from:"Robert Schetterer"

hi , i have
a few problems with usmgr on Version 3.2.4
( Version 3.2.4-8.1-1931-SUSE-SL11.0 )
samba pdc ldap
the download version from ms
http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2displaylang=en
doesnt work
giving

device attached to the system is not functioning
whatever i do

a old version from usermgr works partially
but magic only with the first user in Domain Admins Group
other users in Domain Admins dont work ( root works too )


with the old usrmgr version i cant only add a user
in first case i want to add other stuff like name etc
i dont works , so i have to do it in asecond usermod
als password creating doesnt work in first useradd

here are also comming up
device attached to the system is not functioning
but operations final works and is shown after refresh

win client is win xp prof german serv pack3 german
latest patch level

i finally found some error code in the logs
using usrmgr with some user from the Domain Admin Group
smbldap_open: cannot access LDAP when not root

2008/10/17 00:37:09,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
  Returning domain sid for domain FIDO -
S-1-5-21-213567364-2628613513-2492443612
[2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
  init_group_from_ldap: Entry found for group: 1007
[2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
  init_group_from_ldap: Entry found for group: 1007
[2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
  init_group_from_ldap: Entry found for group: 1007
[2008/10/17 00:37:09,  0] lib/smbldap.c:smbldap_open(1029)
  smbldap_open: cannot access LDAP when not root
[2008/10/17 00:38:16,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)

any ideas how do get this fixed ?

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem usrmgr Version 3.2.4

hi , i have
a few problems with usmgr on Version 3.2.4
( Version 3.2.4-8.1-1931-SUSE-SL11.0 )
samba pdc ldap
the download version from ms
http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2displaylang=en
doesnt work
giving

device attached to the system is not functioning
whatever i do

a old version from usermgr works partially
but magic only with the first user in Domain Admins Group
other users in Domain Admins dont work ( root works too )


with the old usrmgr version i cant only add a user
in first case i want to add other stuff like name etc
i dont works , so i have to do it in asecond usermod
als password creating doesnt work in first useradd

here are also comming up
device attached to the system is not functioning
but operations final works and is shown after refresh

win client is win xp prof german serv pack3 german
latest patch level

i finally found some error code in the logs
using usrmgr with some user from the Domain Admin Group
smbldap_open: cannot access LDAP when not root

2008/10/17 00:37:09,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
  Returning domain sid for domain FIDO -
S-1-5-21-213567364-2628613513-2492443612
[2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
  init_group_from_ldap: Entry found for group: 1007
[2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
  init_group_from_ldap: Entry found for group: 1007
[2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
  init_group_from_ldap: Entry found for group: 1007
[2008/10/17 00:37:09,  0] lib/smbldap.c:smbldap_open(1029)
  smbldap_open: cannot access LDAP when not root
[2008/10/17 00:38:16,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)

any ideas how do get this fixed ?

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem usmgr Version 3.2.4

Jeremy Allison schrieb:
 On Fri, Oct 17, 2008 at 05:08:47PM +0200, Robert Schetterer wrote:
 hi , i have
 a few problems with usmgr on Version 3.2.4
 ( Version 3.2.4-8.1-1931-SUSE-SL11.0 )
 samba pdc ldap
 the download version from ms
 http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2displaylang=en
 doesnt work
 giving

 device attached to the system is not functioning
 whatever i do

 a old version from usermgr works partially
 but magic only with the first user in Domain Admins Group
 other users in Domain Admins dont work ( root works too )


 with the old usrmgr version i cant only add a user
 in first case i want to add other stuff like name etc
 i dont works , so i have to do it in asecond usermod
 als password creating doesnt work in first useradd

 here are also comming up
 device attached to the system is not functioning
 but operations final works and is shown after refresh

 win client is win xp prof german serv pack3 german
 latest patch level

 i finally found some error code in the logs
 using usrmgr with some user from the Domain Admin Group
 smbldap_open: cannot access LDAP when not root

 2008/10/17 00:37:09,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
   Returning domain sid for domain FIDO -
 S-1-5-21-213567364-2628613513-2492443612
 [2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 1007
 [2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 1007
 [2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 1007
 [2008/10/17 00:37:09,  0] lib/smbldap.c:smbldap_open(1029)
   smbldap_open: cannot access LDAP when not root
 [2008/10/17 00:38:16,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)

 any ideas how do get this fixed ?
 
 Can you re-run smbd with debug level 10 so I can track
 down the codepath that isn't doing the become_root()
 correctly. It's possible that this is already fixed
 but I don't see an exact commit that would fix this.
 
 Thanks,
 
 Jeremy.

Hi Jeremy, i am just testing
one thing is solved, my fault

admin users in smb conf overrides
permission for other users from group Domain Admins edit with usrmgr

the other bugs stayed, yes i will do debug level 10

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem usmgr Version 3.2.4 solved partlly

Jeremy Allison schrieb:
 On Fri, Oct 17, 2008 at 05:08:47PM +0200, Robert Schetterer wrote:
 hi , i have
 a few problems with usmgr on Version 3.2.4
 ( Version 3.2.4-8.1-1931-SUSE-SL11.0 )
 samba pdc ldap
 the download version from ms
 http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2displaylang=en
 doesnt work
 giving

 device attached to the system is not functioning
 whatever i do

 a old version from usermgr works partially
 but magic only with the first user in Domain Admins Group
 other users in Domain Admins dont work ( root works too )


 with the old usrmgr version i cant only add a user
 in first case i want to add other stuff like name etc
 i dont works , so i have to do it in asecond usermod
 als password creating doesnt work in first useradd

 here are also comming up
 device attached to the system is not functioning
 but operations final works and is shown after refresh

 win client is win xp prof german serv pack3 german
 latest patch level

 i finally found some error code in the logs
 using usrmgr with some user from the Domain Admin Group
 smbldap_open: cannot access LDAP when not root

 2008/10/17 00:37:09,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
   Returning domain sid for domain FIDO -
 S-1-5-21-213567364-2628613513-2492443612
 [2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 1007
 [2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 1007
 [2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
   init_group_from_ldap: Entry found for group: 1007
 [2008/10/17 00:37:09,  0] lib/smbldap.c:smbldap_open(1029)
   smbldap_open: cannot access LDAP when not root
 [2008/10/17 00:38:16,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)

 any ideas how do get this fixed ?
 
 Can you re-run smbd with debug level 10 so I can track
 down the codepath that isn't doing the become_root()
 correctly. It's possible that this is already fixed
 but I don't see an exact commit that would fix this.
 
 Thanks,
 
 Jeremy.

Hi Jeremy, did a useradd with usermgr level 10
wich invokes
device attached to the system is not functioning
after done

grep tester team.newcompr1.log
  string   : 'tester'
  string   : 'tester'
  Checking whether [tester] can be created
  lookup_name: tester =  (domain), tester (name)
  map_name_to_wellknown_sid: looking up tester
  smbldap_search_ext: base = [dc=fido,dc=intern], filter =
[((uid=tester)(objectclass=sambaSamAccount))], scope = [2]
  ldapsam_getsampwnam: Unable to locate user [tester] count=0
  smbldap_search_ext: base = [ou=Groups,dc=fido,dc=intern], filter =
[((objectClass=sambaGroupMapping)(|(displayName=tester)(cn=tester)))],
scope = [2]
  ldapsam_getgroup: Did not find group, filter was
((objectClass=sambaGroupMapping)(|(displayName=tester)(cn=tester)))
  tester does not exist, can create it
  Finding user tester
  Trying _Get_Pwnam(), username as lowercase is tester
  Checking combinations of 0 uppercase letters in tester
  Get_Pwnam_internals didn't find user [tester]!
  _samr_create_user: Running the command
`/etc/opt/IDEALX/smbldap-tools/smbldap-useradd -a -m -P tester' gave 25
  Finding user tester
  Trying _Get_Pwnam(), username as lowercase is tester
  Get_Pwnam_internals did find user [tester]!
  pdb_set_username: setting username tester, was
  pdb_set_profile_path: setting profile path
\\fidoserver\profiles\tester, was
  pdb_set_homedir: setting home dir \\fidoserver\tester, was
  pdb_set_username: setting username tester, was tester
  smbldap_search_ext: base = [dc=fido,dc=intern], filter =
[((uid=tester)(objectclass=sambaSamAccount))], scope = [2]
  ldapsam_add_sam_account: User 'tester' already in the base, with samba
attributes

i am not really sure but i think

User 'tester' already in the base, with samba attributes

is guilty for make usrmgr noisy, but addition of the user is done but no
password creation nor addtional attributes ( like name ) where taken at
user firstcreation time

one magical thing is
etc/opt/IDEALX/smbldap-tools/smbldap-useradd -a -m -P %u

my older insts dot need the -a , and it is also dokued
as smbldap-useradd -m -P %u

http://www.iallanis.info/smbldap-tools/docs/smbldap-tools/#htoc13

but without -a ( which i found by google ) it works

so i finally checked it again
it must be smbldap-useradd -m -P %u
cause ldap sync allready worked smba stuff in ldap

the story is
the whole mist startet with not having a patched version of
smbldap-tools so wrong group mapping etc... ( see mailings today )
i patched it repopulated it, fixed my broken smb.conf entries
and with the old version of usrmgr now everything works as it should
with ms downloadversion of usrmgr i have still problems
i will investigate in  this later
-- 
Best Regards

MfG Robert Schetterer

[Samba] vscan-clamav.so package bug opensuse 11 ?

2008-10-10 Thread Robert Schetterer

[EMAIL PROTECTED]

with latest stable samba opensuse 11
the samba-vscan pack seems to be broken with scan-clamav.s

Error trying to resolve symbol 'init_samba_module' in
/usr/lib64/samba/vfs/vscan-clamav.so:
/usr/lib64/samba/vfs/vscan-clamav.so: undefined symbol: init_samba_module

shouldn it be init_module now ( taken somewhere from google)
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] opensuse 11 samba 3.2.4 ldap add machine solved

2008-10-08 Thread Robert Schetterer

Robert Schetterer schrieb:
 Hi @ll,
 i didnt worked on samba for a while now had setup a new domain contoller
 on opensuse 11
 i used the repositories from download.opensuse.org samba 3.2.4
 i mostly copied stuff from working suse 10 samba ldap pdc
 and configured /etc/nsswitch.conf smb.conf
 in equal ways , testparm shows no bugs
 as well as getent passwd etc does not,
 populating ldap worked fine
 fixing dbus boot stuff in /etc/ldap.conf by boot_policy soft etc
 but i didnt got managed joinig the domain by the root user
 with a new installed winxp serv pack3 german client
 bug message means no such user
 
 it looks like it haves problems finding the root user
 adding another user and putting him in the domain admin with the latest
 smbldaptools script group doesnt helped either.
 samba client logs doesnt report root not to be not found
 
 I just googeld around and found likly problems with opensuse 11
 mostly telling to upgrade openldap and samba, but now i am on the latest
 upgrade level, so before i just loosing more time , just wanna ask if there
 are known problems with samba ldap on opensuse 11?
 And if ther are known one ,how were  they fixed
 
solved in /etc/ldap.conf

nss_base_user   ou=Users,dc=...,dc=...

changed to

nss_base_user   ou=Computers,ou=Users,dc=...,dc=

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] opensuse 11 samba 3.2.4 ldap add machine

2008-10-07 Thread Robert Schetterer

Hi @ll,
i didnt worked on samba for a while now had setup a new domain contoller
on opensuse 11
i used the repositories from download.opensuse.org samba 3.2.4
i mostly copied stuff from working suse 10 samba ldap pdc
and configured /etc/nsswitch.conf smb.conf
in equal ways , testparm shows no bugs
as well as getent passwd etc does not,
populating ldap worked fine
fixing dbus boot stuff in /etc/ldap.conf by boot_policy soft etc
but i didnt got managed joinig the domain by the root user
with a new installed winxp serv pack3 german client
bug message means no such user

it looks like it haves problems finding the root user
adding another user and putting him in the domain admin with the latest
smbldaptools script group doesnt helped either.
samba client logs doesnt report root not to be not found

I just googeld around and found likly problems with opensuse 11
mostly telling to upgrade openldap and samba, but now i am on the latest
upgrade level, so before i just loosing more time , just wanna ask if there
are known problems with samba ldap on opensuse 11?
And if ther are known one ,how were  they fixed

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Vista Roaming Profiles and GPMC.MSC

2007-03-30 Thread Robert Schetterer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom Robinson schrieb:
Hi All

Our company got a Windows Vista installed laptop even though we ordered
it with XP. Now I'm faced with the task of integrating the beast into
our samba controlled domain. Something I was hoping to delay for some time.

Our PDC is samba 2.2.8a with openldap 2.1.4
We also have a Domain Member Server running samba 3.0.10.

There is a document on the Microsoft site that I downloaded
(http://www.microsoft.com/downloads/details.aspx?FamilyID=311f4be8-9983-4ab0-9685-f1bfec1e7d62DisplayLang=en)
explaining how to do folder redirection so that at least some of the
XP/Vista profile will roam. To do this you have to logon to Vista as a
Domain User and run GPMC.MSC. The problem is that, even though I logon
as a domain user (DOMAIN\user) the GPMC.MSC issues the warning:

To manage Group Policy, you must log on to the computer with a domain
user account.

With samba 2.2.8a we have no Domain Users group. Could this be the
problem? How would I add this group to the PDC?

Is there a workaround for this?

Any help is appreciated.

Thanks,

Tom

Hi Tom, i dont think you will get vista to join a samba 2.2.8a pdc
domain, at my tests upgrade to samba latest was needed to handle vista
in a minimum, the adm format ( policies ) changed in vista its now called
admx, after all a simply folder redirect reg patch should work in vista
include it as local admin,
i would recommend setup win xp, and wait for stabelizing vista, in mean
time upgrade your samba setup to latest.
But maybe someone else can give you more advice handle vista, my tests
where very basic, cause i will not implement vista anywhere in the next
year, and will not sombody advice to do so.

- --
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGDTXjfGH2AvR16oERAjmtAJ9HfVHp2+yZTqQugQmU8IbKcdVkuwCcD25Z
YVTCYFZmfiejB4iSVQhXHtA=
=rrYB
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Updating System Policy Templates

Mike Petersen schrieb:
 Hi all,
 
 I am going to be in the process of updating my custom system policy
 templates (probably within a month or two) and I am asking for what
 policies anyone is in need of to help them deploy samba as a domain
 controller.
 
 Currently I basically have a single template.adm file, a few people have
 asked me to separate them into a few different files that would serve an
 overall single purpose - I guess like having a folder_redirection.adm
 file, a security.adm file, etc.  Any ideas on this ??
 
 I am definitely going to create policies for IE7 - I am planning on
 creating policies to make it look similar to IE6 instead of the horrible
 interface it has now.  I am also going to create a policy that will
 allow it to use Google as the default search engine, and I will somehow
 try to figure out how to enforce the Home Page to a specific site
 (currently the policy is apparently different than IE6 as it currently
 doesn't work). Is there anything else that needs to be done for Internet
 Explorer 7 ?
 
 Does anyone need Windows Vista Policies ?  Does anyone know if Vista
 will accept system policies from a Domain Controller ?  Does anyone want
 to donate a copy of Vista to help create these policies (I haven't seen
 Vista, don't want it, definitely won't pay for it - but I will take the
 time to create policies for it if it is necessary and if Vista will
 allow System Policies).  In lieu of anyone donating a copy, does anyone
 know if there is a trial version available that I could use to create
 the policies ?
 
 Finally, I am thinking of creating a few NTConfig.POL files so people
 can download so they don't have to create their own files.  I would just
 adjust the Default User and Default Computer items and would probably
 just stick with what people would probably want on their network.  This
 would probably alleviate some of the emails I receive (some people just
 don't comprehend the whole policy thing - I have heard it all).  Does
 anyone think this is a good or bad idea ?
 
 Thanks all - feel free to email me directly on these questions.
 
 Mike Petersen
 [EMAIL PROTECTED]
 
 http://www.pcc-services.com/custom_poledit.html
 
 
 
HI Mike,
creating policies is always welcome,
i dont tried vista adms for now,
cause i dont think most of my customers will switch to it,
the plan is to get totally out of m$.
I am nearly sure that adms will work for vista too, cause i dont read
something that vista isnt any longer compatible to nt 4 pdcs ( but i may
fail here )
Be sure that you dont make work which is allready done
by others, there are few sources of adms on the web.

-- 
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Updating System Policy Templates

Hi Mike,

Mike Petersen schrieb:
 On Thu, 2007-03-22 at 16:58 +0100, Robert Schetterer wrote:
 
 HI Mike,
 creating policies is always welcome,
 i dont tried vista adms for now,
 cause i dont think most of my customers will switch to it,
 the plan is to get totally out of m$.
 
 I am in the same boat on a few networks that I maintain.  Most people
 are sick of Microsoft Products.  If you are interested in testing SLED10
 on your network(s), I have created quite a few RPMs for SLED10 that
 fills the gaps of what Novell doesn't provide.  Most of the people that
 I introduced it to really like it and SLED10 is probably the most
 network friendly OS out there today (politics aside).
 
 You can get my custom RPMs from:
 http://www.pcc-services.com/sled10_rpms.html

sled is good , but no need to make marketing for them , samba works
on other nixes very fine too, and each one has plus and minus points
one minus of novell is now that they contracted somehow with m$ wihtout
need.But this is my personal political meaning
i run suse on my most systems and i will as long as they get not near to
m$ , but i will stop this if i get the feeling they sold their soul to
the devil *g

 
 I am nearly sure that adms will work for vista too, cause i dont read
 something that vista isnt any longer compatible to nt 4 pdcs ( but i may
 fail here )
 
 Hopefully I will get more info from the samba list on this.  I
 especially want info on if people are going to use Vista at all.  I
 don't want to spend the time on Vista if no one is going to deploy it
 anyway (I personally won't touch it for any of my networks).

i am having this partner pack from m$ its very cheap to it includes
and holds all of their products and a number of licenses,
so this is fine for testing stuff, vista runs fine in vmware which you
could download for free.
I personally will not test vista against samba deeply unless i get paid for
Its an unwritten law m$ products should not be used on production
nets before they go to stage service pack 1 with one exception if you
really need to some new invention included in one product.
But for vista i dont  this.
For now it would high the total costs by my customers, by bying new
hardware, software upgrades and much trouble with dirvers and applications.

 
 
 Be sure that you dont make work which is allready done
 by others, there are few sources of adms on the web.

 
 About 2 years ago I sat down and created a comprehensive custom.adm file
 that implemented just about any policy anyone wanted for Window XP
 machines.  Ever since then I apparently became the defacto person on
 asking system policy questions (get about 2-3 emails a week).  As far as
 I know no one has spent the time to create IE7 policies or Vista
 policies yet.  I am going to have time on my hands this summer and I
 personally will need IE7 policies on my networks, so I am asking a few
 questions on whether or not I need to add any additional policies to my
 policy template while I am at it.
 
 Thanks for the reply, and if you are in need of any weird or interesting
 policies for your network, now is the time to ask.

i would be very lucky to have adms for ie7 and vista

here is a german website which do much of adm stuff, perhaps you should
get in contact with them

http://www.gruppenrichtlinien.de/

as i see no vista adms

but for all other oses of m$

and ie7

see here

http://www.gruppenrichtlinien.de/index.html?/RiLi/Zahlen.htm


or

http://www.heise.de/ct/tipps/adms.shtml
has also adms

as i just read adms go to a new format called ADMX in vista,

so it seems this format ist better then the old but not compatible with adm

http://www.microsoft.com/technet/technetmag/issues/2007/02/Templates/Default.aspx?loc=de
(give it a try in english too)

but here they wrote adms will still work on vista if they dont conflict
with default admx policies, so i have no idea for now how to implement
this with a current samba pdc, this question should go to samba gurus
perhaps there is a way to implement policies like active dir does with
the recent samba ( but i havent read this )
but i think it must be included in upcoming samba 4 as it should work as
active dir contoller

http://www.microsoft.com/germany/technet/prodtechnol/windowsvista/library/1494d791-72e1-484b-a67a-22f66fbf9d17.mspx

-snip--
•   

Sie können ADM-Dateien weiterhin mit der Option Vorlagen
hinzufügen/entfernen hinzufügen oder entfernen. Für das Hinzufügen oder
Entfernen von ADMX-Dateien gibt es unter Windows Vista keine
Schnittstelle. Um ADMX-Dateien hinzuzufügen, kopieren Sie diese einfach
in den Ordner %systemroot%\PolicyDefinitions\ und starten Sie den
Gruppenrichtlinienobjekteditor neu.
•   

Gruppenrichtlinieneinstellungen aus ADMX-Dateien werden unter dem Knoten
Administrative Vorlagen angezeigt. Einstellungen aus alten ADM-Dateien
werden unter Klassische Administrative Vorlagen (ADM) angezeigt.
•   

Der Gruppenrichtlinienobjekteditor erkennt ADM

Re: [Samba] Updating System Policy Templates/ found admx migrator

Robert Schetterer schrieb:
 Hi Mike,
 
 Mike Petersen schrieb:
 On Thu, 2007-03-22 at 16:58 +0100, Robert Schetterer wrote:

 HI Mike,
 creating policies is always welcome,
 i dont tried vista adms for now,
 cause i dont think most of my customers will switch to it,
 the plan is to get totally out of m$.
 I am in the same boat on a few networks that I maintain.  Most people
 are sick of Microsoft Products.  If you are interested in testing SLED10
 on your network(s), I have created quite a few RPMs for SLED10 that
 fills the gaps of what Novell doesn't provide.  Most of the people that
 I introduced it to really like it and SLED10 is probably the most
 network friendly OS out there today (politics aside).

 You can get my custom RPMs from:
 http://www.pcc-services.com/sled10_rpms.html
 
 sled is good , but no need to make marketing for them , samba works
 on other nixes very fine too, and each one has plus and minus points
 one minus of novell is now that they contracted somehow with m$ wihtout
 need.But this is my personal political meaning
 i run suse on my most systems and i will as long as they get not near to
 m$ , but i will stop this if i get the feeling they sold their soul to
 the devil *g
 
 I am nearly sure that adms will work for vista too, cause i dont read
 something that vista isnt any longer compatible to nt 4 pdcs ( but i may
 fail here )
 Hopefully I will get more info from the samba list on this.  I
 especially want info on if people are going to use Vista at all.  I
 don't want to spend the time on Vista if no one is going to deploy it
 anyway (I personally won't touch it for any of my networks).
 
 i am having this partner pack from m$ its very cheap to it includes
 and holds all of their products and a number of licenses,
 so this is fine for testing stuff, vista runs fine in vmware which you
 could download for free.
 I personally will not test vista against samba deeply unless i get paid for
 Its an unwritten law m$ products should not be used on production
 nets before they go to stage service pack 1 with one exception if you
 really need to some new invention included in one product.
 But for vista i dont  this.
 For now it would high the total costs by my customers, by bying new
 hardware, software upgrades and much trouble with dirvers and applications.
 

 Be sure that you dont make work which is allready done
 by others, there are few sources of adms on the web.

 About 2 years ago I sat down and created a comprehensive custom.adm file
 that implemented just about any policy anyone wanted for Window XP
 machines.  Ever since then I apparently became the defacto person on
 asking system policy questions (get about 2-3 emails a week).  As far as
 I know no one has spent the time to create IE7 policies or Vista
 policies yet.  I am going to have time on my hands this summer and I
 personally will need IE7 policies on my networks, so I am asking a few
 questions on whether or not I need to add any additional policies to my
 policy template while I am at it.

 Thanks for the reply, and if you are in need of any weird or interesting
 policies for your network, now is the time to ask.
 
 i would be very lucky to have adms for ie7 and vista
 
 here is a german website which do much of adm stuff, perhaps you should
 get in contact with them
 
 http://www.gruppenrichtlinien.de/
 
 as i see no vista adms
 
 but for all other oses of m$
 
 and ie7
 
 see here
 
 http://www.gruppenrichtlinien.de/index.html?/RiLi/Zahlen.htm
 
 
 or
 
 http://www.heise.de/ct/tipps/adms.shtml
 has also adms
 
 as i just read adms go to a new format called ADMX in vista,
 
 so it seems this format ist better then the old but not compatible with adm
 
 http://www.microsoft.com/technet/technetmag/issues/2007/02/Templates/Default.aspx?loc=de
 (give it a try in english too)
 
 but here they wrote adms will still work on vista if they dont conflict
 with default admx policies, so i have no idea for now how to implement
 this with a current samba pdc, this question should go to samba gurus
 perhaps there is a way to implement policies like active dir does with
 the recent samba ( but i havent read this )
 but i think it must be included in upcoming samba 4 as it should work as
 active dir contoller
 
 http://www.microsoft.com/germany/technet/prodtechnol/windowsvista/library/1494d791-72e1-484b-a67a-22f66fbf9d17.mspx
 
 -snip--
 • 
 
 Sie können ADM-Dateien weiterhin mit der Option Vorlagen
 hinzufügen/entfernen hinzufügen oder entfernen. Für das Hinzufügen oder
 Entfernen von ADMX-Dateien gibt es unter Windows Vista keine
 Schnittstelle. Um ADMX-Dateien hinzuzufügen, kopieren Sie diese einfach
 in den Ordner %systemroot%\PolicyDefinitions\ und starten Sie den
 Gruppenrichtlinienobjekteditor neu.
 • 
 
 Gruppenrichtlinieneinstellungen aus ADMX-Dateien werden unter dem Knoten
 Administrative Vorlagen angezeigt. Einstellungen aus alten ADM-Dateien
 werden unter Klassische

Re: [Samba] Updating System Policy Templates / ie7 adm found

Robert Schetterer schrieb:
 Hi Mike,
 
 Mike Petersen schrieb:
 On Thu, 2007-03-22 at 16:58 +0100, Robert Schetterer wrote:

 HI Mike,
 creating policies is always welcome,
 i dont tried vista adms for now,
 cause i dont think most of my customers will switch to it,
 the plan is to get totally out of m$.
 I am in the same boat on a few networks that I maintain.  Most people
 are sick of Microsoft Products.  If you are interested in testing SLED10
 on your network(s), I have created quite a few RPMs for SLED10 that
 fills the gaps of what Novell doesn't provide.  Most of the people that
 I introduced it to really like it and SLED10 is probably the most
 network friendly OS out there today (politics aside).

 You can get my custom RPMs from:
 http://www.pcc-services.com/sled10_rpms.html
 
 sled is good , but no need to make marketing for them , samba works
 on other nixes very fine too, and each one has plus and minus points
 one minus of novell is now that they contracted somehow with m$ wihtout
 need.But this is my personal political meaning
 i run suse on my most systems and i will as long as they get not near to
 m$ , but i will stop this if i get the feeling they sold their soul to
 the devil *g
 
 I am nearly sure that adms will work for vista too, cause i dont read
 something that vista isnt any longer compatible to nt 4 pdcs ( but i may
 fail here )
 Hopefully I will get more info from the samba list on this.  I
 especially want info on if people are going to use Vista at all.  I
 don't want to spend the time on Vista if no one is going to deploy it
 anyway (I personally won't touch it for any of my networks).
 
 i am having this partner pack from m$ its very cheap to it includes
 and holds all of their products and a number of licenses,
 so this is fine for testing stuff, vista runs fine in vmware which you
 could download for free.
 I personally will not test vista against samba deeply unless i get paid for
 Its an unwritten law m$ products should not be used on production
 nets before they go to stage service pack 1 with one exception if you
 really need to some new invention included in one product.
 But for vista i dont  this.
 For now it would high the total costs by my customers, by bying new
 hardware, software upgrades and much trouble with dirvers and applications.
 

 Be sure that you dont make work which is allready done
 by others, there are few sources of adms on the web.

 About 2 years ago I sat down and created a comprehensive custom.adm file
 that implemented just about any policy anyone wanted for Window XP
 machines.  Ever since then I apparently became the defacto person on
 asking system policy questions (get about 2-3 emails a week).  As far as
 I know no one has spent the time to create IE7 policies or Vista
 policies yet.  I am going to have time on my hands this summer and I
 personally will need IE7 policies on my networks, so I am asking a few
 questions on whether or not I need to add any additional policies to my
 policy template while I am at it.

 Thanks for the reply, and if you are in need of any weird or interesting
 policies for your network, now is the time to ask.
 
 i would be very lucky to have adms for ie7 and vista
 
 here is a german website which do much of adm stuff, perhaps you should
 get in contact with them
 
 http://www.gruppenrichtlinien.de/
 
 as i see no vista adms
 
 but for all other oses of m$
 
 and ie7
 
 see here
 
 http://www.gruppenrichtlinien.de/index.html?/RiLi/Zahlen.htm
 
 
 or
 
 http://www.heise.de/ct/tipps/adms.shtml
 has also adms
 
 as i just read adms go to a new format called ADMX in vista,
 
 so it seems this format ist better then the old but not compatible with adm
 
 http://www.microsoft.com/technet/technetmag/issues/2007/02/Templates/Default.aspx?loc=de
 (give it a try in english too)
 
 but here they wrote adms will still work on vista if they dont conflict
 with default admx policies, so i have no idea for now how to implement
 this with a current samba pdc, this question should go to samba gurus
 perhaps there is a way to implement policies like active dir does with
 the recent samba ( but i havent read this )
 but i think it must be included in upcoming samba 4 as it should work as
 active dir contoller
 
 http://www.microsoft.com/germany/technet/prodtechnol/windowsvista/library/1494d791-72e1-484b-a67a-22f66fbf9d17.mspx
 
 -snip--
 • 
 
 Sie können ADM-Dateien weiterhin mit der Option Vorlagen
 hinzufügen/entfernen hinzufügen oder entfernen. Für das Hinzufügen oder
 Entfernen von ADMX-Dateien gibt es unter Windows Vista keine
 Schnittstelle. Um ADMX-Dateien hinzuzufügen, kopieren Sie diese einfach
 in den Ordner %systemroot%\PolicyDefinitions\ und starten Sie den
 Gruppenrichtlinienobjekteditor neu.
 • 
 
 Gruppenrichtlinieneinstellungen aus ADMX-Dateien werden unter dem Knoten
 Administrative Vorlagen angezeigt. Einstellungen aus alten ADM-Dateien
 werden unter Klassische

Re: [Samba] Updating System Policy Templates / ie7 adm found

Mike Petersen schrieb:
 Thanks for all of the links, I can't read German but I did manage to get
 some info from them.  Also thanks for the link to the article on the new
 admx format - I don't know why MS is changing everything to something x
 (docx, xlsx and now admx) - I preferred the old format anyway, the
 Microsoft Engineers just made it extremely confusing reading their
 policy templates.  Which turned out to be just fine for me because
 unfortunately I cannot base any of my policy template work off of any
 current Microsoft Templates - I contacted them about it 2 years ago,
 before I started working on my Custom Policies (just to be sure it was
 alright) and at first they were OK about it, but after a while I was
 contacted again to not base any work off of any policies they created
 (Go figure).
 
 So when I created my custom policy templates last time I simply searched
 the web for any registry settings that people were using to adjust
 Windows behavior, then implemented those as a policy.
 
 For the ones I didn't find I simply ran an Un-installer program to track
 registry changes to the system as I adjusted settings.  This is what I
 will probably have to do with the IE7 policies since there are very few
 references to registry settings regarding Internet Explorer 7 yet.
 
 Also, for the IE7 policies I am going to try to start doing those at the
 beginning of next month, the Vista policies will probably have to wait a
 little longer (especially since no one seems to want to deploy Vista
 anyway).
 
 So if you want any specific policy for IE 7 just let me know and I will
 try to implement it.  I will also try to keep an eye on the mail list.
 
 Thanks again,
 Mike Petersen
 [EMAIL PROTECTED]
 
Hi Mike, the main question is
how to server the new admx format with a recent samba pdc ( my short
overflow seems that they are stored in a different place, i maybe fail
here), also
i think if you wanna install a mixed setup with winxp and vista
which isnt recommended anyway you have deploy both adms and admxs
configured in the same way, as the complexity with configurations
possible in policies this doesnt seem very easy done.
So anyway the possibility to serve admx (or equal)should be included
in samba 4 as it should work as active dir controller.
So thats the question to the samba gurus.
Maybe at interim reg patches ( or extracted from adms/x) will do the
job, but i think
they have to be different in xp and vista, also the admx migrator should
help.
As i understood the format change was made to near the admx programming
language to other programming languages and simplify writing of it.
in my eyes it just another example that windows version are not really
compatible and shot users to upgrade their whole network .
It dosnt make me wonder that m$ dont want you to create adms,
in my eyes the dont wanna people doing free unlicend stuff
anymore, so 2 days ago the pressed some windows friendly sites to get
off their offline update packs for xp from the web.

In the ie7.adm from gruppenrichtlinien.de should be allready some
specials in, like configure search engine ( this what i read in parts
there )
Sorry i havent a good english site for you.
But i rememeber there where a few unfree tools creating adms, maybe they
upgraded to admx edit


-- 
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows Updates management using Samba

2007-02-21 Thread Robert Schetterer

Siju George schrieb:
 Hi,
 
 I was just wondering there if there is anything/setup to make a Samba
 3/4 PDC to fetch MS Windows Updates from the Microsoft website and
 push it to the clients. Some thing Like WSUS?
 
 If it is not already th ere is there any plans to add this
 functionality to Samba?
 
 I am wondering how updates are done on Windows Machines under a Samba
 domain.
 The data transfer multiplies with the no. of clients right?
 
 May be one way is to put a caching server like Squid on the firewall
 and allow the cache to serve the requested file.
 
 Is there any other/better way than this?
 
 Thankyou so much
 
 Kind Regards
 
 Siju
Hi , you can use
http://www.heise.de/ct/ftp/projekte/offlineupdate/ctupdate303.zip
this is a script which makes win updates but its not real samba related,
but very handy anyway

-- 
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] test please ignore

2007-02-04 Thread Robert Schetterer

test please ignore
-- 
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Use Microsoft shared fax printer?

2007-01-28 Thread Robert Schetterer

Neil Aggarwal schrieb:
 Hello:
 
 Is it possible to use Samba to send documents to
 a Microsoft Shared Fax Printer?
 
 How would I give it the phone number and other recipient
 details that normally comes in the popup window when
 I print to a shared fax printer from Windows?
 
 Thanks,
   Neil
 
 
 --
 Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com
 FREE! Eliminate junk email and reclaim your inbox.
 Visit http://www.spammilter.com for details.
 
Hi MS Fax ist ugly but you can look at this
http://www.purpel3.nl/sambafax/sambafax_6B.html
or a few other faxsolutions mostly with hylafax
which is runnig fine in linux on the same machine which services your samba

-- 
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Use Microsoft shared fax printer?

2007-01-28 Thread Robert Schetterer

Neil Aggarwal schrieb:
 Shaun:
  
 Correct me if I am wrong, but I think you are suggesting using 
 HylaFAX on the Linux server and then have the Windows PCs
 use it.
 
 What I am trying to do is to have the Linux server send
 faxes using the Windows Machine as a Fax Server.  Is
 that possible?
 
 It will be *much* harder to convince the client that they
 now have to change their fax server to Linux.
 
 Thanks,
   Neil
 
 
 --
 Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com
 FREE! Eliminate junk email and reclaim your inbox.
 Visit http://www.spammilter.com for details.
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 Shaun Marolf
 Sent: Sunday, January 28, 2007 10:41 AM
 To: samba@lists.samba.org
 Subject: Re: [Samba] Use Microsoft shared fax printer?
 
 On Sunday 28 January 2007 09:56, Neil Aggarwal wrote:
 Hello:

 Is it possible to use Samba to send documents to
 a Microsoft Shared Fax Printer?

 How would I give it the phone number and other recipient
 details that normally comes in the popup window when
 I print to a shared fax printer from Windows?

 Thanks,
  Neil


 --
 Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com
 FREE! Eliminate junk email and reclaim your inbox.
 Visit http://www.spammilter.com for details.
 Yes it is using Hylafax Samba printer share. www.hylafax.org
 
 --Shaun
Hi Neil, you know a place which has has pure ms fax up and running and
working, wow ( i never saw that , i only know third party solutions for
that on windows )
try study it features in which way you can inject faxes in its spool dir
or the tcp port you have to use and try to script it with linux. (
whatever samba etc )
But i would recommend using hylafax cause it surle more stable than
any ms fax service.
Perhaps Technet should help ,searching a solution.

-- 
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multi office samba domains

2006-12-26 Thread Robert Schetterer

Asier Baranguán schrieb:
 Hi all!
 
 I've a computer acting as a PDC in a network with Samba+OpenLDAP working
 fairly well ina Debian Sarge for several months (Samba servers, XP
 cients). It's working so well that my company wants to deploy this
 system to all the offices (five offices physically separated).
 
 Each office has it's own peculiarities so each one has to have it's own
 domain with shares and so on. But there some users with special
 requirements:
 
 + Normal users only access to their local domain resources
 
 + Users from marketing and sales dpt. travel across all the offices and
 it would be great allow this users to login in all the offices with the
 _same_ user account and access to shares, printers, etc.
 
 + Some special users are willing must be allowed to access remotely -via
 VPN link- to other office shares
 
 + And admin users be able to access to all office shares
 
 Inter-office communication will be done with some VPN so in theory I can
 have one main LDAP server with all the users, groups, computers and
 domains and replicate them.
 
 In other words: share all the users and groups between offices but with
 several domains and access policies.
 
 Can this be done -almost partially-? perhaps with domain trust
 relationships?
 
 Thanks!
 
 -- 
 Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
 und ist - aktuelle Virenscanner vorausgesetzt - sauber.
 
 
Hi Asier,
this can be done, i did this with bdcs in the offices (ldap slaves samba
) an connected them with openvpn.
For traveling user i used pptpd.
But you have to think about lot of things before you start this
so how are the coenncting qualitiy of the lines the offices use, how
implement wins browsing, and the generall net architekture.
If you only want one domain , no trust ist needed.
If you want let the offices independent, use different domains
and trust them to one another, but i would not recommend it.
You should setup internal dns with replication, maybe dhcp with relay.
normaly the homes/profiles of the office users are lying on there bdcs.
Make different policies for workstations and laptops, cause of of
profile caching etc.
Think about slow traffic vpns , sometimes it makes no sense
to push them printers etc.
The layout goes along with you would do with nt windows servers ,
see exmaple in the samba books and faqs.
It a lot of work at the start, but then it works very nice.
I dont know how time lines are for samba 4 ( active dir emulation)
but it should be a little be easier then, with those setups
Best Regards

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba instead of SBS2k+3

2006-08-20 Thread Robert Schetterer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Przemyslaw Smiejek schrieb:
 Hi, 
 
 I'm a teacher and I have got 20 computers with Windows XP and server Windows
 SBS 2003 with Active Directory. I use AD to set policy tu WinXP and to
 authorize users. 
 
 Is it possible to set up Samba to this instead AD?
 Can someone help me in this?
 
Hi,
jep samba can act as a win nt (4) domain controller PDC.
If you really need AD  ( which i dont think )
you have to wait samba reaches version 4.
but having Samba in a school enviroment is very typical,
there are many special Linux distros for schools which have allready
included this look http://www.skolelinux.org
and the samba faqs, setting up samba as domain contoller.
But you will make your live much more easier , and save money for the
children, if you switch totally to linux.
There is nothing on windows which is really need to learn for pupils
which cant be handeled by modern linux distros.
Mostly they need office ( open office ) a browser and mail.
For keeping them out of scum websites squid (guard)  is the right
choice on your firewall.
And will have no nightmares about viri in the futures using a better os.

i give my free time to youth projects to admin their networks
and they mostly have mixed setups , with linux and windows.
in former days the wanted windows to play some games , but now they
switching to consoles , which get easier to handle.
After all , here in germany , there are much laws , which you have to
look for , giving internet and computer access to children.

- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
https://www.schetterer.com/public-gpg-robert-schetterer.key
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFE6FsYNxddAhXBw7QRAo/UAJ4/xBaJwI958HrneipYIzHNMoHrWQCghOJQ
QD5SfXdSrEgqHvHqSTt8W0g=
=UcyF
-END PGP SIGNATURE-

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Latest Samba for SuSE 9.0 ?!?

2006-08-10 Thread Robert Schetterer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rory Vieira schrieb:
 Hi,
 
 What is the latest version of Samba for SuSE 9.0, and where can I find it.
 Shame support was dropped for this one... still being used a lot...
 
try this
ftp://ftp.sernet.de/pub/samba/suse90-i386
after all searching about the rpms is easy with google, and building
rpms too , if you have a spec valid for suse 9.0.
if you wanna longer support why not using enterprise versions which have
longer support, upgrading versions older than 2 years makes no sense  (
my opinion ), after all why not switch to debian...i ll think they give
longer updates as the only linux distro

- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
https://www.schetterer.com/public-gpg-robert-schetterer.key
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFE2xcMNxddAhXBw7QRAu3EAJ9zZ0DlAi0h8oVMTPwBS4CefNVw9ACfcOaH
zCu8+oD8HQ5m73X1sbuAW3Y=
=XYne
-END PGP SIGNATURE-

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] This list is a black hole.

2006-08-08 Thread Robert Schetterer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Mason schrieb:
 Seems that many questions get answered... but most to the original 
 requestor... not the list. Plus, many of us watching don't know as much as 
 the esteemed 30 or so experts so we can only help on that which we have 
 tried.
 
 Are you having a problem? I'll try to answer it.
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED] on behalf of Steven Rice
 Sent: Tue 8/8/2006 8:12 AM
 To: samba@lists.samba.org
 Subject: [Samba] This list is a black hole.
  
 Many questions goes in,
 Very few answers come out.
 
 __
 Do You Yahoo!?
 Tired of spam?  Yahoo! Mail has the best spam protection around 
 http://mail.yahoo.com 
Hi John, Stefan,
maybe most of the questions ar allready answered if using the mail
archive or/and read the faqs, i answered a lot in that list but i am not
willing to answer same questions every day, in comparing
to other lists , this one is very nice

- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
https://www.schetterer.com/public-gpg-robert-schetterer.key
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFE2JjZNxddAhXBw7QRAlmWAJ48Mg8G1veWeb6QYoH5sXZR+GEDEwCfdXJE
SkT2yzIaBAg5gXW5lf9jw9k=
=9tHh
-END PGP SIGNATURE-

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.20 + squid 2.5 : automatic logon with internet explorer

2006-06-26 Thread Robert Schetterer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rodolphe A. schrieb:
 hello,
 
 samba is setup PDC with ldap
 
 client : windows xp pro sp2
 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard
 
 is it possible to create an automatic logon with internet explorer ?
 
 perhaps with ntlm_auth, but i can't find the good sentence.
 
 
 thanks.
 
 
 
 
Hi, i ve did right this and i works now perfekt for nearly a year.
But you have many choises to realize this.
The setup which will include all possible features with a smb pdc ( with
ldap )is like this.
If you use firefox or ie with the automatic search proxy setting
the search to files like proxy.dat , proxy.pac
wpad.dat on  a webserver on the gateway of the lokal network, these
files held the data which where the browser will find the proxy.
Additional you hav to have entries in you internal
dns like
wpad.tcpSRV 0 0 80 wpad
wpadA   192.168.110.1
TXT service:
wpad:!http://intranet.gundk.intern:80/proxy.pac;
and on the internal dhcp server
like this
option wpad code 252 = text;
option wpad http://192.168.110.1/proxy.pac\n;;
you can find faqs an doku about this on the squid side.
I have implemented different groups
in the win domain like wwwuser , which can join the internet via proxy ,
and a group filteroveride to join directly www without using
squidguard ( for admins etc ).
So you can manage the groups out from usrmgr.

so i have entries like this in squid.conf

# user group which are allowed to access the internet in general

auth_param ntlm program /usr/bin/ntlm_auth
- --helper-protocol=squid-2.5-ntlmssp
- --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001
auth_param basic program /usr/bin/ntlm_auth
- --helper-protocol=squid-2.5-basic
- --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001
auth_param basic children 5

#   auth_param ntlm use_ntlm_negotiate on
#   auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 15 minutes

auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl user proxy_auth REQUIRED
http_access allow user

#pam auth agains a system group works here too (nss_ldap), we use it to
overide the redirector vor vips

external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g wwwdirect
acl direct external unix_group wwwdirect
redirector_access deny direct
always_direct allow direct
http_access allow direct

as you see i used the sid of the nt groups , cause their names didint
work, to overide the squidgauard i use a system group which is tha same
as a nt group cause there is mapping over nss_ldap
( other setups may be better but this works )

the i configured winbind to use the lokal smb pdc ( just join your own
domain )...im not sure why i did this but i think it was a must with
squid , squid must run with a user that is able to join the winbind
socket ( see squid, samba doku )
After all you need a few iptables rules to forbid bypass the proxy.

note you cant use squid auth with a transparent proxy squid setup!
But if you dont need auth and the group stuff
a setup with a squid transparent proxy and iptables is much more easy to
implement  automatic filtering ( see squid faqs how to do this ), if you
do so you can only manage things with the source ip of the client
computer  , but not by user name or group auth.

( dont copy and paste this , read the faqs )
Best Regards

- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
https://www.schetterer.com/public-gpg-robert-schetterer.key
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s
kf/FSvVp4RbIfgdY6pj1Hmw=
=RYf+
-END PGP SIGNATURE-

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA-LDIF

2006-06-06 Thread Robert Schetterer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Boukari Ouédraogo schrieb:
 Hello!
 How to get samba users in a file in ldif format? samba 3.0.14
 
 Many thanks for all
 
 Boukari
hi do it like this
slapcat -l ldap.ldif


- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
https://www.schetterer.com/public-gpg-robert-schetterer.key
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)

iD4DBQFEheWANxddAhXBw7QRAla2AJIC8aJ86kno7FHZXZEEHxQCAJ1oAJwKE0JR
GH1foXq4WIVzE/NDeHeD0A==
=Sz5G
-END PGP SIGNATURE-

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] max number of users in passwd ( out of topic )

2006-06-02 Thread Robert Schetterer


Hi @ll,
this is a little out of topic,
sombody knows which is is the maximum  number of users possible in 
/etc/passwd ?

i looked around google and man but did not find the info, i read somewhere
its like 65000 is this true?
thx Robert

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

2006-05-12 Thread Robert Schetterer


Hi Jerry ,
isnt it fine to have a parameter if you want to talk to ldap bound to a 
different port, and isnt ldap server making it more clear ?
Or is this just the entry in the conf and such a function can be defined 
elsewhere?

Regards

Collen Blijenberg schrieb:

Quite a list, but no non we use.
might i do a sugestion ?

all with all, there are a lot of changes is the up coming release.
not only these parameters en config options, but also the removal of the 
sql backends

that multi passwd backend thing..

isn't it smarter , or it makes more sense to push these rather big 
changes through the 3.1 release

???

Cheers,

Collen

Gerald (Jerry) Carter wrote:
 

Here's a short list of parameters I'd like to remove
from smb.conf.

hosts equiv
read bmpx
wins partners
ldap server
ldap port
homedir map
nis homedir
magic script
magic output

Comments?



I'd also like to kill the following configure options

--with-nisplus-home
--with-ldapsam
--with-automount
--with-dce-dfs



  


--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question: Universal group support

2006-05-09 Thread Robert Schetterer


[EMAIL PROTECTED] schrieb:

Samba 3.0.x support Windows NT domain.
Therefore, Samba support only a global group and a local group.
Is this correct?

And Samba 3.0.x not support Universal group.
Universal group support on Samba 4.x.
Is this correct?
 


--
--- Oota Toshiya ---  oota at mail.linux.bs1.fc.nec.co.jp
NEC Computers Software Operations Unit  Shiba,Minato,Tokyo
OSS Promotion CenterJapan,Earth,Solar system
(samba-jp Staff/postmaster,mutt-j/faqomatic admin,analog-jp postmaster)
  

Hi, this may off topic , but some nt-admins
of very large ad domains ( 1 workstations and more ) warned  me  to 
use universal groups

as it may lead to perfect chaos in the groups of ad
which might terrible to debug. in failure situations
Best Regards

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Creating a trust on an unstable network

2006-05-05 Thread Robert Schetterer


Hi Ray,
i had a vpn based on openvpn and tap interfaces, with a trust between
two samba domains this worked like charme , the conection was resetted
2 times a day by the adsl provider.
If the trust brakes on a longer timeout you have to reestablish the 
trust which causes a lot of traffic over the vpn, also it can be very 
frustration in use if the the trust is not in sync, cause it may lead

to failures at logon , share rights etc
Best Regards

Ray Greene schrieb:

I would like to create a trust between a Samba domain and a Win2K
domain. The Samba domain connects via VPN to the Win2K domain.

The Samba domain users need access to files on the Win2K domain and a
trust would make it easier to handle permissions on the files.

However the VPN connection isn't very stable and drops the connection
every day or two.

The Samba Howto says this is a bad thing to try, but doesn't say why. 


What exactly happens in this situation when the connection between the
domains is dropped?




--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: URGENT!!!!! Problem: outlook.pst with samba 3.0.21c!!!!!!!!


Hi Joerg,
pst are a special kind of files, and its not not recommended hosting 
them on network shares, see technet, cause they get corupted

But i know many people do it.
So keep clear that the psts are not growing very large ( under 1G is ok 
) stop any vfs antivir at the pst shares,

play with lock parameters.
i have one costumer who is hosting his pst on network shares with samba
3.0.14 and there is no bug with it.
I dont have testet it with latest samba.
But i am nearly sure this is not a samba problem,
i recommend you install a kolab server which works nice to outlook.
pst where never thought to be hosted on networks.
For testing copy a working pst file to the place ( share ) where the not 
working one is hosted and try to open it, if this works you know the pst 
got corupted , there are a few tools by ms  to reconstruct such files ( 
search technet ) but do it by copy them to a local client.

In your scenario you should have daily backups of the psts anyway
But i read a lot about problems with solaris samba , maybe the bug is 
only in solaris samba, as workaournd switch back to former samba version

Best Regards


Jörg Nissen schrieb:
You should give us a look at your smb.conf. AFAIK from my very own 
experience: 3.0.21c somehow behaves different from 3.0.20 with the same 
smb.conf. Maybe you have to set some values which did not have to be set 
before.


MfG
Jörg Nissen

- Original Message - From: WolverineJR [EMAIL PROTECTED]
Newsgroups: mailing.unix.samba
Sent: Friday, March 10, 2006 9:40 AM
Subject: URGENT! Problem: outlook.pst with samba 3.0.21c


Hello Samba-Gurus!!

Following really really important problem:

Yesterday evening, we have upgraded our Solaris9-Samba-Fileserver from
Samba-Version 3.0.11 to 3.0.21c. All worked fine.
But today, we have following problem:

Some users, which outook.pst-file is situated on the samba-fileserver
in their home-share, cannot send or get mails via Outlook2000 und
Outlook2003.
When we try to change the path to the PST-file, we get the messages,
that the file cannot be accessed.

Here is a sample of the samba-log of one of the clients:

[2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(70)
 unix_mode(outlook.pst) inheriting from .
[2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(78)
 unix_mode(outlook.pst) inherit mode 40700
[2006/03/10 07:39:03, 2] smbd/open.c:open_file(350)
 abm opened file outlook.pst read=Yes write=No (numopen=2)
[2006/03/10 07:39:03, 2] smbd/close.c:close_normal_file(308)
 FRANKFURT+abm closed file outlook.pst (numopen=1)
[2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(70)
 unix_mode(outlook.pst) inheriting from .
[2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(78)
 unix_mode(outlook.pst) inherit mode 40700
[2006/03/10 07:39:03, 2] smbd/open.c:open_file(350)
 abm opened file outlook.pst read=Yes write=No (numopen=2)
[2006/03/10 07:39:03, 2] smbd/close.c:close_normal_file(308)
 FRANKFURT+abm closed file outlook.pst (numopen=1)
[2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(70)

What here stand out is, that samba try to open the outlook.pst - file
with READ=YES and WRITE=NO... this can not be right

Another thing is, that after the samba-upgrade, we don´t get the
absolut pathes from the opened files in samba. In SWAT we only get
something like: outlook/outlook.pst
Normally it should look like: /homes/xxx/outlook/outlook.pst

Does have anybody a solution or idea??

THIS IS REALLY IMPORTANT

THX




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: URGENT!!!!! Problem: outlook.pst with samba


i looked at my costumer which is using psts in their homes
this works if the psts are under 1GB ( later it slow very much , which 
is relate to outlook and pst not to samba )

[homes]
   comment = Home of %U on %L
   read only = No
   csc policy = disable
   browseable = No
   inherit acls = Yes
   create mask = 0700
   directory mask = 0700
   locking = No
   oplocks = False
   level2 oplocks = False
   valid users = %S
   profile acls = Yes
   store dos attributes = yes
   dos filetimes = yes
   delete readonly = yes


Jörg Nissen schrieb:

You could try adding
   valid users = %S

to the [homes] section.


MfG
Jörg Nissen


- Original Message - From: WolverineJR [EMAIL PROTECTED]
Newsgroups: mailing.unix.samba
Sent: Friday, March 10, 2006 10:35 AM
Subject: Re: URGENT! Problem: outlook.pst with samba



# Global parameters
[global]
   unix charset = ISO8859-1
   display charset = ISO8859-1
   workgroup = x
   realm = xxx.xxx.xxx
   netbios name =  --- Hostname
   server string = Server Samba-Fileserver
   security = ADS
   password server = xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
   log level = 2
   log file = /var/log/samba/%m.log
   max log size = 50
   keepalive = 0
   logon home = \\xxx\%U
   ldap ssl = no
   idmap uid = 1-2
   idmap gid = 1-2
   idmap gid = 1-2
   winbind separator = +
   admin users = xxx , xxx
   inherit permissions = Yes
   inherit acls = Yes

[homes]
   path = /homes1/%U
   read only = No
   browseable = No
   veto oplock files = /*.pst/*.PST/*.Pst/ --- this
entry we have entered just before 2 minutes






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba4wins only with samba =3.0.21?


hi,
it a independed daemon, if you recompile the src rpm it should work
Best Regards

Michael Gasch schrieb:

[update]

releases say: yes

greez

Michael Gasch schrieb:

hi,

i read about samba4wins, which is really a great work from the team!
do you know, if this will work with samba v3.0.14a?
i ask because  a german news service writes that it´s only possible 
with 3.0.21 (http://www.heise.de/newsticker/meldung/69132), but i 
can´t find this information in the notes on 
http://ftp.sernet.de/pub/samba4WINS/samba4wins-1.0.0-16/


thx for helping me!





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] many servers and mobile users - always use the most fresh user profile - ideas?


Hi Bob,
the normal setup would be a bdc in other locations,
and setup users profiles in their home offices,
if they have only short terms of visit in other offices they must life 
with longer logon time, if they stay lets say longer than two week than 
move their profiles and homes to the other bdc, so its done in very 
large ( 1 users ) windows networks ,i know.

this is can very easy be done with ldap and samba.
I dont think rsync profiles will be a satisfactory solution, cause
users can also comming from vpn adsl/wlan etc so the profile are never 
in sync int that case ( ie if they work in hotels at night etc ) in my 
cenarios.
choose a good vpn connect 2 MB synchron with openvpn was enough for me 
with 100 users 90% sitting in their home offices 10 % traveling around.
I had limited the profiles to 30 MB maximum, so even in the worst case 
in ca. 3 minutes they got their profile staying in any kind of office net.
This stuff deeply depends on the conection limits, so i.e i know 
companies they have black fiber lines  in usa , europe, asia , but isdn 
in africa and have to sync more than just profiles, i.e exchange data etc.

so the have bdc in africa office ( with good connect ) so they syncing
with europe every hour , from there africa office b wich has only isdn 
is synced further only in night.

after all have this global network a full working time service across
the networks is needed, just a lot what admins much think of at syncing 
any data.

Best Regards

Gautier, B (Bob) schrieb:

-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]

] On Behalf Of Tomasz Chmielewski
Sent: 10 March 2006 14:14
To: samba
Subject: [Samba] many servers and mobile users - always use 
the most fresh user profile - ideas?


I have a situation like below:

Samba servers in many cities; one backup server in the 
central location that fetches user profiles each night 
(changes really with rsync).


Users work in many locations; sometimes one user can work in 
city A, and a day later he can work in city B.



This means that they have problems with their profiles - user profile 
for city A will be different from his profile in city B.



Using the central server for storing all profiles is not a 
good solution 
- it would take too long to fetch/upload user profile over WAN/VPN.
Pulling the profile from the central server should only happen if the 
local profile is older.



I tried using preexec, to launch a script which would compare 
the local 
and remote profile, and pull the newest version from the central 
server if necessary.


However, Windows logon times outs after 2 minutes, and 
usually it takes 
longer to download the profile.



Has anyone ever dealt with the situation where users work in multiple 
locations, but would like to have the profiles the same?



I know it can be done easily with Windows 2003 R2, what about Samba?


About a year ago I worked out an architecture in which rsync would be
used to replicate profiles from location to location (replication being
triggered by *logout*, not *login*) but it never got anywhere near
implementation as far as I am aware.  You just have to make sure you
have enough bandwidth so you can move the profiles faster than the
people. :-)  Of course rsync helps quite a bit.

Bob Gautier




--
Tomasz Chmielewski
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


_

This email (including any attachments to it) is confidential, legally 
privileged, subject to copyright and is sent for the personal attention of the 
intended recipient only. If you have received this email in error, please 
advise us immediately and delete it. You are notified that disclosing, copying, 
distributing or taking any action in reliance on the contents of this 
information is strictly prohibited. Although we have taken reasonable 
precautions to ensure no viruses are present in this email, we cannot accept 
responsibility for any loss or damage arising from the viruses in this email or 
attachments. We exclude any liability for the content of this email, or for the 
consequences of any actions taken on the basis of the information provided in 
this email or its attachments, unless that information is subsequently 
confirmed in writing. If this email contains an offer, that should be 
considered as an invitation to treat.
_


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] auth via PAM or /etc/passwd

2006-03-09 Thread Robert Schetterer


hi,
i you not wanna use ldap study this
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html
auth via pam is possible but i would not recommend this,
i had testet this a long time ago and it works
Best Regards

Andrea Venturoli schrieb:

Mikhail Ramendik wrote:

Hello,

A friend wants to set up Samba (3.0.9-2.6-SUSE) so that users would 
log on using the same credentials as on the local Linux system, 
without a separate password database. He would like Samba to use PAM 
or /etc/passwd.


Is it possible, and if so, how?


AFAIK no. I think it would not be possible without disabling password 
encryption, which would also mean he'll have to do without a lot of 
other things.


I'm doing it the other way round, i.e. using Samba as my authentication 
engine and let any other service authenticate through pam_smb. Then I 
use nss_ldap to complete the thing.


 bye
av.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Two PDC's conflict


Hi,
its no problem to have 2 pdcs , but its a problem to have two wins 
server on the same network, configure only on pdc to be wins server

Regards

Pavan schrieb:

Hi All,

   I am currently running two PDC's with different domain names on 
the same network. But after a day of smooth running I am starting to 
have problems with the users accessing the network resources with an 
error message. As far I understand there must not be such conflict with 
the Samba PDC's with different domain names on the same subnet. Can any 
one suggest what might be wrong in such case?


thanks for the help,
Pavan.






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 1 byte writes


Hi Thomas,
i dont see any bugs in your conf,
but in general there is no performance issue known to me
with current samba, what are the samba log say , or/and tcpdump
have you firewall on the server etc how is your setup in wins browsing
have you tested another nic
Bets Regards

Thomas Limoncelli schrieb:
After migrating a particular W2K file service to Samba 3.0.21c on SuSE 
9.3 Pro (a DMS with winbindd against a W2K3 ADS), the W2K clients are 
suffering performance issues (in a switched LAN).


Looking at the traffic with Ethereal (latest SVN), it looks like the 
client writes the data in *1 byte* pieces likes this (c=client, s=server):


c-s NT Create AndX Request
c-s NT Create AndX Response
c-s Trans2 Request, SET_FILE_INFO
c-s Trans2 Response
c-s Trans2 Request, QUERY_FILE_INFO, Query File Basic Info (1004)
c-s Trans2 Response
c-s Write AndX Request, 1 byte at offset 119  -- sigh
c-s Write AndX Response, 1 byte
c-s Trans2 Request, QUERY_FILE_INFO, Query File Standard Info (258)
c-s Trans2 Response
c-s Write AndX Request, 1 byte at offset 155  -- sigh again
c-s Write AndX Response, 1 byte
c-s Trans2 Request, QUERY_FILE_INFO, Query File Standard Info (258)
c-s Trans2 Response
c-s Write AndX Request, 1 byte at offset 191  -- see above
c-s Write AndX Response, 1 byte
...
c-s Write AndX Request, 1 byte at offset 6629781  -- 100 secs later!!
c-s Write AndX Response, 1 byte
c-s Trans2 Request, QUERY_FILE_INFO, Query File Standard Info (258)
c-s Trans2 Response
c-s Write AndX Request, 4096 bytes at offset 0  -- the file header?
c-s Write AndX Response, 4096 bytes
c-s Write AndX Request, 2454 bytes at offset 6627328  -- strange
c-s Write AndX Response, 2454 bytes
c-s Flush Request
c-s Flush Response
c-s Close Request
c-s Close Response

resulting in incredibly poor write performance. Does this ring a bell 
with anyone?


Searching the list archives, this issue seems to be only known with 
particular poorly-written applications:


http://groups.google.com/group/mailing.unix.samba/browse_thread/thread/89c619c8ea1e48/256e1ebf227819cc 



but we're running none of those mentioned there (but may have found yet 
another ;-)).


Then, still, there haven't been any noticeable performance issues with 
the same application against the original W2K file server, so /me ends 
up as the one being pointed at. :-(


smb.conf global settings are the same as in an earlier thread 
(http://lists.samba.org/archive/samba/2006-February/118057.html) plus 
the following share-level settings:


[grp$]
path = /cifs/grp
valid users = +XXX\mygroup
read only = No
create mask = 0770
directory mask = 0770
nt acl support = Yes
acl group control = Yes
map acl inherit = Yes


Any ideas?


-TL


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 1 byte writes


Hi Thomas,
Jeremy allready gave you good advice,
i just wanted to ask about the ask the all day questions before go further
Best Regards from snow white munich

Thomas Limoncelli schrieb:

Robert Schetterer wrote:

but in general there is no performance issue known to me
with current samba, what are the samba log say , or/and tcpdump


I've posted a (hopefully reasonable) summary of the on-the-wire traffic 
as seen with Ethereal. What are you expecting to gain from tcpdump here?


As for samba logs, I don't see any particularly suspicious entries, but 
I'm not sure what to look for either :-/. After all, if the client is 
asking for 1 byte writes, Samba just serves it. If anyone wants to look 
into my level 10 debug log, I'll be happy to provide it (off-list).



have you firewall on the server etc how is your setup in wins browsing
have you tested another nic


I'm not seeing any network packet loss nor packets dropped by iptables. 
WINS browsing is working fine from my perspective, but I'm unsure how 
this is releated.


Further comments welcome.


-TL


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] auth via PAM or /etc/passwd

Hi ,why not use ldap it works like charme ( and would work exactlty as 
you like )

and its easy to setup with suse
Regards
Mikhail Ramendik schrieb:

Hello,

A friend wants to set up Samba (3.0.9-2.6-SUSE) so that users would log on 
using the same credentials as on the local Linux system, without a separate 
password database. He would like Samba to use PAM or /etc/passwd.


Is it possible, and if so, how?



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [Samba Version 3.0.20b-3.4-SUSE]: WinXP-Error writing to share


Hi Bjoern,
in general there is no problem with suse samba etc
ich have very large samba domains up and running, but dont forget
samba 3 is acting like win nt 4 server ( pdc )
its not an active dir controller as win 2003 server
if you need acitve dir for i.e exchange version higher than 5.5
you have to wait until samba 4 gets released, so think about that before 
your migration.


at a look at your logs this seems a network problem
have you any firewalls enabled on the suse or/and on the win client?
-Transport endpoint is not connected
for testing do not use this parameters

use sendfile =
large readwrite =
max xmit =
hosts allow =

your conf does  not look very logical to me
 why dont try edit the suse default conf

create mask = 0777
directory mask = 0777
dont do this in global

perhaps you should study more in the smb faqs which are online in german 
 too, ther are easy examples in it for testing

and migration examples.
dont mess around with groups etc at starting with samba

Best Regards

Björn Mayer schrieb:

Hello mailing-list,

this is my first post and i hope that you enjoy my very bad but 
sometimes funny english.


My Problem is the following:

First of all, my server-config:
Samba Version 3.0.20b-3.4-SUSE
on a
SUSE Linux Enterprise Server 9
with Kernel 2.6.5-7.252-smp


Now the problem is, that samba generally works fine, but it doesn't work
to work with a special application directly on a samba-share.
This app is EPLAN, who is configured to save his project-data on the 
servershare, because of the fact that there everything will be backuped 
regularly.


All this worked prior with a Windows Server 2003, which now should be 
replaced with the linux samba-server.


Now when we switched to Samba for testing purposes the error occured, 
that Windows throws the following Error while working with EPLAN on the 
networkshare:


---
Windows - Datenverlust beim schreiben

Es konnten nicht alle Daten für die Datei \\UNC-Path-to-share\file.ext 
gespeichert werden. Die Daten gingen verloren. Mögliche Ursache könnten 
Computerhardware oder Netzwerkverbindung sein. Versuchen Sie, die 
Dateien...

---

which in english means something like
---
Windows - data loss at writing

It was not possible to save all data for the file 
\\UNC-Path-to-share\file.ext. The data was lossed. Possible reasons can 
be the Hardware or networkconnection. ...

---

Copying data on the share while using copy ans paste with the explorer 
seems to be working fine.


I have no idea which reason this can have. Maybe some pro here outside 
has an idea.

Of course there can be recognized something in the /var/log/messages:

Mar  7 11:14:47 mve-server2 smbd[8195]: [2006/03/07 11:14:47, 0] 
lib/util_sock.c:write_data(554)
Mar  7 11:14:47 mve-server2 smbd[8195]:   write_data: write failure in 
writing to client 0.0.0.0. Error Connection reset by peer
Mar  7 11:14:47 mve-server2 smbd[8195]: [2006/03/07 11:14:47, 0] 
lib/util_sock.c:send_smb(762)
Mar  7 11:14:47 mve-server2 smbd[8195]:   Error writing 5 bytes to 
client. -1. (Connection reset by peer)
Mar  7 11:18:55 mve-server2 smbd[8244]: [2006/03/07 11:18:55, 0] 
lib/util_sock.c:get_peer_addr(1222)
Mar  7 11:18:55 mve-server2 smbd[8244]:   getpeername failed. Error was 
Transport endpoint is not connected
Mar  7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] 
lib/util_sock.c:get_peer_addr(1222)
Mar  7 11:18:55 mve-server2 smbd[8250]:   getpeername failed. Error was 
Transport endpoint is not connected
Mar  7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] 
lib/util_sock.c:get_peer_addr(1222)
Mar  7 11:18:55 mve-server2 smbd[8250]:   getpeername failed. Error was 
Transport endpoint is not connected
Mar  7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] 
lib/access.c:check_access(328)
Mar  7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] 
lib/util_sock.c:get_peer_addr(1222)
Mar  7 11:18:55 mve-server2 smbd[8250]:   getpeername failed. Error was 
Transport endpoint is not connected

Mar  7 11:18:55 mve-server2 smbd[8250]:   Denied connection from  (0.0.0.0)
Mar  7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] 
lib/util_sock.c:get_peer_addr(1222)
Mar  7 11:18:55 mve-server2 smbd[8250]:   getpeername failed. Error was 
Transport endpoint is not connected

Mar  7 11:18:55 mve-server2 smbd[8250]:   Connection denied from 0.0.0.0
Mar  7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] 
lib/util_sock.c:write_data(554)
Mar  7 11:18:55 mve-server2 smbd[8250]:   write_data: write failure in 
writing to client 0.0.0.0. Error Connection reset by peer
Mar  7 11:18:55 mve-server2 smbd[8250]: [2006/03/07

Re: [Samba] [Samba Version 3.0.20b-3.4-SUSE]: WinXP-Error writing to share


Hi, if it is a bug it is relate to winxp 64 versions,
i had never such problems with suse/samba during all upgrades from first 
samba 3 release up to now

on different servers 32/64 intel  /amd  with mutliple nics
perhaps somthing is allready in bugzilla about win xp 64?
Regards
Beschorner Daniel schrieb:

We have a similar or same problem with one of our servers after upgrade from
3.0.14 to 3.0.21x (incidentally??).

The log shows things like:

write_data: write failure in writing to client 192.168.17.249. Error Broken
pipe

[2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225)
  getpeername failed. Error was Transport endpoint is not connected
[2006/03/06 20:46:47, 0] lib/access.c:check_access(328)
[2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225)
  getpeername failed. Error was Transport endpoint is not connected
  Denied connection from  (0.0.0.0)
[2006/03/06 20:46:47, 1] smbd/process.c:process_smb(1187)
[2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225)
  getpeername failed. Error was Transport endpoint is not connected
  Connection denied from 0.0.0.0
[2006/03/06 20:46:47, 0] lib/util_sock.c:write_data(557)
  write_data: write failure in writing to client 192.168.17.250. Error
Connection reset by peer
[2006/03/06 20:46:47, 0] lib/util_sock.c:send_smb(765)
  Error writing 5 bytes to client. -1. (Connection reset by peer)

Clients are XP x64.

When saving fails the Windows log reports mrxsmb - delayed write failed.

I still suspect the network hardware (switch? NICs?) to do something wrong,
but can't Samba take out yet.
  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] preexec and client timeout when script long to execute


Tomasz Chmielewski schrieb:
I wrote a script which downloads user profile from a remote server if 
the profile doesn't exist on a local server - and executes it via 
preexec in [profiles] share.


It works fine, however, there is a major glitch with it.

After 3 minutes or so, the client times out, and says that that the 
server-side profile cannot be found, contact your administrator etc.


The script is still running and downloads the profile from the remote 
server, which will take few more minutes.


Is there a way to tell the client not to time-out during logon, when 
the script is being executed?




Hi  i also tested such stuff,
and failed ,it maybe possible if you are increasing the time value with 
poldedit.exe Ntconfig.pol for profile logon waiting time to this user 
and/or machine

Best Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] preexec and client timeout when script long to execute


Tomasz Chmielewski schrieb:

Robert Schetterer wrote:

Tomasz Chmielewski schrieb:
I wrote a script which downloads user profile from a remote server 
if the profile doesn't exist on a local server - and executes it via 
preexec in [profiles] share.


It works fine, however, there is a major glitch with it.

After 3 minutes or so, the client times out, and says that that the 
server-side profile cannot be found, contact your administrator etc.


The script is still running and downloads the profile from the 
remote server, which will take few more minutes.


Is there a way to tell the client not to time-out during logon, 
when the script is being executed?




Hi  i also tested such stuff,
and failed ,it maybe possible if you are increasing the time value 
with poldedit.exe Ntconfig.pol for profile logon waiting time to this 
user and/or machine


If such a value exists.
Anyone knows?


for sure this value exists ( and many tuning stuff about logins and time 
), its special made for low traffic conections,which are typical for vpn 
or modem cons , but it musnt solve your problem

cause login is very complex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [Repost] Offline Files No Go


Hi Peter,
i dont know any bugs with samba and offline files, sync is a complex 
stuff on native windows servers too,
on the samba side there is only this parameter to controll them, so 
other stuff is client related

which can be very fine controlled by adms or/and local machine policies.
for sure you should have the latest samba version , and a brand new win 
client for testing with all patches  installed.

i recommend study tech net working with offline files.
As i did synced homes  for laptops  last time i had no problem with it, 
but i was not

very lucky about the gereral  implementation  of this feature in windows.
so i did it with rsync wich works more nice.
theres only one good stuff and this is the general controll of this 
behavior  in a domain

from NTconfig.pol which i like very much
Best Regards

[EMAIL PROTECTED] schrieb:

Robert,
 I understand about the configuration options on the Windows side, but what
my problem is that no matter what I setup on the windows side, the clients
do not behave properly with offline files from my Samba server.  If I set
them offline from a windows server, there is no problem.  I only have
issues when I make a samba share available offline.   I need to make every
user's home directory available offline for laptop travel, but I can't get
the system to work.
I am really starting to think this is a bug in my version of Samba.

Thanks!  -Cheers, Peter.



 In specification, Murphy's
Law supersedes Ohm's Law.
   --Unknown



   
 Robert Schetterer 
 [EMAIL PROTECTED] 
 r.org To 
   [EMAIL PROTECTED] 
 03.03.2006 12:42   cc 
   samba@lists.samba.org   
   Subject 
   Re: [Samba] [Repost] Offline Files  
   No Go   
   
   
   
   
   
   





Hi Peter,
there is only one parameter in smb.conf
with offline files to a share

from man smb.conf
csc policy (S)

 This stands for client-side caching policy, and specifies how
clients capable of offline caching will cache the files in the share.
The valid values are: manual, documents, programs, disable.

 These values correspond to those used on Windows servers.

 For example, shares containing roaming profiles can have offline
caching disabled using csc policy = disable.

 Default: csc policy = manual

 Example: csc policy = programs

but if you wanna fine tune i.e by users/groups/host etc you have
to do this with NTconfig.pol in the netlogon share created by
poledit.exe which is more flexible
so would say use csc policy = manual in your conf so it depends to users
entries when or what offline sync in a share, but i dont think this is a
good idea at the profiles share ( as i saw it in your conf ,i use
disable here )

Best Regards

[EMAIL PROTECTED] schrieb:
  

Robert,
   Ah, I now see what you are meaning...  I have used the Active


Directory
  

policy manager to create the policies that I want and have successfully


run
  

offline files from a Windows server, my trouble is that when I move to a
Samba server, the Windows PCs have improper behavior.  (i.e. files can


not
  

be accessed even with proper permissions, applications report the files


as
  

non-existant, etc.)I am thinking that my problem is either related to
my Samba configuration or my Samba version.  How does my configuration


file
  

compare to your configuration?

Thanks so much!  -Cheers, Peter.



 In specification, Murphy's
Law supersedes Ohm's Law.
   --Unknown







  

 Robert Schetterer



  

 [EMAIL PROTECTED]



  

 r.org


To
  

  

 03/02/2006 05:26  [EMAIL PROTECTED]



  

 PM


cc
  

   samba@lists.samba.org



  

  

  

  

  
Subject
  

   Re: [Samba] [Repost] Offline Files



  

   No Go



  

  

  

  

  

  

  



hi, sorry that i wrote

[Samba] test

2006-03-05 Thread Robert Schetterer


test
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problems with AUTOCAD (german version) and samba

2006-03-03 Thread Robert Schetterer


hi Kurt,
control your locale settings on the samba server and your settings in 
smb.conf,

but at a short look on your log i would say you have a oplock problem

in suse you can change local in /etc/sysconfig/language
to [EMAIL PROTECTED] and parameter root uses language = yes
( note this might break yast ncurses display in  tty.. in suse versions 
prior 10 )

in smb conf ( samba3 )set

unix charset = ISO8859-1
   display charset = ISO8859-1
   dos charset = 850

the file names with umlauts should be visible in the native linux 
filesystems too , if they arent you have to rename them if using this 
entries.


in the share try using
this parameters

locking = No
oplocks = False
level2 oplocks = False
acl check permissions = no

controll the file permissions ( ls -la ) of the desired file , too make 
sure that there is no problem with ownership


you might test this first perhaps setting this may your fix your 
problems without changing locale


Good Luck

Best Regards


Kurt Weiss schrieb:
a problem occurs, if somebody tries to access a file, named with ü in 
path- or filename:
AUTOCAD acnnot access this files - throwing error (translated) cannot 
find drawing, make sure, that your networkdrive is available and the 
file exists.


this only happens, with germen special letters ü and Ü
opening with other applications and opening with ACAD on all other files 
is successful.


does anyone have an idea, why this happen?

e.g.:
networkdrive N:
opening N:\tmp\_täst\test.dwg - ok
opening N:\tmp\_tüst\test.dwg - with ACAD error, other applications: 
success


smbd logfile:
  unix_mode(temp/_tÃ¼st/test.dwg) returning 0770
[2006/03/03 10:43:24, 2] smbd/open.c:open_file(369)
  marcel opened file temp/_tÃ¼st/test.dwg read=Yes write=No (numopen=1)
[2006/03/03 10:43:24, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(166)
  linux_set_kernel_oplock: got kernel oplock on file 
temp/_tÃ¼st/test.dwg, dev = 2103, inode = 4489682, file_id = 1092

[2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194)
  Transaction 6011 of length 90
[2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993)
  switch message SMBopenX (pid 10348) conn 0x83fa2e0
[2006/03/03 10:43:24, 3] smbd/dosmode.c:unix_mode(121)
  unix_mode(temp/_tÃ¼st/test.dwg) returning 0770
[2006/03/03 10:43:24, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(515, 102) : sec_ctx_stack_ndx = 1
[2006/03/03 10:43:24, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2006/03/03 10:43:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/03/03 10:43:24, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (515, 102) - sec_ctx_stack_ndx = 0
[2006/03/03 10:43:24, 3] smbd/oplock.c:initial_break_processing(320)
  initial_break_processing: called for dev = 0x2103, inode = 4489682 
file_id = 1092

  Current oplocks_open (exclusive = 1, levelII = 0)
[2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194)
  Transaction 6012 of length 55
[2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993)
  switch message SMBlockingX (pid 10348) conn 0x83fa2e0
[2006/03/03 10:43:24, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(515, 102) : sec_ctx_stack_ndx = 1
[2006/03/03 10:43:24, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2006/03/03 10:43:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/03/03 10:43:24, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (515, 102) - sec_ctx_stack_ndx = 0
[2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194)
  Transaction 6013 of length 90
[2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993)
  switch message SMBopenX (pid 10348) conn 0x83fa2e0
[2006/03/03 10:43:24, 3] smbd/dosmode.c:unix_mode(121)
  unix_mode(temp/_tÃ¼st/test.dwg) returning 0770
[2006/03/03 10:43:24, 2] smbd/open.c:open_file(369)
  marcel opened file temp/_tÃ¼st/test.dwg read=Yes write=Yes (numopen=2)
[2006/03/03 10:43:24, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(161)
  linux_set_kernel_oplock: Refused oplock on file temp/_tÃ¼st/test.dwg, 
fd = 27, dev = 2103, inode = 4489682. (Resource temporarily unavailable)

[2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194)
  Transaction 6014 of length 53
[2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993)
  switch message SMBsetattrE (pid 10348) conn 0x83fa2e0
[2006/03/03 10:43:24, 3] smbd/reply.c:reply_setattrE(5460)
  reply_setattrE fnum=9542 ignoring zero request - not setting 
timestamps of 0

[2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194)
  Transaction 6015 of length 45
[2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993)
  switch message SMBclose (pid 10348) conn 0x83fa2e0
[2006/03/03 10:43:24, 3] smbd/reply.c:reply_close(3271)
  close fd=27 fnum=9542 (numopen=2)
[2006/03/03 10:43:24, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(515, 102) : sec_ctx_stack_ndx = 1
[2006/03/03 10:43:24, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(100) :

Re: [Samba] [Repost] Offline Files No Go

2006-03-03 Thread Robert Schetterer


Hi Peter,
there is only one parameter in smb.conf
with offline files to a share

from man smb.conf
csc policy (S)

This stands for client-side caching policy, and specifies how 
clients capable of offline caching will cache the files in the share. 
The valid values are: manual, documents, programs, disable.


These values correspond to those used on Windows servers.

For example, shares containing roaming profiles can have offline 
caching disabled using csc policy = disable.


Default: csc policy = manual

Example: csc policy = programs

but if you wanna fine tune i.e by users/groups/host etc you have
to do this with NTconfig.pol in the netlogon share created by 
poledit.exe which is more flexible
so would say use csc policy = manual in your conf so it depends to users 
entries when or what offline sync in a share, but i dont think this is a 
good idea at the profiles share ( as i saw it in your conf ,i use 
disable here )


Best Regards

[EMAIL PROTECTED] schrieb:

Robert,
   Ah, I now see what you are meaning...  I have used the Active Directory
policy manager to create the policies that I want and have successfully run
offline files from a Windows server, my trouble is that when I move to a
Samba server, the Windows PCs have improper behavior.  (i.e. files can not
be accessed even with proper permissions, applications report the files as
non-existant, etc.)I am thinking that my problem is either related to
my Samba configuration or my Samba version.  How does my configuration file
compare to your configuration?

Thanks so much!  -Cheers, Peter.



 In specification, Murphy's
Law supersedes Ohm's Law.
   --Unknown



   
 Robert Schetterer 
 [EMAIL PROTECTED] 
 r.org To 
   
 03/02/2006 05:26  [EMAIL PROTECTED] 
 PM cc 
   samba@lists.samba.org   
   
   
   
   
   Subject 
   Re: [Samba] [Repost] Offline Files  
   No Go   
   
   
   
   
   
   





hi, sorry that i wrote this like missunderstanding,
what i mean you can fully control offline file/directory behavior
with NTconfig.pol for user ,groups ,client machines
so this is the tool/function you need
i use it to disable offline files on workstations and have it possible
with laptop with different samba shares.
there are a lot of ohter features possible, so exclude filestypes etc..
Regards
[EMAIL PROTECTED] schrieb:

Robert,
   I don't want to disable this... I want to make it work.  That is what

I

am looking for help with.
Thanks. -Cheers, Peter.



 In specification, Murphy's
Law supersedes Ohm's Law.
   --Unknown







 Robert Schetterer



 [EMAIL PROTECTED]



 r.org

To

   [EMAIL PROTECTED]



 02.03.2006 04:09

cc

   samba@lists.samba.org


Subject

   Re: [Samba] [Repost] Offline Files



   No Go












Hi,
yo can do disabling offline features via NTconfig.pol.
for users and/or machines and different folders
study google and smb faqs how to use this
Regards

[EMAIL PROTECTED] schrieb:

Dear All,
   I want to enable Offline Files support on several Win2K SP4 laptops.

We

have a samba file server.  I have researched as much as I could to get
answers and here is what I have.  I am unfortunately unable to get this
working properly.  If anyone can answer or point me in to a good

resource,

I would greatly appreciate that. I am attempting to offline profile
directories mapped to network drive letter X:.  Here is my config

Re: [Samba] [Repost] Offline Files No Go

2006-03-02 Thread Robert Schetterer


Hi,
yo can do disabling offline features via NTconfig.pol
for users and/or machines and different folders
study google and smb faqs how to use this
Regards

[EMAIL PROTECTED] schrieb:

Dear All,
   I want to enable Offline Files support on several Win2K SP4 laptops.  We
have a samba file server.  I have researched as much as I could to get
answers and here is what I have.  I am unfortunately unable to get this
working properly.  If anyone can answer or point me in to a good resource,
I would greatly appreciate that. I am attempting to offline profile
directories mapped to network drive letter X:.  Here is my config for the
profiles share:
-
[Profiles]
 comment = Shared User Profiles
 path = /home
 invalid users = nobody, guest
 create mask = 0600
 directory mask = 0700
 map acl inherit = Yes
 case sensitive = Yes
 hide special files = Yes
 store dos attributes = Yes
 csc policy = documents
 dos filemode = Yes
 dos filetime resolution = Yes
-

I get an error similar to the following for every file that I try to make
available offline:
 Could not make 'somthing.doc' available offline. The specified file can
not be found.

If I create a new file, it appears as available offine, but I can neither
delete nor rename it.
At that point I usually start to get an Access Denied error on the entire
shared drive and am forced to restart.

The share is stored on a RHEL 3 server running Samba 3.0.9-1.3E.5 with an
EXT3 file system with ACL support enabled.
I have also included my global configuration at the bottom of this email.

Here is my test procedure.
  -I make a share available offline.
  -It synchronizes showing all current files as Unable to make 'file.txt'
available offine on '\\server_b\profiles\testuser\My Documents'. The system
cannot find the file specified.
  -I create new files in the folder while online.  They appear oplocked in
samba status:
  DENY_NONE RDWR  EXCLUSIVE+BATCH  /home/testuser/My Documents/New Text
Document.txt
  -I attempt to give the file a name. This results in X:\My Documents
folder does not exist.  Do you want to create it?
  -The oplock is removed.
  -If I edit the file and attempt to save changes, I get This file exists
with Read Only attributes. Please use a different name.
  -If I then name the file something else, the file is created on the
windows side and appears offline available. The file appears on the samba
server also.
  -If I try to save this file again, I repeat the This file exists with
Read Only attributes... situation from above.
  -Now, if I take the computer offline by disconnecting the NIC... all
files behave normally.
  -After reconnecting, all files that were changed on windows while offline
are synced to the samba server.

Could this have something to do with case sensitivity or such?

ANY help is greatly appreciated.
Thanks!  -Cheers, Peter.


[global]
  workgroup = EXAMPLE
  realm = EXAMPLE.COM
  server string = File Server [ServerB] (Samba %v)
  security = ADS
  password server = SERVERA
  username level = 5
  log level = 1
  log file = /var/log/samba/%m
  max xmit = 65535
  name resolve order = host wins bcast
  socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536
IPTOS_LOWDELAY
  load printers = No
  logon script = \\servera\netlogon\logon.bat
  logon drive = X:
  logon home = \\SERVERB\Profiles\%U
  lm announce = No
  preferred master = No
  local master = No
  domain master = No
  wins server = 10.0.2.1
  lock spin count = 30
  lock spin time = 15
  ldap ssl = no
  idmap uid = 1000-2000
  idmap gid = 1000-2000
  template primary group = @
  template homedir = /home/%U
  template shell = /bin/bash
  winbind separator = +
  winbind cache time = 10
  winbind use default domain = Yes
  winbind nested groups = Yes
  printer admin = jdoe
  read only = No
  create mask = 0660
  directory mask = 0770
  inherit permissions = Yes
  inherit acls = Yes
  delete veto files = Yes
  veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/
  veto oplock files = /*.sem/*.qbw/*.mdb/*.nsf/*.log/*.id/*.ini/
  csc policy = disable
  strict locking = No

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [Repost] Offline Files No Go

2006-03-02 Thread Robert Schetterer


hi, sorry that i wrote this like missunderstanding,
what i mean you can fully control offline file/directory behavior
with NTconfig.pol for user ,groups ,client machines
so this is the tool/function you need
i use it to disable offline files on workstations and have it possible
with laptop with different samba shares.
there are a lot of ohter features possible, so exclude filestypes etc..
Regards
[EMAIL PROTECTED] schrieb:

Robert,
   I don't want to disable this... I want to make it work.  That is what I
am looking for help with.
Thanks. -Cheers, Peter.



 In specification, Murphy's
Law supersedes Ohm's Law.
   --Unknown



   
 Robert Schetterer 
 [EMAIL PROTECTED] 
 r.org To 
   [EMAIL PROTECTED] 
 02.03.2006 04:09   cc 
   samba@lists.samba.org   
   Subject 
   Re: [Samba] [Repost] Offline Files  
   No Go   
   
   
   
   
   
   





Hi,
yo can do disabling offline features via NTconfig.pol.
for users and/or machines and different folders
study google and smb faqs how to use this
Regards

[EMAIL PROTECTED] schrieb:

Dear All,
   I want to enable Offline Files support on several Win2K SP4 laptops.

We

have a samba file server.  I have researched as much as I could to get
answers and here is what I have.  I am unfortunately unable to get this
working properly.  If anyone can answer or point me in to a good

resource,

I would greatly appreciate that. I am attempting to offline profile
directories mapped to network drive letter X:.  Here is my config for the
profiles share:
-
[Profiles]
 comment = Shared User Profiles
 path = /home
 invalid users = nobody, guest
 create mask = 0600
 directory mask = 0700
 map acl inherit = Yes
 case sensitive = Yes
 hide special files = Yes
 store dos attributes = Yes
 csc policy = documents
 dos filemode = Yes
 dos filetime resolution = Yes
-

I get an error similar to the following for every file that I try to make
available offline:
 Could not make 'somthing.doc' available offline. The specified file can
not be found.

If I create a new file, it appears as available offine, but I can neither
delete nor rename it.
At that point I usually start to get an Access Denied error on the entire
shared drive and am forced to restart.

The share is stored on a RHEL 3 server running Samba 3.0.9-1.3E.5 with an
EXT3 file system with ACL support enabled.
I have also included my global configuration at the bottom of this email.

Here is my test procedure.
  -I make a share available offline.
  -It synchronizes showing all current files as Unable to make

'file.txt'

available offine on '\\server_b\profiles\testuser\My Documents'. The

system

cannot find the file specified.
  -I create new files in the folder while online.  They appear oplocked

in

samba status:
  DENY_NONE RDWR  EXCLUSIVE+BATCH  /home/testuser/My Documents/New

Text

Document.txt
  -I attempt to give the file a name. This results in X:\My Documents
folder does not exist.  Do you want to create it?
  -The oplock is removed.
  -If I edit the file and attempt to save changes, I get This file

exists

with Read Only attributes. Please use a different name.
  -If I then name the file something else, the file is created on the
windows side and appears offline available. The file appears on the samba
server also.
  -If I try to save this file again, I repeat the This file exists with
Read Only attributes... situation from above.
  -Now, if I take the computer offline by disconnecting the NIC... all
files behave normally.
  -After reconnecting, all files that were changed on windows while

offline

are synced to the samba server.

Could this have something to do with case sensitivity or such?

ANY help is greatly appreciated.
Thanks!  -Cheers, Peter.


[global]
  workgroup = EXAMPLE
  realm = EXAMPLE.COM
  server string = File Server [ServerB] (Samba %v)
  security = ADS
  password server

Re: [Samba] SAMBA WINS

2006-02-28 Thread Robert Schetterer


Travis Bullock schrieb:

Is Samba still unable to replicate WINS information? I have a Samba WINS
server in place now at Location A. I am establishing Location B which will
connect to Location A via OpenVPN behind a IPCop box.  I would like to place
a Samba WINS server in Location B so that client WINS traffic will not
travel across the VPN, however I am unsure if Samba's inability to replicate
WINS has since been changed.

 


Cheers,

 


Travis

  

hi,
a wins replicate daemon has been released by sernet the german host of 
samba, catch it there compile and test ( it worked for me with suse 10 )
but if you use openvpn with a direct vpn tap connect between 2 sambas 
only the right configs where needed in my setup,
you can start samba with tap devices so they should find each with 
broadcast on the same net or with pointing browsing entries

in smb.conf to oneanother
for sure this connect where long times vpn connects
Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] domain user notifications?

2006-02-24 Thread Robert Schetterer


why not looking smb faqs, there is much info and examples about that

Mark Rutherford schrieb:
Is there a method of notifying users of a domain about a server or print 
queue reboot/shutdown/maintenance/problem?
Our old Netware servers used to do this, and everyone seems to rely on 
the fact that they will be told they have X minutes

remaining on a power failure, ect.

Ideas on this anyone?



--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Backup Servers

2006-02-24 Thread Robert Schetterer


Hi Ian,
the nt 4 domain schema ( which is valid for samba )
resides in a pdc and bdcs ( this is done via ldap replication with samba 
), so if the pdc istn allive the bdc will you give auth for logon with a 
windows client.
The problem is ,a users home or/and roam profile can only be hosted on 
one place, so if the server ( smb pdc, bdc,nas whatever) which is 
hosting the
homes and profiles, is down, there is no chance to get home and/or 
profile at logon,cause this is a unique entry in ldap.

So a real backupserver on the fly is not possible with nt4,
in case the pdc is not longer online the bdc must be upgraded to pdc
and/or the home/profile files must be copied with all user permissions 
to i.e the new pdc ( i.e. upgraded from bdc, or other online smb/cifs 
machines ) and the entries of the users homes/profiles must be changed 
to point there.
for shure you can use rsync ( or equals) to have files/profiles/homes 
synced with your pdc so you would have them online in case of failures.
I guess this will be better with samba 4 as it acts as ad controller ( 
but i am not sure),
but for now i see no cheap solution which makes which makes it 
possible to have backup servers full functionally without any admin 
intervention in case of failures.

I maybe fail , but in this case Jerry will have the right stuff
for you , i never used this  patch because i see no real sense in it,
having pdc and bdc rightly configured.
Best Regards



Ian Barnes schrieb:

Hi,

 


I am using a patch that Jerry wrote that will auto discover any secondary
servers on your network and if the one its joined to dies, it will join
another one. That's fine, I can join and everything works fine, until I
unplug the server im joined to. It takes a few minutes to kill over, and
once its detected that its dead, it swaps over and I get this if I then try
wbinfo -a username%pass:

 


plaintext password authentication failed

error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc18b)

error messsage was: No trusted SAM account

Could not authenticate user Administrator%password with plaintext password

challenge/response password authentication failed

error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc18b)

error messsage was: No trusted SAM account

Could not authenticate user Administrator with challenge/response

 


Any ideas as to why this happens when it fails over? I can logon to both
servers individually and everything works fine if they are both up, only if
one dies, does this happen.

 


Thanks

Ian

 

 



--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Outlook path to pst file is lost when using roaming profiles

2006-02-21 Thread Robert Schetterer


Hi,
i have all kind of versions of outlook ( 2000/xp/2003) running with 
roaming profiles and samba pdc and i dont have any problem loosing the 
pst path, on win 2000/xp, perhaps this was a bug from outlook configured
using with imap, check about that, note that every outlook patchlevel 
behaves different, so check the outlook patch level too.

I dont recommend setting regs , for the default pst i think it is better
to use a adm/ntconfig.pol
Regards


Douglas Phillipson schrieb:
Is nobody else losing their Outlook profile/path to pst when using 
roaming profiles?


Doug P

Douglas Phillipson wrote:
We are having a problem getting the path to the Outlook PST file to 
move from machine to machine using roaming profiles (Samba 3.0.10 on 
RHEL 4).  When a user logs off on one machine and logs on to another, 
the outlook path to the PST file is gone.  I found this message in the 
archive back in 2002 but I see no resolution for it:


http://lists.samba.org/archive/samba/2002-July/047507.html

Here is the text from that post:

Does anybody know how to manage roaming profiles with outlook 2002 ? I
have XP boxes with roaming profiles and all work fine. The only problem
is that
XP doesn´t export the path where outlook stores ist .pst file. This is
not the problem for the .pst file where outlook stores contacts and so.
The path of the normal pst is on a network drive.  But I have an IMAP
mail account for every user and if you configure outlook for imap it
creates another .pst file under the normal path ...Local
Settings../outlook/
I am not able to store this file under a different path e.g. a network
drive. I think that there are 2 ways for my problem:

1.) show outlook the path to a network drive for the imap pst as I did
it for the normal pst -- I don´t know how

2.) export the whole outlook path under local settings --

It works, but not for a long time:

After you create an outlook account for the first time, outlook adds a
registry entry under

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
-- ExcludeProfileDirs

In this entry you can add directories of the roaming profile not to
export. -- because of that, the outlook pst would not exported with the
roaming profile. If I delete this entry on all workstations under the
default and the user profile of the registry it works for some time.
But after some time, I don´t know why the entry is back in the registry
to not export the outlook folder.

Does anybody have an idea ?

Regards sven

Has anybody else seen this problem or found a resolution?

Thanks

Doug P


--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3 + Exchange 5.5

2006-02-20 Thread Robert Schetterer


Lars Boegild Thomsen schrieb:
Hi Everybody, 


I've been asked to upgrade an old NT4 server with a new server running
Debian/Samba.  I've got no problem with migrating the old server, but I do
have one unknown.  The company mail run on an Exchange server that is
most likely part of the NT4 network.  Has anybody tried this setup?  I did
look in documentation and google and found precious little - which to me
indicates that it might not be a problem at all (or nobody is running
Exchange).
  

you should have no problem with samba 3  and exchange 5.5

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question about policies [OT?]

2006-02-20 Thread Robert Schetterer


Koenraad Lelong schrieb:

Amit Sharma schreef:

Yea, that is possible.

First of all find the registry hive/key over any of your XP client, 
which controlls the 'firewall'  then create a new custom ADM file to 
provide you the power to control the firewall settings from policy 
editor (search google for how to create custom adm files ~~ 
http://www.google.co.in/search?hl=enq=how+to+create+adm+filesbtnG=Google+Searchmeta=). 



Now import your first customised ADM file in policy editor  then 
disable firewall from there. Save all your changes to a filename as 
NTCONFIG.POL. Place it in your netlogon share  its all done.

Let your XP clients log off n log on for changes to take effect.

With the same way you can control any registry setting. But make sure 
you revert back the setting in policy editor to get that effect off 
from clients as these changes are tattooed to your box  need to 
revert back precisely for reverse effect.


Regards
Amit..


Thanks (also Tomasz Chmielewski). I'm going to try these (with caution 
;-)).

Regards,
Koenraad Lelong.

you can use i.e. reg2adm  tool to do such jobs

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Samba 3 + Exchange 5.5

2006-02-20 Thread Robert Schetterer


Lars Boegild Thomsen schrieb:

Robert Schetterer wrote:

  

Lars Boegild Thomsen schrieb:


have one unknown.  The company mail run on an Exchange server that is
most likely part of the NT4 network.  Has anybody tried this setup?  I
did look in documentation and google and found precious little - which to
me indicates that it might not be a problem at all (or nobody is running
Exchange).
  

you should have no problem with samba 3  and exchange 5.5



It should be noted that I have absolutely zero experience with Exchange. 
Would it be possible to configure this setup so Exchange automatically

create email accounts to valid and active users in the network - or would
they have to be manually created on the Exchange server.

  

If you have no

experience

 with exchange you shouldnt touch or use it ( my opinion ), samba is 
accting as nt4 server , so if you migrate the accounts
from the old nt server to samba in the right way ( see samba migration 
faqs ) you should not go into trouble with exchange

and all stuff would work as before
Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] recycle:exclude

2006-02-14 Thread Robert Schetterer


Franz Strebel schrieb:

Hello,

The recycle bin vfs module is working with samba 3.0.21b
as it does move deleted files to the bin.  However, it seems
to ignore my settings in the exclude parameter.  Any ideas?
This is the relevant line in my smb.conf:

  recycle:exclude = *.tmp,*.temp,~$*,*.$$$,*.ldb

Thanks in advance for any help.

Regards,
Franz
  

Hi Franz on suse system this syntax works

  recycle:repository = Papierkorb/
  recycle:keeptree = yes
  recycle:versions = yes
  recycle:touch = yes
  recycle:exclude = ?~$*,~$*,*.tmp,index*.pl,index*.htm*,*.temp,*.TMP
  recycle:exclude_dir=  /tmp,/temp,/cache
  recycle:noversions = *.doc,*.xls,*.ppt

Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] New 3.0.21b-1 Samba does not respect system Groups

2006-02-13 Thread Robert Schetterer


Hi, at default smb does not honor linux groups,
use ldap , map your systemgroup via the net command to a smb group
read the smb faqs to this
Regards

Siju George schrieb:

Hi all,

I am running

ii  samba  3.0.21b-1  a LanManager-like file and printer server fo
ii  samba-common   3.0.21b-1  Samba common files used by both the server a

on Debian 3.1 (Sarge) Linux  2.6.8-2-386 #1 Thu May 19 17:40:50 JST
2005 i686 GNU/Linux

I have noticed that the Samba software does not recognize newly
created groups with the groupadd commands. I'll demonstrate the
following.

I am running the Samba Server with

security = user

I have a share defined like this

[grtest]
comment = Intersight Website
path = /var/www/grtest
read only = no
read list = @phpprogrammers
valid users = @grtest
force group = grtest
force create mode = 0775
force directory mode = 0775

The Unix permissions for this folder is

# ls -l /var/www |grep grtest
drwxrwxr-x   2 root grtest48 2006-02-13 14:27 grtest

The members of the group grtest are

# cat /etc/group |grep grtest
grtest:x:1029:administrator

The group was created using the groupadd command.

Now the Samba user administrator has the same password as the user
administrator on the Windows 2003 Small business server I am
sitting.

When I try to access the [grtest] share from the Win2k3 SBS I am asked
for a user name and password for which I enter

sambaworkgroup\administrator

and password

But I am not able to connect.

But if I just change the Share description to have valid users set to
any group that was created earlier I can access the share with no
problems. I'll demonstrate it again

The group

# cat /etc/group |grep maverick
maverick:x:1004:administrator,mvarghese

was create long back.
And If I put that group in the valid users list as shown below

[grtest]
comment = Intersight Website
path = /var/www/grtest
read only = no
read list = @phpprogrammers
valid users = @maverick
force group = grtest
force create mode = 0775
force directory mode = 0775

and restart the Samba Server, I can go to the Win2k3 SBS and click on
the share and I can access the share without giving a user name and
password. ( Password for administrator is same on both Systems)

I found that this problem is only for Groups created recently and not
for groups created earlier.

I find it really puzzling :-(

Could Someone please explain what could have gone wrong?

Thankyou so much

Kind Regards

Siju


--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Profiles on different network?

2006-02-08 Thread Robert Schetterer

Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba RPM packages for all SuSE Linux products

2006-01-31 Thread Robert Schetterer


Lars Müller schrieb:

On Mon, Jan 30, 2006 at 08:33:50PM -0600, Gerald Carter wrote:
[snip]
  

Binary packages are available at

http://download.samba.org/samba/ftp/Binary_Packages/



RPM packages of Samba 3.0.21b for all SuSE Linux products are available
at ftp://ftp.SuSE.com/pub/projects/samba/3.0/ or
http://ftp.SuSE.com/pub/projects/samba/3.0/

Currently there are packages for SuSE Linux (x86 and x86_64) 9.1, 9.2,
9.3, 10.0, UnitedLinux 1/ SuSE Linux Enterprise Server (SLES) 8, SLES 9,
and factory (= the currently developed product).

Packages for ppc are only available for 10.0, SLES 8, SLES 9, and
factory as there are no other SuSE Linux product of this architecture.

Please inform us if you have different architectures (ia64, s390) and
like to see Samba RPM packages for these too.

The same packages are also available at
http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/

Please use a mirror close to your site.  A list of Samba.org mirrors is
available at http://Samba.org/  There choose a mirror at the right top
of the page.

There are also a bunch of SuSE mirrors.  A list of international mirror
sites is at
http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html
A list of mirrors in Germany is at
http://www.novell.com/products/suselinux/downloads/ftp/germ_mirrors.html

If you encounter any problem with these packages please don't blame the
Samba Team.  Instead file a bug to https://bugzilla.Samba.org/, pick
product Samba 3.0, then select 'component' Packaging and set 'assign to'
to lmuelle at suse dot de.  Or use http://bugzilla.Novell.com instead.

Our customers, our products, our responsibility.

Have a lot of fun...

Lars
  

hi Lars,
thx again for this fast work
Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] test ignore

2006-01-26 Thread Robert Schetterer



--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: SUSE 10.0 and firewall

2006-01-20 Thread Robert Schetterer


Oygle schrieb:

Hi Robert,

On Thu, 19 Jan 2006 15:11:05 +0100, Robert Schetterer
[EMAIL PROTECTED] wrote:

  

no the log are in /var/log/firewall and/or in /var/log/messages



Okay, found both of those, lots of info in the files, but I wouldn't
know what to look for.  :)

  

but a tcpdump -i eth0 will show you better results in realtime



There was no tcpdump, then I realised it had to be installed, then ran
it, and tried to browse the 'windows network' and got an error message
about not being able to find a workgroup, and something about possible
firewall settings ??

I think I will read up on some of those docs that were mentioned, and
redo the setup for both the Samba client and server.

What I can't seem to understand is that Firefox has no problems doing
this:

smb://ipaddress.of.XP.box

and I can see/browse all the shares on the XP box, but ANY sort of
'file browser' (Konqueror, Nautilis,etc) cannot 'see' the XP
workgroup, let alone the shares.

There are no firewall messages on the XP box, when I'm trying to use
those file browsers from Linux.

As I'm going to set it all up as per those docs, one question .,
should I enable or disable simple file sharing on the XP computer
and the Linux computer.  As I'm the only person using both of the
computers, it seems unecessary to force a login to the XP box (which
is what happens if I enable simple file sharing on XP).

Thanks,

Oygle


  

Hi

Oygle

simple file sharing is a thing from windows not known to linux, and it 
only relates to that  win client where you enable it. ( so it doesnt 
matter if you do so ,or not for samba )
samba knows a security level which is named share which is something 
equal, read the smb faqs to that.
Wins browsing stuff will work fine if  you  let act  samba as wins 
server ( there  should be only one in the network )
and give the ip of the wins ( samba server ) to the win client in the 
properties of tcp by your windows client nic.
A internal name server ( bind 9 ) is pretty good to have too. ( wich can 
dynamicly updated by the client machines ), so this can act as fallback 
to wins.
You can easily manage this stuff having a dhcp server on the linux 
machine bound to the intranet nic, and tell all windows clients
to use dhcp this makes sure that all machines get the right win server 
entry, and the router ip , domainname , name server etc.
All that stuff is written in the samba faq with good examples , or just 
buy the book written by Andrew.
for now try this on the explorer of the win client \\ip.of..smb.ser.ver 
( for sure you need numbers here ) this should show you shares on the 
samba server

anyway. ( just for test )
Best Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SUSE 10.0 and firewall


Hi,
normally a samba server should stand behind a firewall, so you dont need 
 a firewall turned on until you dont expect attacks from inside your 
intranet.

In case your samba is running on the firewall machine itself, use the
suse firewall model with external dmz and internal zone with yast.
You can have more advanced firewall features with editing the firewall 
stuff in  /etc/sysconfig/SuSEfirewall2 and restart rcSuSEfirewall2

so read the faqs about suse firewall and yast.
Note, that every distro Firewall ( kernel 2.4 2.6 ) is based
on iptabels, so yast or else are only interfaces to make users happy
with iptables.
So you dont need the susefirewall, you can use either an other iptables 
interface like i.e. shorewall ore else or write your own script.

There are many examples online for iptables.
Best Regards

Oygle schrieb:

Using Samba 9client and serve) installed on a SUSE Linux, version 10.0

I have read various Samba documents, and it appears that to use samba
from a Linux box, I need to first turn off the firewall, use samba,
then turn the firewall on again.

Is this just a SUSE thing, or is it a Samba problem in general ?

Oygle




--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: SUSE 10.0 and firewall


Hi,
if both samba and windows are behind a firewall , you dont need any 
firewall working on samba and windows machine if you trust your intranet

otherwise you have to open the smb/cifs ports as minimum

here is typical drop table for iptables
#drops
#block smb from outside
/usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 135:139 -j DROP
/usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 445 -j DROP
/usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 135:139 -j DROP
/usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 445 -j DROP

so open udp/tcp 135-139 and 445 should do the samba jobs working

Regards

Oygle schrieb:

Hi Robert,

The Samba computer, and the Win XP computer that are on the LAN, both
sit behind a firewall.

So, it sounds like I don't need to have the firewall active at all on
the Linux box. I guess because I have always had a firewall on any Win
boxes (acting as an 'application' firewall, to enable/disable requests
going out from various software), that I just followed that pattern
and setup the firewall on the Linux box.

(Sometimes even Firefox goes to sites like newsrss.bbc.co.uk, and I
block that from the Win firewall, ... it just eats up bandwidth
otherwise).

So, as long as it is safe to disable the firewall completely, if that
will fix the Samba problem, then that's okay. (Still it must just be a
port that Samba needs to have open ?? ).

Thanks for your help,

Oygle




--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: SUSE 10.0 and firewall


no the log are in /var/log/firewall and/or in /var/log/messages

but a tcpdump -i eth0 will show you better results in realtime

Oygle schrieb:

Thanks Ryan, I will read up on those documents you mentioned.
Regarding NETBIOS, I can see the Linux assigned NETBIOS name appear on
the XP computer, but try to open it, the password windows opens, and
no amount of trying diff. passwords will work.

I would like to examine the firewall logs at the time that an attempt
is made to connect from XP. I assume the logs reside at

/etc/sysconfig/SUSEfirewall2/

Hmm, being a noob to Linux I'm not sure, maybe more like the /usr/
path ?

Thanks,

Oygle




--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: SUSE 10.0 and firewall


/etc/sysconfig/SuSEfirewall2
FW_SERVICES_INT_TCP=135 136 137 138 139 445
FW_SERVICES_INT_UDP=135 136 137 138 139 445
may fix the stuff
but untested cause i wrote my ow firewall scripts

Robert Schetterer schrieb:

Hi,
if both samba and windows are behind a firewall , you dont need any 
firewall working on samba and windows machine if you trust your intranet

otherwise you have to open the smb/cifs ports as minimum

here is typical drop table for iptables
#drops
#block smb from outside
/usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 135:139 -j DROP
/usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 445 -j DROP
/usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 135:139 -j DROP
/usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 445 -j DROP

so open udp/tcp 135-139 and 445 should do the samba jobs working

Regards

Oygle schrieb:

Hi Robert,

The Samba computer, and the Win XP computer that are on the LAN, both
sit behind a firewall.

So, it sounds like I don't need to have the firewall active at all on
the Linux box. I guess because I have always had a firewall on any Win
boxes (acting as an 'application' firewall, to enable/disable requests
going out from various software), that I just followed that pattern
and setup the firewall on the Linux box.

(Sometimes even Firefox goes to sites like newsrss.bbc.co.uk, and I
block that from the Win firewall, ... it just eats up bandwidth
otherwise).

So, as long as it is safe to disable the firewall completely, if that
will fix the Samba problem, then that's okay. (Still it must just be a
port that Samba needs to have open ?? ).

Thanks for your help,

Oygle






--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Patching XP clients on Samba PDC

2006-01-18 Thread Robert Schetterer


Hi,
so you wanna have a internal windows update server?
This is called sus or now wus, the pack can be free downloaded at ms.
Normally you need iis on a win server running this.
But the sus pack can be modified and will installed and run on a 
win2000/xp workstation, giving the win clients a entry in .pol pointing 
to it.

Configure sus to look for downloads every day.
the sus server must stay alive most time , this would work with a vmware 
or bochs setup too.

This is the normal windows way for updates.
There are other more linux related project that will do equal,
like unattend, or wkpg in sourceforge.( which will deploy other software 
too.)
you can find some wget batch scripts at the german magazine ct, or in 
the wild that should do jobs like patching too. ( but they need to be 
modified every time a new update comes up )
There is a way that configure a squid proxy so that updates stay in the 
cache if one client machine has fetched it.

i would preffer using iis and sus on linux with wine, but i didnt find
any doku that says iis with wine is possible.
in the near future xen should be able to setup a win machine on a linux 
host which i would prefer to vmware ( payware ).
At last the whole update procedure for windows is terrible in comparing 
it with linux stuff like you apt yum

Best Regards
--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

Does anyone have a good suggestion for patching XP clients on a Samba
PDC domain? I've tried using autoit and sysinternal's psexec to write
a script to do this but this doesn't work well because the computer
has to be active and our machines lock the machine if it's not active
in 15 minutes.

I hate having to log onto every machine every time another ms patch is
released. Any suggestions or thoughts on the matter would be
greatly appreciated.

- --
Glen Smith
Technology Development  Administration
D. Miller  Associates P.L.L.C.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDzaEJ/sRktXv59fkRAoMDAKC8faxJlj+RLdUm5eKUR+89l+e7OQCglXaG
6BDb9GeE/v1i3qa26FgZAKc=
=RSdb
-END PGP SIGNATURE-

-- To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deployment of software

2006-01-18 Thread Robert Schetterer


Hi Martin,
i use a tool which is named reexec
http://www.veloci.dk/index.asp?visnu=reexec/reexec.htm
if you integrate this in a computername.bat ( netlogon script ) and 
build software packs which silent installs reexec will deploy the pack 
out of the batch,

you can also use it later from a windows client
it needs no heavy batch coding and is very handy for smaller networks
it freeware, i just tested it with the new thunderbird release
Regards

Martin Miethe schrieb:

I have Samba and about 40 WinXP Clientes running.
Now I´m trying to find a way to deploy software (for example
updates of E-Mail Client, Windows Patches) to my Clients.
I was playing around with AutoIt and some switch-user-tools for 
windows, which really works but also is kind of complicated and time 
consuming.


In my environment, every user got his own Logonscript on the Linuxserver 
where I place the call for an installation (for ex Thunderbird update). 
If the installation on the client succeeded, I need a feedback signal 
from the user (e-mail, phone call...) that the script ran properly and I 
can remove the call in this script.
I could also use one Logonscript for all users and turn on machines by 
myself in the morning if a certain user is not in the office.

But all this does not seem to be the best way for me.
I´m really interested if there is another possibility to achieve this 
more efficiently without buying an expensive deployment software for 
Windows Server or something like that.

So far I did not have a closer look at unattended.sourceforge.net, maybe
someone has experience with that.
Thanks a lot
regards



--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba RPM packages for all SuSE Linux products

2006-01-02 Thread Robert Schetterer


Hello Lars,
thx for your hard work , and a happy new Year
Regards

Lars Müller schrieb:

Hello,

On Thu, Dec 29, 2005 at 09:44:42PM -0600, Gerald Carter wrote:
[snip]

Binary packages are available at

http://download.samba.org/samba/ftp/Binary_Packages/


RPM packages of Samba 3.0.21a for all SuSE Linux products are available
at ftp://ftp.SuSE.com/pub/projects/samba/3.0/ or
http://ftp.SuSE.com/pub/projects/samba/3.0/

Currently there are packages for SuSE Linux (ppc, x86, and x86_64) 9.0,
9.1, 9.2, 9.3, 10.0, UnitedLinux 1/ SuSE Linux Enterprise Server (SLES)
8, and SLES 9.

Packages for ppc are only available for 10.0, SLES 8 and 9 as there are
no other SuSE Linux product of this architecture.

If requested by our users we'll provide packages for the s390 and ia64
architectures too.

The same packages are also available at
http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/

Please use a mirror close to your site.  A list of Samba.org mirrors is
available at http://Samba.org/  There choose a mirror at the right top
of the page.

There are also a bunch of SuSE mirrors.  A list of international mirrors
sites is at
http://www.Novell.com/products/linuxprofessional/downloads/ftp/int_mirrors.html
A list of mirrors in Germany is at
http://www.novell.com/products/linuxprofessional/downloads/ftp/germ_mirrors.html

If you encounter any problem with these packages please don't blame the
Samba Team.  Instead file a bug to https://bugzilla.Samba.org/, pick
product Samba 3.0, then select 'component' Packaging and set 'assign to'
to lmuelle at suse dot de.  Or use http://bugzilla.Novell.com instead.

Our customers, our products, our responsibility.

Have a lot of fun...

Lars



--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.21 Available for Download


Hi Jerry ,
are there any special config parameters needed ( in smb.conf)
for this feature

o The capability to manage Unix services using the Win32
   Service Control API.
Best Regards

and merry x-mas

Gerald (Jerry) Carter schrieb:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

===
Done with Fish.
   -- John Laroche (Adaptation)
===
Release Announcements
=

This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all current
bug-fixes.  Please read the following important changes in this
release.

Common bugs fixed in 3.0.21 include:

 o Missing groups in a user's token when logging in via kerberos
 o Incompatibilities with newer MS Windows hotfixes and
   embedded OS platforms
 o Portability and crash bugs.
 o Performance issues in winbindd.

New features introduced in Samba 3.0.21 include:

 o Complete NTLMv2 support by consolidating authentication
   mechanism used at the CIFS and RPC layers.
 o The capability to manage Unix services using the Win32
   Service Control API.
 o The capability to view external Unix log files via the
   Microsoft Event Viewer.
 o New libmsrpc share library for application developers.
 o Rewrite of CIFS oplock implementation.
 o Performance Counter external daemon.
 o Winbindd auto-detection query methods when communicating with
   a domain controller.
 o The ability to enumerate long share names in libsmbclient
   applications.


Download Details


The uncompressed tarball and patch files have been signed
using GnuPG (ID 157BC95E).  The source code can be
downloaded from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/history/samba-3.0.21.html

Binary packages are available at

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

--Enjoy
The Samba Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDqG1WIR7qMdg1EfYRArtBAJ9n8jKA3CfrHOEqJETi8ljVqNRumQCdGkX5
vSj04v58QT0zsSNhKm4Obok=
=9JAS
-END PGP SIGNATURE-
 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.21 Available for Download


Dennis B. Hopp schrieb:


Robert Schetterer wrote:


Hi Jerry ,
are there any special config parameters needed ( in smb.conf)
for this feature

o The capability to manage Unix services using the Win32
   Service Control API.
Best Regards

and merry x-mas




Yes you have to tell samba which services you want to make available 
and how to do the necessary actions (start, stop, restart, etc.).  I 
believe the option you want is svcctl list


In smb.conf you do:

svcctl list = postfix httpd 

Then create a svcctl directory in samba's $(libdir) and inside there 
you create symbolic links to the necessary init scripts (you could 
make it a symbolic link to anything really, just as long as wherever 
you make the link to knows how to do the actions).


--Dennis


Hi,
thx for the Info, is it allready in the current faqs?
Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.21 Available for Download


Dennis B. Hopp schrieb:


Robert Schetterer wrote:


Dennis B. Hopp schrieb:


Robert Schetterer wrote:


Hi Jerry ,
are there any special config parameters needed ( in smb.conf)
for this feature

o The capability to manage Unix services using the Win32
   Service Control API.
Best Regards

and merry x-mas






Yes you have to tell samba which services you want to make available 
and how to do the necessary actions (start, stop, restart, etc.).  I 
believe the option you want is svcctl list


In smb.conf you do:

svcctl list = postfix httpd 

Then create a svcctl directory in samba's $(libdir) and inside there 
you create symbolic links to the necessary init scripts (you could 
make it a symbolic link to anything really, just as long as wherever 
you make the link to knows how to do the actions).


--Dennis


Hi,
thx for the Info, is it allready in the current faqs?
Regards



The man page on samba.org ( 
http://us5.samba.org/samba/docs/man/manpages-3/smb.conf.5.html ) is 
already update so I imagine the one in the release download is.


--Dennis


Wow i see just another killing feature which i will test soon
but i am not clear what $(libdir) means , does it mean i.e 
/var/lib/samba ( usally the standart path for profiles etc ) ?

Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.21 Available for Download


Gerald (Jerry) Carter schrieb:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Robert Schetterer wrote:

 


Wow i see just another killing feature which i will test soon
but i am not clear what $(libdir) means , does it mean i.e
/var/lib/samba ( usally the standart path for profiles etc ) ?
Regards
   



No.  That's the $(lockdir).  Run `smbd -b | grep -i LIBDIR` to find
$(libdir) for your installation.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
Centeris ---  http://www.centeris.com
There's an anonymous coward in all of us.   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDqWF2IR7qMdg1EfYRAvAZAJ9bCy0J8Dor4xdOUeAQlz54OkI0AwCdHYV0
cmxc/zNPqK6z7K/t+TU72EE=
=SLrY
-END PGP SIGNATURE-

 


Hi,
works ( path for suse 9.3)
pdc:~ # smbd -b | grep -i LIBDIR
  LIBDIR: /usr/lib/samba
pdc:~ #
thx to make all this stuff clear
Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba related Student Project

2005-12-03 Thread Robert Schetterer


Hi Hisain,
youre welcome, but equal stuff allready exists , do a search at 
freshmeat, smbpasswd is nearly outdated, perhaps you try to do some 
other stuff which is leaking

i.e. a webbased logging tool to the audit vfs modul
Best Regards
Hisain Elshaafi schrieb:

Hi all



I am doing a final year project which is to develop a web-based
application that allows accessing a samba PDC through a browser.  The
application is to allow an administrator to modify computer and user
accounts in smbpasswd file and allow access to smb.conf.  I am seeking
help from you if you know an application like that already exist so that I
can benefit from it.  Note that I use java servlets to develop this
application

thanks







Hisain Elshaafi








--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NT clients syncronyzing in a Samba PDC Domain

2005-11-30 Thread Robert Schetterer


Joel Franco Guzmán schrieb:


No, i think...
The instalation is standard with classic components like Office, Outlook 
Express, etc..

The synchronizing window (at logoff) appears strongly be of Windows
environment.

Thank You,

 


Hi,
if redirected some folder ( ie eigene Dateien...in German. somting 
like own files in Englisch ) the default behavior for
win xp to sync this folder , this is different to win 2000  , win xp 
ignores the samba parameter not to do sync in this case, you can stop
this by setting this with either an adm group policy local on the 
winclient or ntconfig.pol ( netlogon share ) and poledit for the 
winclients computer name and a adm )
But other reasons for sync are possible too, but this one makes me 
really wonder cause this change from win 2000 to xp was not documented 
by m$ at my

knowledge
Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Guide, SuSe and Yast

2005-11-30 Thread Robert Schetterer


Olivier Thibaut schrieb:


Hi,

I'm using SuSe Linux Enterprise Server 9.
I've setup a Samba/LDAP solution according to ch5 of the Samba Guide.
It's working - that's great :-)

Now I'd like to know if anyone tried to manage the users database 
using tools provided by Yast.

Is there a risk to mess up everything ?
Did anyone try that before ?

Thanks for your help,

Olivier Thibaut.


hi,
you can edit a feww ldaps attributes ( like user home ) with yast but  i.e
edit Group names will fail ( i.e.yast ldap doesnt like whitespace in 
Group names ),
sometime the whole user getting to another place in the ldap tree after 
editing,

in different suse versions this behavior is different.
The reason is that yast ldap module is more orientated on suses thoughts 
from a ldap directory ( ldap yast layout follows  nearer to the ie. mail 
layout for ldap) .
So i advice you not to use yast for edit ldap if you populated the ldap 
tree from samba sources.
Better use a ldap editor which are either  on the suse distro ( linux ) 
itself or as freeware from a windows client, so there many ldap edit 
solutions at freshmeat.

Regards


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] test please ignore

2005-11-24 Thread Robert Schetterer


test please ignore

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NTConfig.POL not working for Win 2000 (for XP working fine)?

2005-11-20 Thread Robert Schetterer


Tomasz Chmielewski schrieb:

Robert Schetterer schrieb:

Tomasz Chmielewski schrieb:


Tomasz Chmielewski schrieb:

I'm just exploring the Profile Editor, described on 
http://www.pcc-services.com/custom_poledit.html - and policies 
saved to NTConfig.pol file and copied to the netlogon share work 
great for Windows XP machines.


However, with Windows 2000, they don't work at all. Winh XP 
machines - policies are applied.


I see in Samba logs that the NTConfig.pol is copied from the server 
to the w2k workstation, but it has no effect.


This Profile Editor is designed for Windows 2000, as it was shipped 
with w2k SP4, so I expected it will work with 2000.


Am I missing something?




I searched the internet, but no clue about the issue :(

In the event log it is as eventid: 1000, source: uservenv, and in 
the log itself it says something like (translated from German):


RegLoadKey aborted. Returned value False Parameter. for 
C:\Documents and Settings\Administrator.DOMAIN\prfCA.tmp


prfCA.tmp (and other such tmp files) are the exact copy of the 
NTConfig.POL that is saved in the netlogon directory.


I tried creating other NTConfig.POL files (with only basic setting 
like IE start site), but this message just shows all the time, and 
settings are not applied.


Any clue?

I use Windows 2000 SP4, and Samba 3.0.20.

Windows XP works fine with NTConfig.POL files and the same Samba.



this ist stuff need to be fixed in the profile share
should be like this
[profiles]
  path = /var/lib/samba/profiles
#   vfs objects = extd_audit
  read only = no
  create mask = 0755
  directory mask = 0755
  browseable = No
  guest ok = Yes
  profile acls = yes
  csc policy = disable
  force user = %U
  hide files = /desktop.ini/ntuser.ini/NTUSER.*/
  locking = No
  oplocks = False
  level2 oplocks = False
#  valid users = %U, @Domain Admins


why [profiles]?

as it's explained here: https://bugzilla.samba.org/show_bug.cgi?id=3042
one has to put this into [netlogon] share:

acl check permissions = no


hi,
C:\Documents and Settings\Administrator.DOMAIN\prfCA.tmp is in the users 
profile

and in know this behavior
and fixed it with this entries in profile share

my netlogon share is like this
[netlogon]
  path = /var/lib/samba/netlogon/
  vfs objects = vscan-clamav, extd_audit
  read only = no
  public = yes
  write list = @Domain Admins
  create mask = 0755
  directory mask = 0755
  browseable = No
  locking = No
  oplocks = False
  level2 oplocks = False

the prfCA.tmp always comes up for me when the win client crashes at 
backwriting ( power loss etc )
the profile to the server , after reboot this file has the wrong 
permissions an cant be loaded from the server profile

so a profile failure apears with this file.
I cant image what setting  acl check permissions = no  in the netlogon 
share should be involved to this failure

i only use server profile no caching on the clients , controlled by adms,
i dont wanna struggle with bugzilla but i see no relation to the 
netlogon share as it only a share for the scripts neeeded
at login time, but has nothing to do with C:\Documents and 
Settings\Administrator.DOMAIN\
which is always part of the profile, but after all setting the parameter 
acl check permissions = no mabe a good idea at all cause it will help 
against failures with acls in the netlogon and the profile share, 
perhaps John has som clearing words.
I guess setting create mask = 0755 directory mask = 0755 fixes this 
failure too, but that could a security lack at all, and will not like by 
some people or network setups.


Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple Login scripts


Paul Gienger schrieb:


jep it can be done , use ifmember.exe from the resource kit,
and install printers by group membership
like this

#defautllogin.bat
@echo off
ifmember /v /l YOURDOMAINNAME\teachers
if errorlevel 1 call teachers.bat

 

this is fine but for the fact that you need to install the 
ifmember.exe in
*all* the computers. We use the poorman's version of it which 
   



You could put this on a network share, which is either called via UNC
(speculation, don't know if this works) or you could map the drive before
running the ifmember tests.  There are no files requiring an install, just
the ifmember.exe.

 

for sure ifmember.exe must be sit in the netlogon share, i used simular 
setups in wide smb installs and it works like charme with multiple

funktions, its easy to setup as it only depends on bat coding.
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple Login scripts


José M. Fandiño schrieb:


Hello,

 


Just a quick question about login scripts for a large number of users who
change rooms a lot.

I have several rooms each with a printer, and nearly a thousand users divided
into two main groups - pupils and teachers who change rooms on a routine
basis. Is it possible to set up multiple login scripts that would be executed
in sequence i.e. run by user is %u, and machine is %m is it possible to say
run %u to set up shares followed by %m  to set up the right printers for the
room their in?
 



I have been using a lightly modified version of the perl logon
script in the samba contrib directory. Perhaps it can help you
with that.

The advantage of this script is that the secondary unix groups 
are automatically mapped to windows units (M:, J:, ...) based 
in their membership to those unix groups.


For you case simply add %m to the list of netlogon parameters
and write the desired configuration.

regards,

smb.conf:
=
[global]
logon script = %U.bat

[netlogon]
...
root preexec =  /usr/local/bin/logon.pl %U %G %L

//

logon.pl:
=
#!/usr/bin/perl
$usuario = $ARGV[0] ;
$grupoPrimario = $ARGV[1] ;
$servidor = $ARGV[2] ;

# log login activity
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
open LOG, /var/log/samba/netlogon.log;
print LOG $year/$mon/$mday $hour:$min:$sec;
print LOG  - User $ARGV[0] logged into $ARGV[1]\n;
close LOG;

# check the presence of a home directory
$idnum = (getpwnam ($usuario))[2];
$gidnum = (getpwnam ($usuario))[3];
$homedir = (getpwnam ($usuario))[7];
if ( ! -d $homedir) {
   mkdir(${homedir},0700) || die No pude crear $homedir: $!;
   chown($idnum , $gidnum , ${homedir} );
}

# Start generating logon script
open LOGON, /var/lib/samba/netlogon/${usuario.bat};
print LOGON [EMAIL PROTECTED] OFF\r\n;

# generic stuff.
print LOGON NET USE /persistent:no\r\n;
print LOGON NET TIME $servidor /set /yes \r\n;
print LOGON NET USE U: /HOME \r\n;
print LOGON NET USE F: $servidor\\publico   \r\n;


# specific user maps
if ($usuario eq jefazo)
{
   print LOGON NET USE z: $servidor\\CEO\r\n;
}

# primary group maps
if ($grupoPrimario eq informatic) {
print LOGON NET USE H: $servidor\\$grupoPrimario  \r\n;
}

# secondary group maps
while (($grupoSecundario, $passwd, $gid, $members) = getgrent) {
   if ( grep /\b$ARGV[0]\b/, $members )
   {
   if ( $grupoSecundario eq telefonia ) {
   print LOGON NET USE N: $servidor\\$grupoSecundario  \r\n;
   }
   }
}
close LOGON;

 

Hi this scripts are very usefull if you want things coming up on demand, 
but for every change this has to be rewritten, ifmember.exe
in an default logon.bat is more flexible as it is only one file in one 
place which has to be edited and it needs no prexec.
After all every win admin can rewrite it too, some of them hat deep 
problems with perl

Regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NTConfig.POL not working for Win 2000 (for XP working fine)?


Tomasz Chmielewski schrieb:


Tomasz Chmielewski schrieb:

I'm just exploring the Profile Editor, described on 
http://www.pcc-services.com/custom_poledit.html - and policies saved 
to NTConfig.pol file and copied to the netlogon share work great for 
Windows XP machines.


However, with Windows 2000, they don't work at all. Winh XP machines 
- policies are applied.


I see in Samba logs that the NTConfig.pol is copied from the server 
to the w2k workstation, but it has no effect.


This Profile Editor is designed for Windows 2000, as it was shipped 
with w2k SP4, so I expected it will work with 2000.


Am I missing something?



I searched the internet, but no clue about the issue :(

In the event log it is as eventid: 1000, source: uservenv, and in the 
log itself it says something like (translated from German):


RegLoadKey aborted. Returned value False Parameter. for C:\Documents 
and Settings\Administrator.DOMAIN\prfCA.tmp


prfCA.tmp (and other such tmp files) are the exact copy of the 
NTConfig.POL that is saved in the netlogon directory.


I tried creating other NTConfig.POL files (with only basic setting 
like IE start site), but this message just shows all the time, and 
settings are not applied.


Any clue?

I use Windows 2000 SP4, and Samba 3.0.20.

Windows XP works fine with NTConfig.POL files and the same Samba.



this ist stuff need to be fixed in the profile share
should be like this
[profiles]
  path = /var/lib/samba/profiles
#   vfs objects = extd_audit
  read only = no
  create mask = 0755
  directory mask = 0755
  browseable = No
  guest ok = Yes
  profile acls = yes
  csc policy = disable
  force user = %U
  hide files = /desktop.ini/ntuser.ini/NTUSER.*/
  locking = No
  oplocks = False
  level2 oplocks = False
#  valid users = %U, @Domain Admins

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Speeding up Samba