[Samba] Re: Profile deleted
Mario Gzuk wrote: Hi, strange things or normal behavior? We have a samba domain and Domain-guests accounts that are limited to log on to only some machines, on this machines the Domain-guests are in the lokal admin group. ... 3.) log on again with this Domain-guests account - all data and all settings are gone. I was not able to find any of the files stored in this account (under Documents and Settings) and all settings are set to the default. Is this normal? Yes, Guest account profiles are not persistent (ie, reset on every login). -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Profile deleted
Mario Gzuk wrote: Am Freitag, den 22.06.2007, 06:49 -0500 schrieb Rex Dieter: Is this normal? Yes, Guest account profiles are not persistent (ie, reset on every login). No, the profile is persistent until you add this account to a local group. The M$ documentation says the same as you, but that is not correct for domain-guests, so this behavior is completely strange For machines that are part of a domain, Domain Guests are (by default) members of the local Guests group, and for *me*, Domain Guest profiles get wiped. Dunno why/how it's different for you. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groups not emulating in Samba3.0.23d-SerNet-RedHat
Michael Casale wrote: The problem: Group emulation is not working. I can access shares where my account is specifically listed in the valid users settings in the smb.conf file for the share (NYC-14\mcasale), but not if my group is listed (NYC-14\Staff or NYC-14\Domain Admins). WORKSFORME, but groups must have a @ prefix, so try (for example): valid users = @NYC-14\Staff instead. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind and AD groups containing groups
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles J Gruener wrote: I tried searching through the archives, but was unable to find anything about this. Everything regarding windbind and AD membership is working perfectly with one exception. Here's an example of what I'm experiencing: A group called department_users contains two groups department_faculty and department_staff. These two groups, department_faculty and department_staff contain users. 'getent group department_faculty' returns: department_faculty:x:9315:user1,user2,user3 'getent group department_staff' returns: department_staff:x:9316:user4,user5,user6 'getent group department_users' returns: department_users:x:9317: Charles, This is a known issue at the moment. If we did a limited amount of nested group expansion (one level for example, would that be ok)? For our deployment usecase, we'd need an absolute minimum of 3 levels of expansion, depending on the definition of level. For us we have: user1 is a member of group1 group1 is a member of group2 group2 is a member of group3 We need to check if user1 is a member of group3. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind and AD groups containing groups
Charles J Gruener wrote: I tried searching through the archives, but was unable to find anything about this. Everything regarding windbind and AD membership is working perfectly with one exception. Here's an example of what I'm experiencing: A group called department_users contains two groups department_faculty and department_staff. These two groups, department_faculty and department_staff contain users. 'getent group department_faculty' returns: department_faculty:x:9315:user1,user2,user3 'getent group department_staff' returns: department_staff:x:9316:user4,user5,user6 'getent group department_users' returns: department_users:x:9317: Eek, we had been planning deploying AD-integration, but desperately need the groups of groups feature to work as expected. Please keep the group (here) informed when/if you learn anything. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: compile samba 3.0.23c statically
Christoph Fuchs wrote: Hello list, I'm trying to compile the current stable version of samba statically. The goal is that smbd / etc. don't need any libraries. ... but this failed with the message Linking bin/smbd /usr/lib/gcc-lib/i586-suse-linux/3.3.5/../../../../i586-suse-linux/bin/ld: cannot find -lcap collect2: ld returned 1 exit status You're missing the libcap.a static library required for static linking. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.23c-1.fc5 problem - groups
Felipe Augusto van de Wiel wrote: I use FC5. I discovered, for an exemple, if you have a user group with 3 members (Alan, Baker, Clive), before 3.0.23c this line at smb.conf worked fine: valid users = @user But with 3.0.23c update it doesn't work anymore. You have to replace the line like this: valid users = Alan, Baker, Clive I mean, replace the @groupname with the complete userlist of the group separated by commas. ... I´d appreciate any help or comments. Did you saw that the groupmap feature changed in 3.0.23c? http://us1.samba.org/samba/history/samba-3.0.23c.html groupmap sounds interesting, but does that imply that the old-style group usage is now invalid/deprecated? It seems so (intentionally or not) because I can't seem to get valid users = @group to work with samba-3.0.23c either (on my rhel4 boxen). -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Samba 3.0.23c-1.fc5 problem - groups
Felipe Augusto van de Wiel wrote: On 10/05/2006 11:31 AM, Rex Dieter escreveu: groupmap sounds interesting, but does that imply that the old-style group usage is now invalid/deprecated? It seems so (intentionally or not) because I can't seem to get valid users = @group to work with samba-3.0.23c either (on my rhel4 boxen). Check the workaround proposed by Volger on this thread, try to use +group instead of @group, if it works that way, it should be a problem related to libc. ;) Tried it, didn't help for me, but we're using NIS too. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: way to make files not show up until completely transferred?
Mark Osborne wrote: I've also posted this question to the rsync mailing list, but I'm wondering if there might be a workaround with samba. Is there a way to make a file not show up in the share until it is completely uploaded? That's how rsync works (afaik), unless you specify: rsync --inplace ? Maybe you want/need to use some combination of rsync --partial --partial-dir= so that files not yet completed are put elsewhere. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Truncated username error?
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Huffman wrote: I'm seeing an odd problem when a user here tries to edit images on a 3.0.10 Samba server running on a Centos 4.4 machine. There is a couldn't find service error, but the username given is only seven characters instead of the eight required. IS this from a Windows 2000 client ? When I've looked in the past this was a bug in the Win2k client which simply retried with the correct name after the failure. We see this too, from time-to-time with our (up-to-date) WindowsXP clients. The erroneous username is ususally truncated by 1 character. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: idmap ad and sfu anyone?
Thorsten Hamester wrote: they changed the default value for default domain and enum users to no so you have to define them in the config file ... winbind enum users = Yes winbind enum groups = Yes You *have* to use winbind enum ... = Yes? I was under the impression this was only required if you needed getent to work fully. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind HOWTO specifically for backend_ad?
David Shapiro wrote: Does anybody have a howto step-by-step type document on how to implement the backend_ad? Samba-HOWTO? http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to unlock the locked file.
Jacky Chan wrote: Yesterday, this workstation get hang and after a cold boot. It can't access the outlook.pst anymore, the system reported the pst file is using by someone and outlook can't open it…. ... Could anyone tell me is this pst file locked by Samba and how to unlock it quick-n-dirty: cd ${dir_where_outlook.pst_lives} mv outlook.pst outlook.pst.BAK cp -a outlook.pst.BAK outlook.pst -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: RPM reporting running two versions of Samba at the same time
Doug Coats wrote: I was trying to work through a PDC problem that I was having with 3.0.23a noted in bug 3964. I didn't know how to apply the offered patch and my distro, FC4, has not offered an update yet to 3.0.23b so I thought that I would revert to a previous version that is not affected by this bug. I forced an install of 3.0.23 samba, common, and client and now rpm reports that I have two versions of Samba running at the same time. Samba seems to be running, shares are available and access is restricted properly. I havn't dared try to join the domain until I figure out what is really going on on my system. When I inquire of rpm what is installed this is what I get. # rpm -q samba samba-3.0.23a-1.fc4.1 samba-3.0.23-1.fc4 I have run rpm --rebuilddb and I get the same result. Any insight or explaination is greatly appreciated. Your rpm database is a bit biffed, I'd suggest $ rpm -e samba-3.0.23-1.fc4 then $ rpm -V samba to make sure all is well, and if not, re-install samba. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Fedora core 5 and Samba
Anthony Messina wrote: Kirk Henry wrote: [2006/07/26 10:00:09, 0] smbd/server.c:main(847) smbd version 3.0.23-1.fc5 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 smbd: symbol lookup error: smbd: undefined symbol: cupsLangDefault i read your post prior to upgrading my production print server and was concerned so i tested it on a test print server first; it worked without the error you got. then i upgraded the production print server, also without issue. i am using the following stock fedora rpms: ... samba-3.0.23a-1.fc5.1 Note: 3.0.23-1.fc5 != 3.0.23-1.fc5.1 Kirk apparently needs to get the latest update. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: no idmap backends compiled/installed - 3.0.23a
Neal A. Lucier wrote: I believe I have tracked down the root of my problem...my ${PREFIX}/lib/idmap directory is empty. And I want to use idmap backend = ad. ... ./configure --prefix=/local/samba-3.0.23a \ --with-ads \ --with-acl-support \ --with-krb5=/local/samba-3.0.23a \ --disable-cups ... Any insight on how to get the idmap backends compiled and installed would be greatly appreciated. ./configure --with-shared-modules=idmap_ad -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Files left open
Jack Gostl wrote: I've had this problem for awhile, but it didn't seem to make sense to pursue it with 3.0.23 coming out. Now I'm running 3.0.23a on AIX 5.1 ML3 (although I've seen this on 5.3 as well). So I'm back asking for more help. ... I'm running with posix locking = no. Still nothing. The smbstatus line says: 155532 297DENY_NONE 0x20089 RDONLY EXCLUSIVE+BATCH /records/vocab 4927.1 Wed Jul 26 10:54:19 2006 You could try oplocks = no -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.23a, get_dc_list failures
Tried upgrading a couple of working samba-3.0.22 boxes that are currently members of our ads domain to samba-3.0.23a. Before the upgrade: $ kinit [EMAIL PROTECTED] $ net ads testjoin $ net ads join works fine. After the upgrade $ net ads testjoin $ net ads join both hang. So I tried $ net ads testjoin -d4 and found that it returns: [2006/07/24 10:12:27, 4] libsmb/namequery.c:get_dc_list(1502) get_dc_list: returning 2 ip addresses in an unordered list [2006/07/24 10:12:27, 4] libsmb/namequery.c:get_dc_list(1503) get_dc_list: 2.0.0.0:389 73.78.47.85:1160662094 which is *totally* not right for our site (not even close). running the aforementioned command using samba-3.0.22 does return the correct values for get_dc_list. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.23a, get_dc_list failures
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex, $ net ads testjoin -d4 and found that it returns: [2006/07/24 10:12:27, 4] libsmb/namequery.c:get_dc_list(1502) get_dc_list: returning 2 ip addresses in an unordered list [2006/07/24 10:12:27, 4] libsmb/namequery.c:get_dc_list(1503) get_dc_list: 2.0.0.0:389 73.78.47.85:1160662094 which is *totally* not right for our site (not even close). running the aforementioned command using samba-3.0.22 does return the correct values for get_dc_list. I've already requested logs in your bug report. Thanks. Damn it, must have been a local problem (our campus AD servers have been known to go into la-la land on occasion). Now, ~30 minutes later, I can no longer reproduce the problem. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: uids/gids changed after upgrade from 3.021c to 3.023
Richard Santiago wrote: Yesterday, I've upgraded my Samba server from 3.021c to 3.023 through yum upgrade samba*. I'm running Fedora Core 4 Kernel 2.6.17-1.2142 on this server. After upgrade has been completed, I lost the attributes of ownership and groups. I noticed that the uids/gids have changed for all AD accounts. This means that users can't have total access for their files and no access for some shares. What 'idmap backend' (in smb.conf) are you using? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Rex Dieter wrote: Dietrich Streifert wrote: I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. I can confirm that patch works as advertised, and fixes the issue for me. Many thanks Dietrich. I take it back, after further testing, I'm still seeing wierd winbind/pam behavior. On my first test machine, all seemed well. On another box, with *exactly* same smb.conf (that was working previously with samba-3.0.22), things aren't so rosy: Using log level = 1 winbind:8 authentication/login attempts fail with these filling /var/log/messages: # Jul 18 10:47:59 foo pam_winbind[27236]: read from socket failed! Jul 18 10:47:59 foo pam_winbind[27236]: internal module error (retval = 3, user = `bar1') Hmm... and $ net ads ... commands hang too... with periodic log entries saying: Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] lib/util_sock.c:write_data(564) Jul 18 10:48:30 foo winbindd[27214]: write_data: write failure. Error = Broken pipe Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Jul 18 10:48:30 foo winbindd[27214]: Could not write result Jul 18 10:49:43 foo winbindd[27228]: [2006/07/18 10:49:43, 0] nsswitch/winbindd_dual.c:child_read_request(49) Jul 18 10:49:43 foo winbindd[27228]: Got invalid request length: 0 Wierd, I'll keep looking... -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Rex Dieter wrote: Rex Dieter wrote: Dietrich Streifert wrote: I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. I can confirm that patch works as advertised, and fixes the issue for me. Many thanks Dietrich. I take it back, after further testing, I'm still seeing wierd winbind/pam behavior. On my first test machine, all seemed well. On another box, with *exactly* same smb.conf (that was working previously with samba-3.0.22), things aren't so rosy: Using log level = 1 winbind:8 authentication/login attempts fail with these filling /var/log/messages: # Jul 18 10:47:59 foo pam_winbind[27236]: read from socket failed! Jul 18 10:47:59 foo pam_winbind[27236]: internal module error (retval = 3, user = `bar1') Hmm... and $ net ads ... commands hang too... with periodic log entries saying: Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] lib/util_sock.c:write_data(564) Jul 18 10:48:30 foo winbindd[27214]: write_data: write failure. Error = Broken pipe Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Jul 18 10:48:30 foo winbindd[27214]: Could not write result Jul 18 10:49:43 foo winbindd[27228]: [2006/07/18 10:49:43, 0] nsswitch/winbindd_dual.c:child_read_request(49) Jul 18 10:49:43 foo winbindd[27228]: Got invalid request length: 0 Wierd, I'll keep looking... OK, this one looks like .tdb table upgrade problems. To get my working samba-3.0.22 box working with samba-3.0.23, I needed to: 1) stop winbind 2) delete everything from /var/cache/samba/, which includes: gencache.tdb messages.tdb netsamlogon_cache.tdb winbindd_cache.tdb winbindd_idmap.tdb winbindd_privileged/ 3) (re)join domain via 'net ads join' 4) (re)start winbind Just tried upgrading yet another working samba-3.0.22 box to 3.0.23, and, [EMAIL PROTECTED], that one worked mostly, except, now local accounts aren't working... (this *is* an ancient rh7 box, so that may have something to do with it). -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Dietrich Streifert wrote: I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. I can confirm that patch works as advertised, and fixes the issue for me. Many thanks Dietrich. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Previously had samba-3.0.22 on RedHat Enterprise 4 functioning happily, using pam_winbind to authenticate against our campus active directory (currently only doing password authentication, account info is still retrieved via NIS). /etc/pam.d/system-auth attached After upgrading to 3.0.23 * I needed to add idmap options (I used idmap backend = rid), else winbind would only start in netlogon proxy mode, and basically, didn't work. ): Since we're not using winbind for account info currently, I don't necessarily blame samba here for that, but is there a better/recommended configuration for this situation? * login/authentication attempts now (most often) ask for a password *twice*. ?? -- Rex #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient/lib/security/$ISA/pam_succeed_if.so uid 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so account required /lib/security/$ISA/pam_permit.so passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 nis passwordsufficient/lib/security/$ISA/pam_winbind.so use_authtok passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Rex Dieter wrote: After upgrading to 3.0.23 * login/authentication attempts now (most often) ask for a password *twice*. ?? After googling around a bit, I found that adjusting /etc/pam.d/system-auth from auth sufficient /lib/security/$ISA/pam_unix.so ... to auth sufficient /lib/security/$ISA/pam_unix.so ... use_first_pass seemed to do the trick. Why/how did this behavior change wrt pam_winbind between 3.0.22 and 3.0.23? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba hangs over nfs
Komal Shah wrote: Hello 1. NFS export: /srv/nfsexp 127.0.0.1(rw) 2. mount it: 127.0.0.1:/srv/nfsexp /srv/samba/nfs nfs rw,sync 0 0 3. make a samba share and mount it via Windows: smb.conf: ... [nfstest] path = /srv/samba writable = yes valid users = tr Actual results: As soon as I start to read and write files below /srv/samba/nfs via Samba on Windows the connection hangs, I get read timeout in Explorer Likely your NFS server/client combo doesn't have functioning file locking. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: methods to synchronize tdb files between hosts
John Stile wrote: r. I am faced with a need to synchronize the *.tdb files on the file server with all the Linux machines for consistent UID-to-loginID mapping. Does anyone have a how-to or notes for a better approach? Yes, use something like (in smb.conf): idmap backend = idmap_rid or idmap backend = idmap_ad -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Redhat Authconfig errors
[EMAIL PROTECTED] wrote: authconfig --enablecache --enableldap --ldapserver=127.0.0.1 --ldapbasedn=dc=sncc-pdc,dc=net --enableshadow --enablemd5 --enableldapauth --update Traceback (most recent call last): File /usr/sbin/authconfig, line 738, in ? module.run() File /usr/sbin/authconfig, line 323, in run self.readAuthInfo() File /usr/sbin/authconfig, line 228, in readAuthInfo self.info = authinfo.read(self.printError) File /usr/share/authconfig/authinfo.py, line 594, in read info.read() File /usr/share/authconfig/authinfo.py, line 1338, in read self.readWinbind() File /usr/share/authconfig/authinfo.py, line 904, in readWinbind tmp = self.readWinbindGlobal(workgroup) File /usr/share/authconfig/authinfo.py, line 893, in readWinbindGlobal if not section or section != global: UnboundLocalError: local variable 'section' referenced before assignment --- Any idea what's causing this. I hate to be so dense, but I simply can't find anything that explains this...and I've looked. authconfig is not part of samba, but is a fedora/redhat tool. You should report this to fedora/redhat. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Speeding up 'getent passwd' with winbindd on AD
Gautier, B (Bob) wrote: I'm posting this here to get feedback: should I file an enhancement request in Bugzilla, refine the fix somehow first, or forget it altogether? IMO, bugzilla it now. Possible refinement can occur later. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: trouble with ferdora core 5 with samba
Yvon Dubinsky wrote: I installed the latest version of Ferdora Core 5 with samba. The installation of Ferdora is fine, and I can see the shares I have set up on my Win XP Pro machine. But, there is a problem with the rights. I have made the files on the linux box 777, but I can still not write to the files. It is as though the files are still read only, even though they should be read/write. I am also having a problem implementing the users into the groups though Webmin. When I create a new user under Webmin and then go to add them to the groups I have set up it gives me an error. Says it does not have the right rights to add in the users and passwords.I have two other linux machines running with no problems, one is running Ferdora Core 1 the other Core 2. Has anyones else had any problems with Core 5 not letting users write to the shares even though the rights are set to 777? I'd suggest reporting this to redhat: http://bugzilla.redhat.com/ -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: authentication performance problem
Greg Folkert wrote: On Thu, 2006-04-06 at 15:08 +0200, Jerome Warnier wrote: Nobody has any idea about this? Any idea would probably help. Thanks I wish I did have an idea. I am experiencing a similar issue with HUGE AD lookups causing delays on the order of 30 seconds to do bash tab-completion. Try adding to smb.conf: winbind enum users = no winbind enum groups = no -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Joining samba server to Windows AD OU when OU has slashes in OU name
[EMAIL PROTECTED] wrote: The problem is that it appears the net command ('net ads join', specifically) translates forward slashes as OU name separators, when in fact, they can actually be part of an OU name. Example: I want to join my system, TEST001, to the OU 'IT Systems/Admins' IMO, regardless of whether it is technically legal or not, it was/is a bad idea to use /'s in the OU name in question. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Daily changetrustpw breaks authentication
Jim Moser wrote: Samba 3.0.21b The Samba docs indicate [0] we should be running changetrustpw [1] at some point (cron.daily) to update a machines trust account. AFAIK, not required. [0] http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 That's not a samba doc... (-: -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA not reading ACL group permissions
Stéphane Purnelle wrote: Robert Mortimer a écrit : I have added ACL support to the file system on my FC3 server ... Can you verify that the samba 3.0.10 from Fedora Core3 is compiled with acl support ? Yes, from FC-3's samba rpm specfile: CFLAGS=-D_GNU_SOURCE %configure \ --with-acl-support \ ... -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: getent passwd some users are missing
updatemyself . wrote: my mail server is connected to windows ADS its working fine... but while i enter getent passwd command i noticed.. some users are missing any idea? What version of samba? What OS/release? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: On Fedora Core service smb start starts both smbd and nmbd. I need to only start smbd
sdgesa gaeharth wrote: I have disable netbios and wins on our network and I read somewhere that, as a result, I should not start nmbd I think you read wrong. nmbd in the least should be harmless. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: hanging smbd(s) revisited
Matt Johnson wrote: On Wed, 1 Mar 2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fermin Molina wrote: I don't know exactly, but when I moved the information from NFS servers to local storage, the problems disappeared. Samba assumes posix locking semantics on the filesystem. NFS locking is broken. You might try setting 'strict locking = no'. If that doesn't work, you might try 'posix locking = no' just as a test. We'll give that a shot -- we're still doing fs-nfs-samba sharing. Is this going to incur a slowdown? We did that for awhile, and the answer is an emphatic yes. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: FEDORA 4 - SAMBA 3.0.14a-2 CAN NOT VIEW ALL SHARED FILES
F SC wrote: I have recently started to use samba. I have a shared folder (amule) and when i access to it as smbclient (by means linux or winxp) I only can see part of the files, not all. Details please. What files didn't it see? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: idmap backend, LDAP Windows AD
Yanick Quirion wrote: ACTIVE DIRECTORY ldap admin dn = cn=Administrator,dc=TOTO,dc=COM ldap idmap suffix = ou=Idmap ldap passwd sync = yes ldap suffix = dc=TOTO,dc=COM ^^^ ... winbind nss info = template, sfu #winbind use default domain = yes template shell = /bin/bash template homedir = /u/%D/%U winbind cache time = 5 AFAIK, when using winbind nss info = sfu all those ldap parameters are superfluous (or worse, can conflict or cause other problems). -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: idmap backend, LDAP Windows AD
Yanick Quirion wrote: This was an error; the parameter winbind nss info = sfu is commented in my file. I just make a mistakes when I paste it to the message (I accidentally remove the #). Then *use* it, and take the ldap stuff out. It should then *just work*. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Too many open files, Bug 3342
David Highley wrote: We submitted bug 3342 on Dec. 20th, Too many open files. It has not moved from the new state. So lets try here. ... RedHat Advanced Server 3 update 3 ^^^ Still looking clues as to what might be a cause for this behavior. I'd suggest you report the problem(s) to redhat too, especially since you paid the $$ for enteprise support. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Too many open files, Bug 3342
Gautier, B (Bob) wrote: It might also be worth updating your RHEL system -- I think update 3 is rather behind the times now. You're right, I believe rhel3 is up to U6 now. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Enabling 'idmap backend = ad' for user auth
McGlorfin wrote: I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema extensions applied. Really? I thought installing SFU on the domain controller is/was still required, no? (What's R2?) I'm pretty sure there's an error in my smb.conf. (What else could it be?) Here are the relevant entries from the global section: workgroup = MYDOMAIN realm = MYDOMAIN.LOCAL security = ADS idmap backend = ad idmap uid = 30-3000 idmap gid = 30-3000 ... winbind nss info = template, sfu Not absolutely sure, but docs I've seen say to set this to winbind nss info = sfu Not sure what the template bit is used for. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Enabling 'idmap backend = ad' for user auth
Rex Dieter wrote: McGlorfin wrote: I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema extensions applied. Really? I thought installing SFU on the domain controller is/was still required, no? (What's R2?) Can someone please confirm/deny this? It's important to our site (as the domain admins have been *very* reluctant to install SFU, but if only a Win2k update is involved...) -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Enabling 'idmap backend = ad' for user auth
eric roseme wrote: I posted this last August: http://marc.theaimsgroup.com/?l=sambam=112388794720837w=2 Just to summarize (someone asked what R2 is): R2 appears to be an interim W2003 update to keep everyone happy while waiting for Longhorn/Vista server. The big news for Samba is that R2 has the RFC2307 attributes already included in the AD schema, Thanks, that's good news. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Red Hat and use sendfile
Steve Snyder wrote: Recently I've seen several suggestions on this list for the enabling of use sendfile as a means to improve throughput. I thought this was peculiar since the doc says it is enabled by default. I guess it isn't. On both RHEL4 (Samba v3.0.10) and Fedora Core 4 (Samba v3.0.14) the entry for use sendfile in the smb.conf says: Default: use sendfile = yes documentation error (?), not sure if it's samba or redhat/fedora specific. I can say that from my install of samba-3.0.21b, 'man smb.conf' says: Default: use sendfile = false -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ntml_auth --require-membership-of
Andrew Bartlett wrote: Can you chase this down a bit more, with the current code, and file a bug? Can do. I'll retest with 3.0.21b, and file a bug if nothing changes. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: usermap ignored?
Martin Hoffmann wrote: i ran into some difficulties using samba 3.0.21b as an PDC while mapping e.g. root to administrator And in /etc/samba/smbusers: --- root = administrator admin definitely won't work. root = DOMAIN\administrator better, should(?) work. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: usermap ignored?
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: Martin Hoffmann wrote: i ran into some difficulties using samba 3.0.21b as an PDC while mapping e.g. root to administrator And in /etc/samba/smbusers: --- root = administrator admin definitely won't work. root = DOMAIN\administrator better, should(?) work. No. 'root = Administrator' does work when 'security = user'. You only need to qualify the name when security = {ads,domain} Of course. I just assume everyone is running in ads/domain mode like me. (-: -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cannot map guest shares in 'security = SERVER' mode onsamba-3.0.9
Rene Kapeller wrote: I'm running samba-3.0.9-1.3E.3 and the manpage for smb.conf does not mention anything about 'map to guest = Bad Uid'. Could be a bug in samba-3.0.9 and/or it's documentation. To see the latest docs, at least, refer to: http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cannot map guest shares in 'security = SERVER' mode o nsamba-3.0.9
Rene Kapeller wrote: I did read the man pages all through, but I'm lost! After struggling for 4 days, I decided to step back to samba-2.2.9, where everything works fine! Did you try the other options for 'map to guest'? For example, Bad User implies that if connecting as an *existing* user, that maptoguest will never apply. said manpage says Bad Uid was the default behavior of Samba 2.x releases. but you already knew that, right? (-: Did you you try map to guest = Bad Uid Now what does the samba logs say when trying to connect (and it fails)? I see no reference to any public share in the previous logs you posted. -- Rex Rene Kapeller wrote: == problem = 'net use n: \\smbs1\public' on Windows XP, always asks for a password. 'smbmount //smbs1/public /mnt/public -o password=' does not. This all used to work fine under Redhat-9 and Samba-2.2 ... map to guest = Bad User man smb.conf, read up on the options available for 'map to guest'. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: guest account security = domain doesn't work...
Aarti Varshney (asadhnan) wrote: my security is domain, i would like to map users who fail authentication to be mapped to a guest account so they can access printers. My conf file looks like this: [global] workgroup = LAB2000DOMAIN2 security = DOMAIN client schannel = No map to guest = Bad Password map to guest= Bad Password means, user exists, but provided invalid password. Maybe you really want: map to guest = Bad User or map to guest = Bad Uid man smb.conf for specific details and differences between these. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: guest account security = domain doesn't work...
Aarti Varshney (asadhnan) wrote: my security is domain, i would like to map users who fail authentication to be mapped to a guest account so they can access printers. My conf file looks like this: [global] workgroup = LAB2000DOMAIN2 security = DOMAIN client schannel = No map to guest = Bad Password map to guest= Bad Password means, user exists, but provided invalid password. Maybe you really want: map to guest = Bad User or map to guest = Bad Uid man smb.conf for specific details and differences between these. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cannot map guest shares in 'security = SERVER' mode on samba-3.0.9
Rene Kapeller wrote: == problem = 'net use n: \\smbs1\public' on Windows XP, always asks for a password. 'smbmount //smbs1/public /mnt/public -o password=' does not. This all used to work fine under Redhat-9 and Samba-2.2 ... map to guest = Bad User man smb.conf, read up on the options available for 'map to guest'. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: oplocks and Excel
Matt Morgan wrote: 2) More generally, has anyone else seen this problem before and been able to do anything about it? I saw it, upgraded samba. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SFU UID Mapping
John Halfpenny wrote: But for this to work I need to drag over the UIDs from Services For Unix which I have read is possible on Samba 3.0.20+ Joined Samba to the Win2k3 domain with no problems, Silly question: You *do* have SFU installed on the Win2k3 domain controller, right? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ntml_auth --require-membership-of
Andrew Bartlett wrote: On Wed, 2006-01-18 at 10:21 -0600, Rex Dieter wrote: Rex Dieter wrote: Rex Dieter wrote: I'm having trouble getting ntml_auth to recognize ActiveDirectory groups that aren't in AD\Users. In particular, we've a few groups in our department OU that I'd like to be able to use. If I specify any of our OU-specific groups, using something like: # ntlm_auth --username=foo --require-membership-of=AD\OUGroup1 password: I get: Winbindd lookupname failed to resolve AD\OUGroup1 into a SID! Turns out using wbinfo --name-to-sid=OUGroup1 So my question is: why can wbinfo resolve the name to a SID, but ntlm_auth can't? Sometimes this is a problem of timing, as ntlm_auth does this when squid is starting. I'm skeptical. I repeated this on several occasions on several different boxes. ntlm-auth *always* failed the same way when trying to resolve Groups not in the top-level AD\Users OU. -- rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ntml_auth --require-membership-of
I'm having trouble getting ntml_auth to recognize ActiveDirectory groups that aren't in AD\Users. In particular, we've a few groups in our department OU that I'd like to be able to use. If I specify any of our OU-specific groups, using something like: # ntlm_auth --username=foo --require-membership-of=AD\OUGroup1 password: I get: Winbindd lookupname failed to resolve AD\OUGroup1 into a SID! Am I doing something wrong, or is this a bug in ntlm_auth? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: ntml_auth --require-membership-of
Rex Dieter wrote: I'm having trouble getting ntml_auth to recognize ActiveDirectory groups that aren't in AD\Users. In particular, we've a few groups in our department OU that I'd like to be able to use. If I specify any of our OU-specific groups, using something like: # ntlm_auth --username=foo --require-membership-of=AD\OUGroup1 password: I get: Winbindd lookupname failed to resolve AD\OUGroup1 into a SID! Turns out using wbinfo --name-to-sid=OUGroup1 and using the resulting SID instead of name in # ntlm_auth --username=foo --require-membership-of=S-1-... works. ?? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: ntml_auth --require-membership-of
Rex Dieter wrote: Rex Dieter wrote: I'm having trouble getting ntml_auth to recognize ActiveDirectory groups that aren't in AD\Users. In particular, we've a few groups in our department OU that I'd like to be able to use. If I specify any of our OU-specific groups, using something like: # ntlm_auth --username=foo --require-membership-of=AD\OUGroup1 password: I get: Winbindd lookupname failed to resolve AD\OUGroup1 into a SID! Turns out using wbinfo --name-to-sid=OUGroup1 So my question is: why can wbinfo resolve the name to a SID, but ntlm_auth can't? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: NFS4 as SMB share
Al Active wrote: Greetings all, Can Samba export SMB file and directory shares off a NFS-Clinet's NFSv4 shares? The Samba is on the NFSv4-Client. The NFS-Share is mounted on /Data on the NFS-Client/Samba Server? Any rights issues to consider? You certainly can, but it could be potentially slow/problematic dealing with file locking. My last attempt (using a linux (rhel3) NFSv3 server) yielded very poor file locking performance. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba from RedHat 3 doesn't work in RedHat 4
Margaret_Doll wrote: I recently upgraded my server from a RedHat 3 on a Dell Precision 410 to RedHat 4 on a Dell Optiplex GX 620 I moved all the samba configuration files from one system to the other. The old system worked as a domain master across several subnets with the use of local samba masters on each of the outlying subnets. ... I have iptables set up on the new server to allow access from the 137, 138 and 139 ports on the new server. You probably want to allow 445 as well. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: sambaNTPassword does NOT write to master LDAP when machines auto change the values
Paul Hanson wrote: We have SuSE SLES9 servers with LDAP master/slave replication (24 replications/BDC's) All working fine -joining domain etc. The problem I am having is PC's at remote sites (BDC) with a local replica (OpenLDAP) periodically change the sambaNTPassword/sambaLMPassword on there own and write to the local LDAP server and do NOT follow the referral to the master. Can you help on this subject - this is causing major issues with machines moving sites!!! I'd suggest filing a formal bug report/enhancement request: http://bugzilla.samba.org/ -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: include statement in smb.conf
David Lucas wrote: I'm wondering if it possible to use the %G variable to include config file based on group membership. ... Is this even possible?? Theoretically should work, why not try it? (-: -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: slow samba write performance
Depeche wrote: Why slow samba than ftp? AFAIK, on a local intranet (with few dropped packets), ftp's use of upd and low protocol overhead means that you'll be hard-pressed to find any app/protocol that matches or beats it in raw speed. -- rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AD domain with SDMS issues LDAP Idmap backend
Vijay Avarachen wrote: Ok WTF... idmap is getting populated in OpenLDAP now. :-) I just took a sh*t load of timeand turns out I was wrong about the headcount in AD, its not 8000+ its close to 40,000+ YIKES! You could consider using these in smb.conf: (comments mine) ## WARNING: winbind enum ( = yes) can take a *long* time on a ## large domain! -- Rex winbind enum users = no winbind enum groups = no -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows AD w/ Windows Services for Unix?
Jason Gerfen wrote: Doug VanLeuven wrote: With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 3.5 on both client and server without side effects. I use: winbind nss info = template sfu security = ADS winbind trusted domains only = yes idmap backend = ad Odd, I attempted your suggestions: % testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: winbind nss info Ignoring unknown parameter winbind nss info You may need a newer version of samba. What version are you using? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Help! Emergency
Christian Lahti wrote: Now comes the bad part, on a Linux filesystem shared by Samba to windows, when jsmith writes a file to the samba share, I expect the owner of the file to be 1001 BUT it is something like 16777216 instead! I suppose this has to do with the UID mapping, I just want the UID/GID to keep with the same AD stuff. To get what you want, you need in smb.conf: idmap backend = idmap_ad -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: net ads join
Brian D. McGrew wrote: What am I missing? What version of samba are you using? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: ntlm_auth bug?
[EMAIL PROTECTED] wrote: After that, all auth attemps fail, until you check winbind functionality with wbinfo -t. After that, it works again until the next time someone gets their password wrong. Ideas? Version: Samba 3.0.20b on Fedora Core 4 for x86_64. Samba-3.0.20b on Fedora Core 3, i386. WORKSFORME. Maybe a x86_64 thing? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Proper use of SID's and LDAPon dc's?
Matt Pruett wrote: I have two samba dc's, same subnet, the goal is to have them both be able to answer domain login requests and therefore if one goes down we still have the ability to login to the domain. Can this be done with samba? AFAIK, no. Not a simple, out-of-the-box solution anyway. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Proper use of SID's and LDAPon dc's?
William Jojo wrote: Matt Pruett wrote: I have two samba dc's, same subnet, the goal is to have them both be able to answer domain login requests and therefore if one goes down we still have the ability to login to the domain. Can this be done with samba? AFAIK, no. Not a simple, out-of-the-box solution anyway. http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html Wow, learn something new every day. I thought the Samba can't be a BDC was universal, not applicable only if using a NT4 PDC. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Avoiding the desktop.ini notepad popup on startup, and
Andreas wrote: On Mon, Oct 31, 2005 at 09:29:48PM -0600, Rex Dieter wrote: steve burford wrote: Dear Rick: I have the same annoying problem. Did you find out how to stop this popup at startup? Delete the file from tbe Startup folder. Won't XP just create it again? In my experience, no. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Avoiding the desktop.ini notepad popup on startup, and
Coen wrote: Rex Dieter I have the same annoying problem. Did you find out how to stop this popup at startup? Delete the file from tbe Startup folder. Won't XP just create it again? In my experience, no. You can try to veto the files tho IMO, veto is the wrong approach, in that it will prevent end-users from deleting said file. hide files is the better approach. -- rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind capabilities
Jim Kusznir wrote: From what I undrestand, there is no feesable way of implementing winbind in NSS and maintaining existing UID/GID mappings. AFAIK, If SFU is installed on your Windows AD domain controller, it will extend the schema to allow you to define UID/GID/homedir for winbind's use. We're hopeing to use this soon, provided if I can ever get our AD admins to install SFU. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind capabilities
Jim Kusznir wrote: Rex Dieter wrote: Jim Kusznir wrote: From what I undrestand, there is no feesable way of implementing winbind in NSS and maintaining existing UID/GID mappings. AFAIK, If SFU is installed on your Windows AD domain controller, it will extend the schema to allow you to define UID/GID/homedir for winbind's use. We're hopeing to use this soon, provided if I can ever get our AD admins to install SFU. SFU30 is installed, and has extended the schema. We've been storing the UID/GID in this schema. My question is will winbind use that? AFAIK, yes, provided you set in smb.conf: idmap backend = ad winbind nss info = sfu -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind capabilities
Rex Dieter wrote: Jim Kusznir wrote: Rex Dieter wrote: Jim Kusznir wrote: From what I undrestand, there is no feesable way of implementing winbind in NSS and maintaining existing UID/GID mappings. AFAIK, If SFU is installed on your Windows AD domain controller, it will extend the schema to allow you to define UID/GID/homedir for winbind's use. We're hopeing to use this soon, provided if I can ever get our AD admins to install SFU. SFU30 is installed, and has extended the schema. We've been storing the UID/GID in this schema. My question is will winbind use that? AFAIK, yes, provided you set in smb.conf: idmap backend = ad winbind nss info = sfu And samba was built with the option: --with-shared-modules=idmap_ad -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Avoiding the desktop.ini notepad popup on startup, and
steve burford wrote: Dear Rick: I have the same annoying problem. Did you find out how to stop this popup at startup? Delete the file from tbe Startup folder. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Question about pam_winbind
Fawzib Rojas wrote: I want to only allow access to a certain group 'Domain Power Users', so it seems I have to do the following: a) wbinfo -name-to-sid=domain power users, which gives me the group's SID b) add the parameter 'require_membership_of=SID' c) restart samba pam_winbind != samba. Did you restart winbind? Check also that you've got winbind functioning with pam for account information (ie, UID lookup, etc..) and not just for authentication. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba with ADS. winbindd ignore for user authentication
Oliver Neubauer wrote: Thanks Rex, that was helpful. However, I have now run into something else. From the smb.conf documentation: obey pam restrictions (G) snip Note that Samba always ignores PAM for authentication in the case of Samba (aka smbd) != winbind -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.20b - still getting
PC wrote: Rex, this seemed to fix the issue un RH 3.0.20-22, but nogo for 3.0.20b I changed my selinux setting via system-config-securitylevel and set winbind_disable_trans and use_samba_home_dirs to active. getsebool -a | grep win winbind_disable_trans -- active getsebool -a | grep sam use_samba_home_dirs -- active I get the following syslog error when starting winbind under Samba3-3.0.20b Oct 18 17:20:27 ht-server winbind: winbindd shutdown succeeded Oct 18 17:20:27 ht-server winbindd[21841]: [2005/10/18 17:20:27, 0] lib/util.c:smb_panic2(1548) Oct 18 17:20:27 ht-server winbindd[21841]: PANIC: Could not fetch our SID - did we join? winbind is reporting this box isn't a member of the domain. Check that first. You may have to re-join. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba with ADS. winbindd ignore for user authentication
Oliver Neubauer wrote: I'm trying to set up samba using ADS for authentication. I can successfully join the samba machine to the domain. Windows hosts can see the samba machine. After successfully joining, doing: # wbinfo -u shows me ADS-defined users. Same goes for groups. However, when I try and assign one of those users ownership of a file, I get: # chown user1 /tmp/test chown: test1: illegal user name even though that user is a valid AD user. You need to configure pam to use nss_winbind, see http://us1.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634773 for example, my /etc/pam.d/system-auth contains references to pam_winbind: authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass ... account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so ... passwordsufficient/lib/security/$ISA/pam_winbind.so use_authtok -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.20b - still getting Winbind Dead but subsys locked
Sanjay Upadhyay wrote: Hi PC, I am encountering the same problem, with 3.0.14a, 3.0.20a and 3.0.20b in RH ES 4.0 32 bit. All the samba RPMS were downloaded fro enterprisesamba.org. Guys is it a bug or there is some changes required ? I'd suspect a problem with the builds from enterprisesamba.org. I'd report the problem to them. I've been running samba on RHEL4, ran a long time at 3.0.14a... currently at 3.0.20b, based on the original rh packaging. It's been just fine. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Need help with username map
[EMAIL PROTECTED] wrote: We have setup a Samba member server using Winbind (3.0.14a and NT4). I am trying to map the NT Domain ids to root (root = admin administrator rdehn) but this seems to be ignored when I try and connect to a share. The username map = /etc/samba/smbusers line is in the Global section of smb.conf and testparm is OK. What am I missing? Is this not possible? Recent versions of samba (from 3.0.14a?), requires one to include the domain, so you'd want in smbusers: root = my_domain\Administrator -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.20b - still getting
PC wrote: I am getting the following message in the system log: Oct 18 14:53:51 ht-server kernel: audit(1129661631.256:3): avc: denied { write } for pid=15497 comm=winbindd name=secrets.tdb dev=dm-0 ino=6915619 scontext=root:system_r:winbind_t tcontext=root:object_r:samba_etc_t tclass=file Looks like selinux is getting in the way. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.20, Active Directory, Debian: Username ... is invalid on this system
Markus Feilner wrote: Hello List, I have a strange problem: I have successfully added my debian system to the local active directory domain. Winbind works and gives me Users, Groups, and relations when I call wbinfo. However, Users cannot connect to a share I prepared. It makes no difference if there is no valid user = entry, or if I put an correct entry with my test user. All I get in log.winbindd is: Username DOMAIN+test is invalid on this system (just like there was a valid user entry.) I have successfully checked the password of this user with wbinfo, user data is handed over correctly, wbinfo -t is successful, domain membership works. What is wrong? You apparently haven't configured nss_winbind. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Downgrade from 3 to 2 suggestions
Stephen Carville wrote: After considerable experimentation I'm forced to accept that Samba 3 has problems with the combination of being a domain member, the 2.6 kernel, and Dell 2850 hardware. WORKSFORME, RHEL4, samba-3.0.20a, DELL Poweredge SC420. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: guest share not working (for disabled/locked/machine accounts)
Rex Dieter wrote: Rex Dieter wrote: Unforatunately, it appears that when local machine try to use the share for software deployment, they are also accessing it as the local Administrator account. More snooping determined this not to be the case, but that the Local System account is used for access creditials. Turns out the machines in question attempt to access the samba share using their machine account in AD, and it appears samba has a problem with this based on the plethora of these entries I'm seeing in samba's logs: [2005/10/09 15:30:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DOMAIN\MACHINE-1$ is invalid on this system Now to go off to look in smbd/sesssetup.c to see what criteria is used to determine if a username is invalid or not. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: installing samba on fedora 3
Khaled wrote: Please could someone help guide me through installing samba on fedora 3. $ yum install samba -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: guest share (fixed)
Rex Dieter wrote: Turns out the machines in question attempt to access the samba share using their machine account in AD, and it appears samba has a problem with this based on the plethora of these entries I'm seeing in samba's logs: [2005/10/09 15:30:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DOMAIN\MACHINE-1$ is invalid on this system Now to go off to look in smbd/sesssetup.c to see what criteria is used to determine if a username is invalid or not. I could have sworn I had tried this previously, but... It turns out we're not (yet) using winbind for UIDs (only authentication/passwords), so I needed map to guest = Bad Uid instead of map to guest = Bad User -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.20a and Winbind crashing (bug?)
[EMAIL PROTECTED] wrote: All running RHES 3, all with samba 3.0.20a and all have the winbind crashing problem :/ the main 2 are the filestore and email servers, also get the most usage. in fact from my systems point of view, its definatly a most usage = most frequent winbind crashing issue. I have one rhel3 (centos3 actually) server on which winbind has been running since samba-3.0.20a was released. Hasn't crashed once, though I wouldn't categorize it's usage as heavy. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind: username without domain name
Aleksandar Stankovic wrote: Can I configure winbind so that users only need to specify their actual username (without the preceding DOMAIN_NAME) and the domain name is added for them? man smb.conf Look for parameter named winbind use default domain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] guest share not working (for Disabled accounts)
I'm in an AD environment, with a samba server a member of the domain, and I'm trying to create a guest-level/read-only share accesssible by *anyone*. The purpose of this share is a network distribution point for .msi package deployment via AD Group Policy. My relevant smb.conf bits are: [global] guest account = nobody map to guest = Bad User [deploy] [msi] comment = Software Deployment path = /foo/deploy force user = nobody read only = yes browseable = no guest ok = yes guest only = yes Now, I can access this \\server\deploy share from almost anywhere logged in as almost anyone, *except* if I'm logged in as local\Administrator. Unforatunately, it appears that when local machine try to use the share for software deployment, they are also accessing it as the local Administrator account. I believe the root cause of failure is that the domain\Administrator account in our AD is either disabled or locked-out (and I don't have the rights to modify that global account as a lowly OU Admin). Any ideas on how to grant access to this share to client machines for Group Policy software deployment purposes? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: guest share not working (for Disabled accounts)
Rex Dieter wrote: Unforatunately, it appears that when local machine try to use the share for software deployment, they are also accessing it as the local Administrator account. More snooping determined this not to be the case, but that the Local System account is used for access creditials. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Replace NT 4.0 with Samba PDC but keep PC WINS *Advice*
SAMBA wrote: I am in the process of researching and testing SAMBA as a PDC. ... The only thing I am uncertain about is that our billing scheduling system is running WINS and our 110 pc's are configured to use it for wins resolution. I would like to leave WINS on that system but can it coexist with a SAMBA server acting as PDC but not doing WINS? Yes, just put wins server = ip_address_of_wins_server in smb.conf -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind id map to same uid/gid for all user from ads
nattapon viroonsri wrote: Have any way for winbind to idmap all user from active directory to single uid/gid or map uid/gid to uid that already have on local system ? Is ldap backend can do that ? Not winbind, but lacking any additional hints, Something like force user = ? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: multiple domain login failures
Stan Garvin wrote: I've run into a strange issue with our Windows 2000/XP client's domain authentication... ... Otherwise, our Samba/PDC/BDC/LDAP solution is working great!! FreeBSD 5.2.1-RELEASE samba-3.0.4 ^ Offhand, you're using a relatively old version of samba. I'd recommend upgrading to the latest version (3.0.14a at the moment) and re-test. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: A possible big security issue
[EMAIL PROTECTED] wrote: net use M: \\netbiosname\sharename password /USER:username But if I simply leave out the password the share mounts all the same. And I can read and write to the share. Seems kind of dangerous to me. In my experience, when leaving out the password, windows supplies the users' current (windows) password for (initial) authentication purposes. If the initial (supplied) username and password fails, it prompts for another. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authentication against AD?
Jason Gerfen wrote: I am having a hard time getting Samba to authentication correctly against a Windows Active Directory setup. Here is a snap of the smb.conf [global] passdb backend = ldapsam security = domain These two jump out at me. Should be: security = ads And since you're using domain/ads, you shouldn't use passdb backend. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authentication against AD?
Jason Gerfen wrote: I am having a hard time getting Samba to authentication correctly against a Windows Active Directory setup. Here is a snap of the smb.conf [global] passdb backend = ldapsam security = domain password server = server1.com server2.com prefered master = No local master = no hide unreadable = yes wins support = no winbind use default domain = yes domain master = No netbios name = samba-newb Oh, and security=ads mixed with netbios name = didn't work (for me at least), last time I tried. See https://bugzilla.samba.org/show_bug.cgi?id=2727 -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba