets sent back up to the server in logon (as profile is stored)... and must be synced on login... The Tbird people, apparently didn't (and still refuse to understand that IMAP is a remote file-system that's not designed to have all of it downloaded to each client you login to. Whereas pop, usually when you d/led it, it was off the server (though that later changed -- but it still doesn't keep status the way IMAP does, nor does it have the search functions of IMAP. You can have IMAP create a searchable DB of your email so larger searches are lightning fast...instead, they copied my entire 4.5G mail folder onto each local machine and account i used mozilla on. What I meant to say is that Thunderbird downloads every message every time it is launched when I have max protocol = smb2 enabled. Without that line it checks the headers and is done. Even if it's not efficient I don't mind it downloading and caching the message once, but having to do so on every launch takes a lot of time and a lot of bandwidth. computer or a USB key to samba works ok, but Firefox and Chrome are unable to save files to the samba shares. They download files ok (e.g. file.part) but seem to be unable to rename the file when the download is complete. --- Yeah that was another problem I tried reporting and to get info on over a month ago, but never got a response. Part of my problem (maybe all of it), is they changed the idmap backend -- I was using static UID/GID mappins for the most part, when I went to 3.6, all of my GID's changed and my pwdb got very hosed. Still haven't recovered (most things work, but winbind refuses to return any info on my GUID, even though locally it knows what UID it maps to. But log is filled with GUID lookup errors for mine and random ones -- alot of S-0-0. The problem on the 'that'file is that apparently smb2 opens the file you want to save in, first, but doesn't close it -- then downloads to a .tmp file, and then does a rename over the first (or a copy, not sure which). Anyway server refuses to allow it -- as it thinks the first file is still open. If you have server 'recycle bin' turned on (the samba module), (and use savetree), you'll find the completed files in your recycle bin named with some p.xxx tmp name. Just rename the file from the server and copy it over the first. I don't have a windows server to test against, but surely this isn't acceptable behavior from a windows server. Hopefully one of the samba team members could help debug why all common browsers are unable to download files to a samba share. - [public] Installing programs from samba seems to partially work. Installing Itunes 10.4 for 64 bit windows 7 seemed to work but the Apple Software Update program was not installed (uninstalling, copying iTunes64Setup.exe to the desktop, and running the setup program worked). Odd, I've had a similar prob w/nvidia's sw-update prog -- but I wouldn't have though it to be samba related... Good luck --- I'm back at 3.10 -- and still have figured out how to repair my DB. Apparently the DB format got changed, and isn't backward compat (or something!) -- i.e. when looking up my domain, it tries to look for '*' first, which it then expecs to hve return the domain. I have no '*' entry in my tdb file. Top level entry that everything is under is the Domain name. So many types of lookups don't work. Had lots of performance problems with MSWin swamping my network connection really bad -- so that I couldn't play AV hosted on the server. Tried every downward tuning option available (my net was optimized for SMB1 -- 125MB writes/ 119-121MB/s reads over a 1Gbit net...(max speed, not average!) But I think that the new SMB2 code is much 'tighter in windows, so it executes more quickly so it is difficult for other traffic to get a chance. Unfortunately MS designed their file-serving protocol to be undifferentiable
Re: [Samba] difference between samba and smbclient
On Sun, Aug 14, 2011 at 1:07 PM, alex wallis alexwallis...@googlemail.comwrote: I want to share files from windows 7 64 bit to my distro based off ubuntu 11.04, I am not going to be sharing from linux to windows 7. You culd try something like this: mount -t cifs //server/share /mnt/win7 -o sec=ntlmv2i,user=domain/user,password=passwd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [homes] share not created unless linux user has a home directory in /etc/passwd
When adding a domain user to a samba 3.6 PDC I found that the [homes] share was not created. It turns out there was no home directory specified in /etc/password for this user. Once a linux home directory was added the [homes] share worked, but I would expect this to work anyway since a different path is being used for windows home directories than for the linux users. Is this expected behavior or a bug? [homes] comment = Home Directories path = /home/samba/homes/%S strict allocate = yes read only = No create mask = 0700 browseable = No valid users = %S -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [homes] share not created unless linux user has a home directory in /etc/passwd
The /home/samba/homes/user directory already exists and does not need to be created. The problem is that samba does not create the \\server\user share because it seems to be checking if there is an entry for the linux home directory in /etc/passwd. Adding a value of /home/user to /etc/passwd causes the \\server\user share to be set up and mapped to /home/samba/homes/user even though the passwd home directory, /home/user, does not exist. On Thu, Aug 11, 2011 at 10:13 PM, David Roid datar...@gmail.com wrote: Hello Mark, You can write a preexec script for homes share to check and make home directory under /home/samba/homes, regardless of the home directory value from /etc/passwd. -David 2011/8/12 Mark Reidenbach mark.a.reidenb...@gmail.com When adding a domain user to a samba 3.6 PDC I found that the [homes] share was not created. It turns out there was no home directory specified in /etc/password for this user. Once a linux home directory was added the [homes] share worked, but I would expect this to work anyway since a different path is being used for windows home directories than for the linux users. Is this expected behavior or a bug? [homes] comment = Home Directories path = /home/samba/homes/%S strict allocate = yes read only = No create mask = 0700 browseable = No valid users = %S -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMB2 weird behavior with samba 3.6 PDC
I tried enabling SMB2 on our network after upgrading to samba 3.6 and experienced the following problems. Commenting out Max Protocol = SMB2 makes the windows7 and vista clients happy. - [homes] Trying to open a html file in notepad fails on Windows7 Pro SP1. Opening it in Firefox (default browser) or Open Office works ok. - [homes] Mozilla Thunderbird insists on downloading all the IMAP headers each time it is launched on Vista Pro SP2. - [public] Copying files from the local computer or a USB key to samba works ok, but Firefox and Chrome are unable to save files to the samba shares. They download files ok (e.g. file.part) but seem to be unable to rename the file when the download is complete. - [public] Installing programs from samba seems to partially work. Installing Itunes 10.4 for 64 bit windows 7 seemed to work but the Apple Software Update program was not installed (uninstalling, copying iTunes64Setup.exe to the desktop, and running the setup program worked). My smb.conf is: [global] domain logons = Yes domain master = Yes preferred master = Yes workgroup = SYNERGY netbios name = SERVER server string = Office Samba Server passdb backend = tdbsam encrypt passwords = yes min protocol = NT1 max protocol = SMB2 server schannel = yes server signing = mandatory lanman auth = No ntlm auth = No lm announce = No client schannel = yes client signing = auto client ntlmv2 auth = Yes client lanman auth = No client plaintext auth = No client use spnego = No client use spnego principal = No directory name cache size = 500 name resolve order = host wins bcast add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon script = logon.cmd logon drive = z: logon path = logon home = \\server\%U dns proxy = No wins support = Yes time server = Yes ldap ssl = no log file = /var/log/samba/%m.log log level = 3 bind interfaces only = yes interfaces = 192.168.13.150/24 127.0.0.1 smb ports = 445 hosts allow = 127.0.0.1, 192.168.13.0/255.255.255.0, 192.168.2.0/255.255.255.0, 192.168.3.0/255.255.255.0, 192.168.100.0/255.255.255.0, 192.168.1.230 hosts deny = 0.0.0.0/0.0.0.0 # printing setup load printers = Yes printing = cups printcap = cups show add printer wizard = Yes # Some defaults to prevent access problems when upgrading (i.e 3.0.23 - 3.0.24 - 3.0.25) host msdfs = yes msdfs root = yes kernel change notify = yes use sendfile = yes # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) template shell = /bin/bash lock directory = /var/lib/samba # Samba 3.6 changes idmap config * : backend = tdb2 idmap config * : range = 1000-2 [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes browseable = No read only = Yes [printers] comment = All Printers path = /usr/local/samba/printers read only = Yes create mask = 0777 guest ok = Yes printable = Yes browseable = Yes [print$] comment = Printer Drivers # this path holds the driver structure after cupsaddsmb command path = /usr/local/samba/windows_drivers guest ok = no browseable = yes read only = yes write list = root [public] comment = Public Files path = /home/samba/public strict allocate = yes read only = No create mask = 0777 directory mask = 0777 vfs objects = readahead [homes] comment = Home Directories path = /home/samba/homes/%S strict allocate = yes read only = No create mask = 0700 browseable = No valid users = %S -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Question
Can I use Samba to transfer a image folder from Windows to Linux via usb flash drive? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
John, I just posted a long reply to help you understand how the pieces fit together. Yell out if you are still confused after reading my posting. Thanks for the lengthy reply and also the suggestion to read man pages instead of doc, I didn't realize there was such a big difference. The pieces are starting to fall into place, but I still have more questions. I've become convinced that my member servers need to be running winbind, especially since I want the builtin accounts to work. So... My sense is that my member servers should NOT require the LDAP passdb backend settings. Can someone confirm that only PDC/BDC should require this? If so, I think my problem boils down to an issue resolving sids - uids. Playing around with wbinfo on my member workstation, I see that I can resolve things like: [root]# wbinfo -n mkd S-1-5-21-2830206405-3223145701-231191277-7214 SID_USER (1) [root]# wbinfo -n CS.BROWN.EDU\mkd S-1-5-21-2830206405-3223145701-231191277-7214 SID_USER (1) so far so good, but [root]# wbinfo -S S-1-5-21-2830206405-3223145701-231191277-7214 Could not convert sid S-1-5-21-2830206405-3223145701-231191277-7214 to uid This seemed to work for a short while after I added the passdb LDAP entries to my member server, but I think it was a red herring, as it stopped working and worked only for a select number of users. So the question becomes, what am I missing that is preventing the PDC from resolving these for my member servers? It's quite possible there is some sort of LDAP mapping that we are just missing... we've been running LDAP for a while prior to getting samba up and working, so we had to modify our existing schema and add in the LDAP necessary stuff, rather than let samba do it as we couldn't afford to loose the existing data. Is this where the idmap_ldap stuff comes in? If so, can I just pre-seed these entries so all the information is there and run it in a read only ldap mode? Thanks! Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
Associated question... When I perform the following looking up on a member server: [root]# wbinfo -S S-1-5-21-2830206405-3223145701-231191277-7214 Could not convert sid S-1-5-21-2830206405-3223145701-231191277-7214 to uid When the result is not cached on the machine doing the lookup (which by the way I can't keep it from caching results even when I toss the -n flag on winbindd), I see traffic between the member server and PDC. Good. The PDC has access to all the information in needs to resolve this query, it's all contained within a user/group entry in LDAP. However, I can see no evidence it is trying to resolve this. If idmap is the portion responsible for this resolution, doesn't it make sense that I should be running idmap_ldap on the PDC? I've been looking over the LDAP schema and it has the following: objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) ) which I do NOT have defined in our LDAP db. I'm planning to just toss this in to see whether it helps, but still don't fully understand where the idmap_ldap stuff should be defined... Sorry the pieces just aren't falling into place. Hopefully, I'm not the only one struggling with this and the resulting discussions can someday help others. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
John, Thanks again for the feedback. On the other hand, some sites require the same uid/gid across domain controllers (PDC/BDC) and domain member servers (dms). Where this is required you CAN use NSS-LDAP to get globally consistent uid/gid values for each user and then use idmap_ldap to handle SID to uid/gid mappings. This configuration can get a little messy and my preference is to not have any domain member server but rather make them all domain controllers - that way all BDCs can share the exact same smb.conf configuration for simpler admin. This is exactly the situation we are in. The vast majority of our workstations are linux/unix based, thus uids/gids are really at the guts of our environment. The majority of our users work in both environments, so it's critical to have everything match. Someone else (tms3) asked off list whether there was any reason to even both with member servers. While it is certainly the case in a real Windows environment, I couldn't come up with a reason why this shouldn't/couldn't be done with a pure samba environment. I just tested and things appear to work just fine in a test setup. It seems wrong, but there is no reason why it can't work just fine with samba. The domain member server should be configured so it can write to the LDAP directory so that it can assign (out of the idmap range provided in the smb.conf file) the idmap entries. These should populate into the idmap suffix container. Of course the problem with this is users could end up with multiple gids/uids if we allowed the member servers to assign uids/gids. I now understand why member servers would need to assign uids/gids in a real Windows domain and it's likely we could seed LDAP properly so that we could use them as member servers, but for now I think I'll likely go with the massive number of DCs route. Thanks everyone, I think I've put together a better understanding of some of the samba/NT domain internals... probably just enough to cause some real trouble ;) Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Settings ACLS from Windows via member server
I have a purely samba domain: samba PDC, BDC, and a collection of clustered member servers that provide CIFS access to our underlying file system. Things are working fine, with the exception of users being able to set ACLS from Windows workstations. When they try to do so, they can search for and properly find domain members, but when they try to apply the changes, the settings simply vanish from the Window! We setup a test share from our PDC and users **can** set permissions properly on this share, so I would think we are looking at a configuration problem on our member servers. A couple generic questions about member servers: 1) Our password backend is stored in LDAP. Currently, we only have the LDAP configuration on the PDC and BDC samba setups. My understanding is that all other machines, including samba member servers, join the domain and get their user information that way, correct? 2) With a non-AD environment, should our samba member servers run winbind? My understanding is not, but this could be part of the problem. I'm happy to provide any other information that may be of help, this problem is driving us nuts! Thanks, Mark -- -- I'd rather be burning carbohydrates than hydrocarbons -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain controller could not be contacted
I recently upgrade a Samba server, that was happily acting as a PDC for a school, from 3.2 to 3.4.7. This was done via an upgrade to Ubuntu (from 9.04 to 10.04LTS). Of course, the Ubuntu upgrade caused a bunch of issues, most of which were managed without undue stress. The remaining issues are with Samba's configuration. This is a fairly simple Samba configuration using the TDB password backend, no LDAP. After the upgrade, domain logons do not work, nor can new machines be joined to the domain. From a Windows XP machine, attempting to log on gives The system can not log you on now because the domain CK is not available. Attempting to join the domain yields: A domain controller for the domain CK could not be contacted. Ensure that the domain name is typed correctly. [...] In the details for this message, it states that The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain CK: The error was: 'DNS name does not exist.' It also states that The query was for the SRV record for _ldap._tcp.dc._msdcs.CK This seems strange because we aren't using LDAP. Workgroup machines work. But they can't browse the domain. Going directly to a share on the server via the FQDN works. This looks like a winbindd issue to me. On the Linux side, connecting to a share on the server with smbclient works fine. In all honesty, I don't have much knowledge of tools for debugging NetBIOS issues with Samba. It's always just worked for me. Any ideas what could be going on here? Suggestions for further inquiry? Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
If you want to set ACLs of domain users and groups, you have to run winbindd regardless of AD env. or not. # You can set ACLs of server local users and groups without running winbindd. Hmm... I was working from: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553 I have NSS setup to resolve via LDAP, which contains all of the appropriate user/group information that samba should need. The second heading on this page, Winbind is not used; users and groups resolved via NSS seemed to read as though I didn't actually need winbind. My concern here is that winbind appears to be necessary to create unix users for non-existent Windows NT domain users. This isn't our case... ever user available in the Windows NT domain (managed by the samba PDC/BDC) exist in LDAP and, therefore, unix as well. Regardless... I enable winbind and the behavior is the same. Once winbind is started, I can query most users (wbinfo -u) and groups (wbinfo -g). For some reason, some groups don't show. We have many groups and users, so I haven't checked them all, but a spot check suggests there are some missing. Mark -- -- I'd rather be burning carbohydrates than hydrocarbons -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
I believe the PDC/BDC does not need winbind but the member servers do. Also you need idmap to work on the member servers. I believe I use a nss backend for my idmap setup at work. So is idmap separate from winbind? I thought the two went hand in hand. This may be another clue as to what's going on. When I bump up the log level for acls, it reports back: [2011/02/22 14:04:21.247390, 0] smbd/posix_acls.c:1755(create_canon_ace_lists) create_canon_ace_lists: unable to map SID S-1-5-21-2830206405-3223145701-231191277-62564 to uid or gid. This was the result of an operation from a Windows client trying to grant a user permissions to a folder. The SID is correct for the user in question, so obviously something is able to look up information from LDAP. However, some other piece can't seem to later resolve it. Is this of any help? I should add... the above is without winbind running on the member server. Thanks! Mark -- -- I'd rather be burning carbohydrates than hydrocarbons -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
Do you have acls set on the file system for the member servers? Winbind is for authentication purposes, not files system acls. Yes, I can set acls on the linux side without problems. In fact, I can set acls from a Windows client on the same file system, if I connect to the share via our PDC rather than a member server. We can only support this for testing, because the throughput of the PDC couldn't keep up with clients. Mark -- -- I'd rather be burning carbohydrates than hydrocarbons -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
BTW, for this comment I mean when a Windows PC connects to a samba domain member server the ACLs tab displays SIDs instead of usernames. On the PDC/BDC winbind is not needed for the display of user names in the ACLs tab. In either case winbind has nothing to do with the functionality of the acls. They still would work without winbind but you just cant tell who has access writes that is unless you memorized the SIDs... I wish I could even get to the point of seeing numeric SIDs ;) I guess my next question would be... is there a way to setup winbind and idmap in such a way that it is read only and doesn't try to dynamically map anything? We pre-seed our LDAP database and I don't really want samba trying to dynamic change anything on us, especially when it comes to user mappings. Mark -- -- I'd rather be burning carbohydrates than hydrocarbons -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [SOLVED] Re: Domain controller could not be contacted
Got frustrated and decided to do something I don't normally do: Take lunch. Came back and noticed that things were working better than before. Eventually, I tried logging onto the domain. It worked. Tried joining a machine to the domain, that worked too. Confused, I checked my notes and just before lunch I had restarted nmbd. Here's my guess as to what was going on: The server that was acting as the PDC, wasn't acting as the WINS server. An older Samba server was. This morning, thinking that the problem was between the different versions of Samba, I disabled WINS on the old server, and enabled it on the new server. I restarted smbd, but not nmbd. Later, I restarted nmbd. The problem may have had nothing to do with the different versions of Samba. It could also have been as a result of the upgrading breaking the network configuration on the PDC (it uses bonding). I was messing with that this morning as well. Maybe it just took a little while for ARP and such to settle down. Tentatively, I'm happy. Mark On Tue, Feb 22, 2011 at 11:38 AM, Mark Fox mark@gmail.com wrote: I recently upgrade a Samba server, that was happily acting as a PDC for a school, from 3.2 to 3.4.7. This was done via an upgrade to Ubuntu (from 9.04 to 10.04LTS). Of course, the Ubuntu upgrade caused a bunch of issues, most of which were managed without undue stress. The remaining issues are with Samba's configuration. This is a fairly simple Samba configuration using the TDB password backend, no LDAP. After the upgrade, domain logons do not work, nor can new machines be joined to the domain. From a Windows XP machine, attempting to log on gives The system can not log you on now because the domain CK is not available. Attempting to join the domain yields: A domain controller for the domain CK could not be contacted. Ensure that the domain name is typed correctly. [...] In the details for this message, it states that The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain CK: The error was: 'DNS name does not exist.' It also states that The query was for the SRV record for _ldap._tcp.dc._msdcs.CK This seems strange because we aren't using LDAP. Workgroup machines work. But they can't browse the domain. Going directly to a share on the server via the FQDN works. This looks like a winbindd issue to me. On the Linux side, connecting to a share on the server with smbclient works fine. In all honesty, I don't have much knowledge of tools for debugging NetBIOS issues with Samba. It's always just worked for me. Any ideas what could be going on here? Suggestions for further inquiry? Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
So... I could use some help explaining this. I finally decided to just start playing and ended up doing the following: 1) Added passdb backend entries on my member servers pointing to LDAP, similar to what the PDC/BDC configurations have. This addition, when viewed from Windows suddenly started displaying SIDs. Going back a few emails in this thread someone else brought up they were seeing this behavior without winbind running. 2) Started up winbind and everything appears to be working now. So my question is, why? I still don't quite understand how all these pieces fit together. Is it wrong to have the passdb backend on a member server? Thanks! Mark -- -- I'd rather be burning carbohydrates than hydrocarbons -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Xerox Workcentre pro 5740 PCL6 driver installation fails
On Mon, Jan 10, 2011 at 01:45:06PM -0600, charles wrote: From: Mark Adams To: samba@lists.samba.org Date: Mon, 10 Jan 2011 17:55:33 + Subject: [Samba] Xerox Workcentre pro 5740 PCL6 driver installation fails Hi All, Anyone got this working with Samba? (3.5.4) I'm trying to install the driver, it copies across OK but then says An unexpected error occurred in the print driver. Close the current driver window and retry the operation. 074:000:0061 Retrying doesn't help... The PS driver installs, but this lacks ALL of the options that come with the printer. Any help appreciated. Regards, Mark try installing the driver to a windows workstation first. then manually installing the driver to server via server propteries dialog from that windows workstation using %windir%\system32\spool\drivers\w32x86 as the driver source. Thanks for the suggestion, When I do this it says there are no drivers for my device. I notice when I install locally instead of the drivers going in to the 3 folder they go in to a folder called xeroxworkcentre_57401884 I tried to copy this to the server aswell but it didn't make a difference. It has been suggested a utility from cisco print_fix.exe might correct the problem, but I can't find out where to source this - does anyone know? Or does anyone have anything else I can try? Best Regards, Mark -- Charles Belmopan, Belize ... we just love cars and we love driving them! ... Do things like double clutch automatics, traction control, and lane departure warnings really make cars better? I suppose by some metrics they do. But for these amenities we trade character; for luxury we surrender sensory experience; for comfort, we give up romance. *clubmotorsports.bz* http://clubmotorsports.bz/ * * * http://www.cardomain.com/ride/2400106*http://www.cardomain.com/ride/2400106 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Xerox Workcentre pro 5740 PCL6 driver installation fails
Hi All, Anyone got this working with Samba? (3.5.4) I'm trying to install the driver, it copies across OK but then says An unexpected error occurred in the print driver. Close the current driver window and retry the operation. 074:000:0061 Retrying doesn't help... The PS driver installs, but this lacks ALL of the options that come with the printer. Any help appreciated. Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help with Samba4 running logon script
Hi! I am currently testing a Samba4 Alpha13 server with Windows Vista SPK2 and I am not able to run logon scripts. I am able to use both profiles and map Home folders without any problems. I do not see any DOS window opening with the script running and I have tested running this as both a user and administrator by hand by just clicking on the script .bat file which runs just fine. Therefore, there appears to be no permissions problem when you run it. I did also try inserting a net use command in the .bat just in case it was really working but I don't see any mapped drive either. Maybe this is a problem with Vista and I need to change a setting there? If you have any suggestions on what to check I would greatly appreciate it. Thanks. Mark Sheppard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ADS auth client disconnects when ads_cleanup_expired_creds runs
Hi All, Debian Lenny, with Samba 3.4.8~dfsg-2~bpo50+1 (backports) I'm having an issue where 1 or 2 random clients out of 100 seem to be disconnected from a samba print server and not allowed to reconnect until they log off and back on to their machines. It is not always the same clients. I have a Samba fileserver running on another machine with virtually identical config that does not have this issue. This happens pretty quickly after the ads_cleanup_expired creds log: --- [2010/11/25 15:15:01, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 26 Nov 2010 01:14:44 GMT --- In the specific client logs after this occurs I get the following: --- [2010/11/25 15:17:15, 0] lib/util_sock.c:738(write_data) [2010/11/25 15:17:15, 0] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2010/11/25 15:17:15, 0] smbd/process.c:62(srv_send_smb) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) [2010/11/25 15:17:15, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/11/25 15:17:15, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/11/25 15:17:15, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/11/25 15:17:15, 3] smbd/server.c:849(exit_server_common) Server exit (failed to receive smb request) [2010/11/25 15:18:35, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/11/25 15:18:35, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/11/25 15:18:35, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/11/25 15:18:35, 3] smbd/server.c:849(exit_server_common) Server exit (failed to receive smb request) --- It doesn't occur everytime the cleanup is run (which seems to be every 15 minutes), but does happen once or twice a day. It doesn't seem to be something wrong with my samba config, because it works 99% of the time. But please find it below and advise if anything might be causing this. --- [global] security = ads workgroup = DOMAIN realm = DOMAIN.LOCAL password server = dc1.domain.local, dc2.domain.local encrypt passwords = yes server string = domainprint netbios name = domainprint idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind offline logon = yes enhanced browsing = no template shell = /bin/false veto files = /TheVolumeSettingsFolder/, /Temporary Items/, /*DS_Store*/, /*AppleDB/, /*AppleDesktop/, /*AppleDouble/, /Network Trash Folder/, * /*Trashes/, /*TemporaryItems/, /*FBCLockFolder/, /*FBCIndex/ delete veto files = yes create mask = 0775 directory mask = 2775 invalid users = root panic action = /usr/share/samba/panic-action %d log file = /var/log/samba/log.%m log level = 3 socket options = TCP_NODELAY printing = cups printcap = cups #load printers = yes printer admin = @DOMAIN\itdept follow symlinks=yes - Is it possible to change the ticket expiration time? or is there a Windows setting on the Domain controller than needs to be changed? (Windows server standard 2008 R2). Any help appreciated, Please advise if I need to post any other details. Thanks, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need help changing user password
Michael: I have checked for both net setpassword and samba-tool in Samba4 Alpha13 but they are not there. Maybe I can download samba-tool which will still work? When I try doing a net setpassword it brings up the help menu without this item listed. These are the only items that are listed which are similar: net getlocalsid [NAME]to get the SID for local machine name net setlocalsid SID to set the local machine SID net getdomainsid the machine SID and the domain SID on the local server net setdomainsid SID to set the domain SID on member servers net changesecretpwto change the machine password in the local secrets database only this requires the -f flag as a safety barrier Thanks for the support and I will keep checking to see if I can obtain samba-tool. Mark Sheppard Try: net setpassword --help (or samba-tool for later versions of Samba4). -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Need help changing user password
Hi! I am currently using Samba4 Alpha13 but I have not been able to change a users password. I curently can add a user using ldbadd and a ldif file but I would like to know the recommended way of changing a users password. It would be nice if it could be done from the adminstrator account so that you do not need to know the original password. Thanks for the help! MS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Random winbind cannot check secret errors
Anyone with views on this? How do you monitor that your file servers can connect to your domain controllers? On Thu, Oct 14, 2010 at 12:43:24PM +0100, Mark Adams wrote: Hi All, Debian Lenny, Samba 3.4.8 Every 5 minutes I have a script running checking that it can still talk to the AD domain controllers (2008 R2) using the command wbinfo -t. This was running without error for many months, until recently it will randomly not be able to communicate with the DC and will provide the error error: code was NT_STATUS_UNSUCCESSFUL (0xc001) Could not check secret This doesn't appear to affect connectivity (or if it does it hasn't been caught) and it is always working correctly again by the time the next check runs (5 minutes). The windows logs dont show anything. Any ideas? Is the check too aggressive? Does anyone else monitor winbindd in another way to see if it has lost trust with its DC? Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Print server failing for some users on occassion
Hi, Debian Lenny, Samba 3.4 (backports) I'm currently running a cups print server with a samba front end for xp clients to connect to. The majority of the time, this works fine - however very occasionally a user get's a RPC error, spool service is not running and cannot print. Simply logging off, and back on, enables the printer to work again as the login script disconnects and reconnects the printers. Nothing of use shows in the samba log for this user. Has anyone seem any similar behaviour or have any pointers on where to start looking? Thanks, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 joined to samba 4 - problems with permissions on S3 server
Hi all, I am testing samba3 joined to a samba 4 domain controller. Most things appear to be working okay - just not printer drivers and file permissions. Machines can join the domain and use resources on the Samba 3 server, etc. I can change permissions to my hearts content on the Samba4 shares, just not Samba3. I cannot however set any permissions on shares or add printer drivers to the Samba 3 server. Winbind appears to be working fine and getent group,passwd lists users and groups from the S4 server. Samba 3 config is at the end of this email, the Samba 4 config is what I got in the provisioning step, with a test share added only. The printer issue appears odd to me... I can browse to \\server\print$ and write to the folders there. The typical folders: W32X86, IA64, etc etc. are all there and I can write to those as well. When I look in the 'printers and faxes' share the printers are all listed there. If i right-click in that share and go to server properties - drivers tab the 4 buttons on the bottom are greyed out as well as everything in the advanced tab. If I right-click one of the printers a question is asked the '' print driver is not installed would you like to add it There is a single quote in between 'the' and 'print' as above, which seemed strange. If I answer 'no' I get the properties screen. Answering yes appears to go thru the motions of moving files around once I select the driver. No files are ever moved to the server, but to \windows\system32 someplace on the workstation. I can manipulate settings on the advanced tab without it complaining and it appears to save them EXCEPT the 'new driver' button which is greyed out. Now, the file permissions on shares might be related to this, but I don't know. I don't see anything in the logs that looks fatal when trying to manipulate printer settings or when opening the properties of a printer. Now, setting file/folder permissions on shares does yield some complaints in the log. (Excerpt is at the bottom) It seems to be complaining about acl stuff. I checked the mount options and remounted it as such: /dev/drbd0 on /srv type ext3 (rw,user_xattr,acl) (I don't know if it's supposed to be 'user_xttr' OR 'acl' - I tried one, then the other then both but no change) Using 'getfacl' on the directory returns: # file: files # owner: mark # group: domain\040users # flags: ss- user::rwx group::rwx group:domain\040admins:rwx mask::rwx other::rwx I don't know if this is a good test or not Here is the log excerpt when changing permissions: [2010/10/23 22:57:04, 3] smbd/process.c:1459(process_smb) Transaction 46157 of length 112 (0 toread) [2010/10/23 22:57:04, 3] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 2814) conn 0x7f618f683c60 [2010/10/23 22:57:04, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [files/test] [/srv/servroot] [2010/10/23 22:57:04, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: files/test reduced to /srv/servroot/files/test [2010/10/23 22:57:04, 3] smbd/dosmode.c:149(unix_mode) unix_mode(files/test) returning 0766 [2010/10/23 22:57:04, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [files/test] [/srv/servroot] [2010/10/23 22:57:04, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: files/test reduced to /srv/servroot/files/test [2010/10/23 22:57:04, 3] smbd/process.c:1459(process_smb) Transaction 46158 of length 172 (0 toread) [2010/10/23 22:57:04, 3] smbd/process.c:1273(switch_message) switch message SMBnttrans (pid 2814) conn 0x7f618f683c60 [2010/10/23 22:57:04, 3] smbd/nttrans.c:1818(call_nt_transact_set_security_desc) call_nt_transact_set_security_desc: file = files/test, sent 0x4 [2010/10/23 22:57:04, 3] smbd/dosmode.c:149(unix_mode) unix_mode(files/test) returning 0766 [2010/10/23 22:57:04, 2] smbd/posix_acls.c:2796(set_canon_ace_list) set_canon_ace_list: sys_acl_set_file type file failed for file files/test (Operation not permitted). [2010/10/23 22:57:04, 3] smbd/posix_acls.c:3846(set_nt_acl) set_nt_acl: failed to set file acl on file files/test (Operation not permitted). [2010/10/23 22:57:04, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(1828) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED [2010/10/23 22:57:04, 3] smbd/process.c:1459(process_smb) Transaction 46159 of length 45 (0 toread) [2010/10/23 22:57:04, 3] smbd/process.c:1273(switch_message) switch message SMBclose (pid 2814) conn 0x7f618f683c60 [2010/10/23 22:57:04, 3] smbd/reply.c:4478(reply_close) close directory fnum=10795 Samba3 smb.conf: [global] workgroup = TEST netbios name = test realm = TEST.REALM.COM preferred master = no security = ADS encrypt passwords = yes log level = 3 log file = /var/log/samba/%m winbind separator = + printcap name = cups printing = cups idmap uid = 1-2 idmap gid = 1-2 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes [homes] comment = Home
Re: [Samba] Samba 3 joined to samba 4 - problems with permissions on S3 server
I fiddled around with it some more and managed to correct the acl issue. The printer driver issue turned out to be somewhat different net rpc rights grant test\administrator SePrintOperatorPrivilege -U administrator on the Samba 3 server solved the issue. So I guess my question is.. why did I have to do this? Shouldn't domain admins have this right from the start? On 10/23/2010 11:47 PM, Jeremy Allison wrote: On Sat, Oct 23, 2010 at 11:19:43PM -0400, Mark Rutherford wrote: Here is the log excerpt when changing permissions: [2010/10/23 22:57:04, 2] smbd/posix_acls.c:2796(set_canon_ace_list) set_canon_ace_list: sys_acl_set_file type file failed for file files/test (Operation not permitted). = ||| This is the underlying problem you need to fix... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 in production?
I have read many stories and testimonials from people that are running Samba 4 in production. This encouraged me to try it out in a couple of virtual machines and, as expected I encountered no problems that I could not overcome. (mostly DNS setup issues) We are running 3.5 right now just as a plain NT4 domain controller with DRBD and friends. This setup has worked for many, many years and the possibility of gaining AD is very appealing. When I tested Samba 4, I joined a few Samba 3 servers to it and used resources from those servers without any issues. How are others using it in production? Any pitfalls to using Samba 4 in this manner? Anyone care to share their stories, good or bad? Thanks everyone. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Random winbind cannot check secret errors
Hi All, Debian Lenny, Samba 3.4.8 Every 5 minutes I have a script running checking that it can still talk to the AD domain controllers (2008 R2) using the command wbinfo -t. This was running without error for many months, until recently it will randomly not be able to communicate with the DC and will provide the error error: code was NT_STATUS_UNSUCCESSFUL (0xc001) Could not check secret This doesn't appear to affect connectivity (or if it does it hasn't been caught) and it is always working correctly again by the time the next check runs (5 minutes). The windows logs dont show anything. Any ideas? Is the check too aggressive? Does anyone else monitor winbindd in another way to see if it has lost trust with its DC? Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error 0x000003e6 when trying to connect to a printer from w2k8 (x64)
I'm having the problem with an install on 3.4.8 -- The other printers on this server work fine with win 7, It's just the Xerox printers. I noticed that the Xerox printers use the XeroxXpdPrint print processor, I wonder if this causes the issue? I understand HP's also do something similar. All the working printers use the winprint print processor. Regards, Mark On Wed, Sep 22, 2010 at 04:47:25PM -0500, Matt LaPlante wrote: I've run into this with every version 3.3. Very hard to isolate. I suggest adding to https://bugzilla.samba.org/show_bug.cgi?id=7567 On Wed, Sep 22, 2010 at 4:27 PM, Bryan Hodgson hodg...@cse.lehigh.eduwrote: Same problem (0x03e6) here, W7 (but not XP) 32 and 64-bit using the Ricoh native RPCS drivers for Aficio 6001 with Samba 3.5.4. Very reproduceable; it fails 100% of the time. It worked successfully with 3.5.3 in early testing; am contemplating down-rev'ing. Bryan On Tue, Sep 21, 2010 at 05:03:28PM +0100, Mark Adams wrote: Hi, I am also having this issue, with Win7 x64 printing to Xerox machines. Did you get to the bottom of it? I am using raw cups printers. Regards, Mark On Tue, Jul 13, 2010 at 12:37:16PM +0200, Thorsten Leiser wrote: Am 13.07.2010 11:15, schrieb Sean Crosby: On 07/12/2010 08:09 AM, Thorsten Leiser wrote: Hello, I'm trying to connect my W2k8 (x64) Server farm to our new installed printserver based on debian lenny with sernet samba 3.5.4 installed. Everytime i try to connect to a printer share via point and print, it fails with error 0x03e6. When i do the same from Windows XP or from our old w2k3 (x64) server farm everything works excellent. Does anybody know a workaround. I installed nearly 80 printers on the samba server and i don't want to do this again. Regards Thorsten -- Hi Thorsten, I had the same problem as you with a 2k8R2 server, and I fixed it by changing the version of pscript5.dll (and the other ps* files) on my samba server (in /usr/share/cups/drivers/x64). I was using the Win7/Vista 64bit pscript5.dll file, but I had to change it to the version shipped with 2k8 64bit. Once I did that, the problems disappeared (and the driver still works win Win7 64bit and Vista 64bit). Sean Hi Sean, I replaced the drivers without success. I don't think it's a drivers problem in my case. The driver works perfect on our old samba 3.2.5 server. Thanks for your effort. Regards Thorsten -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen Fon: 0711/7868-356 Fax: 0711/7868-446 www.synchron-is.de Sitz der Gesellschaft: Stuttgart Registergericht: Amtsgericht Stuttgart, HRB 8619 GF: Michael Schober -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba/Cups print server for Windows 7?
Hi, I'm running samba 3.4.8, and wonder if this has support for Windows 7 clients when using cups queues via samba? my XP clients seem OK, however when connecting using Windows 7 clients they get Access is denied after the point n click drivers copy across. Any ideas? Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/Cups print server for Windows 7?
Is it related to this bug? https://bugzilla.samba.org/show_bug.cgi?id=6888 Seems a fix has been pushed, but no updated since February. Does anyone know if this was included? Regards, Mark On Tue, Sep 21, 2010 at 03:18:49PM +0100, Mark Adams wrote: Hi, I'm running samba 3.4.8, and wonder if this has support for Windows 7 clients when using cups queues via samba? my XP clients seem OK, however when connecting using Windows 7 clients they get Access is denied after the point n click drivers copy across. Any ideas? Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/Cups print server for Windows 7?
I see this was supposed to be fixed in Samba 3.4.6. I've tested local drivers which work with ALL printers except the Xerox printers (odd). Anyone else had issues with Samba, Win7 x64 and Xerox printers? I get the helpful message Windows could not connect error 0x03e6 Regards, Mark On Tue, Sep 21, 2010 at 03:59:01PM +0100, Mark Adams wrote: Is it related to this bug? https://bugzilla.samba.org/show_bug.cgi?id=6888 Seems a fix has been pushed, but no updated since February. Does anyone know if this was included? Regards, Mark On Tue, Sep 21, 2010 at 03:18:49PM +0100, Mark Adams wrote: Hi, I'm running samba 3.4.8, and wonder if this has support for Windows 7 clients when using cups queues via samba? my XP clients seem OK, however when connecting using Windows 7 clients they get Access is denied after the point n click drivers copy across. Any ideas? Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error 0x000003e6 when trying to connect to a printer from w2k8 (x64)
Hi, I am also having this issue, with Win7 x64 printing to Xerox machines. Did you get to the bottom of it? I am using raw cups printers. Regards, Mark On Tue, Jul 13, 2010 at 12:37:16PM +0200, Thorsten Leiser wrote: Am 13.07.2010 11:15, schrieb Sean Crosby: On 07/12/2010 08:09 AM, Thorsten Leiser wrote: Hello, I'm trying to connect my W2k8 (x64) Server farm to our new installed printserver based on debian lenny with sernet samba 3.5.4 installed. Everytime i try to connect to a printer share via point and print, it fails with error 0x03e6. When i do the same from Windows XP or from our old w2k3 (x64) server farm everything works excellent. Does anybody know a workaround. I installed nearly 80 printers on the samba server and i don't want to do this again. Regards Thorsten -- Hi Thorsten, I had the same problem as you with a 2k8R2 server, and I fixed it by changing the version of pscript5.dll (and the other ps* files) on my samba server (in /usr/share/cups/drivers/x64). I was using the Win7/Vista 64bit pscript5.dll file, but I had to change it to the version shipped with 2k8 64bit. Once I did that, the problems disappeared (and the driver still works win Win7 64bit and Vista 64bit). Sean Hi Sean, I replaced the drivers without success. I don't think it's a drivers problem in my case. The driver works perfect on our old samba 3.2.5 server. Thanks for your effort. Regards Thorsten -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen Fon: 0711/7868-356 Fax: 0711/7868-446 www.synchron-is.de Sitz der Gesellschaft: Stuttgart Registergericht: Amtsgericht Stuttgart, HRB 8619 GF: Michael Schober - - - - - - - - - Diese E-Mail beinhaltet vertrauliche und/oder rechtlich geschuetzte Daten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged data. If you are not the intended recipient or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the content in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Machine account reject - additional troubleshooting
On 9/16/2010 10:15 PM, Martin Hochreiter wrote: Hi Miguel, Thanks for the reply. I tried these changing these two settings and it has not made a difference for us. One interesting observation I have made is that the logs are only being flooded from a portion of our Windows 7 machines. This has me really puzzled -- I have built them all following the same steps and using the same software. Go figure. -Bryan Hi Brian, Hi Miguel! Yes, the changes don't work for me either - I opened a bug at bugzilla.samba.org, maybe the developer could tell more about that. @Brian - you are right, not all of the windows7 machines show that behaviour. And I am not sure if that problem is only samba-ldap related (I saw a few statements that samba-tdbsam does not show that problem) I just want to add that I see the same error messages on our network and we use samba 3.4.8 with smbpasswd for our backend. So it is not necessarily related to ldap. Again, it only happens for windows 7 clients and everything works fine in spite of the errors. -- Mark Nienberg Sent from an invalid address. Please reply to the group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/Cups print server filename
Is it possible to stop the smbprn.000X going to the front of the spool file? On Wed, Sep 15, 2010 at 02:16:10PM +0100, Mark Adams wrote: Hi All, I have working setup of samba passing through printers to cups. When the filename goes through, it has smbprn.01 appended to the start of the document name. Is it possible to remove this? Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba/Cups print server filename
Hi All, I have working setup of samba passing through printers to cups. When the filename goes through, it has smbprn.01 appended to the start of the document name. Is it possible to remove this? Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/Winbind issue
Have you tried to change the winbind seperator to see if this allows you to use \_ ? from man page: winbind separator The winbind separator option allows you to specify how NT domain names and user names are combined into unix user names when presented to users. By default, winbindd will use the traditional '\' separator so that the unix user names look like DOMAIN\username. In some cases this separator character may cause problems as the '\' character has special meaning in unix shells. In that case you can use the winbind separator option to specify an alternative separator character. Good alternatives may be '/' (although that conflicts with the unix directory separator) or a '+ 'character. The '+' character appears to be the best choice for 100% compatibility with existing unix utilities, but may be an aesthetically bad choice depending on your taste. Default: winbind separator = \ Example: winbind separator = + On Tue, Sep 07, 2010 at 02:01:10PM +0200, walter.van.der.heij...@nl.abnamro.com wrote: Hi, Yes I have tried this, but this doesn't work. As far as I know the underscore in winbind/samba is used for the space in active directory. And if a underscore is used in active directory, winbind/samba cannot handle this. Met vriendelijke groet, Kind regards, Walter van der Heijden | AIX/RedHat System Specialist ABN AMRO | IO /Expertise /Midrange /Unix Polanerbaan 11 | 3447 GN Woerden | Netherlands | W04.00.40 Tel.: +31 (0) 30 2260597 Denk aan het milieu voordat u deze e-mail print -Original Message- From: Mark Adams [mailto:m...@campbell-lange.net] Sent: maandag 23 augustus 2010 18:50 To: Heijden W.A. van der (Walter) Cc: samba@lists.samba.org; jel...@samba.org Subject: Re: [Samba] Samba/Winbind issue Have you tried to escape it with \ ? On Wed, Aug 11, 2010 at 03:13:49PM +0200, walter.van.der.heij...@nl.abnamro.com wrote: Hi, I have an issue with Samba using winbind. We have Active Directory groups with underscores (for example sambagroup_underscore). But an underscore in Samba (Unix) is a space in Active Directory. So my question is what character is used in Samba (Unix) for an underscore in Active Directory? Or are there other solutions to solve this? I would be very happy if you can help me! Met vriendelijke groet, Kind regards, Walter van der Heijden | AIX/RedHat System Specialist ABN AMRO | IO /Expertise /Midrange /Unix Polanerbaan 11 | 3447 GN Woerden | Netherlands | W04.00.40 Tel.: +31 (0) 30 2260597 Denk aan het milieu voordat u deze e-mail print * DISCLAIMER * This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is registered in the Commercial Register under number 34334259, including its group companies, shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. - Dit bericht (inclusief de eventuele bijlagen) is vertrouwelijk. Wanneer u dit bericht ten onrechte heeft ontvangen, dient u de afzender hiervan onmiddellijk per kerende e-mail op de hoogte te brengen en dit bericht te verwijderen uit uw systeem. Elk onbevoegd gebruik en/of onbevoegde verspreiding van dit bericht is niet toegestaan. U wordt erop gewezen dat e-mail berichten aan wijziging onderhevig kunnen zijn. ABN AMRO Bank N.V., statutair gevestigd te Amsterdam en ingeschreven in het handelsregister van de Kamer van Koophandel onder nummer 34334259, en haar groepsmaatschappijen, is niet aansprakelijk voor de onjuiste en onvolledige overdracht van de informatie in dit bericht noch voor mogelijke vertraging in de ontvangst van dit bericht of schade aan uw systeem als gevolg van dit bericht. ABN AMRO Bank N.V. (en haar groepsmaatschappijen) staat er niet voor in dat de integriteit van dit bericht behouden is gebleven noch dat dit bericht vrij is van virussen, niet is onderschept of vatbaar is geweest voor tussenkomst (door derden). * -- To unsubscribe
Re: [Samba] Samba/Winbind issue
Have you tried to escape it with \ ? On Wed, Aug 11, 2010 at 03:13:49PM +0200, walter.van.der.heij...@nl.abnamro.com wrote: Hi, I have an issue with Samba using winbind. We have Active Directory groups with underscores (for example sambagroup_underscore). But an underscore in Samba (Unix) is a space in Active Directory. So my question is what character is used in Samba (Unix) for an underscore in Active Directory? Or are there other solutions to solve this? I would be very happy if you can help me! Met vriendelijke groet, Kind regards, Walter van der Heijden | AIX/RedHat System Specialist ABN AMRO | IO /Expertise /Midrange /Unix Polanerbaan 11 | 3447 GN Woerden | Netherlands | W04.00.40 Tel.: +31 (0) 30 2260597 Denk aan het milieu voordat u deze e-mail print * DISCLAIMER * This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is registered in the Commercial Register under number 34334259, including its group companies, shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. - Dit bericht (inclusief de eventuele bijlagen) is vertrouwelijk. Wanneer u dit bericht ten onrechte heeft ontvangen, dient u de afzender hiervan onmiddellijk per kerende e-mail op de hoogte te brengen en dit bericht te verwijderen uit uw systeem. Elk onbevoegd gebruik en/of onbevoegde verspreiding van dit bericht is niet toegestaan. U wordt erop gewezen dat e-mail berichten aan wijziging onderhevig kunnen zijn. ABN AMRO Bank N.V., statutair gevestigd te Amsterdam en ingeschreven in het handelsregister van de Kamer van Koophandel onder nummer 34334259, en haar groepsmaatschappijen, is niet aansprakelijk voor de onjuiste en onvolledige overdracht van de informatie in dit bericht noch voor mogelijke vertraging in de ontvangst van dit bericht of schade aan uw systeem als gevolg van dit bericht. ABN AMRO Bank N.V. (en haar groepsmaatschappijen) staat er niet voor in dat de integriteit van dit bericht behouden is gebleven noch dat dit bericht vrij is van virussen, niet is onderschept of vatbaar is geweest voor tussenkomst (door derden). * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question re kerberos and plain password login
Figured out that logins require the domain\username as the username now to login without kerberos. Regards, Mark On Tue, Aug 10, 2010 at 12:50:58PM +0100, Mark Adams wrote: Anyone got any thoughts about this? On Sun, Aug 08, 2010 at 12:32:28AM +0100, Mark Adams wrote: Hi There, I've just upgraded to 2 new 2008 R2 domain controllers, and had been using 2003 integration with samba successfully. After hitting this issue https://bugzilla.samba.org/show_bug.cgi?id=6700 I upgraded my samba to 3.4.8, which seems to be working OK for pc hosts. However, I used to also log in some OSX 10.5 clients in using smb, and now these clients are getting password failed issues. I also allow AFP access using netatalk, and this is working correctly, which indicates winbind is checking things correctly. Is there any option needed to allow password login AND kerberos? On 3.2.4 with 2003 my config was working ok. There is no log created when the mac attempts to auth (unlike the log for each windows client) so I'm not sure where it's going wrong. Any help appreciated! Cheers,Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question re kerberos and plain password login
Anyone got any thoughts about this? On Sun, Aug 08, 2010 at 12:32:28AM +0100, Mark Adams wrote: Hi There, I've just upgraded to 2 new 2008 R2 domain controllers, and had been using 2003 integration with samba successfully. After hitting this issue https://bugzilla.samba.org/show_bug.cgi?id=6700 I upgraded my samba to 3.4.8, which seems to be working OK for pc hosts. However, I used to also log in some OSX 10.5 clients in using smb, and now these clients are getting password failed issues. I also allow AFP access using netatalk, and this is working correctly, which indicates winbind is checking things correctly. Is there any option needed to allow password login AND kerberos? On 3.2.4 with 2003 my config was working ok. There is no log created when the mac attempts to auth (unlike the log for each windows client) so I'm not sure where it's going wrong. Any help appreciated! Cheers,Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Question re kerberos and plain password login
Hi There, I've just upgraded to 2 new 2008 R2 domain controllers, and had been using 2003 integration with samba successfully. After hitting this issue https://bugzilla.samba.org/show_bug.cgi?id=6700 I upgraded my samba to 3.4.8, which seems to be working OK for pc hosts. However, I used to also log in some OSX 10.5 clients in using smb, and now these clients are getting password failed issues. I also allow AFP access using netatalk, and this is working correctly, which indicates winbind is checking things correctly. Is there any option needed to allow password login AND kerberos? On 3.2.4 with 2003 my config was working ok. There is no log created when the mac attempts to auth (unlike the log for each windows client) so I'm not sure where it's going wrong. Any help appreciated! Cheers,Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA4 Kerberos exchange question
Can you be more specific in what it did not do? It isn't so much what it did not do, but what it was able to do; it worked. RFC 4757 specifies a message type (key usage) number of 8 should be used for a TGS-REP response with an authenticator subkey. However, SAMBA and Windows use 9. I would like to understand why. Have you read [MS-KILE]: Kerberos Protocol Extensions: Yes, and [MS-PAC]. - Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA4 Kerberos exchange question
I built and configured samba-4.0.0alpha11 on a RedHat Enterprise Linux 5 system to run as a domain controller in a Windows 2008 Server R2 domain. While looking at the various Kerberos exchanges I discovered SAMBA 4 did not follow RFC 4757 for the TGS-REP exchange, and yet was able to successfully in interact with the Windows system. I would like to understand what is happening. - Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem re-writing on a SAMBA share.
Greetings, I set up a Slackware 13 filer server running Samba 3.2.13. There is an application with the server running on XP pro and two clients running on Win7 machines. The server and the clients all use the same ID which I can use to access the target share to read and write files. Problem being, when the application client is trying to rewrite application files the changes do not get saved. I turned up the logging to level 3 and see the particular userid opening files (Read: Yes, Write: No) but it appears that is the initial read, since when reading/writing TXT files I see the same entries and no log entries calling for a file write. Any ideas on what may be going on? Thanks Mark 1 Log entry: application opened file Archives/Archive/Title File/00/00/00/008E.PDF read=Yes write=No (numopen=1) config file: [global] workgroup = bizworkgrp interfaces = 192.168.1.200 netbios name = daserver encrypt passwords = yes security = user Server String = biz CFS logon drive = m: log level = 3 log file = %S.log max log size = 500 debug timestamp = yes [s2] path=/home/application read only = no guest ok = yes public = yes valid users = application write list = application create mask = 770 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Multiple VLAN/subnet recommendations
We're using Samba in several schools. We generally have a single Samba server acting as a domain controller in each school. Until recently, this has worked very well. The number of workstations on our school networks has been steadily growing. Among other things, this has convinced us to split some school's networks into several VLANs/subnets. To add complication, the server running Samba is always connected to the network via an aggregated link (ie. bonding), and, for performance/DHCP reasons, has an address on each VLAN/subnet. Our preference would be that Samba traffic use the local address on each subnet and thus the aggregated link. For illustration, let's say we have two sub-nets, 192.168.1.0/25 and 192.168.1.128/25, respectively on VLAN 2 and 3. Our Samba server has addresses, 192.168.1.2 and 192.168.1.130 on each subnet. Our router would happily route between the two sub-nets. So accessing the server via either address will work on both subnets, but the local address will take advantage of the aggregated link and the non-local address will be constrained by the router's single gigabit connection to that subnet. This would all be on a single Samba domain as well. I've read that Samba can be given multiple netbios names and multiple configuration files to achieve something like what we want. But the posts were very old. Has anything changed? Is there a better way to achieve what we want now? Maybe what we want really isn't what want. Thanks, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Listing Domain Local Groups from a Samba Member (NT4 PDC)
Hi Gary, Sorry for the late response just looking through my spams folder and my eye caught this one, phew... I since then have tweaked my yahoo mail settings and all Samba contents is going to a specified Samba folder... Anyhow Back to your question: I installed ubuntu 10.04 and if i remember i did the Apt-get install samba which brought this version down... r...@wfmmon-gbl:~# smbd -version r...@wfmmon-gbl:~# smbd r...@wfmmon-gbl:~# smbd --version Version 3.0.28a r...@wfmmon-gbl:~# mmm i did change my /etc/apt/sources.list to a local server here in Hungary, because of my impatience... But i have set it back to default and currently waiting for apt-get update to finish.. Seems we might be onto something here. :o) I will let you know , and Thanks for your response! Regards M. --- On Thu, 1/7/10, Guy Rouillier guyr-...@burntmail.com wrote: From: Guy Rouillier guyr-...@burntmail.com Subject: Re: [Samba] Listing Domain Local Groups from a Samba Member (NT4 PDC) To: samba@lists.samba.org Date: Thursday, 1 July, 2010, 0:11 On 6/30/2010 2:30 AM, Mark Sheard wrote: I have Ubuntu version 10.04 Samba ver 3.0.28a-1ubuntu4.12 I just did a fresh install of 10.04 x86 32-bit, and smbd reports version 3.4.7. How did you end up with 3.0.28? Try smbd -version and see what that reports. -- Guy Rouillier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
here is my 5 pence, of a POSSIBLE cause... if you have a large network Winbind enumuration can take a loong time, that is if it is used in this instance... R. Mark --- On Wed, 30/6/10, John Drescher dresche...@gmail.com wrote: From: John Drescher dresche...@gmail.com Subject: Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC) To: Tom H. Lautenbacher mailingli...@lautenbacher.biz Cc: samba@lists.samba.org Date: Wednesday, 30 June, 2010, 23:32 But I think that the group of users using the following combination: Samba 3.4.3 Windows 7-64bit Samba as a PDC roaming profiles using this mailing list being able to report the problem is very limited until today.. I am using roaming profiles with windows 7 64 and samba PDC / BDCs. I am not using 3.4.3 however. Currently we are running 3.5.4. I did have 3.4.6 for a few weeks just after the upgrade from 3.0.37 to support windows 7. I do not have the 40 minute initial logins. However it does take me 5 minutes to login and logout on a 100% gigabit network every single time not just the first time. At some point I will look into folder redirection on top of the trimming of the profiles that I have begun.. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Listing Domain Local Groups from a Samba Member (NT4 PDC)
Good Morning to all, Sorry if this is spam to some of you, not sure if this is more technical or not... Considering i have been fighting for a week now on this trying all possible checks and configs out there on the net, i thought i better come to the experts. ;o) My last resort is to upgrade to latest samba ver which might help but i think the bug was not fixed in this version not sure.. :o\ I have Ubuntu version 10.04 Samba ver 3.0.28a-1ubuntu4.12 Here is the Bug/problem: I am unable to list Domain Local Groups but Domain Global Groups are fine in winbind. I would like to know winbind is working with Local Groups first before configuring apache to authenticate to a local group and the rest... I have configured a Samba Member server (Nagios) to talk to a NT Domain PDC. Here is my Samba cfg. r...@wfmmon-gbl:/downloads# testparm -s Load smb config files from /etc/samba/smb.conf Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER [global] workgroup = NAMEOFDOMAIN server string = %h server (Samba, Ubuntu) security = DOMAIN map to guest = Bad User obey pam restrictions = Yes password server = PDCSVR BDCSVR2 BDCSVR3_CF BDCSVR4 BDCSVR5_cf passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast unix extensions = No printcap name = cups disable spoolss = Yes preferred master = No local master = No domain master = No wins server = 192.168.0.0.1 #( not the real ip) usershare allow guests = Yes usershare max shares = 10 panic action = /usr/share/samba/panic-action %d idmap uid = 1000-20 idmap gid = 1000-20 template shell = /bin/bash winbind separator = + winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes invalid users = root wide links = No r...@wfmmon-gbl:/downloads# Domain Local group NAGMONGBL Domain Global group Domain Users Example: I am able to do r...@wfmmon-gbl:/downloads# wbinfo --group-info=Domain Users domain users:x:10004 r...@wfmmon-gbl:/downloads# But NOT r...@wfmmon-gbl:/downloads# wbinfo --group-info=NAGMONGBL Could not get info for group NAGMONGBL r...@wfmmon-gbl:/downloads# Checking error logs reveals r...@wfmmon-gbl:/downloads# tail -25 /var/log/samba/log.winbindd [2010/06/30 07:15:55, 1] nsswitch/winbindd_group.c:fill_grent_mem(365) could not lookup membership for group sid SIDNUMBER in domain NAMEOFDOMAIN (error: NT_STATUS_NO_SUCH_GROUP) I am able to resolve the sid to name r...@wfmmon-gbl:/downloads# wbinfo --sid-to-name=SIDNUMBER NAMEOFDOMAIN+nagmongbl 4 Additional stuff i tried with group mapping i get the same error as above with (wbinfo --group-info=NAGMONGBL): nagmongbl is our local group.. BUILTIN+users is also a local group but works :o\ r...@wfmmon-gbl:/downloads# net groupmap list nagmongbl (S-1-5-21-1420701450-S-I-D-Number) - nagmonglb Administrators (S-1-5-32-544) - BUILTIN+administrators Users (S-1-5-32-545) - BUILTIN+users r...@wfmmon-gbl:/downloads# getent group nagmonglb nagmonglb:x:10770: r...@wfmmon-gbl:/downloads# getent group nagmongbl r...@wfmmon-gbl:/downloads# r...@wfmmon-gbl:/downloads# getent group BUILTIN+users BUILTIN+users:x:10001:administrator,iusr_svr_cf,svr$,svr3$,iwam_svvr_cf,iusr_srv_cf,iwam_svr342_cf,wfmmon-gbl$ r...@wfmmon-gbl:/downloads# If it comes down to Samba version : Considering Samba upgrades what would be the best approach? to remove or install over the top of existing installation? Thanks in advance for any input, help, direction that can be provided here. Regards Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] My Network Places acts funny with roaming profiles
So I've looked into this in a bit more detail. Recap: My Network Places doesn't function properly when a profile is stored on a Samba machine. Newly created network places act properly for a short while but, after a time or after logging out and in again, act like ordinary folders that contain a short-cut and a desktop.ini file. I've now confirmed that this happens from several workstations, including a virgin Windows XP Pro install joined to the domain. I've also confirmed this on several different servers, but all running similar Ubuntu server installs. I'd really like to know if everybody sees this behaviour or if I'm in the minority. Browsing side-by-side to the Nethood directory on a workgroup workstation and a domain workstation, I see a short-cut on the workgroup workstation (ie. no Sharing, Security, or Customize tabs, and just a type, target, creation date, and a comment shown in properties), but a folder on the domain workstation. What I'm seeing on the workgroup workstation is completely local and doesn't involve Samba at all. On the domain workstation, the profile is has come from the Samba server. Some special attributes must be getting lost when the short-cut is being stored by Samba. Unfortunately (at least, for this problem), Windows file-systems are not something I'm incredibly knowledgeable on. Any ideas? Mark On Wed, Apr 28, 2010 at 1:13 PM, Mark Fox mark@gmail.com wrote: Samba 3.3.2 running as a domain master on an Ubuntu Server box. We're using roaming profiles with appropriate redirection. This behaviour is being seen on a Windows XP Pro workstation joined to the server's domain. We're pretty happy except that My Network Places is behaving differently than one would expect for a Windows box. If a user creates a new network place, everything is fine, and it works exactly as one would expect...until they log out. After logging back in, the network place appears as a regular folder that contains a shortcut (named target) and Desktop.ini, which is hidden. The short-cut works, so this isn't show-stopper, but it is jarring for anyone expecting the regular Windows behaviour to have to go through that additional level. I've tried messing around with the profiles share, changing the create mask and directory mask, and disabling/enabling redirection to a partition with ACL support. Nothing that has the profile stored on the server has worked for me. I've searched the archive and only found one mention of this problem back in 2004, but no solution. Any suggestions? I've appended the profile section of my smb.conf below. It's pretty basic. Mark - [profiles] comment = User profiles path = /srv/samba/profiles browseable = no guest ok = no read only = no create mask = 0600 directory mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Bungled update
I was running 3.0 on a freebsd-7.2 box as a PDC, I needed to add some windows 7 computers to the mix. So I jumped from 3.0 to samba34-3.4.5_1. I was able to get the windows 7 into the mix. But in the jump I lost some features on the other computers. I have a mix of Windows 2000 pro, Windows XP pro and Windows 7 pro and the one PDC. The windows computers are unable to share printers. Not able to browse for network printers, I can search with \\lame\lame_printer and use the printer if the other user is in the security list of the printer but the printer share drops and must be reset each day or reboot. dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = CHILL netbios name = CHILLI netbios aliases = netbios scope = server string = Samba 3.4.5 interfaces = nfe0, lo bind interfaces only = Yes security = DOMAIN auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /usr/local/etc/samba34/smbpasswd private dir = /usr/local/etc/samba34 passdb backend = tdbsam:/usr/local/private/passdb.tdb algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No client lanman auth = No client plaintext auth = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 1 syslog = 0 syslog only = No log file = /var/log/samba/%m max log size = 50 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = No debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 139 445 large readwrite = Yes max protocol = NT1 min protocol = CORE min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = wins lmhosts hosts bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes client ldap sasl wrapping = plain enable asu support = No svcctl list = deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 30 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 16384 socket options = TCP_NODELAY use mmap = Yes hostname lookups = No name cache timeout = 660 ctdbd socket = cluster addresses = clustering = No load printers = Yes printcap cache time = 750 printcap name = cups cups server = cups connection timeout = 30 iprint server = disable spoolss = No addport command = enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 max stat cache size = 256 stat cache = Yes machine password timeout = 604800 add user script = rename user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = shutdown script = abort shutdown script = username map script = logon script = logon.bat logon path = logon drive = logon home = \\%N\%U domain logons = Yes init logon delayed hosts = init logon delay = 100 os level = 20 lm announce = Auto lm interval = 60
[Samba] My Network Places acts funny with roaming profiles
Samba 3.3.2 running as a domain master on an Ubuntu Server box. We're using roaming profiles with appropriate redirection. This behaviour is being seen on a Windows XP Pro workstation joined to the server's domain. We're pretty happy except that My Network Places is behaving differently than one would expect for a Windows box. If a user creates a new network place, everything is fine, and it works exactly as one would expect...until they log out. After logging back in, the network place appears as a regular folder that contains a shortcut (named target) and Desktop.ini, which is hidden. The short-cut works, so this isn't show-stopper, but it is jarring for anyone expecting the regular Windows behaviour to have to go through that additional level. I've tried messing around with the profiles share, changing the create mask and directory mask, and disabling/enabling redirection to a partition with ACL support. Nothing that has the profile stored on the server has worked for me. I've searched the archive and only found one mention of this problem back in 2004, but no solution. Any suggestions? I've appended the profile section of my smb.conf below. It's pretty basic. Mark - [profiles] comment = User profiles path = /srv/samba/profiles browseable = no guest ok = no read only = no create mask = 0600 directory mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Client access without asking password
On 03/26/2010 11:32 PM, Tim Bates wrote: Yassine AYACHI wrote: Hi All, I want to configure my samba [version 3.4.0] to permit access from windows clients without asking password, can any one propose me an example of configuration witch allows this, Thanks in advance, Yassine On one of my work boxes I have one of the following (I can't remember which and I'm not there): map to guest = bad user or map to guest = bad password This will make Samba access things as guest if they are not sending correct username/password. Remember that this will mean all users not already logged in will access shares as guest if guest is allowed in those shares. I specifically deny guest access to most shares on my work server to be sure I am preventing this. The few that need guest access deny write access to guest. TB I'm not exactly sure of which lines do allow it, but the following example works good. -- make sure the paths are correct, they might not match your distro. As you'll see, data and files allow guest, but secureData does not. [global] wins support = yes name resolve order = wins lmhosts hosts bcast workgroup = workgroup printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = Yes add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain logons = No domain master = No netbios name = netbiosname guest account = guest security = share local master = yes os level = 35 [data] comment = DATA path = /home/shares/data public = yes browsable = yes writable = yes guest ok = yes available = yes [files] comment = Other Files path = /home/shares/files public = yes browsable = yes writable = yes guest ok = yes available = yes [secureData] comment = Secure DATA path = /home/shares/secureData public = yes browsable = yes writable = yes valid users = username guest ok = no available = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba