[Samba] So no conversion from group_mapping.ldb to group_mapping.tdb?
Greetings, I recently upgraded an AD member server from Samba 3.5.15 to Samba 3.6.9 and found that I had lost all the existing local group mappings. I see that the group mapping file has gone from group_mapping.ldb to group_mapping.tdb. I asked on this list as well as searching the web, Samba documentation (which still seems focused on version 3.5), and Samba Wiki and found nothing on a method to convert/migrate information stores in the group_mapping.ldb file to the new group_mapping.tdb - is that correct? Because of the way Active Directory is managed at out site I store dozens of local groups and their memberships in that file. I found NOTHING in the Samba 3.6.x release notes warning me of the change to the group_mapping file. Just wanted to confirm that there is no conversion utility that I missed and that I am on my own to migrate that information. Thank you Bob Martel -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Lost group mappings going from Samba 3.5 to Samba 3.6
Greetings, I recently upgraded an AD member server from Samba 3.5.15 to Samba 3.6.9 and found that I had lost all the existing local group mappings. I see that the group mapping file has gone from group_mapping.ldb to group_mapping.tdb. Was there a conversion/upgrade procedure I should have found and used? Online documentation I can find says it is for the 3.5 series of samba, does updated documentation for 3.6 exist somewhere? Does a group mapping migration procedure exist, or will I need to recreate it from scratch? On this initial trial of Samba 3.6 only a few groups existed, on the larger production machines the story is different and recreating the groups and memberships will be a chore. Thanks! Bob Martel -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable
On 10/22/2012 05:10 PM, Andrew Bartlett wrote: On Mon, 2012-10-22 at 14:51 -0400, Robert M. Martel - CSU wrote: [2012/10/22 14:23:07.353280, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password WEBDEVEL$@CSUNET.CSUOHIO.EDU failed: Clients credentials have been revoked Join to domain is not valid: Access denied The Active Directory admins are still saying that they have not changed anything on their side. It seems unlikely if you just re-joined, but in case we are talking about multiple machines, could the password have been expired? The problem existed for multiple machines. After Brian Campbell's note I double-checked the clock-sync on the servers and found it to be okay. The Active Directory (AD) admins that did not change anything finally reported having some vague problem with their domain server replication that only seem to affect *my* Samba servers (I may be the only person on campus running Samba servers that are members of the university's Active Directory system.) There was some more hand waving, reports of trying to get some support out of Microsoft, and finally a mention that *someone* had been making some changes to AD config in preparation of moving from Lotus Notes Email to MS Exchange. The AD admins then did something else and now the problem no longer exists. I am still trying to get some real information as to what happened. If I (ever) find out I will note it here. I always hate seeing problem reports in Email archives that never talk about resolution. Thank you! At least I got my Samba versions less out of date. Have to see if building 3.6 is as much of a pain on Solaris as 3.5 has been. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable
Greetings, I have an elderly installation of Samba 3.5.8 running on 10 Sparc servers (and 3.5.12 on Solaris 9 servers with the same issue) set up as Active Directory member servers. Since we've laid-off everyone else around here I have not had the opportunity to update the Samba installation - and have not needed to as it has been very solid. Suddenly last Friday the Samba servers started having authentication problems for the active directory users. Users were unable to map drives, looking at files on the server I was seeing UID numbers rather that the user's login ID for the files. Stopping and restarting Samba did not help. I took the machines out of Active Directory, and then re-added them - which they did without a problem. After restarting Samba all was well, for awhile. This morning some folks that had left themselves looked in over the weekend were okay, but others could not map their drives. interactive logins for AD users did not work. I again left and rejoined the AD domain and all was well for a bit, then I had to repeat the cycle. I do not maintain or have access to the Active Directory servers or configuration. The central IT people claim that they have not made any changes to the AD servers...but they don't always tell me the whole truth. I am building Samba 3.5.18 right now in the hope that it will make a difference. I've never had a problem like this since first playing with Samba and Active directory more than 5 years ago - and certainly no issue like this since putting it into production. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable
Greetings, something to add. Had one of the Solaris 9 machines just stop working. I stopped samba and restarted it, found the following in smblog.smbd [2012/10/22 11:37:00.299787, 0] libads/sasl.c:823(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials I removed the machine from Active Directory and immediately re-added it - I did NOT run kinit to get new credentials. started Samba and the machine works fine...for now. On 10/22/2012 11:29 AM, Robert M. Martel - CSU wrote: Greetings, I have an elderly installation of Samba 3.5.8 running on 10 Sparc servers (and 3.5.12 on Solaris 9 servers with the same issue) set up as Active Directory member servers. Since we've laid-off everyone else around here I have not had the opportunity to update the Samba installation - and have not needed to as it has been very solid. Suddenly last Friday the Samba servers started having authentication problems for the active directory users. Users were unable to map drives, looking at files on the server I was seeing UID numbers rather that the user's login ID for the files. Stopping and restarting Samba did not help. I took the machines out of Active Directory, and then re-added them - which they did without a problem. After restarting Samba all was well, for awhile. This morning some folks that had left themselves looked in over the weekend were okay, but others could not map their drives. interactive logins for AD users did not work. I again left and rejoined the AD domain and all was well for a bit, then I had to repeat the cycle. I do not maintain or have access to the Active Directory servers or configuration. The central IT people claim that they have not made any changes to the AD servers...but they don't always tell me the whole truth. I am building Samba 3.5.18 right now in the hope that it will make a difference. I've never had a problem like this since first playing with Samba and Active directory more than 5 years ago - and certainly no issue like this since putting it into production. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable
Greetings, More responding to my own thread - but no solution in sight. Still having the problem with Samba 3.5.18. New and different error message from net ads testjoin: #webdevel# net ads testjoin [2012/10/22 14:23:07.317109, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password WEBDEVEL$@CSUNET.CSUOHIO.EDU failed: Clients credentials have been revoked [2012/10/22 14:23:07.353280, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password WEBDEVEL$@CSUNET.CSUOHIO.EDU failed: Clients credentials have been revoked Join to domain is not valid: Access denied The Active Directory admins are still saying that they have not changed anything on their side. On 10/22/2012 11:48 AM, Robert M. Martel - CSU wrote: Greetings, something to add. Had one of the Solaris 9 machines just stop working. I stopped samba and restarted it, found the following in smblog.smbd [2012/10/22 11:37:00.299787, 0] libads/sasl.c:823(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials I removed the machine from Active Directory and immediately re-added it - I did NOT run kinit to get new credentials. started Samba and the machine works fine...for now. On 10/22/2012 11:29 AM, Robert M. Martel - CSU wrote: Greetings, I have an elderly installation of Samba 3.5.8 running on 10 Sparc servers (and 3.5.12 on Solaris 9 servers with the same issue) set up as Active Directory member servers. Since we've laid-off everyone else around here I have not had the opportunity to update the Samba installation - and have not needed to as it has been very solid. Suddenly last Friday the Samba servers started having authentication problems for the active directory users. Users were unable to map drives, looking at files on the server I was seeing UID numbers rather that the user's login ID for the files. Stopping and restarting Samba did not help. I took the machines out of Active Directory, and then re-added them - which they did without a problem. After restarting Samba all was well, for awhile. This morning some folks that had left themselves looked in over the weekend were okay, but others could not map their drives. interactive logins for AD users did not work. I again left and rejoined the AD domain and all was well for a bit, then I had to repeat the cycle. I do not maintain or have access to the Active Directory servers or configuration. The central IT people claim that they have not made any changes to the AD servers...but they don't always tell me the whole truth. I am building Samba 3.5.18 right now in the hope that it will make a difference. I've never had a problem like this since first playing with Samba and Active directory more than 5 years ago - and certainly no issue like this since putting it into production. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] AD member server - getting a user's name (GECOS)
Greetings, My odd question for the week - I've been unable to figure out if/how to do this. Given an Active Directory user ID, is there a way to get the user's real name? During testing of our Samba AD member servers I have seen user's given names appearing in the log files - is there a way that I can pull that for my own use? Our site uses loginIDs for users that give no clue as to their identity, it would be nice to turn those IDs into the user's actual name so I know who is doing what. I've been playing with wbinfo which seemed like a good place to start, but no joy there. I'm looking for GECOS info, not the user's UID or GID. Thanks, Bob -- *** Robert M. MartelPushing myself and this old machine System AdministratorBurning fumes Levin College of Urban Affairs and what's left of my dreams Cleveland State University (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6, Solaris 10, pam_winbind.so will not link
In case others have this problem. On 10/27/2010 09:50 AM, Robert M. Martel - CSU wrote: ... Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext ../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 I ended up adding -lintl to several other locations in the configure generated makefile including the first LIBS line and on lines for building the pam winbind shared libraries. Then I was able to complete the build process. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6, Solaris 10, pam_winbind.so will not link
On 10/27/2010 06:04 PM, Christopher Chan wrote: On Wednesday, October 27, 2010 09:50 PM, Robert M. Martel - CSU wrote: Still no progress trying to get Samba 3.5.6 built on Solaris 10, using gcc 3.4.6. Isn't it bad to use gcc for this? pam_winbind and nss_winbind would be using gcc ABI while the rest of the system using Sun Studio ABI... I have not had an issue before in years of Solaris 8, 9, and 10 using gcc to build samba, and everything else. Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext ../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 DO you have libintl somewhere? Yes, in /usr/local/lib. The prior parts of the samba build process can find it once I add -lintl to the LIBS line 25 of the Makefile. Running the make without that modification yields problems earlier in the build process. I found I was not the only one with that issue: http://forums.sun.com/thread.jspa?threadID=5445706 -Bob -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.6, Solaris 10, pam_winbind.so will not link
Greetings, Still no progress trying to get Samba 3.5.6 built on Solaris 10, using gcc 3.4.6. Maybe fresh eyes will see something? Been having issues building samba since 3.4.9 (and anything greater than 3.2.15 on Solaris 9 where samba will build, but winbind will not work properly for user authentication.) techops$ make Using CFLAGS = -I/opt/local/kerberos5/include -O -I. -I/usr/local/src/samba-3.5.6/source3 -I/usr/local/src/samba-3.5.6/source3/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I./../lib/talloc -I../lib/tdb/include -DHAVE_CONFIG_H -I/opt/local/kerberos5/include -I/opt/local/openldap/include -L/usr/local/lib -R /usr/local/lib -L/usr/sfw/lib -R /usr/sfw/lib -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED -DSUNOS5 -I/usr/local/src/samba-3.5.6/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 PICFLAG= -fPIC LIBS = -lsendfile -lresolv -lrt -lnsl -lsocket -liconv -lintl LDFLAGS= -pie -L/opt/local/kerberos5/lib -R/opt/local/kerberos5/lib -Wl,-z,ignore -L/opt/local/openldap/lib -L/usr/local/lib -R/usr/local/lib -R/opt/local/openldap/lib -lthread -L./bin DYNEXP = LDSHFLAGS = -fPIC -shared -L/opt/local/kerberos5/lib -R/opt/local/kerberos5/lib -Wl,-z,ignore -L/opt/local/openldap/lib -L/usr/local/lib -R/usr/local/lib -R/opt/local/openldap/lib -lthread -L./bin -lc -Wl,-z,defs SHLIBEXT = so SONAMEFLAG = -Wl,-h, Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 -- *** Robert M. MartelPushing myself and this old machine System AdministratorBurning fumes Levin College of Urban Affairs and what's left of my dreams Cleveland State University (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6 - configure creates Makefile with errors on Solaris 10
Greetings, I was able to get 3.4.9 to build on my Solaris 10 boxes - but nothing later. I've been building my own samba from source for far longer than I care to admit (because I should know more about samba by now than I do.) I've never had so many problems building the source has I have had the past several months. I am going to look into the points that Gaiseric Vandal has brought up. I am already using Sunfreeware's gcc. I got past my latest make issue by using Sunfreeware's version of Make rather then the one found in /usr/ccs/bin (which has never been a problem in the past.) Following a tip I found at http://forums.sun.com/thread.jspa?threadID=5445706 I added -lintl to the LIBS option in the Makefile. Line 25 That got me as far as linking winbind: - ... Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 - Which has me now stopped at the same place on both my Solaris 9 and Solaris 10 builds. On Solaris 9 I have not been able to get a FULLY working version of Samba with AD support past version 3.2.15. -Bob On 10/18/2010 02:25 PM, Joe Cammisa wrote: i've had no problem compiling up to 3.4.8 on several solaris10 boxes at varying patch levels; but for some reason i can't get anywhere with 3.5.x. has anyone else been successful in this regard? any tips appreciated--thanks all in advance... -joe On Mon, Oct 18, 2010 at 2:13 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Have you tried the precompiled samba version from sunfreeware.com? It is only 3.4.2 but should have AD support. It won't have ZFS support (an issue for Solaris 10 but Solaris 9.) the winbind nsswitch stuff may be require a little work to setup. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to compile Samba 3.5.6 on Solaris 9 - more winbind issues
Greetings, Just for completeness I am seeing the same problem building Samba 3.5.6 under Solaris 10: Had to manually add -lintl to the LIBS option in the Makefile. ... Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 On 10/18/2010 10:01 AM, Robert M. Martel - CSU wrote: Greetings, No helpful hints have been offered to my winbind issues with Samba 3.4.9 and Solaris 9 I started trying to build Samba 3.5.6. Using gcc 3.4.6. I added -lintl to the LIBS option in the Makefile which cleared some earlier linker errors involving libintl_gettext, libintl_textdomain and libintl_bindtextdomain being undefined, except with winbind: Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext ../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 I have not been able to get any version of Samba beyond 3.2.15 to build on Solaris 9 with support for Active Directory. Any later 3.2 version I see run-time errors with winbind which is why I decided to give 3.5 a try. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.6 - configure creates Makefile with errors on Solaris 10
Greetings, Attempting to build samba 3.5.6 on Solaris 10. Running make after the configure process has completed yields: make: Fatal error in reader: Makefile, line 1396: Extra `:', `::', or `:=' on dependency line Not that I have not had issues of late building Samba, but this id the first time it went of the rails so early in the building process. -Bob -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unable to compile Samba 3.5.6 on Solaris 9 - more winbind issues
Greetings, No helpful hints have been offered to my winbind issues with Samba 3.4.9 and Solaris 9 I started trying to build Samba 3.5.6. Using gcc 3.4.6. I added -lintl to the LIBS option in the Makefile which cleared some earlier linker errors involving libintl_gettext, libintl_textdomain and libintl_bindtextdomain being undefined, except with winbind: Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 I have not been able to get any version of Samba beyond 3.2.15 to build on Solaris 9 with support for Active Directory. Any later 3.2 version I see run-time errors with winbind which is why I decided to give 3.5 a try. -- *** Robert M. MartelPushing myself and this old machine System AdministratorBurning fumes Levin College of Urban Affairs and what's left of my dreams Cleveland State University (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Still no working windbind on Solaris9 - samba 3.4.9
Greetings, Was away from samba for a time, now trying again. I have this working under Solaris 10, but have not been able to get a functional samba Active Directort member server working on Solaris 9 since samba 3.2.15. Later versions Samba will serve file to PC clients, but not permit interactive logins to the host. I see messages like: ld.so.1: su: fatal: relocation error: file /usr/lib/security/pam_winbind.so.1: symbol libintl_bindtextdomain: referenced symbol not found Killed ldd shows me: ldd -d /usr/lib/security/pam_winbind.so.1 libthread.so.1 =/usr/lib/libthread.so.1 libpam.so.1 = /usr/lib/libpam.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libtalloc.so = /usr/lib/libtalloc.so libwbclient.so =/usr/lib/libwbclient.so libc.so.1 = /usr/lib/libc.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libcmd.so.1 = /usr/lib/libcmd.so.1 libmp.so.2 =/usr/lib/libmp.so.2 symbol not found: main (/usr/lib/security/pam_winbind.so.1) /usr/platform/SUNW,UltraAX-i2/lib/libc_psr.so.1 symbol not found: main (/usr/lib/libtalloc.so) symbol not found: main (/usr/lib/libwbclient.so) I see that things appear to be missing, but have no idea how to fix them. Anyone have Samba 3.2.15 running on a Solaris 9 box as an AD member server? I've asked about this issue before (as have others it seems), but I've never seen a solution posted. Thanks, bob -- *** Robert M. MartelAbove the planet on a wing and a prayer System AdministratorMy grubby halo, Levin College of Urban Affairs a vapour trail in the empty air Cleveland State University Across the clouds I see my shadow fly (216) 687-2214 Out of the corner of my watering eye r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind problem on Solaris 9 - samba 3.4.4
Greetings, Have not heard from anyone on this topic. I tried building samba 3.3.10 with same environment - same issue: ld.so.1: su: fatal: relocation error: file /usr/lib/security/pam_winbind.so.1: symbol libintl_bindtextdomain: referenced symbol not found I could access shares from client PCs, but not log onto or su to an active directory user. On 01/13/2010 04:03 PM, Robert M. Martel - CSU wrote: Greetings Samba 3.4.4 built on Solaris 9 with gcc version 3.4.6 This is an Active Directory member server which was working with Samba 3.2.15 installed. I was able to build 3.4.4 without errors as well as access shares as an active directory user from a client PC without any issues so far. When I try to su to an active directory user in a terminal session I get the following error: ld.so.1: su: fatal: relocation error: file /usr/lib/security/pam_winbind.so.1: symbol libintl_bindtextdomain: referenced symbol not found I have SMClintl from SunFreeware installed to support some other packages, there also exists a libintl.so.1 in /usr/lib which is much smaller than the one in /usr/local/lib. I tried changing crle to put /usr/local/lib before /usr/lib but it did not make a difference. Any suggestions on how to resolve this issue? Thanks! Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 r.mar...@csuohio.edu-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind problem on Solaris 9 - samba 3.4.4
Greetings Samba 3.4.4 built on Solaris 9 with gcc version 3.4.6 This is an Active Directory member server which was working with Samba 3.2.15 installed. I was able to build 3.4.4 without errors as well as access shares as an active directory user from a client PC without any issues so far. When I try to su to an active directory user in a terminal session I get the following error: ld.so.1: su: fatal: relocation error: file /usr/lib/security/pam_winbind.so.1: symbol libintl_bindtextdomain: referenced symbol not found I have SMClintl from SunFreeware installed to support some other packages, there also exists a libintl.so.1 in /usr/lib which is much smaller than the one in /usr/local/lib. I tried changing crle to put /usr/local/lib before /usr/lib but it did not make a difference. Any suggestions on how to resolve this issue? Thanks! Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 r.mar...@csuohio.edu-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade from 3.2.15 fails - winbind problems
Greetings, I have been attempting an existing Samba domain member server that is running Samba 3.2.15 to 3.3.9 (or 3.4.3) but in either case my AD users end up being unknown to the server. I am using the idmap rid on the member server - no changes allowed to AD server, AD server not managed by my group. So far any attempt using 3.3.9 or 3.4.3 fails with AD users not being identified. I am sure I have a broken config file, but have been unable to correct it on my own, nor have I been able to find an up-to-date example of how the smb.conf file for someone using idmap rid *should* look in the current versions of samba. I would *love* to see a working smb.conf file from someone using idmap rid on a AD member server with the tbd backend on a currnet version of samba. I have left and rejoined the domain. Testjoin says I joined okay. wbinfo -g returns a list of groups However, wbinfo -t tells me checking the trust secret via RPC calls failed Could not check secret and is see the following from wbinfo -a 1001362%password plaintext password authentication succeeded could not obtain winbind interface details! could not obtain winbind separator! could not obtain winbind interface details! could not obtain winbind domain name! challenge/response password authentication succeeded finally from my hacked-up smb.conf file. # idmap uid and idmap gid are aliases for # winbind uid and winbid gid, respectively # OLD IDMAP SETTINGS - did not work # idmap backend = idmap_rid:CSUNET=1-2 # idmap uid = 1-2 # idmap gid = 1-2 # 3.2.14 IDMAP settings # idmap domains = CSUNET # idmap config CSUNET: default = yes # idmap config CSUNET: backend = rid # idmap config CSUNET: base_rid = 0 # idmap config CSUNET: range = 1-1 # 3.3.9 IDMAP settings - still not working. # winbind separator = \ winbind use default domain = yes template homedir = /home/%U template shell = /usr/bin/bash # idmap backend = tdb idmap uid = 1-1 idmap gid = 1-1 idmap config CSUNET: default = yes idmap config CSUNET: backend = rid idmap config CSUNET: range = 1-1 Thanks! -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 r.mar...@csuohio.edu-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] AD Member server and local UNIX groups
Greetings, I hope someone can tell me if what I want to do is possible with Samba or not. I have been searching for info and found a number of people with similar problems, but not an answer. I have a Samba server (3.2.4) running on a Solaris 10 machine which is a member server in Active Directory (AD). I am using winbind. The AD users can access the samba server shares and UNIX services. I want to control access to some samba shares by putting a group name in a 'valid users' entry for the share (as I have done in the past when we had a samba-based PDC.) Our AD system is strictly HANDS-OFF, I cannot make any changes to it, cannot add groups, cannot change group memberships. It is run by a different department. So I cannot create my groups on the AD server. I had thought I could add AD users as members to the local UNIX groups on the samba server and use those group names on my valid users lines in smb.conf. When I tried that what I mostly see is the following in the logs: smblog.client: User CSUNET\martel-test not in 'valid users' smblog.client: User CSUNET\1001362 not in 'valid users' So, is what I want to do even possible? If it is not, how do others work around group membership issues - I can't be the only person running a samba server where they are not permitted to alter the AD setup. I can list AD users one at a time on the 'valid users' entry, but that will get cumbersome pretty quickly. Thanks in advance Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to access server with IDMAP_RID in place - samba 3.2.0
Greetings, I have a number of samba servers that will need to become Active Directory (AD) member servers. The testing I've done so far with default mapping has worked just fine. I configured a server to be an AD member server, joined it to AD but was unable to access it from a client PC - I get prompted for authentication on the client which shouldn't be happening. The log file shows: [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user CSUNET\1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is csunet\1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(85) Trying _Get_Pwnam(), username as given is CSUNET\1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(104) Checking combinations of 0 uppercase letters in csunet\1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals didn't find user [CSUNET\1001362]! [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user 1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is 1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(104) Checking combinations of 0 uppercase letters in 1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals didn't find user [1001362]! [2008/07/31 09:08:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(474) Username CSUNET\1001362 is invalid on this system If I comment out the IDMAP_RID line of smb.conf, I can access the server just fine. From the documentation and yesterday's web searches it seems very simple to use IDMAP_RID - nothing to set-up, just adding the line to the smb.conf with the UID range to use. Is there a step I am missing? This is Samba 3.2.0 on Sun Solaris (Sparc) 9. The section for this from my smb.conf looks like: idmap backend = idmap_rid:CSUNET=1-2 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = no winbind enum groups = no winbind use default domain = yes winbind nested groups = Yes template shell = /usr/bin/bash template homedir = /home/%U allow trusted domains = No Any ideas appreciated as I don't know where to look. -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] weird Windows profile creation
On Mon, Jul 28, 2008 at 10:15 AM, Christopher Perry [EMAIL PROTECTED] wrote: It seems weird. On 75% of my machines, it creates accounts as: c:\documents and settings\username on 25% of the machines, it creates them as: c:\docments and settings\username.DOMAINNAME These are fresh machines, so it's unclear to me where this behavior stems from. We're not using roaming profiles. Does anyone have any idea as to why this happens? When I had a Samba PDC in use with roaming profiles we had the clients set to delete the roaming profiles at logoff. Naturally MS Windows didn't always delete the locally cached copy of the roaming profile in spite of being told to do so. On subsequent logins the roaming profile would be copied to c:\documents and settings\username.DOMAINNAME - which would break some applications (Thunderbird, Firefox) that expected their settings to be under c:\documents and settings\username. Wasn't a Samba issue in our case b/c it was the client machine's failure to delete the local coy of the roaming profile that was the source of the issue. -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris 10 and Samba 3.2 - internal error
Greetings, Before I get to far digging I was wondering if anyone else was seeing problems with Samba 3.2 on Solaris 10 (Sparc.) I built Samba with gcc 3.4.3. Clients are denied access to server resources and I'm seeing the following in the logs: [2008/07/02 15:47:38, 3] smbd/password.c:register_existing_vuid(326) register_existing_vuid: UNIX uid 1 is UNIX user CSUNET\1001362, and will be vuid 101 [2008/07/02 15:47:38, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F3100 [2008/07/02 15:47:38, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x6593c8 [2008/07/02 15:47:38, 0] lib/fault.c:fault_report(40) === [2008/07/02 15:47:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 10 in pid 703 (3.2.0) Please read the Trouble-Shooting section of the Samba3-HOWTO [2008/07/02 15:47:38, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2008/07/02 15:47:38, 0] lib/fault.c:fault_report(44) === [2008/07/02 15:47:38, 0] lib/util.c:smb_panic(1666) PANIC (pid 703): internal error [2008/07/02 15:47:38, 0] lib/util.c:log_stack_trace(1820) unable to produce a stack trace on this platform [2008/07/02 15:47:38, 0] lib/fault.c:dump_core(201) dumping core in /opt/local/samba/var/cores/smbd No core file found in the listed directory. Thanks, Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group membership confusion, UNIX, nested, and AD
Brian Gregorcy wrote: ... Hi Bob, I recently did something similar, this page helped me the most of anything I believe it was section 14.3 http://samba.dsmirror.nl/samba/docs/man/Samba-HOWTO-Collection/idmapper.html Thank you, I'll be taking a look at that next. I am just perplexed that samba as an AD member server cannot check UNIX groups for membership while it can otherwise. However I think you will need an account with privileges to join machines to the domain, ... I already have the machine in Active Directory and domain users can access shares on it - they gave me a Domain Admin account long enough to join AD, but not longer. -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group membership confusion, UNIX, nested, and AD
Still hoping that someone can help clear this up. Greetings, I've been reading and re-reading Chapter 12. Group Mapping: MS Windows and UNIX, Mailing list messages with the subjects valid users = +group doesn't work and Unix ADS group membership or vice versa and all I've gotten is more confused. I have to move my samba servers from a Samba PDC environment to Active Directory (AD) where they will be member servers. I will NOT be able to make ANY changes to the AD configuration: it is dictated and controlled by those on high. I cannot add any groups to AD. I can only manipulate the membership of the UNIX groups on my servers. I already have a test samba server (3.0.28a) as a member of AD. What I want is to be able to control access to shares using lines like valid user +www in smb.conf as I have in the past. The groups I want to use are the UNIX groups on the AD member samba server. I have added AD users as members of the UNIX groups in /etc/group It looks like Samba AD member servers will NOT look at local UNIX groups to check and see if an AD account is a member of the UNIX group. I do not want to have to map each and every AD user to a corresponding local user - I thought accessing AD would cut down on the account management workload, not increase it. I fail to see where windbind's nested groups will help me solve this problem - as presented in the docs it seems to solve an MS Windows issue that I do not have. Perhaps I still do not understand what that the nested group is supposed to provide. Since I have no administrative access to the AD server, how am I to create nested groups? The example shows: net rpc group add demo -L -Uroot%not24get So it seems I would need some kind of administrative account to even create the nested group. If not an AD account, I do not recall setting up an smbpassword for root as I did in the past on my samba PDC. I am not a member of Domain Administrators in out AD setup, but that is a whole different set of questions. How would I make such a nested group the group owner for files/directories? Or would I then use the nested group in the valid user line of smb.conf? Use groupmap to associate it with a UNIX group? See, confusion. At this moment it seems my worst case/quick fix calls for long valid user lines listing the AD accounts that I wish to have access to certain shares - kinda' defeats the reason to have groups. Why would Samba be written to ignore the group memberships? Thanks in advance to anyone that can help clear up my confusion about groups! -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group membership confusion, UNIX, nested, and AD
Greetings, I've been reading and re-reading Chapter 12. Group Mapping: MS Windows and UNIX, Mailing list messages with the subjects valid users = +group doesn't work and Unix ADS group membership or vice versa and all I've gotten is more confused. I have to move my samba servers from a Samba PDC environment to Active Directory (AD) where they will be member servers. I will NOT be able to make ANY changes to the AD configuration: it is dictated and controlled by those on high. I cannot add any groups to AD. I can only manipulate the membership of the UNIX groups on my servers. I already have a test samba server (3.0.28a) as a member of AD. What I want is to be able to control access to shares using lines like valid user +www in smb.conf as I have in the past. The groups I want to use are the UNIX groups on the AD member samba server. I have added AD users as members of the UNIX groups in /etc/group It looks like Samba AD member servers will NOT look at local UNIX groups to check and see if an AD account is a member of the UNIX group. I do not want to have to map each and every AD user to a corresponding local user - I thought accessing AD would cut down on the account management workload, not increase it. I fail to see where windbind's nested groups will help me solve this problem - as presented in the docs it seems to solve an MS Windows issue that I do not have. Perhaps I still do not understand what that the nested group is supposed to provide. Since I have no administrative access to the AD server, how am I to create nested groups? The example shows: net rpc group add demo -L -Uroot%not24get So it seems I would need some kind of administrative account to even create the nested group. If not an AD account, I do not recall setting up an smbpassword for root as I did in the past on my samba PDC. I am not a member of Domain Administrators in out AD setup, but that is a whole different set of questions. How would I make such a nested group the group owner for files/directories? Or would I then use the nested group in the valid user line of smb.conf? Use groupmap to associate it with a UNIX group? See, confusion. At this moment it seems my worst case/quick fix calls for long valid user lines listing the AD accounts that I wish to have access to certain shares - kinda' defeats the reason to have groups. Why would Samba be written to ignore the group memberships? Thanks in advance to anyone that can help clear up my confusion about groups! -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unix ADS group membership or vice versa
Ryan Bair wrote: You can't make a local user a member of an AD group since AD needs to know about them. You can however add an AD user to a local group just like you would for a local user. This is true with normal LDAP accounts as well. I've spent a fair chunk of the day looking for a solution, and have only found people w/ similar problems. I have NO ability to control/manipulate the Active Directory(AD) server - different group manages that resource. I have a samba server as an AD. Currently the AD users can access the Samba shares. I have added some AD users to the local UNIX groups on the server but that does not not seem to be working - while (UNIX) group membership should permit access to the resource, the users are being denied access by Samba - according to the logs. I have used the net groupmap add to map the local UNIX group to a windows group in Samba. Shouldn't this work? How do I convince samba to check and see if an AD account is a member of a local UNIX group? On my older systems that are still using samba as a PDC this works fine - but I need to move the servers to AD for authentication. What (obvious) step have I missed? Samba version 3.0.28a on Solaris Thanks in advance. -bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
On 05/11/2006 10:51 AM, Gerald (Jerry) Carter wrote: ... I'd also like to kill the following configure options --with-nisplus-home --with-ldapsam --with-automount --with-dce-dfs I've not seen anyone else speak up, but we are still making use of --with-nisplus-home and --with-automount here. -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join domain - Samba 3.0.14a on Solaris
Greetings, We've been having an issue here with our Solaris servers running Samba. On our Primary Domain Controller we have been unable to upgrade it past Samba 3.0.14a. If we upgrade to any of the later versions PCs on our network cannot join the domain. Client PCs already in the domain operate just fine. When attempting to join the domain Windows opens an error dialog box that says: The following error occurred attempting to join the domain X: The remote procedure call failed. Has anyone else seen an issue like this? I wanted to check with the list before opening a bug report. Once we roll the server back to 3.0.14a the join works fine. Our other Sun servers are running Samba 3.0.14a on Solaris 9 built with gcc 3.3.2, 64 bit. Thanks, Bob *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3, AD, and roaming profiles
On 08/17/2005 12:46 AM, Ilia Chipitsine wrote: I have access to User Manager for AD and have modified the profile entry for my test user to: profile path \\techops-test\profile login script \\techops-test\netlogon\mglcua.bat Home directory map h:\ to \\techops-test\homes\marteltest I have also tried: profile path \\techops-test\profile\marteltest logon path ? logon home ? (depending on windows version) not profile path :-) logon path doesn't have to point to PDC (which is AD in your case), so You can specify samba UNC for that. just remember win2ksp4 and later are picky on profile ACLs, You should either use samba with ACL support or enable profile acls = yes on that share (believe me, You don't want that option enabled globally). logon script is relative to \\PDC\netlogon, so You can just specify s.bat and it will look for \\PDC\netlogon\s.bat I do have profile acls = yes for the share I want to store the profiles on. Perhaps I was unclear, the parameters above are NOT in my Samba smb.conf, but from Microsoft's Active Directory Users and Computers tool running from an XP client. So on the profile tab for a user I have the following set: Profile Path\\techops-test\profile\%USERNAME% Logon Script\\techops-test\netlogon\mglcua.bat Home Folder (*) connect h: to \\techops-test\homes\%USERNAME% When I logon My home directory is mapped to h:\. The logon script does not run, nor are any errors generated. The Windows machine reports that it is unable to locate the server copy of my roaming profile because the network path was not found. The Samba resource \\techops-test\profile exists, and already has a subdirectory called marteltest waiting. I then see the odd (to me) message in the smblog on the samba server for this client that says the profile path is being set to \\techops-test\marteltest\profile : [2005/08/18 09:49:59, 4] lib/substitute.c:automount_server(337) Home server: techops-test [2005/08/18 09:49:59, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\techops-test\marteltest\profile, was [2005/08/18 09:49:59, 4] lib/substitute.c:automount_server(337) Home server: techops-test [2005/08/18 09:49:59, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\techops-test\marteltest, was When earlier in the process I see the profile path I want being passed: [2005/08/18 09:49:59, 8] rpc_parse/parse_prs.c:prs_debug(82) 0001c8 smb_io_unistr2 uni_profile_path [2005/08/18 09:49:59, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01c8 uni_max_len: 0011 [2005/08/18 09:49:59, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01cc offset : [2005/08/18 09:49:59, 5] rpc_parse/parse_prs.c:prs_uint32(669) 01d0 uni_str_len: 0011 [2005/08/18 09:49:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 01d4 buffer : \.\.t.e.c.h.o.p.s.\.p.r.o.f.i.l.e. [2005/08/18 09:49:59, 8] rpc_parse/parse_prs.c:prs_debug(82) 0001f6 smb_io_unistr2 uni_home_dir - I guess I should ask if I *can* store my user's roaming profiles on a samba server in an Active Directory environment before I ask what might be wrong with my configuration. It looks like the Windows client is asking for the right path...but error messages on the windows client just say the network path is not found, but don't say what path it is looking for. Thanks, Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3, AD, and roaming profiles
Greetings, I have been working on getting Samba 3.0.20rc2 on a Sun Solaris box to play nice with our institution's Active Directory (AD) environment. The AD set-up is pretty plain and I have no ability to make changes to its configuration - a different department runs that show. Should I be able to store the roaming profile information on my Samba server in an AD environment? The rest of the campus does not use roaming profiles so they provide no support or storage for them. We've been using them for years and do not want to give them up - but we are being forced onto the AD system. We will go, but I don't want my users to have to give up features to make the transition. I have my Samba server as a member server belonging to the AD domain, I can log onto the Solaris host as an AD user, and Samba provides resources to the Windows clients - so far, so good. What I need to be able to do for my group is store their roaming profiles on my samba server, and run our logon script from our samba server. I have access to User Manager for AD and have modified the profile entry for my test user to: profile path \\techops-test\profile login script \\techops-test\netlogon\mglcua.bat Home directory map h:\ to \\techops-test\homes\marteltest I have also tried: profile path \\techops-test\profile\marteltest When I try logging onto a windows machine it reports that it is unable to locate the server copy of your roaming profile and the detail says that The profile path cannot be found. When I looked at the smblog file I saw the following: [2005/08/16 13:52:48, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\techops-test\marteltest\profile, was Anyone know why the UNC was flipped to \\techops-test\marteltest\profile rather than \\techops-test\profile\marteltest? The login script does not run. The user's home directory *does* get mapped as the H:\ drive. Thanks! Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20pre2 Available for Download
Originally opened bug 2829 against 3.0.20pre1. Same issue seems to exist in 3.0.20pre2 - winbind dumps core shortly after starting. Solaris 9, sparc, gcc 3.2.2, openldap-2.2.24,MIT Kerberos 1.4 Built samba with: LDFLAGS=-L/opt/local/openldap/lib -Wl,-R/opt/local/openldap/lib -L/opt/local/ossl/lib -R/opt/local/ossl/lib CPPFLAGS=-I/opt/local/openldap/include ./configure --prefix=/opt/local/samba --with-automount --with-profile --with-acl-support --with-utmp --with-winbind --with-ads --with-ldap --with-krb5=/opt/local/kerberos5 --with-pam --enable-debug backtrace from gdb - which isn't much: (gdb) bt #0 0xfee1f82c in _lwp_kill () from /usr/lib/libc.so.1 #1 0xfedd0a24 in raise () from /usr/lib/libc.so.1 #2 0xfedb6ce0 in abort () from /usr/lib/libc.so.1 #3 0x000f3d5c in smb_panic2 (why=0xcbd0c \235ï¿¿ï¿¿\220ï¿¿'ï¿¿Dï¿¿\aï¿¿D\177ï¿¿ï¿¿\\001, decrement_pid_count=32) at lib/util.c:1614 -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.20pre1 winbind dumps core on Solaris 9
Greetings, Here is what I have built samba on: Solaris 9 GCC 3.2.2 samba-3.0.20pre1 openldap-2.2.24 MIT Kerberos 1.4 Samba built with: ./configure --prefix=/opt/local/samba --with-automount --with-profile --with-acl-support --with-utmp --with-winbind --with-ads --with-ldap --with-krb5=/opt/local/kerberos5 --with-pam Within a minute of starting samba + winbind I get a core dump in the samba log directory. Prior to building 3.0.20pre1 I had this machine working as an Active Directory member server under samba 3.0.14a (well, except that AD users could not log into the host - but samba smb resources were working.) I'm downloading a gdb package for Solaris right now so I don't have any information from the core file yet. Below is he rather short life story of my winbindd processes. -- smblog.winbindd [2005/06/27 08:51:32, 2] lib/interface.c:add_interface(81) added interface ip=137.148.96.26 bcast=137.148.97.255 nmask=255.255.254.0 [2005/06/27 08:51:32, 5] lib/util.c:init_names(260) Netbios name list:- my_netbios_names[0]=TECHOPS-TEST [2005/06/27 08:51:32, 2] lib/interface.c:add_interface(81) added interface ip=137.148.96.26 bcast=137.148.97.255 nmask=255.255.254.0 [2005/06/27 08:51:32, 5] lib/gencache.c:gencache_init(59) Opening cache file at /opt/local/samba/var/locks/gencache.tdb [2005/06/27 08:51:32, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2005/06/27 08:51:32, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'ldap' [2005/06/27 08:51:32, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'tdb' [2005/06/27 08:51:32, 10] sam/idmap_tdb.c:db_idmap_init(500) db_idmap_init: Opening tdbfile /opt/local/samba/var/locks/winbindd_idmap.tdb [2005/06/27 08:51:33, 8] lib/util.c:fcntl_lock(1815) fcntl_lock 8 34 0 1 2 [2005/06/27 08:51:33, 8] lib/util.c:fcntl_lock(1850) fcntl_lock: Lock call successful [2005/06/27 08:51:33, 2] lib/tallocmsg.c:register_msg_pool_usage(56) Registered MSG_REQ_POOL_USAGE [2005/06/27 08:51:33, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/06/27 08:51:33, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain CSUNET CSUNET.CSUOHIO.EDU S-1-5-21-3414352988-972178952-4124595837 [2005/06/27 08:51:33, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain BUILTIN S-1-5-32 [2005/06/27 08:51:33, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain TECHOPS-TEST S-1-5-21-3437838800-3425102864-2607234159 [2005/06/27 08:51:33, 10] nsswitch/winbindd_util.c:open_winbindd_socket(890) open_winbindd_socket: opened socket fd 12 [2005/06/27 08:51:33, 10] nsswitch/winbindd_util.c:open_winbindd_priv_socket(902) open_winbindd_priv_socket: opened socket fd 14 [2005/06/27 08:51:58, 6] nsswitch/winbindd.c:new_connection(603) accepted socket 13 [2005/06/27 08:51:58, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn INTERFACE_VERSION [2005/06/27 08:51:58, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [0]: request interface version [2005/06/27 08:51:58, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/06/27 08:51:58, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [0]: request location of privileged pipe [2005/06/27 08:51:58, 6] nsswitch/winbindd.c:new_connection(603) accepted socket 17 [2005/06/27 08:51:58, 10] nsswitch/winbindd.c:process_request(332) process_request: request fn LIST_GROUPS [2005/06/27 08:51:58, 3] nsswitch/winbindd_group.c:winbindd_list_groups(804) [0]: list groups [2005/06/27 08:51:58, 4] nsswitch/winbindd_group.c:get_sam_group_entries(514) get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well [2005/06/27 08:51:58, 5] passdb/pdb_interface.c:make_pdb_context_list(870) Trying to load: smbpasswd [2005/06/27 08:51:58, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend ldapsam [2005/06/27 08:51:58, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'ldapsam' [2005/06/27 08:51:58, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend ldapsam_compat [2005/06/27 08:51:58, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'ldapsam_compat' [2005/06/27 08:51:58, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend NDS_ldapsam [2005/06/27 08:51:58, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'NDS_ldapsam' [2005/06/27 08:51:58, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend NDS_ldapsam_compat [2005/06/27 08:51:58, 5]
[Samba] Active directory authentication and Solaris 9 problems
Greetings, I currently have Samba 3.0.14a built using gcc 3.2.2 on a Solaris 9/Sparc box. This Samba server is a member server of our Active Directory (AD) domain called CSUNET. When logged unto a windows client machine as an AD user I can see and access resources on the Solaris server. I've been trying to get PAM working to pam_windbind.so and correctly configured. So far I am unable to log onto the solaris box as an AD user. If I am root, I can su to an AD user. If I am not root, I cannot su to an AD user. I cannot logon to the machine at all with an AD account, only the ones available in /etc/passwd - for which I am password prompted twice. /etc/nsswitch is set with the following: passwd: files winbind group: files winbind I think I have my /etc/pam.conf set up as it should be (at bottom of this message.) I don't know if I missed something there, if there is a problem with my build of samba - or supporting software - or if the issue is with out Active Directory server. The AD server is Windows 2003 vanilla. The people in charge of it DO NOT want to make any sort of change from the Microsoft stock configuration. Any ideas will be appreciated. I was able to get a SuSE 9.2 configured to work with AD and allow logins, but the Solaris machine seems to enjoy being more of a challenge. In /var/adm/messages I see: --- Jun 21 13:39:13 techops pam_winbind[4648]: [ID 467601 auth.error] request failed: No such user, PAM error was 13, NT error was NT_STATUS_NO_SUCH_USER Jun 21 13:39:15 techops last message repeated 1 time Jun 21 13:40:56 techops su[4658]: [ID 810491 auth.crit] 'su 1001362' failed for bob on /dev/pts/7 --- From the winbind log it looks like winbind is getting correct info from the AD server - the UID and GID I see are correct, them it becomes unhappy around the end with client_read: read 0 bytes. Need 1824 more for a full request (A more complete copy if anyone want to look at it is at: http://urban.csuohio.edu/~bob/samba3/smblog.winbindd.txt ) --- ... [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-3414352988-972178952-4124595837-91888 - UID 1 [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:internal_get_id_from_sid(243) internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-3414352988-972178952-4124595837-91888 - UID 1 [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record UID 1 [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record UID 1 - S-1-5-21-3414352988-972178952-4124595837-91888 [2005/06/21 13:40:56, 10] sam/idmap_util.c:idmap_sid_to_uid(157) idmap_sid_to_uid: uid = [1] [2005/06/21 13:40:56, 10] sam/idmap_util.c:idmap_sid_to_gid(179) sid_to_gid: sid = [S-1-5-21-3414352988-972178952-4124595837-513] [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:db_get_id_from_sid(315) db_get_id_from_sid [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:internal_get_id_from_sid(221) internal_get_id_from_sid: fetching record S-1-5-21-3414352988-972178952-4124595837-513 of type 0x2 [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:internal_get_id_from_sid(228) internal_get_id_from_sid: record S-1-5-21-3414352988-972178952-4124595837-513 - GID 1 [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:internal_get_id_from_sid(262) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-3414352988-972178952-4124595837-513 - GID 1 [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:internal_get_sid_from_id(190) internal_get_sid_from_id: fetching record GID 1 [2005/06/21 13:40:56, 10] sam/idmap_tdb.c:internal_get_sid_from_id(196) internal_get_sid_from_id: fetching record GID 1 - S-1-5-21-3414352988-972178952-4124595837-513 [2005/06/21 13:40:56, 10] sam/idmap_util.c:idmap_sid_to_gid(187) idmap_sid_to_gid: gid = [1] [2005/06/21 13:40:56, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/06/21 13:40:56, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/06/21 13:40:56, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 21, pid 4658: EOF [2005/06/21 13:40:56, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/06/21 13:40:56, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 20, pid 4658: EOF - /etc/pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login auth required /usr/lib/security/pam_winbind.so debug login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 try_first_pass
Re: [Samba] Configuring Samba with LDAP
On 06/20/2005 08:51 AM, Mattier, Ricardo wrote: Hi Bob, Thanks for the info. Are you using openldap? If so, which switches are you using to compile openldap? Greetings, Rick, Yes, but just to build Samba - we are not using at this point for anything else. I was using http://www.samag.com/documents/s=9427/sam0414e/0414e.htm as a guide for my build and I used the same switches outlined in the article - modified for my environment - our open ssl is in /opt/local/ossl and Cyrus SASL is in /opt/local/sasl2 - YMMV. CFLAGS=-I/opt/local/ossl/include -I/opt/local/sasl2/include CPPFLAGS=-I/opt/local/ossl/include -I/opt/local/sasl2/include LDFLAGS=-L/opt/local/ossl/lib -R /opt/local/ossl/lib -L/opt/local/sasl2/lib -R/opt/local/sasl2/lib ./configure --prefix=/opt/local/openldap --without-bdb --disable-bdb --enable-null The samba 3.0.14a I ended up with(AD) domain. I've been able to access it from MS Windows clients without any problems. I have not been able to get PAM working to the point where AD users can log onto the unix host. -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to build pam_winbind on Solaris 9
On 06/15/2005 12:01 PM, Robert M. Martel wrote: Greetings, Still trying to get Samba 3.0.15pre2 built on a Solaris 9 box with PAM support. I am using gcc 3.3.2 and I have openldap-2.2.24, krb5-1.4, and Cyrus SASL 2.1.20 installed. I have found other posting by people with problems building on Solaris as well as asking about the _pam_macros.h file that seems to be missing on Solaris. Posting about problems, but not with answers. Can anyone that had gotten pam_winbind to build on Solaris shed any light? ... Thanks to James Smith for pointing this out to me. I am posting it here for anyone else that has this issue. samba-3.0.15pre2 fails to build pam_winbind.c on Solaris Last modified: 2005-06-06 https://bugzilla.samba.org/show_bug.cgi?id=2773 -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unable to build pam_winbind on Solaris 9
Greetings, Still trying to get Samba 3.0.15pre2 built on a Solaris 9 box with PAM support. I am using gcc 3.3.2 and I have openldap-2.2.24, krb5-1.4, and Cyrus SASL 2.1.20 installed. I have found other posting by people with problems building on Solaris as well as asking about the _pam_macros.h file that seems to be missing on Solaris. Posting about problems, but not with answers. Can anyone that had gotten pam_winbind to build on Solaris shed any light? I have the following flags: LDFLAGS=-L/opt/local/openldap/lib -Wl,-R/opt/local/openldap/lib -L/opt/local/ossl/lib -R/opt/local/ossl/lib -L/usr/lib/security -R/usr/lib/security CPPFLAGS=-I/opt/local/openldap/include -I/usr/include/security and the following configure: ./configure --prefix=/opt/local/samba --with-automount --with-profile --with-acl-support --with-utmp --with-winbind --with-ads --with-ldap --with-krb5=/opt/local/kerberos5 --with-pam The make errors out with: ... Compiling nsswitch/pam_winbind.c with -fPIC nsswitch/pam_winbind.c: In function `converse': nsswitch/pam_winbind.c:71: warning: passing arg 3 of `pam_get_item' from incompatible pointer type nsswitch/pam_winbind.c:74: warning: passing arg 2 of pointer to function from incompatible pointer type nsswitch/pam_winbind.c: In function `_make_remark': nsswitch/pam_winbind.c:89: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c: In function `_pam_delete': nsswitch/pam_winbind.c:292: error: parse error before void nsswitch/pam_winbind.c: In function `_winbind_read_password': nsswitch/pam_winbind.c:329: warning: passing arg 3 of `pam_get_item' from incompatible pointer type nsswitch/pam_winbind.c:362: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:370: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:376: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:434: warning: passing arg 3 of `pam_get_item' from incompatible pointer type nsswitch/pam_winbind.c: In function `pam_sm_authenticate': nsswitch/pam_winbind.c:462: warning: passing arg 2 of `pam_get_user' from incompatible pointer type nsswitch/pam_winbind.c: In function `pam_sm_acct_mgmt': nsswitch/pam_winbind.c:534: warning: passing arg 2 of `pam_get_user' from incompatible pointer type nsswitch/pam_winbind.c: In function `pam_sm_chauthtok': nsswitch/pam_winbind.c:612: warning: passing arg 2 of `pam_get_user' from incompatible pointer type nsswitch/pam_winbind.c:689: warning: passing arg 3 of `pam_get_item' from incompatible pointer type make: *** [nsswitch/pam_winbind.po] Error 1 TIA -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem building samba on Solaris 9 --with-pam
Greetings, I've been going over mailing list archives and searching the web but all I've been able to turn up are people with similar problems, but not solutions. I am trying to build Samba 3.0.15pre2 on a Solaris 9 box with Active Directory support. (i have built and have working such a set-up under SuSE 9.2 already) Oiginally I ran configure without the --with-pam switch, but then I'd not get pam_windbind.so that I needed to allow Active Directory users to log onto the Solaris host. So my configure looks like: ./configure --prefix=/opt/local/samba --with-automount --with-profile --with-acl-support --with-utmp --with-winbind --with-ads --with-ldap --with-krb5=/opt/local/kerberos5 --with-pam But actually making samba ends with: Compiling nsswitch/pam_winbind.c with -fPIC nsswitch/pam_winbind.c: In function `converse': nsswitch/pam_winbind.c:71: warning: passing arg 3 of `pam_get_item' from incompatible pointer type ... make: *** [nsswitch/pam_winbind.po] Error 1 The config.log file tells me that _pam_macros.h is not found. I've seen other people asking about this missing file on Solaris, but not found any report of a fix or work-around. With the number of people that report using Samba+Solaris+Active Directory there must be *something* I am missing. If it was in Mr. Terpstra's (Excellent!) documentation I missed it, I've also looked at http://www.samag.com/documents/s=9427/sam0414e/0414e.htm for additional guidance. Can someone fill me in? Thank you! -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configuring Samba with LDAP
On 06/06/2005 03:19 PM, Mattier, Ricardo wrote: Hello, I'm having problems configuring Samba to work using ADS. I've successfully compiled LDAP. When I try ./configure --with-pam --with-winbind --with-ads --with-krb5 --with-ldap It says Active Directory support requires LDAP support Are there any variables that need to be set? I've done --with-ldap=/usr/local/openldap (This the prefix for openldap). I'm installing this on a Solaris 9 machine. Has anyone been successful with this, and if so, please let me know what you had to do. Thanks in Advance!! Rick, I am working on this right now. I found the following document helpful for getting myself going on solaris: http://www.samag.com/documents/s=9427/sam0414e/0414e.htm . If you've not looked at the Samba docs, be sure to check them out: http://us4.samba.org/samba/docs/man/Samba-Guide/unixclients.html http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id25 Are you using the stock Solaris kerberos? I have read that there are issues with it. I built my own copy of MIT kerberos and installed into /opt/local/kerberos5 so that part of my samba configure looks like: ./configure --prefix=/opt/local/samba --with-automount \ --with-profile --with-acl-support --with-utmp \ --with-winbind --with-ads --with-ldap \ --with-krb5=/opt/local/kerberos5 --with-pam I do not yet have a working build on Solaris (it wants _pam_macros.h which I cannot find), I did build a working version using many of the same parts on SuSE Linux 9.2 to prove to myself that I could do it. -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Delayed Write Failed and other similar errors on Windows machines
On 02/03/2005 06:39 PM, Michael J. Welch, Ph.D. wrote: I am experiencing an error which has been reported on the internet since Samba 2.2.7 and Windows 2000. There are many suggestions as ... [An attempt to open a VS C++ project with no .NCB file. VS tries to build another file, but fails during the write.] Windows - Delayed Write Failed Windows was unable to save all the data for the file \\Server\icr\active\Copy of Ctrl 4-3-1-33\SKAN_Talk.ncb. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save the file elsewhere. [The file is partially created.] I am running Samba 3.0.10 on a Sun 420R under Solaris 9. To try to cut down the size of some user's roaming profiles I tried to re-direct the location Mozilla Mail uses to store *.msf files from the roaming profile to the user's UNIX home directory that we have mounted as h:\. I was doing this in preparation to redirect more of the roaming profile files to the UNIX home directory - I was just starting small. Anyhow, for the users that were changed I have see many Windows Delayed Write Failed error messages. I cannot provide any additional useful information right now - variants of SDBOT have been rampant on campus for weeks, and while the machines I administer have not been infected, attempts to infect them have kept us all busy - and put the load average on my Samba PDC through the roof - here putting local firewall rules on the Windows 2000 machines (our networking group is unwilling to block the ports I want blocked between my networks and the rest of campus.) Thus I've not had time to look for clues in the log files. I had thought that it might be due to the unusually high load averages we have been running and once that was under control the problem would go away. -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Domain admins not getting local admin rights
On 01/28/2005 10:33 AM, Morgan Toal wrote: Hi there, Thanks to everyone for their suggestions. Unfortunately, I must be missing something, I did delete the group_mappings.tdb and re-create my groups. This has not improved the situation unfortunately. Where else might I look? ... I saw a problem like this when testing Samba 3 on Solaris 9. I had to make sure that the domain admin group mapped to the unix group that I wanted *and* that unix group had to be the PRIMARY group for the user in question. Under Samba 2 I had several users that were in the unix ntadmin group as one of their secondary groups and my smb.conf was set accordingly. Everything worked as expected. Under Samba 3 I mapped the Domain Admin group o the same unix group - but the users never received the administrative privileges. I payed around for a bit and finally tried mapping Domain Admin to my primary group and then I was able to receive the administrative privileges. I asked on the list at the time if this was the expected behavior - which is to say Samba ignored the user's secondary group for this role, or if I had happened upon a bug. I did not receive an answer at the time. -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Domain admins not getting local admin rights
On 01/28/2005 01:23 PM, Paul Gienger wrote: I saw a problem like this when testing Samba 3 on Solaris 9. I had to make sure that the domain admin group mapped to the unix group that I wanted *and* that unix group had to be the PRIMARY group for the user in question. This sounds a lot like the secondary user not recognized bug that affected solaris boxes running LDAP for their posix data. This has since been resolved via patch 112960-22 or it's latest rev from Sun. I can verify that it works correctly now, in my setup running with a Solaris 9 PDC. I wondered about the bug - but I am not using LDAP - my user information in kept in NIS+. On the test system where I first saw the problem was just using flat /etc/passwd, /etc/shadow, and /etc/group. -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Security scan causing load on PDC to skyrocket
Greetings, This is not a problem with Samba as I see it but I am hoping that others on the list have some ideas for working around the issue. Our central computer services group scans all the campus networks using Nessus and some custom rules to look for security problems. What I am seeing within my college is my Samba PDC getting beat-up when the scans go though. They scan a block of PCs at the same time looking for accounts w/o passwords. I see the load average skyrocket for a nice, normal 1.x to 49 and above. The smblogs show many lines like the following: ... 2005/01/10 12:19:10, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [Guest] - [Guest] FAILED with error NT_STATUS_NO_SUCH_USER [2005/01/10 12:19:11, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [Guest] - [Guest] FAILED with error NT_STATUS_NO_SUCH_USER [2005/01/10 12:19:13, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [Guest] - [Guest] FAILED with error NT_STATUS_NO_SUCH_USER ... I have Samba 3.10 on a Sun 420R running solaris 9 as my PDC. At this time the password back end on the PDC is plain old text smbpasswd file as we've not had a chance to move it to something more sophisticated - and we should because that has grown huge - which I am sure doesn't help this situation. Short of getting the central people to back off of their testings - which they don't want to do for obvious reasons - does anyone have thoughts on what I can do on my samba server to prevent this scanning from turning into a denial of service attack? Thanks Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.9 homes share and read-only MS Excel files
On 12/14/2004 03:06 PM, Michael Wynne wrote: Hello, I'm hoping that somebody out there can help with this strange problem... First off I'm running Kernel 2.6.9, Samba 3.0.9 on Debian Linux, with WinXP clients. Users working out of their home directories are creating and saving Excel documents and when they later attempt to edit and save the document they've created it results in this message from Excel 2000: Document saved successfully. Cannot reopen the saved document due to low memory. Please close the document. ... Just another data point. O have seen this issue as well under samba 3.0.9 running under Solaris 9. I've not yet had a chance to dit into it yet other han seeing the file permissions get switched to 444 or at times 400. -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA or CUPS printing an extra page
I had this problem with Cups and samba and it ended up being a mis-match on the printer options. The printers were able to print duplex and the the default for CUPS on the server was duplex and the default for the windows driver was simplex (or was it the other way around? I can't recall at the moment - getting old I guess.) Anyway, once the default for CUPS and the default for MS Windows had the same setting the extra page issue went away. It was interesting because not every print job printed an extra page, only print jobs that had an odd number of pages to print generated the blank page. This was using the CUPS-Samba drivers with driver download from the print server. -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.8pre2 and domain admins question
Greetings, I have been playing with 3.0.8rc2 on a test machine to get ready to upgrade my samba 2 PDC to Samba 3. I ran across an issue with mapping the domain admin group to a local UNIX group on the server and I wanted to know if the behavior I saw was normal or not. The Samba server is a Sun ultra 1 running Solaris 9, user and group information is kept in plain old /etc/passwd, /etc/shadow, and /etc/group. My group mappings look like: Domain Admins (S-1-5-21-4122618152-3960105789-1472380918-512) - ntadmin Domain Guests (S-1-5-21-4122618152-3960105789-1472380918-514) - nobody Domain Users (S-1-5-21-4122618152-3960105789-1472380918-513) - staff My test user was a member of the ntadmin group - BUT it was NOT the primary group for that account (the primary group was staff.) Every time I logged in as the test user the windows machine refused to accept the test user as an administrator. I tried changing the test user's primary group to a group other than the one mapped to Domain Users in case Samba/Windows was selecting the most restrictive group membership for use - but that did not make a difference. When I changed the test user's primary group to ntadmin, then the windows client accepted the test user as an administrator. So, now my questions - I did not read anything in the chapter 11 of the manual that covered this. Is this the expected behavior? Does Samba not look at secondary group memberships for accounts? Is this something odd because I am on a Solaris box? (hey, it has happened before.) Thanks! Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8pre2 and domain admins question
On 11/05/2004 10:39 AM, Paul Gienger wrote: Is this the expected behavior? Does Samba not look at secondary group memberships for accounts? Is this something odd because I am on a Solaris box? (hey, it has happened before.) That all depends. What is your passdb backend and system auth mode? There's a filed bug against secondary groups coming from LDAP in Solaris 8/9 past a certain release/patch level and also Solaris 10. Ha, knew I forgot something. Right now the test system is using the old smbpasswd back end and is set for security = user - it is currently functioning as a PDC for the a test domain. -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8pre2 and domain admins question
On 11/05/2004 12:07 PM, Paul Gienger wrote: Right now the test system is using the old smbpasswd back end and is set for security = user - it is currently functioning as a PDC for the a test domain. And system users are coming froom? /etc/passwd and /etc/group or something else? That's really the proper question (my bad for asking too many and not all relevant) I don't understand your question I guess. User information is kept in /etc/passwd and /etc/shadow, group info kept in /etc/group. Samba is using the old smbpasswd back end - the text file kept in /usr/local/samba/lib. I have used the smbpasswd command to add the users and machines to the smbpasswd file. I think that is about as basic as it gets - no NIS, no NIS+, no LDAP, just plain, old flat files holding the info. Thanks, Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.7, print banner pages
Greetings, I recently upgraded my print server from Samba 2.2.8a to 3.0.7 and all is working well except banner pages for the print jobs. I am getting them now an I don't want them. This is under Sun Solaris 9 using the stock LP spooler. In my smb.conf I have had set (for years now) print commands of like the following: print command = lp -dnodis2 -c -o nobanner -s %s; rm %s The print jobs are coming out okay on the correct printers, and the created spool file is getting deleted from /var/spool/samba as it should, but the -o nobanner option is being ignored. From the command line the lp command and option to suppress banner pages works fine - it is only under Samba 3.0.7 that this problem has cropped up. Anyone else seen this and have a solution? Thanks! Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, Cups, Windows driver and PPD File updates
Greetings, I am using Samba (both 2.2.8a and 3.0.4) on servers running CUPS and have used cupsaddsmb to make the Cups drivers available for download to the client PCs. Everything has been working as it should. I need to make some changes to the PPD files on the CUPS servers. The question I have is about propagating the changes to the client PCs. I can either hand edit the copy of the PPD under the PRINT$, or I could re-run cupsaddsmb (I think) to pick-up may changed Cups PPD - but (how) will the client PCs that already have the driver loaded for a given printer learn of the change to the PPD file? I see that copies of the PPD end up under c:\WINNT\system32\spool\drivers\2 I've looked over the docs and mailing list archives but if this topic is mentioned I have missed it.. Will the users need to disconnect and reconnect the printers? Will they need to disconnect from the printer, remove the current driver from the PC, then reconnect? Will thinks work like magic and I am worrying about nothing? I am trying to minimize the confusion that any change causes among our students. Thanks in advance for any hints or ideas. -Bob -- ** Bob Martel - System Administrator | I met someone who looks a lot like you Levin College of Urban Affairs | She does the things you do Cleveland State University | But she is an IBM (216) 687-2214 | [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: So SAMBA no longer supports print driver downloads
On Sat Feb 1 11:00:04 GMT 2003, Gerald (Jerry) Carter wrote: On Sat, 1 Feb 2003, Dr. Hansjoerg Maurer wrote: Hi, could it be a problem with the operating system, samba runs on? On Solaris 2.8 I have the same problems, decribed above, but not on linux (both running samba 2.2.7a and cups-1.1.18). Could be. I don't have a Solaris box locally to run regular tests. This morning I set up a linux box to test 2.2.7a on along with the HP printer drivers that have been giving me problems. I followed the documentation for loading and tickling the printer drivers. Initial tests were successful - the printer device settings downloaded for a non-printer admin user. Looks like an issue where Solaris and samba do not play nice together. Jerry, if you or the development team have something you want to test against Sun Solaris 9 let me know. I need to get this resolved, but I don't know where to start looking for clues. -Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] So SAMBA no longer supports print driver downloads
I have much trouble with drivers from HP. The drivers that come with w2k XP works. If you have to use the drivers from the manufakturer of the printer try the default devmode parameter in smb.conf to initialize the driver. Once done you can remove the default devmode from smb.conf. Just a try, has worked for me with HP Deskjet 970 driver. Didi Dietrich, Thanks for the note. I will look into this. I still perplexed that the driver download settings were OK for printer admins, but messed-up for regular users. This looks like the same problem going back to Samba versions prior to 2.2.2, problems which I had thought fixed. -Bob ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] So SAMBA no longer supports print driver downloads
So SAMBA no longer supports print driver downloads. That is about the only conclusion that I can come to at this point. I've not been able to get Windows printer driver downloads to work right since Samba 2.2.2. No one but printer admins displays the correct settings for printers, everyone else gets the original printer defaults that they cannot change. I've tried this with every version since 2.2.2 up to 2.2.7a and the story is the same - printer settings get lost. I've built from scratch. I've taken a working 2.2.2 set-up, verified that the drivers loaded correctly for clients, upgraded the server to 2.2.7a and had all the settings get lost. Does anyone *REALLY* have downloading printer drivers to Windows 2000 clients working properly? Has anyone documented the steps as the ones in the available documentation DON'T work? My apologies for sounding so pissy, I've been fighting with this for some time and this mailing list has been strangely silent when I've asked for help - except for other people writing me and asking me if I've found a solution because they are having the same problem. Anyone have suggestions? To the developers: You are doing a HELL of a GREAT job - and I say that even with the level of fustration i've got going right now. I hear that some de-caf is just as good as regular coffee... -Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Still on 2.2.2 becuase of printer driver problems with 2.2.7a
Greetings and Happy New Year, My samba print server is still running 2.2.2 and I've not been able to upgrade it past that point. I have not been able to get the printer drivers to behave properly in ANY later version. Currently I am testing Samba 2.2.7 running under Solaris 9. I have been using HP Laserjet 4000 and 8150 postscript drivers in my testing. I am seeing two distinct problems: 1. Problems installing Windows 98 printer drivers to server. I have followed the documented procedure - the same one that worked under Samba 2.2.2 yet the Windows 98 drivers refuse to install. 2. Problems with device settings on drivers downloaded to client computer. I install the Windows 2000 driver as a printer admin and set the location and device option information. When a printer admin installs the printer on their c Windows 2000 client settings are as they should be. When a regular user installs the printer on their Windows 2000 client, the device settings have reverted back to the printer drivers initial defaults rather than maintain the settings I created when loading the driver on the samba server. Anyone have any suggestions on how to correct this problem? With the user community we have the downloading, the correct downloading of printer drivers is very important. The problems I am seeing look similar to ones present in earlier versions of 2.2, which were supposed to have been corrected - but at least running Samba under Solaris that does not seem to be the case. Thanks! Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samaba 2.2.7 and windows printer driver woes
Greetings, all, I have a fresh install of Samba 2.2.7 on a Solaris 9 machine. Stand alone, not part of a domain. Testing with a stand alone Windows 2000 professional client with service pack 3 installed. I am having problems setting defaults for the installed printer drivers and I have been unable to load Win98 drivers to go along with the W2k drivers. Printers being tested are an HP LJ 4000n and an HP LJ 8150 using latest postscript drivers from HP's website. When I install the W2K drivers and set the options for each printer, only users in the printer admin group see the customized settings. Normal users only see the default settings that the driver originally installed, not the ones I edited (such as duplex installed, additional papertrays and output trays, and paper/tray assignment.) The normal users are also unable to alter these settings as they are all greyed out. Attempts at loading the drivers for Win98 either fail right away with a The printer driver you selected is either not compatible with your current version of Windows, or it may not be available. Select a compatible driver from the list, or contact your system administrator for help. error message, or proceed past the steps for loading the Win98 driver, but then finish with an Unable to Install Intel, Windows 95 or 98 driver. Operation could not be completed. error message. I am also seeing messages of the form: rpc_server/srv_spoolss_nt.c:_spoolss_addform (7180) _spoolss_addform: denied handle permissions in the smb log for the w2k client I am using. I have been seeing this problem since 2.2.4, and my print server is still running 2.2.3a because that is the most recent version that has worked for us in a correct manner. I've been over the mailing list archives, but not seen an answer to this issue. So in summary, customized Windows 2k driver settings available only to printer admin users. Normal users only see stock settings and cannot change them. Unable to load Windows 98 drivers at all. Is this *supposed* to work in samba versions greater than 2.2.3a? Repeated fresh installs of Samba on the test server have yielded the same results. Thanks! -Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samaba 2.2.7 and windows printer driver woes
From my earlier post: ... When I install the W2K drivers and set the options for each printer, only users in the printer admin group see the customized settings. Normal users only see the default settings that the driver originally installed, not the ones I edited (such as duplex installed, additional papertrays and output trays, and paper/tray assignment.) The normal users are also unable to alter these settings as they are all greyed out. ... I built Samba 2.2.7 on an intel box running Redhat 7.3 using the same configure options as the Solaris box and use the same Samba configuration files as on my test Solaris 9 box. In this case the printer settings I made as a printer admin did stick for normal user's be connecting to the printer. I was still unable to install Win 98 printer drivers. (HP 4000N and HP 8150 postscript drivers from HP's web site.) Are other Solaris users seeing this problem, or Not seeing this problem? Thanks, Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samaba 2.2.7 and windows printer driver woes
On My Solaris test machine - still having printer driver issues - I'm seeing lines like this in the smb log for the client machine: [2002/11/27 13:40:07, 2] rpc_server/srv_spoolss_nt.c:_spoolss_addform(7180) _spoolss_addform: denied by handle permissions. [2002/11/27 13:40:07, 2] rpc_server/srv_spoolss_nt.c:_spoolss_addform(7180) _spoolss_addform: denied by handle permissions. [2002/11/27 13:40:07, 2] rpc_server/srv_spoolss_nt.c:_spoolss_addform(7180) _spoolss_addform: denied by handle permissions. [2002/11/27 13:40:07, 2] rpc_server/srv_spoolss_nt.c:_spoolss_addform(7180) _spoolss_addform: denied by handle permissions. [2002/11/27 13:40:51, 1] smbd/service.c:close_cnum(677) dominatrix (137.148.96.135) closed connection to service PRINT$ What is Samba trying to tell me? Thanks, Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, Cups, printer driver download problems
I have Samba 2.2.6 complied against Cups 1.1.16 on a Sparc system running Solaris 9. Cups has replaced the stock system V lp spooler on this system (original packages removed.) Cups working from UNIX command line is A-OK. I have been working on setting up Samba to play nice with cups. I have followed the instructions from both the Cups and Samba websites to set up downloading of the generic Adobe postscript drivers to MS Windows PCs and use CUPS as a RIP. So far I have been unable to get the Windows 98 drivers to download to the client PC - when adding the printer the client ends up asking the user what type of printer is being added. Driver downloads for W2K work OK. The relevant lines from a Samba log file seem to be: - [2002/10/28 14:17:46, 9] printing/nt_printing.c:get_a_printer_2(2702) Unpacked printer [ur10] name [\\techops\ur10] running driver [ur10] [2002/10/28 14:17:46, 10] printing/nt_printing.c:get_a_printer(3302) get_a_printer: [ur10] level 2 returning WERR_OK [2002/10/28 14:17:46, 10] printing/nt_printing.c:get_a_printer_driver_9x_compatible(1825) driver key: [DRIVERS/WIN40/0/ur10] [2002/10/28 14:17:46, 8] printing/nt_printing.c:get_a_printer_driver_3(1758) get_a_printer_driver_3: [DRIVERS/WIN40/0/ur10] info3-name[ur10] info3-datafile[\print$\WIN40\0\ur10.PPD] info3-helpfile[\print$\WIN40\0\ADOBEPS4.HLP] info3-monitorname [PSMON.DLL] info3-defaultdatatype [RAW] info3-environment [Windows 4.0] info3-driverpath [\print$\WIN40\0\ADOBEPS4.DRV] info3-configfile [] [2002/10/28 14:17:46, 10] smbd/lanman.c:get_printerdrivernumber(799) 9x compatable driver line for [ur10]: [ADOBEPS4.DRV:ur10.PPD:ADOBEPS4.HLP:PSMON.DLL:RAW:] [2002/10/28 14:17:46, 3] smbd/lanman.c:get_printerdrivernumber(836) Can't determine number of printer driver files [2002/10/28 14:17:46, 3] smbd/lanman.c:api_DosPrintQGetInfo(918) api_DosPrintQGetInfo: Driver files count: 0 [2002/10/28 14:17:46, 10] printing/nt_printing.c:get_a_printer(3277) get_a_printer: [ur10] level 2 [2002/10/28 14:17:46, 6] rpc_parse/parse_prs.c:prs_debug(60) 00 sec_io_desc_buf nt_printing_getsec --- Cupsaddsmb ran without errors and the WIN40 subdirectory is populated with files. Can anyone offer any advice? Thanks, Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] W9x print driver download problems with Samba 2.2.5 and CUPS 1.1.15
Greetings, Similar to the other CUPS thread, but not the same. Samba 2.2.5 built on a Sparc Solaris 9 box with Cups 1.1.5. I've set up Samba to print with Cups as outlined in the docs. I am able to download the generic Adobe print driver to my Windows 2000 clients but the Windows 98 clients are asking for a local driver to be installed. Looking at verbose output from cupsaddsmb, that looks as if it ran correctly (I did not see smbclient being used where rpcclient should be). Logs generated for the client while trying to add the printer include the following: --- ... [2002/10/01 13:53:16, 3] smbd/lanman.c:api_reply(3344) Got API command 70 of form zWrLh WN (tdscnt=0,tpscnt=30,mdrcnt=1024,mprcnt=6) [2002/10/01 13:53:16, 3] smbd/lanman.c:api_reply(3348) Doing DosPrintQGetInfo [2002/10/01 13:53:16, 3] smbd/lanman.c:api_DosPrintQGetInfo(884) api_DosPrintQGetInfo: uLevel=52 name=UR26 [2002/10/01 13:53:16, 3] smbd/lanman.c:get_printerdrivernumber(836) Can't determine number of printer driver files [2002/10/01 13:53:16, 3] smbd/lanman.c:api_DosPrintQGetInfo(918) api_DosPrintQGetInfo: Driver files count: 0 [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(656) printerdriver:ur26: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(657) Driver:ADOBEPS4.DRV: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(658) Data File:ur26.PPD: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(659) Language Monitor:PSMON.DLL: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(661) lp_driverlocation:\\TECHOPS\print$\WIN40\0: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(664) Data Type:RAW: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(665) Help File:ADOBEPS4.HLP: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(679) fill_printq_info on ur26 gave 0 entries ... I'm wondering about the Can't determine number of printer driver files and the fill_printq_info on ur26 gave 0 entries messages - sounds like something is NOT set up correctly. Any ideas on what it might be? Thanks, Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinY2k Access Denied on Printing
I having the same problem with a couple of W2K boxes on our network. The user could print for a bit, then get access denied messages. If we stopped and restarted the Samba daemons the user was able to print again - for a while. Sometimes removing and re-adding the printer would work, sometimes not. After we installed service pack 2 on the Windows 2000 computers the problem stopped. Do you have service packs 2 on your W2K machines? -Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba