RE: [Samba] Samba update
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sascha Sent: Wednesday, July 02, 2008 8:02 AM To: samba@lists.samba.org Subject: [Samba] Samba update Hi, I have just taken over the administration of our Samba Fileserver. Unfortantly, my colleage has not done his homework and sadly forgot keep the Samba version up-to-date. So, the first step for me would be to update from our current version 3.0.23c (SuSe rpms) to the most recent. Now I worry about some changes that could cause problems with my current configuration file. As I can not shutdown the service for a long time to debug the config, I would like to know what is the best way to get around any problem? Thanks for your help and best regards === Your best bet would be to set up a test environment. :) If you don't have an old system lying around, VMWare or VirtualBox is great for this. You will probably want to read the changelog and the CURRENT documentation and make sure your configuration files adhere to the newest documentation guidelines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba No virus found in this incoming message. Checked by AVG. Version: 8.0.134 / Virus Database: 270.4.3/1529 - Release Date: 7/1/2008 7:23 PM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cross-subnet authentication firewall
I've got two subnets joined by an OpenVPN bridge. I used to have my PDC on the router 192.168.2.128, and the DMS 192.168.2.1 happily authenticated to it. Now, for security and other reasons I have put my PDC behind a firewall. The PDC now lives at 192.168.1.3, and my router is still on 192.168.1.1 and 192.168.2.128. In the router's iptables rules, I have added the following: iptables -t nat -A PREROUTING -p tcp --dport 137:139 -i tap0 -j DNAT --to 192.168.1.3 iptables -t nat -A PREROUTING -p tcp --dport 445 -i tap0 -j DNAT --to 192.168.1.3 iptables -t nat -A PREROUTING -p udp --dport 137:139 -i tap0 -j DNAT --to 192.168.1.3 iptables -t nat -A PREROUTING -p udp --dport 445 -i tap0 -j DNAT --to 192.168.1.3 (tap0 is the 192.168.2.128 interface) In the DMS's smb.conf. I have the following: [global] workgroup = CORP netbios name = FURNSRV server string = Furniture File Server security = domain password server = 192.168.1.3 wins server = 192.168.1.3 wins support = no wins proxy = no name resolve order = wins dns proxy = no local master = yes domain master = no preferred master = yes os level = 65 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_BROADCAST printing = cups printcap = cups remote browse sync = 192.168.1.3 When I start Samba on the DMB, I can do 'net join' just fine. I can ping the PDC. I can list shares on the PDC. I can't list shares on the client! [EMAIL PROTECTED]:/etc/samba# smbclient -L localhost Password: session setup failed: NT_STATUS_NO_LOGON_SERVERS I'm a little befuddled here. Is there something I've forgotten in iptables? Is something else missing? I'm not sure exactly what to debug. I have done tcpdump on the PDC and I can see requests and responses, but I'm not 100% clear what to look for. I appreciate any help at all! Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help - Cross-Subnet Browsing with OpenVPN
My network topology is changing. One of my network segments that used to be hard-wired will now be connecting to the rest of the network through DSL, with a layer of OpenVPN on top. I am having the hardest time getting any form of cross-subnet browsing or WINS working. My PDC is called CORPSRV. It has the following IPs: 192.168.1.1 external IP 192.168.100.5 (OpenVPN) The DMB on the remote subnet is called FURNSRV. It has the following IPs: 192.168.2.1 192.168.100.1 (OpenVPN) Here are the relevant parts of CORPSRV's smb.conf: os level = 255 wins support = yes preferred master = yes domain master = yes local master = yes remote announce = '192.168.2.1/CORP' '192.168.4.1/CORP' remote browse sync = '192.168.2.1' '192.168.4.1' name resolve order = wins bcast host interfaces = 127.0.0.1 192.168.1.1 192.168.100.5/255.255.255.0 bind interfaces only = yes hosts allow = 192.168.1.0/24 192.168.2.0/24 192.168.4.0/24 192.168.6.0/24 192.168.100.0/24 127.0.0.1 Here are the relevant parts of FURNSRV's smb.conf: security = domain password server = 192.168.1.1 wins server = 192.168.1.1 wins support = no wins proxy = yes name resolve order = wins bcast lmhosts host dns proxy = no local master = yes domain master = no preferred master = yes os level = 65 remote browse sync = 192.168.1.1 interfaces = 127.0.0.1 192.168.2.1 192.168.100.1/255.255.255.0 bind interfaces only = yes hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.4.0/24 192.168.6.0/24 192.168.100.0/24 I can ping each server's IP from the other server. The following nmblookup commands both work: [EMAIL PROTECTED]:/etc/samba# nmblookup -U 192.168.2.1 FURNSRV params.c:pm_process() - Processing configuration file /etc/samba/printers.smb added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 added interface ip=192.168.100.5 bcast=192.168.100.255 nmask=255.255.255.0 Socket opened. querying FURNSRV on 192.168.2.1 Got a positive name query response from 192.168.2.1 ( 192.168.100.1 192.168.2.1 ) 192.168.100.1 FURNSRV00 192.168.2.1 FURNSRV00 [EMAIL PROTECTED]:/etc/samba# nmblookup -U 192.168.1.1 corpsrv added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=192.168.2.1 bcast=192.168.2.255 nmask=255.255.255.0 added interface ip=192.168.100.1 bcast=192.168.100.255 nmask=255.255.255.0 Socket opened. querying corpsrv on 192.168.1.1 Got a positive name query response from 192.168.1.1 ( 192.168.100.5 192.168.1.1 ) 192.168.100.5 corpsrv00 192.168.1.1 corpsrv00 I can mount shares on each server from the other, using IP addresses. But I can't make FURNSRV join CORP, and I can't resolve FURNSRV via CORPSRV's WINS server. I know that part of the problem is that OpenVPN uses interfaces that do not allow broadcast traffic. But I thought specifying the WINS server and using the 'remote announce' directives would fix that. I would appreciate any help at all! Thanks so much, Misty No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.24.4/1475 - Release Date: 5/30/2008 2:53 PM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Printing Problem with Samba ' Failed to allocate a print job'
FYI, rebooting did not fix this problem either. If anybody has any suggestions I would appreciate it. I'm almost at the point of renaming the printer to see if that helps (it shouldn't but who knows). Misty -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Misty Stanley-Jones Sent: Tuesday, April 08, 2008 4:53 PM To: samba@lists.samba.org Subject: RE: [Samba] Printing Problem with Samba ' Failed to allocate a print job' Hi Bill, That would be fabulous (in a bad way) but it is not the case. Here is the equivalent part of dumpe2fs for /dev/sda1 (/data): Inode count: 183156736 Block count: 366286008 Reserved block count: 18314300 Free blocks: 287497221 Free inodes: 181068686 And here is for /dev/sdf1 (/): Inode count: 14057472 Block count: 28103701 Reserved block count: 1405185 Free blocks: 17311944 Free inodes: 13849218 Any other ideas would be appreciated! --Misty -Original Message- From: William Jojo [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 1:49 PM To: Misty Stanley-Jones Subject: Re: [Samba] Printing Problem with Samba ' Failed to allocate a print job' This will sound stupid, I am certain, but is this an inode issue? Does the FS type you are using auto-extend (like JFS2 on AIX) the number of available inodes? Or fragmentation perhaps? I only ask since you clearly have enough space, but a lack of inode may appear as no space left on device and a high level of fragmentation in JFS (not jfs2) on AIX will throw strange errors. Cheers, Bill (PS: I know you are not running AIX. :-) :-) ) No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba No virus found in this incoming message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printing Problem with Samba ' Failed to allocate a print job'
I’m using Samba 3.0.24 on Ubuntu Feisty. I’m managing my printers with CUPS. Just yesterday, one printer stopped being able to print through Samba. This printer still prints fine directly from CUPS. When I try to send any print job to the print via Samba, I get this: [2008/04/08 11:15:58, 0] printing/printing.c:allocate_print_jobid(2262) allocate_print_jobid: failed to allocate a print job for queue truss_hp4050_2 [2008/04/08 11:15:58, 3] printing/printing.c:print_job_start(2431) print_job_start: returning fail. Error = No space left on device At first glance, I would think the disk was full. It’s actually not: [EMAIL PROTECTED]:~# df -h FilesystemSize Used Avail Use% Mounted on /dev/sdf1 106G 41G 60G 41% / varrun 1006M 844K 1005M 1% /var/run varlock 1006M 4.0K 1006M 1% /var/lock procbususb 1006M 140K 1006M 1% /proc/bus/usb udev 1006M 140K 1006M 1% /dev devshm 1006M 0 1006M 0% /dev/shm /dev/sda1 1.4T 293G 1014G 23% /data /dev/md0 1.2T 770G 380G 67% /backup /data/home1.4T 293G 1014G 23% /home Then I checked to make sure the permissions on the spool directory were OK: [EMAIL PROTECTED]:~# ls -ld /data/samba/spool drwxrwxrwt 3 root Domain Users 49152 2008-04-08 11:17 /data/samba/spool I don’t use /var/spool/samba but here are its permissions anyway: [EMAIL PROTECTED]:~# ls -ld /var/spool/samba drwxrwxrwt 2 root root 4096 2007-05-22 13:53 /var/spool/samba Thinking it might just be a temporary thing with Samba, I restarted it last night after everyone left. The problem still persists. I have not restarted the entire server yet. There are no errors in dmesg or /var/log/messages. I checked this morning to see if there was a newer Samba version for Feisty, but there isn’t. I found a few instances of this type of problem on Google, but no real answers. Plus, they all seemed to be old. Thanks for any help, Misty No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Printing Problem with Samba ' Failed to allocate a print job'
Hi Bill, That would be fabulous (in a bad way) but it is not the case. Here is the equivalent part of dumpe2fs for /dev/sda1 (/data): Inode count: 183156736 Block count: 366286008 Reserved block count: 18314300 Free blocks: 287497221 Free inodes: 181068686 And here is for /dev/sdf1 (/): Inode count: 14057472 Block count: 28103701 Reserved block count: 1405185 Free blocks: 17311944 Free inodes: 13849218 Any other ideas would be appreciated! --Misty -Original Message- From: William Jojo [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 1:49 PM To: Misty Stanley-Jones Subject: Re: [Samba] Printing Problem with Samba ' Failed to allocate a print job' This will sound stupid, I am certain, but is this an inode issue? Does the FS type you are using auto-extend (like JFS2 on AIX) the number of available inodes? Or fragmentation perhaps? I only ask since you clearly have enough space, but a lack of inode may appear as no space left on device and a high level of fragmentation in JFS (not jfs2) on AIX will throw strange errors. Cheers, Bill (PS: I know you are not running AIX. :-) :-) ) No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems joining machine to domain
Our Samba server was recently the recipient of a major upgrade. I thought all the kinks were worked out, but apparently not. I think this is the first time I've tried to join a machine account to the domain since the upgrade. I've tried using smbldap-tools and also just using smbpasswd (I have my users in LDAP). I'll also say that 'net join' works just fine from my Samba domain members to my Samba domain master. First, the preliminaries: OS: Ubuntu 7.04 Server Samba Version: 3.0.24 Smbldap-tools Version: 0.9.2 Passdb Backend: LDAP (openLDAP) Anyway, when I try to join to the domain using smbldap-tools, here is my script in smb.conf: add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u If I run that by hand, as root, it adds the posixAccount but not the sambaSamAccount. On the Windows system I get an error like No such user. In the Samba logs, I see an error like this: [2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w xptommy$' gave 0 [2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(384) pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER Just to be sure I had the privileges right: net rpc rights grant CORP\Domain Admins SeMachineAccountPrivilege I am joining domains as 'root', who is a member of the Domain Admins group: memberUid: root,misty,carl Obviously smbldap-tools is set up at least somewhat correctly, because it is creating the posixAccount. I re-ran 'smbpasswd -W' just to be sure that Samba could bind to the LDAP server. I also tried using the username 'misty' to join the domain. Same results every time. Any idea what I can try next, apart from simply adding the sambaSamAccount objectclass by hand? Misty Stanley-Jones System Administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems joining machine to domain
Anyway, when I try to join to the domain using smbldap-tools, here is my script in smb.conf: add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u Can you explain to me what -t means and where did you got it from? -ttime. Wait 'time' seconds before exiting (when adding Windows Workstation) I copied it from the config before the upgrade, where it worked. I took out the -t 0 just to test, and I get the same result. If I run that by hand, as root, it adds the posixAccount but not the sambaSamAccount. On the Windows system I get an error like No such user. In the Samba logs, I see an error like this: [2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w xptommy$' gave 0 [2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(384) pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER Just to be sure I had the privileges right: net rpc rights grant CORP\Domain Admins SeMachineAccountPrivilege I am joining domains as 'root', who is a member of the Domain Admins group: memberUid: root,misty,carl Obviously smbldap-tools is set up at least somewhat correctly, because it is creating the posixAccount. I re-ran 'smbpasswd -W' just to be sure that Samba could bind to the LDAP server. I also tried using the username 'misty' to join the domain. Same results every time. Any idea what I can try next, apart from simply adding the sambaSamAccount objectclass by hand? Misty Stanley-Jones System Administrator Have you configured NSS properly (getent passwd show your machine accounts from LDAP)? Any chance that you are using nscd and winbind? Nss is configured just fine. The getent command works just fine, both for 'root' and for 'misty'. Should I be able to getent my machine accounts? Hmm, I think I should. OK, I had been specifying the base for users and groups in the nss configuration file. I took that off so it would search the whole tree. Lets test... Yep, that was it! You must not specify nss_base_passwd (in /etc/libnss-ldap.conf on my system) if your users and computers are in different sections of the LDAP tree. It makes sense now that I think about it. The downside is that the entire LDAP tree will be searched for users every time nss is used. I think I will definitely start using nscd post-haste. Any ideas on a better way to do this? Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cross-subnet browsing
I have two domains which are on different subnets, connected by a routed OpenVPN tunnel. The domains trust each other. Domain A has the WINS server. Domain B is confused to use Domain A's WINS server. The VPN pushes the WINS server as part of its DHCP options as well. From either domain, I am able to use smbclient to see the shares on the other domain's PDC. I have to specify -W domainname to get it to work which I assume is normal. From Domain B, I'm able to use nmblookup in unicast mode, to resolve WINS names on Domain A. I'm not able to do this from Domain A to Domain B, except for domain B's PDC. I am able to reverse resolve from IP to WINS name, for any client on Domain B. Below I give some examples, to try to alleviate the confusion: # Proving that I can communicate via IP between domains A and B: pdc.domainA /usr/sbin/traceroute 192.168.4.1 traceroute to 192.168.4.1 (192.168.4.1), 30 hops max, 40 byte packets 1 router.domainA (192.168.1.1) 0.618 ms 0.741 ms 0.784 4 pdc.domainB (192.168.4.1) 107.080 ms 115.237 ms 118.914 ms pdc.domainB /usr/sbin/traceroute 192.168.1.101 traceroute to 192.168.1.101 (192.168.1.101), 30 hops max, 40 byte packets 1 router.domainB 114.398 ms 123.207 ms 132.061 ms 4 pdc.domainA (192.168.1.101) 197.005 ms 205.892 ms 214.772 ms # smbclient from domainB to domainA pdc.domainB smbclient -L corpsrv -W DomainA (output proving it works) # smbclient from domainA to domainB pdc.domainA smbclient -L DUTCHSRV -W DomainB -U root (output proving it works) # nmblookup unicast from domainB to domainA pdc.domainB nmblookup -U 192.168.1.101 -R 'ifss' 192.168.1.102 ifss00 # nmblookup unicast from domainA to domainB pdc.domainA nmblookup -U 192.168.1.101 -R 'rachel95' querying rachel95 on 192.168.1.101 name_query failed to find name rachel95 # Reverse looking up same client after the IP is known [EMAIL PROTECTED]:~ nmblookup -U 192.168.4.1 -A 192.168.4.100 Looking up status of 192.168.4.100 RACHEL9500 - M ACTIVE DV 00 - GROUP M ACTIVE RACHEL9503 - M ACTIVE RACHEL9520 - M ACTIVE DV 1e - GROUP M ACTIVE RACHEL 03 - M ACTIVE MAC Address = 00-10-5A-02-59-2F I am only able to browse shares on Domain B's PDC from Domain A, not any other clients. I have a feeling that it's getting resolved by IP since the DNS and WINS names of that PDC are the same. Please let me know how I can resolve WINS names for Domain B and browse their shares, relying on WINS alone and not on broadcast. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] Cross-subnet browsing and VPN
I as sending this again in the hopes that someone will respond. Surely I am not the only one with this setup. Thanks, Misty -- Forwarded Message -- Subject: [Samba] Cross-subnet browsing and VPN Date: Monday 06 June 2005 09:54 am From: Misty Stanley-Jones [EMAIL PROTECTED] To: samba@lists.samba.org We have two subnets which both belong to the domain CORP, and anothen domain in its own subnet called DV. The two networks are connected via a VPN connection between the gateways. The routing all works. However I am having trouble with a member server trying to become the master browser despite its lower OS level, and the DV and CORP domains cannot see each other even though their trusts seem intact. Some settings are below. CORP: CORPSRV (192.168.1.101) wins support = yes preferred master = yes domain master = yes local master = yes remote announce = 192.168.2.255 192.168.4.255 remote browse sync = 192.168.2.255 192.168.4.255 name resolve order = wins bcast host FURNSRV (192.168.2.3) wins server = 192.168.1.101 wins support = no wins proxy = no dns proxy = no local master = yes domain master = no preferred master = no remote browse sync = 192.168.1.255 192.168.4.255 name resolve order = wins bcast lmhosts host DV: DUTCHSRV (192.168.4.1) preferred master = yes local master = yes domain master = yes wins support = yes remote announce = 192.168.1.101 remote browse sync = 192.168.1.101 name resolve order = wins bcast host dns proxy = yes I also noticed that on DUTCHSRV onsy one nmbd is running. Shouldn't there be two? Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles tool doesn't write changes!
On Wednesday 08 June 2005 02:16 pm, Amir Al-Shourbaji wrote: I tried using the profiles script but it does not SEEM to actually make changes to the NTUSER.DAT files. It just outputs what the changes would be. Why is this happening I am using profiles -c OLDSID -n NEWSID /path/to/ntuser.dat It does not work with profiles created in XP and newer. Misty Thanks, Amir -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cross-subnet browsing and VPN
We have two subnets which both belong to the domain CORP, and anothen domain in its own subnet called DV. The two networks are connected via a VPN connection between the gateways. The routing all works. However I am having trouble with a member server trying to become the master browser despite its lower OS level, and the DV and CORP domains cannot see each other even though their trusts seem intact. Some settings are below. CORP: CORPSRV (192.168.1.101) wins support = yes preferred master = yes domain master = yes local master = yes remote announce = 192.168.2.255 192.168.4.255 remote browse sync = 192.168.2.255 192.168.4.255 name resolve order = wins bcast host FURNSRV (192.168.2.3) wins server = 192.168.1.101 wins support = no wins proxy = no dns proxy = no local master = yes domain master = no preferred master = no remote browse sync = 192.168.1.255 192.168.4.255 name resolve order = wins bcast lmhosts host DV: DUTCHSRV (192.168.4.1) preferred master = yes local master = yes domain master = yes wins support = yes remote announce = 192.168.1.101 remote browse sync = 192.168.1.101 name resolve order = wins bcast host dns proxy = yes I also noticed that on DUTCHSRV onsy one nmbd is running. Shouldn't there be two? Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New to Samba, need help
On Tuesday 24 May 2005 02:10 pm, Gary Hostetler wrote: I have compiled and install samba 3 from source. The services start and I can smbclient localhost etc. just fine and I can get a list of the computers in my active directory with that command. When I do a wbinfo -u I get error looking up domain users. My smb.conf file has security = ads, my realm is NCCVT.K12.DE.US, I have encrypt passwords etc. Any idea where to start looking? You need to read up on becoming a domain member server. I have not used AD but I believe it is still necessary to join the domain. Misty Thanks Gary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Non-algorithmic RIDs
When I set up my initial users for the Samba domain i did not realize that RIDs were supposed to be dynamic. I was creating the user as a posixAccount in LDAP, and then adding the Samba elements via a script that I wrote. Their RIDs are the same as their UID. For instance if I have a user with uidNumber 1036, her SID would be domain-SID-1036. This is fine except for idmapping for member servers, for ACLs. I have about 30 users with this problem. Is there a non-disruptive way for me to convert their RIDs to be algorithmic based on their UIDs, without destroying their roaming profiles etc? If not I think we will just have to deal with not being able to use ACLs on member servers, but I thought I would query first. To reiterate, we are using a LDAP backend. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
On Friday 20 May 2005 09:08 am, Tony Earnshaw wrote: I use 3.0.11/3.0.14a (2 sites) on RHAS3 and LDAP. When I use smbpasswd -a to add a POSIX group user to Samba, both user and group RIDs are calculated from uidNumber and gidNumber on the basis of a simple algorithm. This is something that smbpasswd just does; moreover it's documented. Why should mine be different from yours It is obviously that I did not use those scripts. I wrote my own scripts to create an LDIF. I am no Windows admin and simply had no idea that it mattered. The simplest solution would be to change the UIDs but that would put them below 1000. Misty --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
On Friday 20 May 2005 10:56 am, Tony Earnshaw wrote: So do I, awk/sed/shell. I use smbpasswd (amongst other Samba utilities) and I don't have your problem. Don't you know what smbpasswd is? Try 'man smbpasswd' ;) Yes, I know what it is. No, I did not use it. I use LDAP, and I did all of my entries in LDAP directly, skipping the Samba layer. It may have been the wrong way, but it is done and I have a fully running domain that has been running for more than 6 months that way. I do not even use smbpasswd now, but smbldap-tools. smbpasswd will do what you want, if you already have posixGroup entries for users, groups and computers. Are you telling me that smbpasswd will change the RIDs for already-existing Samba users? I did not know that. I get the feeling I have really frustrated you. Sorry. Misty --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACLs on a member server
Hi all, i have ACLs working fine on my PDC, but they do not work on a member server. Here is a summary of my set-up: I am using LDAP backend, with nss_ldap on all of my member servers. Samba 3.0.12pre1 on the PDC and Samba 3.0.14a on the member server. I have winbindd running on my member server, and it is pointing at LDAP as its backend. wbinfo -u and wbinfo -g both work. I am using security=domain on the member server and it is joined to the domain. However when I view ACEs on a file from a Windows client, on the member server the users / groups resolve to SERVER\user instead of DOMAIN\user. I have provided a screen shot of what it looks like for files on the PDC and files on the member server, here: http://www.borkholder.com/admin/ Any help is appreciated. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hide unreadable files also hides readable files (SOLVED)
On Thursday 21 April 2005 09:04 am, Christoph Kaegi wrote: No, no ACLs. But I managed to solve this problem by accident, though I don't really understand why in detail. The problem only showed up when I mounted the share with username/password. When using domain\username/password everything runs as expected. Thanks for coming back to this. Chris Do you also have local users on the clients? Perhaps it is using the local SIDs instead of the domain ones. Then the file would indeed be unreadable if it is not world-readable. Misty -- -- Christoph Kaegi [EMAIL PROTECTED] -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to create new files in share
Hi all, I have a share with the following share definition: [HR_PR] path = /data/samba/shares/HR_PR valid users = @hr @acct_admin browseable = yes public = no guest ok = no force group = hr inherit acls = yes create mode = 770 The UNIX permissions on the directory are as follows: drwxrwx--- 2 root hr 4096 Apr 18 09:47 /data/samba/shares/HR_PR When I 'su' to my user on the server, I can 'touch' new files just fine. However when she tries to create a new file, she gets the following error: [2005/04/18 10:43:13, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 9873) conn 0x8354828 [2005/04/18 10:43:13, 3] smbd/dosmode.c:unix_mode(111) unix_mode(New Text Document.txt) returning 0744 [2005/04/18 10:43:13, 3] smbd/open.c:open_file(115) Permission denied opening New Text Document.txt [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(105) error string = Operation not permitted [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2200) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2005/04/18 10:43:13, 3] smbd/process.c:process_smb(1091) Transaction 140998 of length 124 [2005/04/18 10:43:13, 3] smbd/process.c:switch_message(886) switch message SMBtrans2 (pid 9873) conn 0x8354828 [2005/04/18 10:43:13, 3] smbd/trans2.c:call_trans2qfilepathinfo(2418) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2005/04/18 10:43:13, 3] smbd/trans2.c:call_trans2qfilepathinfo(2443) call_trans2qfilepathinfo: SMB_VFS_STAT of New Text Document.txt failed (No such file or directory) [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(105) error string = No such file or directory [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2197) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2005/04/18 10:43:13, 3] smbd/process.c:process_smb(1091) Transaction 140999 of length 142 [2005/04/18 10:43:13, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 9873) conn 0x8354828 [2005/04/18 10:43:13, 3] smbd/dosmode.c:unix_mode(111) unix_mode(New Text Document (2).txt) returning 0744 [2005/04/18 10:43:13, 3] smbd/open.c:open_file(115) Permission denied opening New Text Document (2).txt [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(105) error string = Operation not permitted [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2200) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2005/04/18 10:43:13, 3] smbd/process.c:process_smb(1091) Transaction 141000 of length 132 [2005/04/18 10:43:13, 3] smbd/process.c:switch_message(886) switch message SMBtrans2 (pid 9873) conn 0x8354828 [2005/04/18 10:43:13, 3] smbd/trans2.c:call_trans2qfilepathinfo(2418) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2005/04/18 10:43:13, 3] smbd/trans2.c:call_trans2qfilepathinfo(2443) call_trans2qfilepathinfo: SMB_VFS_STAT of New Text Document (2).txt failed (No such file or directory) [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(105) error string = No such file or directory [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2197) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND Also when she tries to modify any file, she gets access denied. Every file in the directory has mod 770 with owner being root and hr being the group. There are no ACLs defined for this share. I am stumped! Thanks for any help, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to create new files in share
On Monday 18 April 2005 11:07 am, Misty Stanley-Jones wrote: Hi all, I have a share with the following share definition: [HR_PR] path = /data/samba/shares/HR_PR valid users = @hr @acct_admin browseable = yes public = no guest ok = no force group = hr inherit acls = yes create mode = 770 I am ashamed to say that what I was missing was writeable = yes -- keep it simple, stupid. :( *hanging head in shame* Misty The UNIX permissions on the directory are as follows: drwxrwx--- 2 root hr 4096 Apr 18 09:47 /data/samba/shares/HR_PR When I 'su' to my user on the server, I can 'touch' new files just fine. However when she tries to create a new file, she gets the following error: [2005/04/18 10:43:13, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 9873) conn 0x8354828 [2005/04/18 10:43:13, 3] smbd/dosmode.c:unix_mode(111) unix_mode(New Text Document.txt) returning 0744 [2005/04/18 10:43:13, 3] smbd/open.c:open_file(115) Permission denied opening New Text Document.txt [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(105) error string = Operation not permitted [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2200) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2005/04/18 10:43:13, 3] smbd/process.c:process_smb(1091) Transaction 140998 of length 124 [2005/04/18 10:43:13, 3] smbd/process.c:switch_message(886) switch message SMBtrans2 (pid 9873) conn 0x8354828 [2005/04/18 10:43:13, 3] smbd/trans2.c:call_trans2qfilepathinfo(2418) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2005/04/18 10:43:13, 3] smbd/trans2.c:call_trans2qfilepathinfo(2443) call_trans2qfilepathinfo: SMB_VFS_STAT of New Text Document.txt failed (No such file or directory) [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(105) error string = No such file or directory [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2197) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2005/04/18 10:43:13, 3] smbd/process.c:process_smb(1091) Transaction 140999 of length 142 [2005/04/18 10:43:13, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 9873) conn 0x8354828 [2005/04/18 10:43:13, 3] smbd/dosmode.c:unix_mode(111) unix_mode(New Text Document (2).txt) returning 0744 [2005/04/18 10:43:13, 3] smbd/open.c:open_file(115) Permission denied opening New Text Document (2).txt [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(105) error string = Operation not permitted [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2200) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2005/04/18 10:43:13, 3] smbd/process.c:process_smb(1091) Transaction 141000 of length 132 [2005/04/18 10:43:13, 3] smbd/process.c:switch_message(886) switch message SMBtrans2 (pid 9873) conn 0x8354828 [2005/04/18 10:43:13, 3] smbd/trans2.c:call_trans2qfilepathinfo(2418) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2005/04/18 10:43:13, 3] smbd/trans2.c:call_trans2qfilepathinfo(2443) call_trans2qfilepathinfo: SMB_VFS_STAT of New Text Document (2).txt failed (No such file or directory) [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(105) error string = No such file or directory [2005/04/18 10:43:13, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2197) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND Also when she tries to modify any file, she gets access denied. Every file in the directory has mod 770 with owner being root and hr being the group. There are no ACLs defined for this share. I am stumped! Thanks for any help, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux Users execute 'login scripts'
On Monday 11 April 2005 04:09 pm, Bruno Tobias Stella wrote: Hello ! I have a Samba Server with LDAP(OpenLDAP) authentication and Windows Workstation that login in domain working all right. Now, I need to configure Linux workstations to log in Samba Server Domain. The Linux workstatios users are all in LDAP. How do I configure to execute the 'login script' when a Linux user log in his linux workstation ? I would go at this a different way. You are storing loginShell in LDAP, correct? Then simply create a per-user .bashrc or .login file and put that in their /home directory, preferrably when initially creating the account by means of /etc/skel. None of the commands are going to be the same as the Windows (or I can't imagine them being), so I think this is your best bet. Of course you would need to make the .bashrc or .login read-only to the user, to prevent him/her changing it. Misty Thanks for any help ! Bruno Stella [EMAIL PROTECTED] Setor de Redes - (19) 3031-4165 Secretaria de Informatica Tribunal Regional do Trabalho da 15a. Regiao -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help! Unable to join domain :(
This problem is fixed. There is a bug in gcc of Samba 9.1 it appears, and export CFLAGS=-O must be issued prior to the compile, for Samba 3.0.12 and 3.0.13. Thanks, Jerry! Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help! Unable to join domain :(
Hi all, I have been working on this for days to no avail. I am unable to join any machine to my domain. I think the server's machine password got corrupted but don't know how to change it. From the PDC, I try: oink:/usr/local/src/samba-3.0.12/source # net join PDC Password: Could not connect to server CORPSRV The username or password was not correct. From a member server, I try: furnsrv:~ # net join MEMBER Password: [2005/04/04 18:13:56, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(27 error setting trust account password: NT_STATUS_ACCESS_DENIED Unable to join domain CORP. Or: (as another privileged account) furnsrv:~ # net join MEMBER -U misty Password: [2005/04/04 18:17:25, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(279) error setting trust account password: NT_STATUS_ACCESS_DENIED Unable to join domain CORP. From a Windows workstation I get a similar thing. From member servers I am able to use smbclient to authenticate to the PDC, except as 'root' user which doesn't work. On the PDC I cannot auth with smbclient as any user at all. My users are all able to log in just fine. Samba 3.0.12 and 3.0.13 have produced the same results. I have even tried deleting all non-printing TDB files and starting over again. No help! I don't have anything weird in LDAP ACLs and I've verified with ldapsearch that the entries are able to be seen. I can see no obvious errors in a log level 10. I'm sorry because I've already basically sent this email before, but got no answers at all. My domain was working fine before Thursday when I updated to 3.0.13. Misty :( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help! Unable to join domain :(
More info: Here is my smb.conf on my PDC: [global] workgroup = CORP netbios name = CORPSRV server string = Corp File Server security = user password server = * domain logons = yes username map = /usr/local/samba/lib/smbusers log file = /data/samba/log/%m.log log level = 5 #max log size = 50 debug timestamp = yes logon script = logon.bat logon path = \\%L\profiles\%U\%a logon drive = H: logon home = \\%L\%U time server = yes printing = cups printcap = cups printcap cache time = 60 load printers = yes show add printer wizard = no force printername = yes wins support = yes os level = 100 preferred master = yes domain master = yes local master = yes remote announce = 192.168.2.255/CORP remote browse sync = 192.168.2.255 name resolve order = wins bcast lmhosts host wins proxy = yes dns proxy = yes passdb backend = ldapsam:ldap://127.0.0.1/ #ldapsam:trusted = yes ldap suffix = dc=borkholder,dc=com ldap admin dn = cn=Manager,dc=borkholder,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap idmap suffix = ou=People ldap ssl = no ldap passwd sync = yes add user script = /usr/local/sbin/smbldap-useradd -m %u ldap delete dn = no #delete user script = /usr/local/sbin/smbldap-userdel %u add machine script = /usr/local/sbin/smbldap-useradd -t 5 -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g #delete group script = /opt/IDEALX/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupm od -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u admin users = root @Domain Admins printer admin = root @Domain Admins socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 deadtime = 60 encrypt passwords = yes #use spnego = no Here is the smb.conf of a member server: [global] workgroup = CORP netbios name = FURNSRV server string = Furniture File Server security = domain password server = 192.168.1.101 wins server = 192.168.1.101 wins support = no wins proxy = yes dns proxy = yes os level = 99 local master = yes domain master = no preferred master = yes log file = /usr/local/samba/var/userlog/%m.log log level = 2 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_BROADCAST printing = cups printcap = cups remote browse sync = 192.168.1.255 interfaces = 127.0.0.1 192.168.2.3 bind interfaces only = yes name resolve order = wins bcast lmhosts host hide dot files = Yes inherit permissions = Yes inherit acls = Yes Here is the error I get when I try to use smbclient on the PDC itself: SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE Here is the same thing on the member server: furnsrv:~ # smbclient -L CORPSRV -W CORP -U CORP/root added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=192.168.2.3 bcast=192.168.2.255 nmask=255.255.255.0 Got a positive name query response from 192.168.1.101 ( 192.168.1.101 ) Password: Domain=[CORP] OS=[Unix] Server=[Samba 3.0.12] Sharename Type Comment - --- acct_hp8500 Printer Accounting Color Laser Printer plotter Printer Engineering Plotter netlogonDisk Network logon service softwareDisk Software for Samba computers public Disk Public Files PDF Disk Location of documents printed to PDFCreator printer EVERYTHING Disk All shares APPSDisk ACCTDisk HR_PR Disk ENGRDisk DATADisk X Disk NETWORK Disk UTILS Disk CDROM Disk CD-ROM on CORPSRV IPC$IPC IPC Service (Corp File Server) ADMIN$ IPC IPC Service (Corp File Server) truss_hp5n Printer HP Laserjet 5n truss_hp4050Printer HP Laserjet 4050 truss_hp4 Printer HP Laserjet 4 PDFcreator Printer Create PDF files furnlaser Printer FAX Printer Create FAX Files engr_hp1300 Printer rootDisk Home Directories Domain=[CORP] OS=[Unix] Server=[Samba 3.0.12] Server Comment ---- CORPSRV Corp File Server FURNSRV Furniture File Server LNXMISTY Samba 3.0.13 NTENGRECEPT NTFURNOFFICE NTJEREMY NTJOHNK NTLISA NTMIKE NTRECEPTIONIST NTTIM NTTRUSS SQW TRUSSRV
[Samba] Local Settings in profile
OK, Microsoft says that Local Settings does not roam. Why, then, do I see files opening and closing in it (on my Samba server) when my user logs in and out? The vast majority of log-off time is spent doing SOMETHING in Local Settings. This is with Windows XP especially. Anybody have any info for me about this? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Home directory error
I have one group of people in my domain whose home directories and profiles are on a member server. Their sambaHomePath and sambaProfilePath is specified in LDAP. One of these users gets prompted for his username\password (which don't work) whenever he logs in. I look in the PDC's log and it looks like he's trying to connect to his home directory on the PDC: [2005/03/22 11:44:16, 0] smbd/service.c:make_connection_snum(626) '/home/jon' does not exist or is not a directory, when connecting to [jon] However he does get his correct home directory (from the member server) and it works fine. Any ideas what is going on? I hope what I said makes sense -- it is a little confusing. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-tools question
When I used smbldap-populate way back when I set up my LDAP server, I got two sambaDomainName objects in my LDAP tree -- one for the domain name (CORP) and one for the PDC Netbios name (CORPSRV). My Windows XP systems complain that they can't find the PDC for the domain CORPSRV. I am wondering if I even need the second sambaDomainName in LDAP at all. Any ideas? Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and LDAP Base DN
Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
More info: I tried deleting ou=corp (after making a backup of course) and still no dice. As soon as I put back ou=corp and make the baseDN in smb.conf ou=corp, everything works. If I take all the entries under ou=corp and copy them one level up, I can't authenticate to Samba anymore. It doesn't make any sense. On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
On Wednesday 16 March 2005 02:43 pm, Craig White wrote: On Wed, 2005-03-16 at 10:57 -0500, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? change nss/padl stuff? /etc/ldap.conf ??? Yes I already did that, and nss_ldap is working just fine on all systems concerned (it's still changed). Samba is the only thing still using the ou=corp DN. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
SOLVED Re: [Samba] Samba and LDAP Base DN
It appears that Samba needs to be restarted in order for the search base to be reset. Is this a bug? The BaseDN was reset without doing anything other than editing the smb.conf. But even then, viewing of the LDAP logs showed that the search base was still including the old DN. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows ACL (beaten to death I know)
I've been ignoring the ACL issue because I have yet to get it to work. But now I am curious. I log in as root and create a text file in root's home directory. I look in the security properties and verify that the file is indeed owned by root. In Linux, the permissions of the file are 750, root owner, root group. In Windows, I try to add a user with read permissions. I get permission denied. I am able to change my own permissions but I'm unable to add another person into the permissions. I get the following in the log file: [2005/03/14 10:23:32, 2] smbd/open.c:open_file(245) root opened file bar.txt read=Yes write=No (numopen=3) [2005/03/14 10:23:32, 2] smbd/close.c:close_normal_file(270) root closed file bar.txt (numopen=2) [2005/03/14 10:23:32, 2] smbd/open.c:open_file(245) root opened file bar.txt read=Yes write=No (numopen=3) [2005/03/14 10:23:32, 2] smbd/close.c:close_normal_file(270) root closed file bar.txt (numopen=2) Thinking maybe the 'root' group is causing trouble because it is not mapped into a Samba group, I change the group to Domain Users. I try to take away write access for a specific user who is in Domain Users and again get the Permission Denied. I verify that ACLs indeed work on my filesystem: oink:/usr/local/samba/lib # setfacl -m u:misty:r /root/bar.txt oink:/usr/local/samba/lib # getfacl /root/bar.txt getfacl: Removing leading '/' from absolute path names # file: root/bar.txt # owner: root # group: Domain\040Users user::rwx user:misty:r-- group::rw- mask::rw- other::--- I am really not sure what else to try. I did compile with ACLs enabled. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: probleman adding user
On Saturday 12 March 2005 03:33 am, Jim C. wrote: | Good Morning, | I'm adding user mdonada in the smbldap-useradd -a -m mdonada, but | probleman: | [EMAIL PROTECTED] home]# smbldap-useradd -a -m mdonada | Can't call method get_value on an undefined value at | /usr/sbin/smbldap-useradd line 170, DATA line 283. | [EMAIL PROTECTED] home]# In case you didn't figure this out yet, it's because the -m switch indicates that you are adding a machine account, and expects a $. If you are in fact trying to add a user account, you need to leave the -m off. Try smbldap-useradd -h to see all of the available switches. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] share outside domain
On Monday 14 March 2005 01:48 pm, johon Doe wrote: Is it possible to give access to a machine from machines that arent members of the domain ? How do it ? thx. You would use guest ok = yes or else give them a username and password in the domain. They still need to authenticate even if their computers are not members of the domain. Misty __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 'profiles' command with WinXP Profiles
Hi all, I have gotten the 'profiles' command to work for NT and Win2K profiles very well. In Windows XP, I am able to change the 'owner' but not the 'group' SID. It gives no errors but it just doesn't change them. A snippet of the profile in question is below: furnsrv:/data/samba/profiles/jon # profiles NTUSER.DAT |grep S-1-5 Owner SID: S-1-5-32-544 Group SID: S-1-5-21-2127521184-1604012920-1887927527-513 Perms: 000F003F, SID: S-1-5-18 Perms: 000F003F, SID: S-1-5-32-544 Perms: 1000, SID: S-1-5-18 Perms: 1000, SID: S-1-5-32-544 Owner SID: S-1-5-32-544 Group SID: S-1-5-21-1505131970-119759924-475665672-513 Perms: 000F003F, SID: S-1-5-18 Perms: 000F003F, SID: S-1-5-32-544 Perms: 1000, SID: S-1-5-18 Perms: 1000, SID: S-1-5-32-544 Owner SID: S-1-5-21-725326080-1709766072-2910717368-2060 Group SID: S-1-5-21-383998039-2845272951-4289691644-2061 Perms: 000F003F, SID: Perms: 1000, SID: S-1-5-18 Perms: 000F003F, SID: S-1-5-32-544 Perms: 1000, SID: S-1-5-32-544 Owner SID: S-1-5-32-544 Not only are the groups all wrong, but I don't even know where most of the SIDs in there came from. The S-1-5-21-383998039-2845272951-4289691644-2061 is from the old domain. The others I haven't a clue. Anyway, if I use the following syntax: profiles -c S-1-5-21-383998039-2845272951-4289691644-2061 -n S-1-5-21-725326080-1709766072-2910717368-513 /path/to/NTUSER.DAT I get no errors, but the SID doesn't really change. The user gets access denied trying to load his profile. I would rather not have to redo this user's profile, so if anyone can give me some wisdom it would be great. I did read in the man page for 'profiles' that only NT is supported, but I am hoping there might be a workaround. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as PDC and BDC on the same network.
On Wednesday 02 March 2005 08:14 am, Clement DIEBOLD wrote: And the second, the BDC like : domain master = no prefered master = no local master = no domain logons = yes security = user I think this needs to be security = server but correct me if I am wrong. On your BDC do testparm and it will show you the role of the server. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrate profiles from one domain to another
Hi all, I need to migrate profiles from one running domain to another. I can't use the standard Windows Profile tools, because when I am a member of one domain, profiles for the other domain say Account Unknown and the Copy function is disabled. I can't get interdomain trusts working and have no responses to my email about that, so I am looking for another way to get this done. I have a feeling that my missing link is interdomain trusts. Any help would be appreciated, so I can merge these two domains together. :( Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fedora core 2 domain trust account fails
On Tuesday 01 March 2005 11:30 am, kent wrote: Hello, Having a problem with trust accounts failing after creation. The following is the system that I'm running Samba on: Fedora Core 2 (compiled from source) Samba 3.0.11 OpenLDAP 2.2.23 BerkeleyDB 4.3.27 If you read the release notes for 3.0.12pre1 you will see there is a bug with interdomain trusts in 3.0.11. Nobody ever told me that even though I have asked repeated on the mailing list. I wlll save you the time I wasted and let you know. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Interdomain trust problem
Hi all, I have two different domains. At one point I had them trusting eaach other but then I ruined it. Now I am trying to get them back. They both have LDAP backend. I need them bot to trust each other and be trusted by each other. Here are the steps I am following: 1. On each domain, create a computer account called the other domain: CORP: smbldap-useradd -ai FURN$ CORP: smbldap-passwd FURN$ (for the example lets say I used the password secret) CORP: smbpasswd -a -i FURN (entered secret again) FURN: net rpc trustdom establish CORP (entered secret) Could not connect to server CORPSRV The username or password was not correct. [2005/02/28 10:11:02, 0] utils/net_rpc.c:rpc_trustdom_establish(4516) Couldn't verify trusting domain account. Error was NT_STATUS_LOGON_FAILURE The same exact thing happens the opposite way. No real error messages that I can find in any log files. Can someone please tell me the step I am missing? Thanks, Misty PS - John, it would be great if you could update chapter 16 of _Samba 3 By Example_ to include steps for establishing interdomain trusts when using LDAP backend, because it is not immediately obvious to me what to do. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Basic Samba functionality under SuSE 9.2
Top-posting only because it's short. You need to start nmbd on the Linux box. Make sure that it is not a local, domain, or preferred master, and that the OS level is low (5 or so). Misty On Tuesday 08 February 2005 11:55 am, Tom Peters wrote: I'm trying to get Samba 3.0.9-2.3 to work under Suse 9.2. This my very first Linux install and I'm a little at sea here. There are so many things that could be wrong I don't know where to start. The Windows machine I'm using as a client has TCP/IP, file/printer sharing, and Client for MS networks. He can't see the linux machine's (Tolkien) shares, but he can ping him. This might be a name services issue because issuing a net command at the windows box to enumerate the shares (I think that's net view) of the form NET VIEW \\TOLKIEN results in a timeout and error, but NET VIEW \\172.20.0.5 results in a correct list of the shares I've configured on the box! C:\WINDOWSnet view \\172.20.0.5 Shared resources at \\172.20.0.5 Samba 3.0.9-2.3-SUSE Share name Type Used as Comment --- archive Diskarchived files (etc) I know the IP addresses look odd, I won't go into the reasons using a class B but that's worked properly for years, so that's not the issue. Layer 2 connectivity is good. I'm confused about the firewall on SuSE; it's enabled and maybe it shouldn't be. All boxes on this little network are on a switch which goes to a router, thence to my DSL modem. I'm not using the SuSE box as a gateway, it's just on another switch port like the Windows boxes. The firewall has the same interface defined as the inside port and the outside port. But the YAST GUI for configuring Samba has a checkbox for opening all appropriate firewall ports, and I did that. I went back to check and it's still checked. For grins, I portscanned tolkien. TCP ports open are: 21, 22, 25, 110, 139, 445. UDP ports: None. I tried this: net use k: \\172.20.0.5\archive It works! Well, almost. It prompts for username and password, and username and pw I use to login at the linux box doesn't work. root with his password works. I need to get some permissions issues ironed out later. -Tom [Philosophy] Man's loneliness is but his fear of life. --Eugene O'neil --... ...-- -.. . -. . --.- --.- -... [EMAIL PROTECTED] (remove nospam) N9QQB (amateur radio) HEY YOU (loud shouting) WEB ADDRESS http//www.mixweb.com/tpeters 43° 7' 17.2 N by 88° 6' 28.9 W, Elevation 815', Grid Square EN53wc WAN/LAN/Telcom Analyst, Tech Writer, MCP, Cisco Certified CCNA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap passwd sync not working
On Saturday 05 February 2005 02:17 pm, Alexander Zubkov wrote: In debug mode smbpasswd say this: samba 3.0.11 ... smbldap_check_root_dse: Expected one rootDSE, got 0 ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does not support paged results smbldap_check_root_dse: Expected one rootDSE, got 0 ldap password change requested, but LDAP server does not support it -- ignoring ldapsam_update_sam_account: successfully modified uid = test in the LDAP database Why samba-3.0.6 can sync password and samba-3.0.11 say that may LDAP server does not support it? Any ideas? Alexander Zubkov I am guessing that Samba is using a different criteria/mechanism to change the passwords now. Perhaps it has to do with increasing support for non-openLDAP implementations. One thing I noticed is that your rootDSE is not readable. The rootDSE contains information about your LDAP server that some applications (such as addressbooks that need to automatically determine the baseDN) need. Info about the rootDSE can be found at http://www.techgalaxy.net/Docs/Dev/LDAPv3 RootDSE Overview.htm. For OpenLDAP you need an ACL like this: access to attrs=namingcontexts by anonymous read (or lock it down by IP range or some other way to make it more secure) Correcting your LDAP config to include the above may keep Samba from being confused -- just a thought. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Subnet-isolated member server
Hi all, I'm gearing up to merge our two domains into one, across subnets. I have subnet browsing working now. I have a couple questions: 1. Right now, the second PDC (which will become the member server) shares a printer via its own CUPS server. Will my users see a performance degradation if that printer starts being shared by the other PDC across the subnet? Would it be OK for this member server to continue sharing that printer instead? The only ones who are supposed to use the printer are on the same subnet as the new member server will be, so it seems to make more sense for it to stay shared by that member server. But in that case I am not sure it is legal or kosher for the [print$] share to be on that member server. Will it work? 2. These users will have some different parameters in LDAP than the default. Of course I can manually change those values as I add users (there are not many) but is there a way instead for me to use smbldap-tools on the member server to add users for that subnet? Then I can customize smbldap-tools to my needs for those users, but continue to use the defaults for most people. I guess the question is here, can I somehow manage my users differently than the other users, even though they are in the same domain? Now that I've typed this out, I am pretty sure that I can. 3. I'm having a difficult time finding info about things like SambaHomePath. Is this the path to the HOMES share on the server, or is it the path to the user's share? IE is it \\server\homes, \\server\user, or \\server\homes\user ? In the past I have specified this in the smb.conf but I'm interested to moving it to LDAP. Thanks for your help! Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbldap-tools and sambaPasswordMustChange
On Thursday 27 January 2005 05:36 pm, news.gmane.org wrote: 2147483647 is a unix timestamp (number of seconds since some date in 1970) I believe. Yes, for very far in the future. I've been trying a few things. I had OpenLDAP set to use exop to update the password. I changed it to clear. I also took away the pam password change = yes in smb.conf because I don't know what it does. I have ldap password sync = yes in there, but it looks like the right thing. If I manually use smbldap-passwd to change a user's password, I get the following output: 30 82 01 2E 02 01 04 66 82 01 27 04 3D 63 6E 3D 0..f..'.=cn= 4D 69 73 74 79 20 53 74 61 6E 6C 65 79 2D 4A 6F Misty Stanley-Jo 6E 65 73 2C 6F 75 3D 70 65 6F 70 6C 65 2C 6F 75 nes,ou=people,ou 3D 43 4F 52 50 2C 64 63 3D 62 6F 72 6B 68 6F 6C =CORP,dc=mycomp 64 65 72 2C 64 63 3D 63 6F 6D 30 81 E5 30 3A 0A any,dc=com0..0:. 01 02 30 35 04 0F 73 61 6D 62 61 4C 4D 50 61 73 ..05..sambaLMPas 73 77 6F 72 64 31 22 04 20 44 34 36 44 43 37 46 sword1. blahblah 44 46 42 45 46 39 31 43 42 32 35 41 44 33 42 38 blahblahblahblah 33 46 41 36 36 32 37 43 37 30 1C 0A 01 02 30 17 blahblahblahblah. 04 0E 73 61 6D 62 61 41 63 63 74 46 6C 61 67 73 ..sambaAcctFlags 31 05 04 03 5B 55 5D 30 3A 0A 01 02 30 35 04 0F 1...[U]0:...05.. 73 61 6D 62 61 4E 54 50 61 73 73 77 6F 72 64 31 sambaNTPassword1 22 04 20 36 34 43 45 42 36 30 37 34 46 45 31 37 . blahblahblahblah 36 39 41 44 34 34 34 39 35 35 34 33 46 43 33 39 blahblahblahblahblah 42 35 34 30 24 0A 01 02 30 1F 04 0F 73 61 6D 62 bla$...0...samb 61 50 77 64 4C 61 73 74 53 65 74 31 0C 04 0A 31 aPwdLastSet1...1 31 30 36 39 32 31 38 38 31 30 27 0A 01 02 30 22 1069218810'...0 04 12 73 61 6D 62 61 50 77 64 4D 75 73 74 43 68 ..sambaPwdMustCh 61 6E 67 65 31 0C 04 0A 31 31 31 34 36 39 37 38 ange1...11146978 38 31 __ __ __ __ __ __ __ __ __ __ __ __ __ __ 81 That date translates to Thu Apr 28 09:17:51 2005 which is perfect. But it is not getting put into the LDAP server. So I am wondering if this might be some openLDAP problem. Will explore further. One thing I am not sure about is why is there a 1 after every attribute name: sambaPwdMustChange1 ... might be some debug output thing though. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbldap-tools and sambaPasswordMustChange
Ugh, please ignore all this. It's not Samba or OpenLDAP, it's phpLDAPAdmin displaying it wrong! Thank goodness for GQ! Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disappointed with complete lack of help.
On Friday 28 January 2005 11:44 am, Marc Haber wrote: Nobody knowledgeable finds the time to answer requests at all. It is so sad that you think that. This list has enabled me to set up a damned good Samba solution for my company. I read it every day because of the knowledge that it contains. It's people with bad attitudes who ruin it for the rest of us. If you don't like it, please unsubscribe. Thanks, Misty Greetings Marc -- --- -- Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind vs nss_ldap?
Hi all, I have nss_ldap working on all of my Linux servers. Is there any reason for me to also use winbind? It seems to me no, since all Linux users use the same uid/gid for every user and group that is non-local. I will have about 100 users in LDAP once I get my two domains joined together. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] access
If you are using LDAP you can give a list of allowed workstations in the LDAP entry. On Thursday 27 January 2005 01:04 pm, n r wrote: hi, How to make to authorize a user samba to be connected from one or two particular machine of the network only and not of the others? thanks _ MSN Hotmail : antivirus et antispam intégrés http://www.msn.fr/newhotmail/Default.asp?Ath=f -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP profile problems
On Wednesday 26 January 2005 03:44 pm, Mike Partyka wrote: s there is trick to fully copying an existing local profile over to your new domain profile after you join the Samba domain? I tried the profile copy under System Properties, on the advanced tab and although it completed, I log on and MS office wants to load files from the CD and my start menu seems to be missing the entire left side column. If you look in the archives you might find that I had the same issues and with the help of a few people on this list got it figured out. Here are the steps. 1. Log in as local admin. Delete all .DOMAIN or .000 profiles (right-click and look at the security to be sure it is the domain profile). 1.5. If that user has some privileges on the local system, it seems to work better if you give the domain user the same permissions on the local system (Administrator, Power User, etc). 2. Remove the copied profile for the user from the server. 3. Log in as the domain user. Let it create a default profile. 4. Restart the computer, log in as local admin. 5. Right-click My Computer. Choose Profiles or whatever. 6. Choose your local user, click Copy to. Browse to the DocumentsSettings profile for your domain user (the default one you just created by logging in as that user). Set the Allowed to use to the domain user. Let it copy. 7. Reboot the computer just to be safe, log in as the domain user. Thanks, Mike Partyka Stonepath Logistics Systems Administrator (651)405-4300 Desk (651)208-5734 Cell (651)405-4342 Fax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Best practices for long-running Samba server
Hi all, I have been having the weirdest network browsing problems on my network the past week. Come to find out the wins.dat file got corrupted. Removing that file fixed everything. Because our systems typically have uptimes measured in months rather than days, and it is difficult for me to restart Samba except as a scheduled task (which I'm afraid to do because there are users who come in earlier than I do in the AM and users that work later than me in the PM, and I don't want them having to call me at home :D ), I need to know what the best practice is for the .dat and .tdb files. Is it normal for them to become corrupt over time? Is there some best practice for how often to remove them and let them re-populate? Anything else I should know for a Samba instance that typically runs for months on end without interruption? Thanks in advance, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-tools and sambaPasswordMustChange
Hi all, In my smbldap.conf, I have the following: defaultMaxPasswordAge=90 Therefore I would expect when I add a new user, for it to insert the value 7776000. However it inserts the value 1114351589. And every time a user changes his/her password after it HAS expired (which funnily happens after 30 days not 90), the field is changed to 2147483647. Now maybe I am completely misunderstanding the value, but I thought it was supposed to be # of seconds until the password expires. Can someone give me a clue as to what might be wrong? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Huge problem with roaming profiles
Well, I thought everything was fine! Guess not. Yesterday I was playing with NetBIOS settings trying to get two servers to see each other across subnets. Well, since then, my users are randomly disconnected from the server, and every few times they log out / in, they get a message that their roaming profile wasn't available and a cached copy will be used instead. When that happens they have no connectivity to the CORP domain (they can't even click CORP in their network places) and their login script doesn't get executed. I think this is some name resolution thing, but AFAIK I have put everything back to how it was before. Can anyone think of what I should check? Maybe the broadcast order? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NetBIOS across subnets
Hi all, I would like two Samba servers to be able to talk to each other via NetBIOS. The problem is that they are on two different subnets. I have enabled broadcast ping on the routers, and the servers can each ping the other subnet with no trouble. The two relevant IPs are 192.168.1.101 and 192.168.2.3. There is a T1 between two Cisco routers, and IP routing is all set up. Currently 192.168.1.x is the CORP domain. Samba PDC is acting as the WINS server. 192.168.2.x is the FURN server, and its Samba PDC is acting as its WINS server. My Windows systems in CORP can browse to the FURN domain and see systems in it. My Windows systems in FURN can browse to the CORP domain but can't see any systems in it. Neither of my PDCs can see the other, so they cannot establish a trust. Relevant settings for CORP PDC are: wins support = yes os level = 100 preferred master = yes domain master = yes remote announce = 192.168.2.255/CORP remote browse sync = 192.168.2.255 name resolve order = bcast wins lmhosts host (there is no lmhosts or host) allow trusted domains = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Relevant settings for FURN PDC are: os level = 99 dns proxy = Yes wins support = Yes wins proxy = Yes os level = 100 preferred master = yes domain master = yes local master = yes remote announce = 192.168.1.255/FURN remote browse sync = 192.168.1.255 # I put this one in to try to get it to hear the other server's broadcasts -- did not work interfaces = 127.0.0.1 192.168.2.3/255.255.0.0 name resolve order = bcast wins lmhosts host allow trusted domains = yes Both servers are 3.0.11pre1. Both are DHCP servers as well. They are pushing out netbios server settings to the clients as follows: CORP: option netbios-name-servers 192.168.1.101, 192.168.2.3; option netbios-node-type 8; FURN: option netbios-name-servers 192.168.2.3; option netbios-node-type 8; The fact that FURN is not giving out CORP as a netbios server might be significant why the users can't see CORP's computers, but it doesn't explain why the domains can't see each other. If anybody has any information on how I can make this work I would love it. I did look in Samba 3 By Example but it doesn't really go into the networking side of it at all. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] OT - Software deployment
Hi all, I have been fishing through the archives and have not found a lot of posts about this that were not 'golden oldies.' Do you guys use anything other than brute force to deploy software and updates to your client PCs? I would be interested to know what you are using, whether you use it for initial OS install, software deployment/upgrades, or other things, and roughly how much it costs. Also how many PCs you maintain. My preferences of course run to the free and Opensource options, but I am not sure how far they can take me. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrate from two domains to one
Hi all, I have two different domains right now, separated by a T1. They both use the same LDAP server (on this side of the T1). CORP is the domain with more users, and FURN has only a handful of users. But right now FURN has its own PDC which is storing all of the users' profiles and home directories as well as some other files. I would like to merge those users into the CORP domain, but I want them to use their own server for profiles and home directories, and I want some of their file shares to be available on both sides of the T1. I can do the shares easily by just mounting them locally I guess, but I am not sure how to go about having some users' profiles on one server, and others on another server. Is this possible? Thanks in advance, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Lingering WinXP SP2 issues
On Thursday 13 January 2005 13:11, Paul Gienger wrote: Has anyone else had this behavior? Any fixes (deleting tdb files perhaps)? It's a client side issue, no server changes would fix it aside from making the user a member of Domain Admins, thereby giving local admin. That's most likely not what you REALLY want to do though. It would be solved by using [PRINT$] share and storing all your printer drivers on the server. A normal user will be able to connect to a network printer but won't be able to install any drivers. The only users of mine who have to be administrator are the ones who need to use a printer which will not store its drivers on the server. Misty -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with Samba 3.0.9
On Tuesday 11 January 2005 10:02, David Schlenk wrote: This is a problem through 3.0.10 at least, and possibly 3.0.11pre1 as well. There was a small patch sent to the list yesterday that may help, along with the printing patch from Jerry at http://www.samba.org/~jerry/patches/post-3.0.10/ YMMV. FYI the patches have not helped me yet. It seems they have helped some others. Misty -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [PATCH] printing patch update
On Monday 10 January 2005 09:15, Jerome Borsboom wrote:
In reviewing the recent printing-3-0-10_v2 patch, I think I have
found an omitted 'release_print_db'. The following patch
corrects this.
Regards,
Jerome Borsboom
--- samba-3.0.10/source/printing/printing.c 2005-01-10 15:07:27.060999122
+0100 +++ samba-3.0.10.new/source/printing/printing.c 2005-01-10
15:07:36.784464292 +0100 @@ -1077,6 +1077,7 @@
if ( !print_cache_expired(sharename, False) ) {
DEBUG(5,(print_queue_update_internal: print cache for %s is
still
ok\n, sharename)); + release_print_db( pdb );
return;
}
I tried adding this to printing.c in 3.0.11pre1 and it does not compile:
Compiling printing/printing.c
printing/printing.c: In function `print_cache_expired':
printing/printing.c:1038: warning: passing arg 3 of `tdb_fetch_uint32' from
incompatible pointer type
printing/printing.c: In function `print_queue_update_internal':
printing/printing.c:2713: error: parse error at end of input
printing/printing.c:30: warning: `remove_from_jobs_changed' used but never
defined
make: *** [printing/printing.o] Error 1
Just thought you would like to know,
Misty
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RETRACT: Re: [Samba] [PATCH] printing patch update
This mail was sent in error. The patch does compile.
On Monday 10 January 2005 09:33, Misty Stanley-Jones wrote:
On Monday 10 January 2005 09:15, Jerome Borsboom wrote:
In reviewing the recent printing-3-0-10_v2 patch, I think I have
found an omitted 'release_print_db'. The following patch
corrects this.
Regards,
Jerome Borsboom
--- samba-3.0.10/source/printing/printing.c 2005-01-10 15:07:27.060999122
+0100 +++ samba-3.0.10.new/source/printing/printing.c 2005-01-10
15:07:36.784464292 +0100 @@ -1077,6 +1077,7 @@
if ( !print_cache_expired(sharename, False) ) {
DEBUG(5,(print_queue_update_internal: print cache for %s is
still
ok\n, sharename)); + release_print_db( pdb );
return;
}
I tried adding this to printing.c in 3.0.11pre1 and it does not compile:
Compiling printing/printing.c
printing/printing.c: In function `print_cache_expired':
printing/printing.c:1038: warning: passing arg 3 of `tdb_fetch_uint32' from
incompatible pointer type
printing/printing.c: In function `print_queue_update_internal':
printing/printing.c:2713: error: parse error at end of input
printing/printing.c:30: warning: `remove_from_jobs_changed' used but never
defined
make: *** [printing/printing.o] Error 1
Just thought you would like to know,
Misty
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
FOLLOWUP Re: [Samba] Isolated printer problem
I want to post a followup for this. I solved it and it was not a Samba issue. It was to do with the printer in question (the instance installed on the user's computer) was using a local port called \\myserver\printername, rather than the no visible port setting that Windows 2000 usually has for printers accessed via Samba (on NT the printer will be using a SAMBA port. It was using this local port because of some software that has really bad network printer support and needs it. My solution will be to make a copy of the printer in question, in CUPS, and allow THAT copy to use the local port while the normal instance is configured in the standard way for Samba. As for the other print jobs disappearing so fast, it is ismply because CUPS is esnding the job to the printer much quickly than my users are used to. It also looks like CUPS is using the printer's onboard memory where Novell was not, so between the two things the job disappears really fast. For printers that rae used for manually feed operations a lot, I may need to disable the printer's cache so that the job needing attention will still be visible in the queue. Thanks for your patience, Misty On Tuesday 04 January 2005 17:41, Misty Stanley-Jones wrote: On Tuesday 04 January 2005 16:54, John H Terpstra wrote: Is the 10th user a manager of the printer operators group? No. Nobody is. At log level = 5 what do the logs for that 10th machine show has happened. I suspect you will find your answer there. log level = 5 max log size = 0 log file = /var/log/samba/%m Note: %m gets expanded to the name of the workstation. Of note -- It turns out through testing (rather than taking the user's word for it) that he is not able to see any spooled jobs on any network printer of his. Nothing odd that I can see here except that the message gets sent to the plotter 8 times ... maybe that is normal... Spewed here: [2005/01/04 17:21:11, 5] printing/notify.c:print_notify_send_messages_to_printer(169) print_notify_send_messages_to_printer: sending 8 print notify messages to printer plotter [2005/01/04 17:21:46, 3] smbd/process.c:process_smb(1092) Transaction 71331 of length 39 [2005/01/04 17:21:46, 5] lib/util.c:show_msg(461) [2005/01/04 17:21:46, 5] lib/util.c:show_msg(471) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=129 smb_mid=14665 smt_wct=0 smb_bcc=0 [2005/01/04 17:21:46, 3] smbd/process.c:switch_message(887) switch message SMBtdis (pid 25406) conn 0x83dc9c8 [2005/01/04 17:21:46, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:21:46, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:21:46, 4] smbd/vfs.c:vfs_ChDir(654) vfs_ChDir to /data/samba/netlogon [2005/01/04 17:21:46, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:21:46, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:21:46, 1] smbd/service.c:close_cnum(836) w2kgreg (192.168.1.57) closed connection to service netlogon [2005/01/04 17:21:46, 3] smbd/connection.c:yield_connection(69) Yielding connection to netlogon [2005/01/04 17:21:46, 4] smbd/vfs.c:vfs_ChDir(654) vfs_ChDir to / [2005/01/04 17:21:46, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:21:46, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:21:46, 5] lib/util.c:show_msg(461) [2005/01/04 17:21:46, 5] lib/util.c:show_msg(471) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=129 smb_mid=14665 smt_wct=0 smb_bcc=0 [2005/01/04 17:22:20, 3] smbd/process.c:process_smb(1092) Transaction 71332 of length 39 [2005/01/04 17:22:20, 5] lib/util.c:show_msg(461) [2005/01/04 17:22:20, 5] lib/util.c:show_msg(471) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1
Re: [Samba] Isolated printer problem
Well this problem is not as isolated as first believed. I also have some XP users who can't see the print jobs. Everyone can _print_, they just cannot monitor or cancel any jobs, even their own. Could it be because of the permissions of the print jobs: -rw--- 1 nobody nobody539635 Dec 28 13:35 smbprn.0204.4XCc7j -rw--- 1 jeremy Domain Users 3462536 Dec 29 15:02 smbprn.0210.4x6DlV -rw--- 1 nobody nobody228372 Jan 4 10:13 smbprn.0538.CmELlI -rw--- 1 nobody nobody 87461 Jan 4 15:15 smbprn.0573.M4bJzk Shouldn't those jobs be readable by everyone? Also if a job gets submitted as a guest, would anyone be able to delete it, or would no-one? I've taken away guest access on all the printers and added create mode = 644 to every printer share. We will see if that helps. Misty On Tuesday 04 January 2005 17:41, Misty Stanley-Jones wrote: On Tuesday 04 January 2005 16:54, John H Terpstra wrote: Is the 10th user a manager of the printer operators group? No. Nobody is. At log level = 5 what do the logs for that 10th machine show has happened. I suspect you will find your answer there. log level = 5 max log size = 0 log file = /var/log/samba/%m Note: %m gets expanded to the name of the workstation. Of note -- It turns out through testing (rather than taking the user's word for it) that he is not able to see any spooled jobs on any network printer of his. Nothing odd that I can see here except that the message gets sent to the plotter 8 times ... maybe that is normal... Spewed here: [2005/01/04 17:21:11, 5] printing/notify.c:print_notify_send_messages_to_printer(169) print_notify_send_messages_to_printer: sending 8 print notify messages to printer plotter [2005/01/04 17:21:46, 3] smbd/process.c:process_smb(1092) Transaction 71331 of length 39 [2005/01/04 17:21:46, 5] lib/util.c:show_msg(461) [2005/01/04 17:21:46, 5] lib/util.c:show_msg(471) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=129 smb_mid=14665 smt_wct=0 smb_bcc=0 [2005/01/04 17:21:46, 3] smbd/process.c:switch_message(887) switch message SMBtdis (pid 25406) conn 0x83dc9c8 [2005/01/04 17:21:46, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:21:46, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:21:46, 4] smbd/vfs.c:vfs_ChDir(654) vfs_ChDir to /data/samba/netlogon [2005/01/04 17:21:46, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:21:46, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:21:46, 1] smbd/service.c:close_cnum(836) w2kgreg (192.168.1.57) closed connection to service netlogon [2005/01/04 17:21:46, 3] smbd/connection.c:yield_connection(69) Yielding connection to netlogon [2005/01/04 17:21:46, 4] smbd/vfs.c:vfs_ChDir(654) vfs_ChDir to / [2005/01/04 17:21:46, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:21:46, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:21:46, 5] lib/util.c:show_msg(461) [2005/01/04 17:21:46, 5] lib/util.c:show_msg(471) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=129 smb_mid=14665 smt_wct=0 smb_bcc=0 [2005/01/04 17:22:20, 3] smbd/process.c:process_smb(1092) Transaction 71332 of length 39 [2005/01/04 17:22:20, 5] lib/util.c:show_msg(461) [2005/01/04 17:22:20, 5] lib/util.c:show_msg(471) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=163 smb_mid=14729 smt_wct=0 smb_bcc=0 [2005/01/04 17:22:20, 3] smbd/process.c:switch_message(887) switch message SMBtdis (pid 25406) conn 0x840fa48 [2005/01/04 17:22:20, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:22:20, 5] auth
[Samba] Samba and Cups interaction
While trying to solve my printer problem, I have come up with another question that Google is not helping me with. What happens to a print job after Samba submits it to Cups? Is it 'finished' even though Cups is still printing it? Is that why my users aren't seeing their print jobs, because Cups has already snatched them and Samba assumes they are done? I would much rather if the user could see the print job through its whole life, and could cancel it if they wanted to (if it was 1000 pages long and they realized that someone had put stationery in the printer for instance)? This level of things is not covered in the docs to the best that I can find. :( Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Cups interaction
On Wednesday 05 January 2005 15:22, David Schlenk wrote: Even beyond the was cups support compiled in question, it is possible to not see jobs for their entire life in the samba queue: If the cups server you are using in conjunction with samba sends jobs directly to the printer, then the job should remain in the samba queue for the life of the job. If however you have separate cups server(s) that actually send jobs to printers and a local copy of cups on the samba box that just sends the jobs to the other cups server(s), then the job will only remain in the samba queue for the (short) amount of time it takes your local cups server to send the job to other cups servers, since all samba knows . [This setup allows you to have redundant/load balancing cups servers.] I believe you can specify a non-local cups server in the 3.x series of samba, but I don't remember the corresponding smb.conf parameters off-hand. [And doing this would make redundant/load balancing not work, unless you wanted to go round-robin DNS style, but that isn't quite the same thing.] This is interesting. The CUPS server is on the same machine as the Samba server. All I have in smb.conf is printing = cups and printcap = cups -- I have no directive telling it where to look for the CUPS server. Now I am pretty sure that a CUPS server is also a CUPS client locally. So I am wondering if this is what's happening and if I need to tell CUPS to send the jobs directly to the printer, rather than sending them to itself in a client-server kind of way. Misty -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Thank you! Upgrade from Novell 4.11 is complete
I just wanted to write to you guys and thank you for all of your help and hand-holding as I upgraded our company's file server from a Pentium 200mmx running Novell 4.11 to a nice P4 server running Linux and Samba 3.0.9. It took from September to the end of December to accomplish it, but I have gotten compliments from several users about how smooth the transition was. My environment includes every version of Windows since (and including) Windows 95. I even have a computerized saw on my network, and it is happily getting its cut files from the Samba server. I only have about 60 users, so I guess it is a much smaller install than most. But Samba is running extremely lean, and not bogging the server down at all. Below is a brief summary of what I did: 1. Used 'rsync' to keep all of the data on the new server up-to-date with what was on the Novell server so the users would not lose any data in the transition. 2. Completely rearranged the shares and the way they are presented to much users, while providing some shares to certain users who needed to see certain drive letters for their ancient (RBase, QBasic) applications to work. 3. Improved security and eliminated home directories for users who have not worked here for years and years. 4. All printer drivers except for the pen plotter are now stored on the server. Printing via CUPS+Samba, and the print performance has outstripped the Novell print server by thousands of percents. 5. LDAP for authentication to not only Samba, but most UNIX servers, incoming and outgoing mail servers, and implemented a searchable white-pages while I was at it. 6. I am using Kixtart for login scripts. Drive letters are assigned based on group membership and machine type, and roaming profiles are implemented with folder redirection for non-laptop machines. My users are very very happy, and my boss is extremely pleased with the price-point and the performance. I just wanted to let you guys hear of a Samba success story. I will be happy to offer any advice for what I have learned along the way. Appreciatively, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Isolated printer problem
Hi all, I've got one printer on our network where the drivers have to be installed locally. This has been a pain in the butt so far, and today is no different. I've got 10 users using this printer on Windows 2000. They are all administrators on their local machines. I installed the printer on each of their systems by browsing to \\server\, opening the Printers folder, right-clicking the printer, and clicking Install. I get asked if I want to use the local driver, I say yes. The driver installs, and on 9 out of the 10 computers all is well. On the 10th computer, the user can print to the printer just fine, but cannot see any jobs in the queue. His jobs are visible to other users, but he can't see anyone's jobs. Another odd side-effect on his computer is that he cannot change any of the Printing Defaults such as whether the job starts printing before it has finished spooling. He just gets an error that says Settings could not be changed. I would expect him to get such an error if he is using a driver installed on the server, but not if he used a driver from his local system, and he is an administrator. Sorry if this is a simple one but I haven't seen it before. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Isolated printer problem
On Tuesday 04 January 2005 16:54, John H Terpstra wrote: Is the 10th user a manager of the printer operators group? No. Nobody is. At log level = 5 what do the logs for that 10th machine show has happened. I suspect you will find your answer there. log level = 5 max log size = 0 log file = /var/log/samba/%m Note: %m gets expanded to the name of the workstation. Of note -- It turns out through testing (rather than taking the user's word for it) that he is not able to see any spooled jobs on any network printer of his. Nothing odd that I can see here except that the message gets sent to the plotter 8 times ... maybe that is normal... Spewed here: [2005/01/04 17:21:11, 5] printing/notify.c:print_notify_send_messages_to_printer(169) print_notify_send_messages_to_printer: sending 8 print notify messages to printer plotter [2005/01/04 17:21:46, 3] smbd/process.c:process_smb(1092) Transaction 71331 of length 39 [2005/01/04 17:21:46, 5] lib/util.c:show_msg(461) [2005/01/04 17:21:46, 5] lib/util.c:show_msg(471) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=129 smb_mid=14665 smt_wct=0 smb_bcc=0 [2005/01/04 17:21:46, 3] smbd/process.c:switch_message(887) switch message SMBtdis (pid 25406) conn 0x83dc9c8 [2005/01/04 17:21:46, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:21:46, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:21:46, 4] smbd/vfs.c:vfs_ChDir(654) vfs_ChDir to /data/samba/netlogon [2005/01/04 17:21:46, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:21:46, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:21:46, 1] smbd/service.c:close_cnum(836) w2kgreg (192.168.1.57) closed connection to service netlogon [2005/01/04 17:21:46, 3] smbd/connection.c:yield_connection(69) Yielding connection to netlogon [2005/01/04 17:21:46, 4] smbd/vfs.c:vfs_ChDir(654) vfs_ChDir to / [2005/01/04 17:21:46, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:21:46, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:21:46, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:21:46, 5] lib/util.c:show_msg(461) [2005/01/04 17:21:46, 5] lib/util.c:show_msg(471) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=129 smb_mid=14665 smt_wct=0 smb_bcc=0 [2005/01/04 17:22:20, 3] smbd/process.c:process_smb(1092) Transaction 71332 of length 39 [2005/01/04 17:22:20, 5] lib/util.c:show_msg(461) [2005/01/04 17:22:20, 5] lib/util.c:show_msg(471) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=163 smb_mid=14729 smt_wct=0 smb_bcc=0 [2005/01/04 17:22:20, 3] smbd/process.c:switch_message(887) switch message SMBtdis (pid 25406) conn 0x840fa48 [2005/01/04 17:22:20, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:22:20, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:22:20, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:22:20, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:22:20, 4] smbd/vfs.c:vfs_ChDir(654) vfs_ChDir to /tmp [2005/01/04 17:22:20, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/04 17:22:20, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/01/04 17:22:20, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/01/04 17:22:20, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/04 17:22:20, 3] smbd/service.c:close_cnum(836) w2kgreg (192.168.1.57) closed connection to service IPC$ [2005/01/04 17:22:20, 3] smbd/connection.c:yield_connection(69)
[Samba] Login scripts and Win9x clients
Hi all, I have two systems using Win98 and one using Win95. These three systems do not automatically execute their login scripts. I can map the network drives manually and tell them to reconnect at login, but I am wondering why they don't execute them. I can log in, browse to my netlogon share (if I make it browseable), and execute the script manually, and it works. Well, it mostly works, but I Think that's an issue with Kixtart. Is there something extra that I need to do for Win9x? I haven't really found anything about it. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login scripts and Win9x clients
I found the answer to this. For some reason in Win9x I have to give the full path to the Kixtart script (my netlogon.bat contains \\corpsrv\netlogon\kix32 \\corpsrv\netlogon\logon.kix /f) for Win9x to find it. Now if only I could get Win9x to work with groups. I found the following on the Kixtart website but can't quite parse it, so I thought I would paste it here and see if anyone knows: Because Windows 9x, does not know how to handle RPC (Remote Procedure Calls), you have to setup the Account Groups for your users to use Local Groups e.g. ACCOUNTING_LOCAL (These Local Groups can be a member of the Global Group e.g. ACCOUNTING) and you will need to reference these in the script. Do they mean to make a local group on the Win9x box? I didn't think Win9x had groups. Misty On Thursday 23 December 2004 15:21, Misty Stanley-Jones wrote: Hi all, I have two systems using Win98 and one using Win95. These three systems do not automatically execute their login scripts. I can map the network drives manually and tell them to reconnect at login, but I am wondering why they don't execute them. I can log in, browse to my netlogon share (if I make it browseable), and execute the script manually, and it works. Well, it mostly works, but I Think that's an issue with Kixtart. Is there something extra that I need to do for Win9x? I haven't really found anything about it. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NTVDM errors after joining domain
Hi all, One of my very last users to move from the Novell server to the Samba domain runs some applications using Rbase version 2! Yes, we are trying to get away from it but it is taking some time. Anyway he had local administrator on his machine and the applications worked fine. Now no matter if he has administrator or not, he gets NTVDM errors. If I try to play around with the memory settings (in the DOS program properties) the NTVDM errors go away, but the DOS prompt just disappears right away, even if I tell it not to close on Exit. This is on Windows NT that he is running these 16-bit programs. The two things that have changed are: 1. The apps now live on an EXT3 fs instead of DOS fs. 2. The user now logs into an NT domain instead of a Novell bindery. The user's local rights are exactly the same, and the user's profile was imported through Windows NT. Any ideas would be most helpful. Not surprisingly it is very difficult to find anyone who knows much about RBase these days! Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Way to salvage profiles after domain rejoin?
On Thursday 16 December 2004 11:26, Jason Balicki wrote: I have determined what my old SID is, but how, exactly, do I go about resetting the SID to the old value? I've been googling for a bit, but I haven't found anything yet. net setlocalsid old_sid Misty Thank you very much, Paul, BTW. :) --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trusted domain problem (maybe networking)
On Tuesday 14 December 2004 21:36, you wrote: I set remote browse sync to the 'broadcast' address of the remote network... i.e. Network A 192.168.0.0/255.255.255.0 broadcast address is 192.168.0.255 Network B 192.168.1.0/255.255.255.0 broadcast address is 192.168.1.255 smb.conf on server on Network A remote browse sync = 192.168.1.255 smb.conf on server on Network B remote browse sync = 192.168.0.255 I had it like this at first. I've put it back for shits and giggles. and lastly, clients are set to use wins server This is already in place via dhcpd. and dhcpd of clients sets 'option netbios-node-type 8;' #broadcast I've put this in just for fun. But by the way, I am trying the nmblookup command on the Samba servers themselves, which also act as DHCP servers and hence do not use DHCP to get their IP information. Make your changes, shutdown samba, delete wins.dat and restart samba Can't do this until after 5PM today. I will let y'all know the results. I didn't try deleting wins.dat yesterday. Misty Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trusted domain problem (maybe networking)
Additional information embedded below: On Tuesday 14 December 2004 15:30, Misty Stanley-Jones wrote: Hello, I have spent the afternoon learning how to configure my routers to allow directed-broadcast with an access list, so that I can allow two different domains on different subnets to trust each other. Now I can do a broadcast ping from either subnet to the other, and I can also do smbclient -L remote_pdc and get the shares, from one side. From the other side I cannot. Let me clarify here. PDC A is called CORPSRV, controls domain CORP, and has IP address 192.168.1.101 PDC B is called FURNSRV, controls domain FURN, and has IP address 192.168.2.3 From CORPSRV, I can broadcast ping to 192.168.2.255 (and 192.168.2.3 answers) and I can successfully do smbclient -L FURNSRV. From FURNSRV, I can broadcast ping to 192.168.1.255, but cannot do smbclient -L CORPSRV. I get no errors on CORPSRV, but FURNSRV says the following: furnsrv:~ # smbclient -L CORPSRV Connection to CORPSRV failed I forgot that smbclient looks at the DNS name, not the NETBIOS name. The DNS name of CORPSRV is oink.corp for various reasons. Anyway smbclient -L works for the DNS name. So the above problem is not actually a problem. Each PDC is acting as the WINS server for its subnet.Below are relevant portions of the smb.conf files: CORPSRV - wins support = yes domain logons = yes os level = 100 preferred master = yes domain master = yes remote announce = 192.168.2.255/CORP remote browse sync = 192.168.2.255 FURNSRV - wins support = Yes wins proxy = Yes os level = 100 preferred master = yes domain master = yes local master = yes remote announce = 192.168.1.255/FURN remote browse sync = 192.168.1.255 name resolve order = wins bcast host I can't really remember why I have all the settings on FURNSRV so I didn't add them all to CORPSRV just because they are there. It looks like from the docs that I should only have one wins support = Yes but I'm not sure if that's per subnet or not. Any advice would be appreciated. Here is some output from net rpc trustdom commands: CORPSRV: oink:/data/samba/log # net rpc trustdom list Password: Trusted domains list: none Trusting domains list: FURN Unable to find a suitable server domain controller is not responding oink:/data/samba/log # net rpc trustdom establish FURN [2004/12/14 16:37:34, 0] utils/net_rpc.c:rpc_trustdom_establish(4328) Couldn't find domain controller for domain FURN FURNSRV: furnsrv:/usr/local/samba/var/userlog # net rpc trustdom list Password: Trusted domains list: none Trusting domains list: CORP Unable to find a suitable server domain controller is not responding furnsrv:/usr/local/samba/var/userlog # net rpc trustdom establish CORP [2004/12/14 16:38:34, 0] utils/net_rpc.c:rpc_trustdom_establish(4328) Couldn't find domain controller for domain CORP So it does not seem to be a networking issue but more of a Samba configuration issue, unless for some odd reason my routers need to also be told to route NETBIOS commands. Do you think so? Misty Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trusted domain problem (maybe networking)
On Tuesday 14 December 2004 16:57, Ryan Novosielski wrote: I do the same thing. I would set your remote browse sync, however, to the other server. What I do on my two WINS servers (on different campuses) is: On server A: remote browse sync = serverb.ip.address.here On server B: remote browse sync = servera.ip.address.here I tried this and still it does not work. The funny thing is that tcpdump does show me some netbios traffic between the two servers but it doesn't seem to be the -right- traffic. 'nmblookup' does not work across the subnets for some reason. I even tried adding a subnet mask of 255.255.0.0 into the interfaces directive so that the nmb's would listen on both 192.168.1.x and 192.168.2.x, but still no dice. Misty _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 14 Dec 2004, Misty Stanley-Jones wrote: Hello, I have spent the afternoon learning how to configure my routers to allow directed-broadcast with an access list, so that I can allow two different domains on different subnets to trust each other. Now I can do a broadcast ping from either subnet to the other, and I can also do smbclient -L remote_pdc and get the shares, from one side. From the other side I cannot. Let me clarify here. PDC A is called CORPSRV, controls domain CORP, and has IP address 192.168.1.101 PDC B is called FURNSRV, controls domain FURN, and has IP address 192.168.2.3 From CORPSRV, I can broadcast ping to 192.168.2.255 (and 192.168.2.3 answers) and I can successfully do smbclient -L FURNSRV. From FURNSRV, I can broadcast ping to 192.168.1.255, but cannot do smbclient -L CORPSRV. I get no errors on CORPSRV, but FURNSRV says the following: furnsrv:~ # smbclient -L CORPSRV Connection to CORPSRV failed I think this is why the 'net rpc trustdom commands fail. But they fail on both sides. Each PDC is acting as the WINS server for its subnet.Below are relevant portions of the smb.conf files: CORPSRV - wins support = yes domain logons = yes os level = 100 preferred master = yes domain master = yes remote announce = 192.168.2.255/CORP remote browse sync = 192.168.2.255 FURNSRV - wins support = Yes wins proxy = Yes os level = 100 preferred master = yes domain master = yes local master = yes remote announce = 192.168.1.255/FURN remote browse sync = 192.168.1.255 name resolve order = wins bcast host I can't really remember why I have all the settings on FURNSRV so I didn't add them all to CORPSRV just because they are there. It looks like from the docs that I should only have one wins support = Yes but I'm not sure if that's per subnet or not. Any advice would be appreciated. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trusted domain problem (maybe networking)
Hello, I have spent the afternoon learning how to configure my routers to allow directed-broadcast with an access list, so that I can allow two different domains on different subnets to trust each other. Now I can do a broadcast ping from either subnet to the other, and I can also do smbclient -L remote_pdc and get the shares, from one side. From the other side I cannot. Let me clarify here. PDC A is called CORPSRV, controls domain CORP, and has IP address 192.168.1.101 PDC B is called FURNSRV, controls domain FURN, and has IP address 192.168.2.3 From CORPSRV, I can broadcast ping to 192.168.2.255 (and 192.168.2.3 answers) and I can successfully do smbclient -L FURNSRV. From FURNSRV, I can broadcast ping to 192.168.1.255, but cannot do smbclient -L CORPSRV. I get no errors on CORPSRV, but FURNSRV says the following: furnsrv:~ # smbclient -L CORPSRV Connection to CORPSRV failed I think this is why the 'net rpc trustdom commands fail. But they fail on both sides. Each PDC is acting as the WINS server for its subnet.Below are relevant portions of the smb.conf files: CORPSRV - wins support = yes domain logons = yes os level = 100 preferred master = yes domain master = yes remote announce = 192.168.2.255/CORP remote browse sync = 192.168.2.255 FURNSRV - wins support = Yes wins proxy = Yes os level = 100 preferred master = yes domain master = yes local master = yes remote announce = 192.168.1.255/FURN remote browse sync = 192.168.1.255 name resolve order = wins bcast host I can't really remember why I have all the settings on FURNSRV so I didn't add them all to CORPSRV just because they are there. It looks like from the docs that I should only have one wins support = Yes but I'm not sure if that's per subnet or not. Any advice would be appreciated. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap machine suffix = ou=Computers vs ou=Users
On Thursday 09 December 2004 14:50, Chuck Theobald wrote: John, I use: ldap group suffix = ou=group ldap machine suffix = ou=people ldap user suffix = ou=people because the docs I was following stated that there was a bug in Samba that prevented a group suffix of ou=computers from working. I can't put my hands on this doc right now, though. Perhaps someone could comment on whether this issue is resolved in 3.0.9 or whether it was an issue at all. Chuck It hasn't been an issue for a long time now. I don't remember if it was with Samba or smbldap-tools. But you need to be using a newer smbldap-tools (ones that do not end in .pl). Misty At 06:44 AM 12/9/2004, John Schmerold wrote: The SBMLDAP howto ( http://www.idealx.org/prj/samba/smbldap-howto.en.html ) states that: ldap machine suffix = ou=Computers Is the correct approach to defining machines in the LDAP directory. Yet the advise offered by this group seems to be that, no we should be using : ldap machine suffix = ou=Users We are having problems with a new server that have been attributed to our use of the FAQ's approach will change back to this group's approach, however I'd like to know if anyone know's why there's a discrepancy why the FAQ says one thing the group another. Not trying to start any kind of holy war, just seeking to understand so my systems work correctly. TIA John PS: I suspect different versions of Samba have different answers to above. I'm working with Samba version 3.0.9-1.fc3 I believe this is latest greatest. Speaking for myself, I'm most interested in answer to above in the context of latest version of Samba. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Stale file locks
Hi all, I've had just a couple instances so far where a user has closed a file, but fuser still reports it open, and when I look at the pid it reports, it's a smbd process. If I kill the process, other users can open the file. Is there a way that I can debug why this is happening? Samba 3.0.9 with ext3 filesystem underlying. Thanks for any ideas, as this is one of those things that just makes Samba look less robust than I know it actually is. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles - exclude Application Data from roaming profile
On Tuesday 07 December 2004 20:19, Brett Carruthers wrote: I would still like to know how to exclude the Application Data from roaming profiles on a whole samba server basis. Also, how hard is it to have some users not use a roaming profile but others continuing to use a roaming profile? Use Kixtart to edit the registry of each user at initial login to redirect Application Data folder to the user's network home directory. Misty Regards, Brett rruegner wrote: Brett Carruthers schrieb: Hello All, I have a problem with my roaming profiles where they are becoming too large due to the Thunderbird mail accounts (stored by default) in Application Data. What I would like to do is exclude this directory from being part of the roaming profile. How can I do this? Also, how hard is it to have some users not use a roaming profile but others continuing to use a roaming profile? We have some laptop users that don't need roaming but office staff which do benefit from the use of roaming profiles. Thanks in advance, Brett Carruthers Hi, choose the folder of storing mail file in the account settings of thunderbird , or better use imap if possible 8 so you dont have to download mail ) consult thunderbird help faqs, if you got in trouble with firebird cache, you can set another folder for cache in default.ini ( i thought this was the name , look in the help files here too ) or minimize it, this should solve profile problems. a good place for all this stuff may be the home directory of the user on the samba server , or a place on clients computer local storage if this fits to your security Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] profiles migration
On Wednesday 08 December 2004 09:01, Thomas Constans wrote: hello i am actually working on migrating a windows 2000 active directory to samba v3, ldap backend so far i have successfully vampirized account information in my ldap tree. i am looking for a way to migrate roaming profiles. simple copy does not work ( it complains about files being in use ). moving profile from system properties is not automated enough since it is on a per user basis. Change the SID of the new PDC to be the same sid that the AD server has. Then the simple copy (zip them up and scp is more likely) will work. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA or CUPS printing an extra page
I don't know which software to blame. Two of my Windows XP users get an extra page of output every time they print to our HP 8500 color laserjet. The driver is in print$ on the server. I do not believe that _all_ of the XP users are having the problem, which is strange. But it's wasting a lot of paper and they are complaining. If it's SAMBA do you guys have any ideas how I can troubleshoot it? Here are my SAMBA printing details: [global] printing = cups printcap = cups printcap cache time = 60 print command = /usr/bin/lpr -P %p -o raw %s -r load printers = yes force printername = yes printer admin = @Domain Admins [print$] comment = Printer Drivers Share path = /data/samba/drivers write list = root browseable = no [printers] comment = All Printers path = /data/samba/spool public = yes guest ok = yes writeable = no printable = yes browseable = yes printer admin = @Domain Admins ## Specific printers that need extra permissions [acct_hp8500] copy = printers comment = Accounting Color Laser Printer path = /data/samba/spool/private public = no valid users = @acct @acct_admin @hr @Domain Admins dwayne terri danae browseable = yes Thanks for any help, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Removing printers and faxes folder from windows explorer
Why do people care if the 'printers and faxes' folder shows up ? On the same note, is there a way to get the PrintersFaxes to show up, but NOT have the printers show up at the share level (\\servername)? I hate how cluttered it makes that look. If I remember right, making them not browseable takes away all access to seeing the printers. Misty cheers, jerry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SAMBA or CUPS printing an extra page
On Wednesday 08 December 2004 15:48, Robert M. Martel wrote: Anyway, once the default for CUPS and the default for MS Windows had the same setting the extra page issue went away. This was it! As soon as I turned duplex off for CUPS it stopped printing out the extra page. Thanks much! Misty -Bob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Desperately need help with two printer issues
I just moved a new user onto my Samba server. He needs two things, and neither of them work! 1. When he tries to access one of the printers, he gets Access denied. Only for one of them. I can't find anything in the logs. When I try to access the printer as his user, I get: [2004/12/06 11:16:59, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) I don't think it's right. I have no idea why it's doing that. He is a local admin but a domain admin. Also this printer needs to have the drivers installed locally, though most of the printers have their drivers on the server. 2. He needs some of the printers to map to local lpt ports. In the login script I'm using net use LPT1: \\server\printer but when I go into printer properties, I don't see it mapped to a local port. Am I doing it wrong? Before, we used Novell, and use the Novell printer port capture facility. It is a W2K client, server has Samba 3.0.9 with CUPS printing. Thanks in advance, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Desperately need help with two printer issues
In addition to the below, I also just found out that he is actually able to print to the queue, even though he is not able to open the printer from Printers. On Monday 06 December 2004 11:26, Misty Stanley-Jones wrote: I just moved a new user onto my Samba server. He needs two things, and neither of them work! 1. When he tries to access one of the printers, he gets Access denied. Only for one of them. I can't find anything in the logs. When I try to access the printer as his user, I get: [2004/12/06 11:16:59, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) I don't think it's right. I have no idea why it's doing that. He is a local admin but a domain admin. Also this printer needs to have the drivers installed locally, though most of the printers have their drivers on the server. 2. He needs some of the printers to map to local lpt ports. In the login script I'm using net use LPT1: \\server\printer but when I go into printer properties, I don't see it mapped to a local port. Am I doing it wrong? Before, we used Novell, and use the Novell printer port capture facility. It is a W2K client, server has Samba 3.0.9 with CUPS printing. Thanks in advance, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] root ownership on some profile files cause login errors
On Thursday 02 December 2004 19:10, Justin Zachor wrote: Okay, I'm making progress... here's a better directed question: The problem is that when a profile is created on the Samba server (pushed up from the Win2K client by Copy To... dialog, run as Local Admin) some of the profile files are owned by root and not readable by group or other. This task is performed by a local Administrator, and using my account zippy as the PDC admin login (admin users = @ntadmin) (I'm in Unix group 'ntadmin') The process I have found that works for copying the profiles around is: 1. Set up the user's account in Samba. 2. Log in as the user on the user's workstation. 3. Log out and log back in as LOCAL administrator. 4. In the Copy To dialog, choose the c:\documents and settings\username directory, not the \\server\profiles\username share. 5. Log out as local administrator, log in as domain user. This has worked flawlessly for me every time on W2K and WXP. I cannot take the credit for it as it was another user on this list that gave me the exact process. I've never had root owning any of the files in the user's profile if I do it this way. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: netlogin scripts
On Thursday 02 December 2004 07:32, DA Forsyth wrote: well, you can use some free utils to fix that. I am using 'putinenv.exe' in my Win98 scripts to get what I need. I use winset.exe (off the Win98 CD) to set master environment variables and 'setenv.exe' on W2K for the same job. I have split my scripts into 2 sections. one bit is loginall.bat that is run for everyone. it is called from LGNusername.bat which then goes on to do user specific stuff. I have not tried to integrate with the unix groups tha I am using, instead I keep a separate file with settings in it which is parsed by an AWK script to generate the login scripts. this does mean that now and then I forget to correlate actual group members to the data file, but I plan to fix that sometime. At the moment the server has been up (we switched from Novell last Thursday) nearly a week so I'm not changing too much at this point That is a huge amount of work and a lot of extra utilities to do something that Kixtart does natively. All it takes is one program to run login scripts for all OS's (you can use case statements or if/then constructs to test for what OS you are running if you need it for some setting), map network drives, change registry settings, add registry settings (your own custom ones perhaps?), copy files, install programs, everything you would wish to do. I 'learned' Kixtart in a couple hours and had my login scripts up and running in no time. My login scripts are not trivial -- I have an initial set-up phase for first-time logins, I copy old My Documents to the server profile for non-laptop users, I set up printer connections automatically, and other things. I don't understand why you would cobble together something that depends on more than one .exe being present and functioning, and only works on certain OS's, when there is something so easy and so free out there. :) Just my .02 of course. Misty -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File permissions changing
Hi all, This doesn't happen with UNIX so I am at a loss. I've got a directory where the directory mode is 770. All the files within it were manually set to 660 permissions and the create mode on the share is 660. However, when a user opens a file, changes it, and saves it, they become the owner (ok) and the mode becomes 640! Hence, the next person comes to me and says That file is read-only again! What is going on here? I can understand the permissions reverting while someone is IN the file, but shouldn't they go back when they close it? Samba 3.0.9, Linux 2.6.5. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cannot change user password with CTRL-ALT-DEL
On Tuesday 30 November 2004 10:53, g s wrote: Has anyone found a resolution to this problem? I am curiousif there is a reg hack or something to correct this behavior. Thanks for anyhelp. Running Samba 2.2.8a-13mdk on mandrake 9.2 with WinXPpro clients. Sambais the PDC. This works for me in 3.0.x. I actually didn't know until yesterday because I forgot to test it, and I had a user call me and ask How do I change my password? I told them, crossed my fingers, and it worked. I did not even have to put anything special in smb.conf, just pam passwd change = yes and ldap passwd sync = yes which would be replaced by unix password sync = yes if you are using /etc/passwd backend. Misty - Do you Yahoo!? The all-new My Yahoo! Get yours free! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions Problem
Hi all, I've got a share called [ACCOUNTING] with the following share definition: [ACCOUNTING] path = /data/samba/shares/Accounting valid users = @acct @Domain Admins browseable = yes public = no read only = no force group = acct Here is the permissions on the directory: oink:/data/samba/shares # ls -ld /data/samba/shares/Accounting drwxrwxr-x 9 root acct 4096 Nov 29 09:30 /data/samba/shares/Accounting Here is the permissions on a file in the directory: -rwxrwxrwx 1 root acct 904192 Nov 29 09:48 /data/samba/shares/Accounting/Invoice Recap.xls The permissions on this file look fine from within Windows Explorer \ properties \ Security. They look fine on the UNIX side. But in Excel, this file is always opened as read-only. I have verified that the user in question is in the acct group. Also the 'fuser' command does not report anyone using the file. I would appreciate any help in figure out what has gone wrong here. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions Problem
On Monday 29 November 2004 10:03, Misty Stanley-Jones wrote: Hi all, I've got a share called [ACCOUNTING] with the following share definition: [ACCOUNTING] path = /data/samba/shares/Accounting valid users = @acct @Domain Admins browseable = yes public = no read only = no force group = acct Here is the permissions on the directory: oink:/data/samba/shares # ls -ld /data/samba/shares/Accounting drwxrwxr-x 9 root acct 4096 Nov 29 09:30 /data/samba/shares/Accounting Here is the permissions on a file in the directory: -rwxrwxrwx 1 root acct 904192 Nov 29 09:48 /data/samba/shares/Accounting/Invoice Recap.xls The permissions on this file look fine from within Windows Explorer \ properties \ Security. They look fine on the UNIX side. But in Excel, this file is always opened as read-only. I have verified that the user in question is in the acct group. Also the 'fuser' command does not report anyone using the file. I would appreciate any help in figure out what has gone wrong here. New info to add: If I access the share as \\corpsrv\accounting, I can write to the files. If I access it via its drive letter I cannot. I've just mapped it via the command: net use m: \\corpsrv\accounting Also it is not just Excel. I've tried to open a text file with Notepad and I get the same results. Any ideas? Thanks, Misty Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions Problem
On Monday 29 November 2004 10:52, robert wrote: Well, two ideas. First try shortening the share name. I've seen problems on some clients (you didn't say which client you are using) with the longer share names and ones that use a hyphen (not the case here). Second, I did find a KB article 838895 (http://support.microsoft.com/default.aspx?scid=kb;en-us;838895) which may describe your problem. Even if that's not the version of excel you are using, it might still be accurate (M$ doesn't always issue articles for bugs they know about). I might buy it, but: 1. The problem is also exhibited with Notepad. 2. The share name is only 10 letters long. I have not heard of problems with shares that long, especially with WinXP and Win2K clients. Still looking, Misty -- Fail to learn history-repeat it. Fail to learn rights-lose them. Learn both-get screwed by previous two groups. Public key is at http://home.swbell.net/berzerke/robert.key Fingerprint: 0D70 9ADF B5A7 45E7 A853 4B1C 8E0F 4324 C39D 44A2 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-usermod over ssh
Hi all, I'm writing a script, and one thing it does is the following: ssh [EMAIL PROTECTED] /usr/local/sbin/smbldap-usermod -a -P some.samba.user If I left off the -P all works fine. With the -P it does not prompt me for the password on my screen, but it seems to have done it on the host I am ssh'ing to. I straced the command on that host and I am stuck at a read() call. However, I can't see the password prompt or type in the password either. What I would really like to do anyway is pass the password as a parameter, since I will be getting the password from input to the script. But I don't see it as one of the valid options for smbldap-usermod. Is anyone doing a similar thing and if so, can you offer me wisdom? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-usermod over ssh
On Wednesday 24 November 2004 09:34, Misty Stanley-Jones wrote: Hi all, I'm writing a script, and one thing it does is the following: ssh [EMAIL PROTECTED] /usr/local/sbin/smbldap-usermod -a -P some.samba.user I RTFM and discovered the -t option to ssh. It works now. Can't seem to figure out how to send the password from a script though. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.x, Crystal Reports, roaming profiles
Hi, I'm not sure who to blame for this one. I've got a user who I have just last week moved to our Samba PDC. He has a roaming profile. He has noticed that when he uses Seagate Crystal Reports, his Recent Documents portion (under the File menu) gets cleared out every time he logs out. He did not have this behavior with a local-only profile. It is probably not a Samba issue but I thought I would write to see if anyone else had a similar problem, since I am a Samba newbie. If the solution does not involve Samba but you know it, I would really appreciate if you would reply off-list. By the way he owns and has write permission to every file in his profile. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP and userPassword
Hi all, Perhaps this is a stupid question, but if you are using a LDAP backend, is there any requirement to have a userPassword for a user for them to be able to authenticate to a Samba PDC? Or must they only have a sambaNTPassword? Also, which password does smbclient use, userPassword or sambaNTPassword? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP and userPassword
On Friday 19 November 2004 16:35, Adam Tauno Williams wrote: Also, which password does smbclient use, userPassword or sambaNTPassword? It uses sambaLMPassword or sambaNTPassword depending upon the strength of the client. Well, I've got a user with no userPassword but a sambaLMPassword and sambaNTPassword, and he is not able to use smbclient: furnsrv:/usr/local/sbin # smbclient -L localhost -U carl1 Password: session setup failed: NT_STATUS_LOGON_FAILURE If I give no password it works: furnsrv:/usr/local/sbin # smbclient -L localhost -U carl1 Password: Anonymous login successful Domain=[FURN] OS=[Unix] Server=[Samba 3.0.8] Sharename Type Comment - --- homes Disk So maybe it is not meant to use userPassword but it sure does appear to be. :/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow update time for Desktop icons
On Monday 15 November 2004 17:44, Daniel Gapinski wrote: Check out this article: http://techrepublic.com.com/5102-6270-5164407.html My boss was having the same too much crap problem and this helped a lot. -Dan Thank you, that was perfect! Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC domain name change
Hi, I need to change my PDC's domain name, but not the SID. I know how to do that, but my questions are: 1. Does it require restarting Samba 2. Will I have to rejoin all of my workstations? 3. Will it automatically show up in the browse list? Thanks for your insight. Google was not my friend. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: More Printing Fun (Point and print not working)
On Tuesday 16 November 2004 16:50, Jason Balicki wrote: Printer settings could not be saved. Access is denied. What is the permission on the directory your print$ is storing to? Do you have the subdirectories (W32X86, WIN40, etc) and also what are their permissions? Misty when I try to either apply or ok after installing new driver in the advanced tab. Obviously, I'm missing something, or I've somehow misunderstood the instructions in the By Example docs, but I'm stuck with that error every time. Like I mentioned, this did work on my old server running 2.2.8a (I don't know about later versions -- I know I was able to install the drivers on client machines, but I can't recall if I installed them on the server after I upgraded to later 2.2.x versions.) To recap, I'm running 3.0.7 right now. I appreciate the help, though. I'll keep trying. --J(K) Here's my current smb.conf. I've removed references to other shares, but otherwise, everything else is in here. [global] workgroup = FMDOM netbios name = PIPER server string = Samba Server printcap name = cups load printers = yes printing = cups # yes, I know this is in both places, I've been playing # around with it. This is as it is in the current version. printer admin = @adm, root, kodak log file = /var/log/samba/log.%m max log size = 50 # trying to see if I could find anything in the logs # about the slow printing. I should change this back # to 5 now... log level = 10 security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd wins support = true dns proxy = no veto oplock files = *.dbf *.idx *.cdx *.DBF *.IDX *.CDX utmp = yes # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes admin users = backup [netlogon] comment = Network Logon Service path = /export/samba/netlogon guest ok = yes writable = no [printers] comment = All Printers path = /var/spool/samba browseable = Yes guest ok = no printable = yes use client driver = yes print command = lpr-cups -P %p -o raw %s -r [print$] comment = Printer Driver Download Area path = /export/samba/printers browseable = yes read only = no guest ok = yes write list = kodak printer admin = kodak # the rest of this file is just more regular share definitions. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Slow update time for Desktop icons
I've got one user that I just put onto the new Samba 3.0.8 server. He's on WinXP SP1. He has a ton of icons and things on his desktop (39M worth of data according to his profile) but I'm not sure if that is a problem. When he logs in, a few of his icons which point to network applications have only the default Windows shortcut image. If he right-clicks the Desktop and clicks Refresh the pictures become what they are supposed to be. I do not see this problem with other systems, but this is the only XP SP1 box I have. We can't upgrade him because we are waiting on some hardware compatibility issues to be resolved. Is it just that he has too much on his desktop, or is there something I can do on either his side or the server side to fix this issue? It seems somewhat similar to other refresh problems of the print queue and Explorer windows. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Changed SID after copied secrets.tdb
On Monday 15 November 2004 17:08, Yang Xiao wrote: did you backup all of the tdb files in /var/lib/samba as well? Yang Thank you for replying to this. This was my own foolish mistake. It was a new install of SuSE and I had forgotten that SuSE would have installed its own Samba. I had compiled it and put everything where it needed to be, but net getlocalsid was looking at the wrong smb.conf. I apologize for that silly mistake! Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Changed SID after copied secrets.tdb
Hi, I recently did a complete upgrade and reinstall of one of our Samba servers. No problem, I backed up all the data, the Samba configuration files, and the secrets.tdb. Just compiled 3.0.8 on the new server (which has the same hostname), copied the smb.conf to /usr/local/samba/lib and copied th secrets.tdb to /usr/local/samba/private. Started Samba, did 'net getlocalsid' and it reports a different SID than my old server had. Just to be sure that the secrets.tdb copied correctly: furnsrv:/data/backup/mnt1/usr/local/samba/var/locks # md5sum /usr/local/samba/private/secrets.tdb /data/backup/mnt1/usr/local/samba/private/secrets.tdb 375cf198c84d026ccb9739bba4f600d5 /usr/local/samba/private/secrets.tdb 375cf198c84d026ccb9739bba4f600d5 /data/backup/mnt1/usr/local/samba/private/secrets.tdb So I can change the SID back to the correct one by hand but I'd rather know what I did wrong. Thanks for any help! Misty -- System Administrator Borkholder Corporation -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
