Re: [Samba] What great things can a non-windows user do with Samba
At Thu, 11 Jul 2013 11:52:49 -0400 Steve Litt sl...@troubleshooters.com wrote: Hi all, I ask this question about once a decade. I have about 7 computers, all Linux or BSD. Are there any cool things I can do with Samba, even though I have no Windows computers? Not really. Samba is just a tool to deal with pesky mess-windows machines. On a pure UNIX (Linux, BSD, Solaris, AIX, etc.) LAN, Samba is about as useful as Air Conditioners in Antartica in the middle of the Antartic winter. Thanks, SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Update A Compiled Version
At Thu, 20 Dec 2012 11:20:40 -0700 Zane Zakraisek doublez...@gmail.com wrote: I'm pretty new to compiling software, although I would rather compile my own Samba 4.0.0 server rather than wait for it to become available in the repositories of my distribution. How do you update compiled software. Like if I compile and install Samba 4.0.0, and then 4.0.1 comes out, Is there a way to update to that without starting from scratch and having to rebuild my domain? Thanks Most (all?) Linux distributions include a compiled version of Samba as part of the distriution's software repository. Check to see what your distribution makes available. -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] speed of samba vs Windows
At Thu, 28 Jun 2012 13:46:07 -0500 Todor Fassl fassl@gmail.com wrote: is it possible that unix file timestamps having a greater precision than ntfs is causing windows to see a change? I know rsync has an option to combat this. Well, I have no reason to believe that our Windows guy is correct and that Windows downloads only changed files and samba downloads the whole profile. I'm guessing he is basing that on how slow logins are. I can guarantee that he hasn't actually checked it out. He either thought it up himself or he heard it somewhere. Does anyone know if Windows does download only files that have changed? Something just occured to me... Well, maybe this is a bug in samba but probably not. When you join a machine to a domain where a time server is configured, it doesn't automatically configure the time servers on the client machine. On our network, the file server is the PDC. We have redundant BDCs which are configured as time servers in samba and are also ntp servers for the linux machines. If I boot a linux machine, I can use ntpq -p to make sure that the machine is getting data from our ntp servers. But if I go into the Windows control panel and look at Date and Time, the server listed there is time.windows.com. [Which, as it occurs to me, is also bogus in that what the heck is windows.com? If its Microsoft, why isn't the default time server time.microsoft.com?] dig time.windows.com = ;; ANSWER SECTION: time.windows.com. 3482IN CNAME time.microsoft.akadns.net. time.microsoft.akadns.net. 158 IN A 65.55.21.13 Yes. windows.com is a real live domain name, (owned by Microsoft), and time.windows.com is a real host name with actual records. And it appears to be a legit time server. Anyway, it seems to me that if you join a machine to a domain with a time server configured, it should show up in Date and Time - Internet Time - Server. But our BDCs aren't even listed there. Gawd, I hate Windows. I don't hate Microsoft or Bill Gates. He seems like a nice enough guy to me. And I don't blame him for getting to be a bzillionaire even though his software kinda sucks. But, still, I hate Windows. -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Preventing brute force password attacks
At Tue, 17 Apr 2012 20:32:05 + (UTC) era...@panix.com (Ed Ravin) wrote: I was hoping to set up fail2ban to block IP addresses that generate too many Samba password failures, but it needs a syslog message with the IP address of the computer that failed password authentication. Unfortunately, Samba doesn't seem to do this in my environment. Here's a sample error message: smbd[312]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User brutus ! I tried turning on full_audit, and I see the audit messages for successful connections, but there aren't any audit messages for login failures. I used these settings: full_audit:failure = connect full_audit:success = connect disconnect full_audit:facility = local5 full_audit:priority = notice Can Samba be configured to log authentication errors with IP addresses? Or do we need to change the source? You do understand that fail2ban works with your firewall and is meant for public internet services, such as Mail (eg Sendmail or Postfix) or HTTP or DNS. Since NETBIOS services are NOT services that should ever be used over the public internet. You should only have smbd/nmbd listening on you local LAN and not on your WAN / public Internet connection. Since your LAN will have only known local IP addresses (either statically assigned or from a limited pool of IP address), it really isn't meaningful to block these addresses. What *exactly* do you want to accomplish here? Do you really want to ban machines on your LAN from accessing your (office) server? -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Doubt on Samba and NFS configuration
At Thu, 26 Aug 2010 10:58:07 + Gangiredla, Venkata Ravi Shankar ravishanka...@hp.com wrote: Hi Team, I have doubt on samba and nfs co-existence on a server. I have read couple of posts in the internet and found that nfs and samba doesn't understand file locking mechanisms of each other. Samba and nfs can co-exist on *a* server without problems. There is no problem for a given machine exporting the same file system with both samba and nfs. The problems are when a given machine imports with one service (is in the 'client' role) and exports with the other (is in the 'server' role). Following is my requirement I have a vxfs filesystem /interfaces which is exported to 3 unix servers using nfs Now the customer, wants to export /interfaces/outbound to 4 windows servers using SAMBA. This should not be a problem, at least as I understand what you are doing (it is a little unclear the way you have stated things). I am assuming that you have some server 'master', which mounts /interfaces as a local (to 'master'), and it exports this to three unix servers ('unix_a', 'unix_b', and 'unix_c'), that is on master in /etc/exports you have something like: /interfaces unix_a(rw),unix_b(rw),unix_c(rw) and now you want to install samba on master and have a block like: [outbound] path = /interfaces/outbound in master's /etc/samba/smb.conf Following is the NFS and SAMBA version CIFS-Server A.02.02.01 HP CIFS Server (Samba) File and Print Services NFS B.11.23ONC/NFS; Network-File System,Information Services,Utilities Can we export /interfaces/outbound using SAMBA? Are there any known issues with NFS and SAMBA Thank you, Ravi. -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is Samba supposed to work like this?
At Tue, 17 Aug 2010 10:01:03 -0500 matt_fr...@cbca.com wrote: I have Samba 3.0.33-3.28.el5 running on a CentOS 5.5 server. The samba server is added as a Member server of our Windows 2003 AD, and winbind is working OK. I have a question about the assigning of permissions via the Windows XP file/folder properties dialog. My background is mainly in Windows, but I do grasp the concept of UNIX file permissions. When I attempt to modify the permissions on a folder that is in the share folder, the behavior isn't the same as it would be as if I were doing this on a Windows machine. If my user ID is not the UNIX OWNER of the share folder, then any attempt I make to change permissions gives me an access denied message. The permissions on the share are 775. Once I am the owner of the share, When I attempt to add a Windows ACE to the ACL, and give it full permissions, and click the Apply button, the entry remains, but the checkboxes for the permissions have all been cleared. I cannot get the permissions to Stick. Also, the permissions in the security tab are not always listed for a given Access Control Entry. All the checkboxes are blank, except for the Special Permissions box. I would think that If I granted ALL access to the ACE, then it should show all the boxes as checked without me having to go into the advanced screen. Is SAMBA supposed to be this different from how a Windows server would react, or is there something just not configured right in samba? Is there some sort of recommended best practices for configuring samba so it DOES work like a windows server? I know virtually nothing about MS-Windows, but my guess is that it has to do how permissions work inder UNIX vs how they work under MS-Windows. Specificly how the underlying file system in question handles permissions and/or ACLs. It may also be related to how Samba is configured in terms of what permissions / access levels is it granting clients. Follow us on twitter- Get the latest in industry updates, Health Care reform news, and other information at http://twitter.com/CBCANews. NOTICE: The information contained in this electronic message, and any attachments accompanying this transmission, may be legally privileged and/or confidential and protected health information. This information is intended only for the use of the individual(s) and/or entity identified above. The authorized recipient of this information is prohibited from disclosing this information to any other party unless required to do so by law or regulation and is required to protect the information after its stated need has been fulfilled. If you are not the intended recipient, or an employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, printing, copying, forwarding, or distributing of this information is strictly prohibited. If you have received this communication in error, please notify the sender immediately, by telephone or return fax/email, to advise of wrongful receipt and confirm your understanding of this Notice. Thank You. -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software-- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database hel...@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem After Upgrade - NT_STATUS_FILE_IS_A_DIRECTORY
At Wed, 07 Jul 2010 13:19:43 -0400 ltracc...@alexanderconsultants.net wrote: This is truly a bad idea. That XP share should be mounted by the workstations just like the server shares. Move the data to the server, or use the XP box as a server to directly serve those who need the data on it. Cheers, TMS III Why is this a bad idea? We've been running this setup for a few years now and its been working fine until we upgraded. The XP box only allows 10 user limit for shares, so that's why we mounted it to the Ubuntu server and shared it with Samba instead of having to pay for Windows Server license. The problem with simply moving the files over to the Ubuntu server is that the files on the XP box are stored on a RAID array that comes with a controller card whose driver is really only designed to be run on Windows, not Linux. Is this a *real* RAID controller or a 'fake' (BIOS/Software/MB) RAID controller? If it is a real controller are you sure there is no Linux driver for it? (Esp. since you are using Ubuntu!) If it is a software/BIOS/MB RAID controller the performance is going to be really bad -- these controllers are really only meant for home systems and not really for true servers. I'd have to setup mdadm on Ubuntu, which I've done before and was not impressed. The Windows RAID system we have is much more easier to maintain. Oh, you mean you have to actually use your keyboard? How dreadfull... Do you mean to say that the files local to the Ubuntu *server* are not on a RAID array? I don't want to get off topic here, I just want to know why Samba is giving me trouble browsing these mounted directories. This sort of 'game' (mounting files from one 'server' on another server and then re-exporting them), is not *specific* to Samba. See what happens when you try to NFS export file systems mounted as nfs file systems (although I expect nfsd/mountd would refuse to let you do that in the first place). There are several problems: It tends to confuse the server(s). File serving software (Samba, NFSD, etc.) really expect the data they are serving to be local (yes, using a NAS or something like that is a little different) and are written to optimal to work that way. It causes lots of network traffic: every I/O operation causes two batches of network traffic and implies two sets of network channels: one set between the machine with the physical disks (the XP box) and the 'server' (the Ubuntu box), and a *second* set of network channels between the 'server' (the Ubuntu box) and the final client(s) (the client MS-Windows machine(s)). If this is on one physical network (if the 'server' (the Ubuntu box) only has one NIC), then the you have lots of network collisions, which means your network thoughput will truely suck (eg network timeouts, dropped/lost packets, etc.). I expect that 'before' you 'got by' by luck. What might be happening now is that some fix to Samba is biting you or maybe you are getting network I/O errors (timeouts?) because of what I described in the paragraph above. What you are doing is not really going to work in the long term. You either need to: 1) Buy a real, supported RAID card for the Ubuntu system. 2) Live with mdadm 3) Pay for licenses for the XP system. -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Corrent security mode settings to allow mess-windows XP behave!
I have a Linux samba server (CentOS 5.4, Samba 3.0.33) that is serving two printers, anonymously, one read-only file share, anonymously, and two username/password-protected writable shares. Right now, I have the security mode set to 'share'. The printers and the read-only share are handled right, but when I try to connect to one of the writable shared, mess-windows only asked for a password, not a username! What do I have to change? The machine I trying this on is running Win XP Pro. (We have another machine running Win XP Home, and there are two other machines running Win 7.) I'm tempted at this point of looking to see if there is a NFS client for mess-windows... -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software-- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database hel...@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Corrent security mode settings to allow mess-windows XP behave!
At Tue, 6 Apr 2010 14:35:19 -0700 Jeremy Allison j...@samba.org wrote: On Tue, Apr 06, 2010 at 05:33:10PM -0400, Chris Smith wrote: On Tue, Apr 6, 2010 at 5:22 PM, Robert Heller hel...@deepsoft.com wrote: Right now, I have the security mode set to 'share'. security = share is deprecated and not recommend you're going to make Jeremy wish he removed support for it :) Nah. Enough people complain that we'll *never* be able to get rid of it :-). Setting it to 'user' causes mess-windows to ask for a username and password to access the *anoymous* (guest ok = yes) printers and share! -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software-- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database hel...@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Corrent security mode settings to allow mess-windows XP behave!
At Tue, 6 Apr 2010 18:57:20 -0400 Chris Smith smb...@chrissmith.org wrote: On Tue, Apr 6, 2010 at 6:12 PM, Robert Heller hel...@deepsoft.com wrote: Setting it to 'user' causes mess-windows to ask for a username and password to access the *anoymous* (guest ok = yes) printers and share! That will happen if you don't set it up properly. Yeah. I added 'map to guest = bad user'. The anonymous shares are working. Windows now asks for a username AND password for the protected shares, but cannot connect, claiming the share is already open under a different user (or some such nonsense). -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software-- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database hel...@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Mess-Windows dumbness...
I changed the Samba security mode from share to user and added a couple of users to allow some writable shares. Now the MS-Windows machines are insisting on a username/password to access the *anonymous* (guest ok = yes) printers and the one read-only public file system. How do I fix this? Do I *have* to configure a real-live guest user? Is there a way to allow some file systems anonymous access *without* a username/pasword and some file system write access with a username/password? Or is mess-windows too stupid to handle this? -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software-- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database hel...@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mess-Windows dumbness...
At Tue, 30 Mar 2010 11:48:21 -0400 Robert Heller hel...@deepsoft.com wrote: I changed the Samba security mode from share to user and added a couple of users to allow some writable shares. Now the MS-Windows machines are insisting on a username/password to access the *anonymous* (guest ok = yes) printers and the one read-only public file system. How do I fix this? Do I *have* to configure a real-live guest user? Is there a way to allow some file systems anonymous access *without* a username/pasword and some file system write access with a username/password? Or is mess-windows too stupid to handle this? Nevermind. I switched the security mode back to share and mess-windows seems to be happy... -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software-- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database hel...@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mess-Windows dumbness...
At Tue, 30 Mar 2010 11:57:28 -0400 awill...@whitemice.org wrote: On Tue, 2010-03-30 at 11:48 -0400, Robert Heller wrote: I changed the Samba security mode from share to user and added a couple of users to allow some writable shares. Now the MS-Windows machines are insisting on a username/password to access the *anonymous* (guest ok = yes) printers and the one read-only public file system. How do I fix this? Do I *have* to configure a real-live guest user? Is there a way to allow some file systems anonymous access *without* a username/pasword and some file system write access with a username/password? Or is mess-windows too stupid to handle this? I assume you have mapped guest to a valid user account on the Samba server? Yes: 'nobody'. I changed the security mode back to 'share' and this seems to have settled MS-Windows... -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software-- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database hel...@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba (anonymous) LDAP Authentication
I am trying to things up to allow a *few* select users on a small number of MS-Windows boxes to write to a couple of directories on a Linux server. Most of the users on the MS-Windows boxes will only have anonymous (guest) read-only access to one directory and anonymous (guest) access to the printers. The Linux server primarily is a PXEBoot and NFS server for a group of diskless Linux workstations. I am using LDAP for user Authentication for these machines. I would *like* to have just one user authentication database (the LDAP one). The MS-Windows machines will *never* need to allow things like user creation or modification (including password changing), so Samba *should not need* the rootdn password for the LDAP server. I am having a hard time figuring out how to do this. It *seems* that Samba wants to have the rootdn password -- do I have to configure it that way? Or do I have to *duplicate* the user authentication in Samba's own user database (resulting in people having their passwords in two separate places and/or end up having two passwords for their accounts [a Linux password and a MS-Windows password])? The *best* option would be for Samba to just go though pam/nss (like everything else under Linux), but it looks like Samba no longer does things this way. I am using Samba 3.0.33-3.15.el5_4.1 on a CentOS 5.4 (32-bit) system. -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba (anonymous) LDAP Authentication
At Mon, 29 Mar 2010 17:38:39 -0400 gaiseric.van...@gmail.com wrote: According to how you have described your environment, whether or not you use LDAP for Samba's backend, your users will still need corresponding unix accounts AND will still have separate unix and windows passwords.If you use ldap there will be separate fields for the different passwords. If you configure password sync it should appear to the users that they have a single password. (i.e. they change the password in Windows or with smbpassword the unix password should also change.) If you really want a single password I think your options are as follows- Configure unix logons to use windbind authentication (ie. authenticate using the samba/windows password.) Use kerberos for unix and samba. But that may not resolve your concerns with Samba writing to LDAP. So if you only have one samba machine and only a few users you may still want to stick to the TDB backend for the windows account info. Samba will still match the unix name to the windows name either way. OK, it looks like that is what I am stuck with. I only *really* need one or two users -- it is only for dealing with backups and posting some files. This seems to work I will just have to live with the potiental issues of possible differing passwords if/when that happens -- it is only two usernames at present. Question: why can't samba just use UNIX's user authentication? Is this something in the way MS-Windows encrypts the password it sends over the NetBIOS protocol? Or is there some other issue going on? -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba