Re: [Samba] Making users local administrators
Am 21.03.2013 16:39, schrieb Terry Austin: There is no good reason to have users logging in daily as Administrator anymore however its not a good idea, its wide practise that road warrior users are local admins on their laptops, what must not mean ,they are working as such ever, but have the chance to fix stuff if their support is far away. For sure there are tons of workflows around this, but at the end its a security policy decision, which may handled different elsewhere. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PROPOSAL: Remove SWAT in Samba 4.1
Am 18.02.2013 01:02, schrieb Andrew Bartlett: As most of you would have noticed, we have now had 3 CVE-nominated security issues for SWAT in the past couple of years. At the same time, while I know many of our users use SWAT, we just don't have anybody to maintain it inside the Samba Team. Kai has made a valiant effort to at least apply the XSS and CSRF guidelines when folks make security reports, but by his own admission he isn't a web developer - none of us are! There are many other parts of Samba that have not been substantially maintained in years, but few have the level of security exposure that SWAT does (most are bits of library and utility code that we apply elsewhere, but which just quietly does it's own job). The issue isn't that we can't write secure code, but that writing secure Web code where we can't trust the authenticated actions of our user's browser is a very different modal to writing secure system code. Frankly it just isn't our area. Therefore, it was suggested on a private list that we just drop SWAT. I want to start a public discussion on that point, prompted by http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 which reminds us why we didn't apply the specific CSRF hardening we applied in 4.0.2 to SWAT in the first place. Thanks, Andrew Bartlett Hi Andrew , i am not up2date with current samba module in webmin, but however, what about remove swat, and help webmin people for coding stuff there, so samba people dont need to care about the webmin framework security, only i.e helping at integrate new or changed parameters in the samba webmin module. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain DFS on samba 4
shares does not work. Dfs is for sharing files only. Load balancing To set up a load-balancing Dfs share, create the symbolic link like this: # ln -s 'msdfs:toltec\data,msdfs:mixtec\data' lb-data That is, simply use a list of shares separated by commas as the reference. Remember, it is up to you to make sure the shared folders remain identical. Set up permissions on the servers to make the shares read-only to users. The last thing we need to do is to modify the smb.conf file to define the Dfs root share and add Dfs support. The Dfs root is added as a share definition: [dfs] path = /usr/local/samba/dfs msdfs root = yes You can use any name you like for the share. The path is set to the Dfs root directory we just set up, and the parameter msdfs root = yes tells Samba that this share is a Dfs root. To enable support for Dfs in the server, we need to add one line to the [global] section: [global] host msdfs = yes Restart the Samba daemons—or just wait a minute for them to reread the configuration file—and you will see the new share from Windows clients. If you have trouble accessing any of the remote shares in the Dfs share, recheck your symbolic links to make sure they were created correctly. . Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Offline Caching
Am 05.02.2012 00:12, schrieb Jeremy Allison: On Sat, Feb 04, 2012 at 04:33:59PM +0100, Volker Lendecke wrote: On Sat, Feb 04, 2012 at 02:54:13PM +, Mike Howard wrote: I'm sure this has been asked before but I can't find anything recent. Using Samba4 and windows clients, the client logs include lots off 'windows has detected that offline caching is enabled on the roaming profile share...' messages. Is this an issue and if so, how do I sort it? I've found references to 'csc policy = disable' but this is not recognised in samba4 smb.conf. Probably someone needs to take the time to port this feature from the Samba3 based fileserver to the Samba4 based one. Patches welcome :-) Now, now Volker :-). This will get fixed when the source3 fileserver replaces the source4 one, which is a mandatory fix before final release of Samba4. Cheers, Jeremy. any way offline caching can be configured on the client too ( policies etc) as far i know/remember -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 success on openSUSE 12.1
Am 29.11.2011 19:58, schrieb steve: samba -b Samba version: 4.0.0alpha18-GIT-5c53926 Build environment: Build host: Linux hh3 3.1.0-1.2-desktop #1 SMP PREEMPT Thu Nov 3 14:45:45 UTC 2011 (187dde0) i686 i686 i386 GNU/Linux openSUSE 12.1 i586 Hi everyone. After. ./source4/setup/provision --realm=hh3.site --domain=HH1 --adminpass=SOMEPASSWORD --server-role='domain controller' The wiki howto is for DNS seems to be wrong. I had to do this: Copy /usr/local/samba/private/named.conf to /etc/named.conf.samba4 Copy /usr/local/samba/private/dns/hh3.site.zone to /var/lib/named/master edit /etc/named.conf.samba4 to point to /var/lib/named: one hh3.site. IN { type master; file /var/lib/named/master/hh3.site.zone; edit /etc/named.conf to include: include /etc/named.conf.samba4; as the last line in the file. Is this correct? On restarting bind there are still errors: Nov 29 19:54:15 hh3 named[4038]: command channel listening on 127.0.0.1#953 Nov 29 19:54:15 hh3 named[4038]: couldn't add command channel ::1#953: address not available Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found looks like pure bind failure perhaps related to dnssec are youre running a chroot bind ? perhaps its looking on the wrong place for the file, try locate managed-keys.bind( if locate is installed ) to find it, or try to create it http://o-o-s.de/?p=2966 says for i.e. for debian echo include \/etc/bind/bind.keys\; /etc/bind/named.conf touch /var/cache/bind/managed-keys.bind but that may different with suse attention ! look other bind sites Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loaded serial 0 DNS and Kerberos are working fine. Are these errors to do with Samba4? Thanks Steve. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 success on openSUSE 12.1
Am 29.11.2011 20:37, schrieb Robert Schetterer: Am 29.11.2011 19:58, schrieb steve: samba -b Samba version: 4.0.0alpha18-GIT-5c53926 Build environment: Build host: Linux hh3 3.1.0-1.2-desktop #1 SMP PREEMPT Thu Nov 3 14:45:45 UTC 2011 (187dde0) i686 i686 i386 GNU/Linux openSUSE 12.1 i586 Hi everyone. After. ./source4/setup/provision --realm=hh3.site --domain=HH1 --adminpass=SOMEPASSWORD --server-role='domain controller' The wiki howto is for DNS seems to be wrong. I had to do this: Copy /usr/local/samba/private/named.conf to /etc/named.conf.samba4 Copy /usr/local/samba/private/dns/hh3.site.zone to /var/lib/named/master edit /etc/named.conf.samba4 to point to /var/lib/named: one hh3.site. IN { type master; file /var/lib/named/master/hh3.site.zone; edit /etc/named.conf to include: include /etc/named.conf.samba4; as the last line in the file. Is this correct? On restarting bind there are still errors: Nov 29 19:54:15 hh3 named[4038]: command channel listening on 127.0.0.1#953 Nov 29 19:54:15 hh3 named[4038]: couldn't add command channel ::1#953: address not available Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found looks like pure bind failure perhaps related to dnssec are youre running a chroot bind ? perhaps its looking on the wrong place for the file, try locate managed-keys.bind( if locate is installed ) to find it, or try to create it http://o-o-s.de/?p=2966 says for i.e. for debian echo include \/etc/bind/bind.keys\; /etc/bind/named.conf touch /var/cache/bind/managed-keys.bind but that may different with suse attention ! look other bind sites studied some faqs , this file should be autocreated if the related dir is writable restart bind ( named ) and look if the log shows the failure up again Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loaded serial 0 DNS and Kerberos are working fine. Are these errors to do with Samba4? Thanks Steve. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 success on openSUSE 12.1
Am 29.11.2011 20:50, schrieb steve: studied some faqs , this file should be autocreated if the related dir is writable restart bind ( named ) and look if the log shows the failure up again Yep. Still there: Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loaded serial 0 Nov 29 20:49:23 hh3 named[4952]: Starting name server BIND ..done Nov 29 20:49:23 hh3 named[5000]: running What is the directory that should be writeable? Cheers Steve. named11828 3.2 1.5 116332 48032 ?Ssl Nov22 360:27 /usr/sbin/named -t /var/lib/named -u named sorry i have only a older suse to look at try look/cd at /var/lib/named if using chroot then try touch managed-keys-zone or in there or some subfolder ( depend on your conf ) perhaps you need chmod named:named managed-keys-zone after all , try ask on a suse list, suse people should easy answer this stuff -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
Am 28.10.2011 20:00, schrieb Chris Smith: On Fri, Oct 28, 2011 at 1:51 PM, Derek Werthmuller dwert...@ctg.albany.edu wrote: I did consider this, though the issue is what do I do with the existing NT4 PDC - I can demote this to BDC but from the samba docs samba PDC and Windows BDC is not supported. And I don't think it can demote the PDC to server role. There is no supported NT4 PDC demotion scenario. But via registry hack I think you can demote to server and then become a member server. And Exchange 5.5 can run on member server. for info long time ago i tested exchange 5.5 / win2000 server working with a samba pdc controller it worked like charme, but thats years ago these days you shouldnt use such setups, there are a lot of other solutions, based on open source or ms solutions exchange 5.5 is too much outdated I'm also trying to be very careful not to make substantial changes to the exchange host - I need that working for a short while longer. That's one reason for dealing with the VM's. I'll be able to test these changes in a separate virtual environment. Just would be nice to know if anyone has actually done this and, if doable, what the caveats and gotchas were. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Braindead Autoreply filters... WAS Re: samba Digest, Vol 102, Issue 8
Am 09.06.2011 21:46, schrieb Charles Marcus: On 2011-06-09 2:00 PM, Robert Schetterer rob...@schetterer.org wrote: Am 09.06.2011 15:46, schrieb Charles Marcus: It would be nice if one of the list moms would immediately unsubscribe AND PERMANENTLY BAN idiots who use braindead autoreply filters. This should be official list policy for ALL email lists... just like do not top post *g ? Don't be stupid Robert... there are times when top-posting is perfectly acceptable, and that was one of them (ie, when the content of the quote is irrelevant). that was a joke, i am not a fantic ,do no top poster, but related to autoresponders, i am sure list/mailadmins everywhere do their best to avoid spreading unneeded or unwanted mail, but in real world, there will never be a way to catch it all so everybody should be cooled about that, ok wish idiots to hell , perhaps gives sombody fresh air sometimes but in real world ,spread this anger over mail list may also be an unwanted mail so i recommend, mail the listadmin, and accept the world as it is go fishing etc sometimes... ( Joke ! ) -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Braindead Autoreply filters... WAS Re: samba Digest, Vol 102, Issue 8
Am 09.06.2011 15:46, schrieb Charles Marcus: It would be nice if one of the list moms would immediately unsubscribe AND PERMANENTLY BAN idiots who use braindead autoreply filters. This should be official list policy for ALL email lists... just like do not top post *g ? On 2011-06-08 2:00 PM, samba-requ...@lists.samba.org wrote: Subject: Re: [Samba] samba Digest, Vol 102, Issue 7 From: Andrew McNaughton and...@nleducation.org.uk I am currently on annual leave. I will be back in the office on Friday 10th June 2011. If you have an urgent matter needing attention, it may be prudent to contact the ITSC main number 01236 757600. Thanks. -- Andrew McNaughton ICT Network Support Officer Learning Leisure Services North Lanarkshire Council -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross subnet browsing + OpenVPN
user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' [shared] comment = shared directory path = /dat browseable = yes read only = no create mask = 0660 directory mask = 0770 smb.conf - REMOTE1 # [global] workgroup = NEWDOM netbios name = REMOTE1 security = user enable privileges = yes interfaces = 192.168.1.254 127.0.0.1 # hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 10.8.0.0/24 127.0.0.1 wins server = 192.168.0.1 wins proxy = yes username map = /etc/samba/smbusers name resolve order = wins bcast hosts server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n log level = 0 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 local master = Yes domain logons = Yes domain master = no os level = 40 preferred master = no passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Manager,dc=newdom,dc=ldm ldap suffix = dc=newdom,dc=ldm ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' [test] comment = test share path = /test browseable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross subnet browsing + OpenVPN
Am 09.07.2010 14:42, schrieb t...@tms3.com: --- Original message --- *Subject:* Re: [Samba] Cross subnet browsing + OpenVPN *From:* Robert Schetterer rob...@schetterer.org *To:* samba@lists.samba.org *Date:* Friday, 09/07/2010 3:05 AM Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. you should use tap interfaces with openvpn This is a matter of network design, and has nothing to do whatsoever with the issue at hand. Further: i used samba with subnet browsing years ago it dont worked with tun interfaces, it must have been tab interfaces additional right samba setup times may changed, samba and openvpn changed but simply try it does not cost anything my setup was bdc--internalnet--firewall--(tunnel)--firewall--internalnet--pdc i had samba on the firewalls to bind to tab tunnel interfaces as wins proxy the pdc was the wins server, bdc as wins proxy and directed browsing to pdc, all clients did got well configured parameters per dhcp additional there was a working dns which matched dynamicly wins anyway times may change , and there are better solutions now but this one worked stable an robust read samba faqs wins and subnet browsing etc good luck Server configuration file *dev tun ifconfig 10.8.0.1 10.8.0.2 secret static.key* Client configuration file *remote myremote.mydomain dev tun ifconfig 10.8.0.2 10.8.0.1 secret static.key* From: http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html Which makes for a nice network to network setup for two locations connected via a wan link. Why not shift the discussion to weather we should use IPSEC and racoon instead of OpenVPN, or perhaps we should scrap all that and argue that he should be using Cisco vpn gateways altogether? GUH! ** From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user
Re: [Samba] samba 3.3 for opensuse 10.2
Am 29.12.2009 11:33, schrieb peter grotz: At Dienstag, 29. Dezember 2009 08:23, Karolin Seeger has wisely spoken thusly: Hi Karolin, Hi Peter, On Mon, Dec 28, 2009 at 07:09:40PM +0100, peter grotz wrote: JM On Mon, Dec 28, 2009 at 5:54 AM, peter grotz peter.gr...@grotz.org wrote: I need the rpm-files of samba 3.3 or later for opensuse 10.2. The repo isn´t available any more, so can anybody help me here? JM You need 3.3 or _later_ ? It shipped with 3.4.2, so that would be JM later. Or do you specifically need 3.3? no, you´re wrong! It´s shipped wigth 3.0.23! I hav here opensuse 10.2 and it´s really 3.0.23!! you can find a lot of Samba versions for opensuse 10.2 e.g. on http://ftp.sernet.de/pub/samba/. thanks for the link. In the meantime I found it by myself, but in past I was avoiding it because these builds work somehow differently from the normal suse-rpms. But I´ll give it a try again. Thanks again, Karolin! Cheers, Peter you may also try recompile from source rpm taken out of the enterprise suse 9 or 10 rep , i did this last time for having recent samba versions for an old 9.3 server , it worked without problems -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.3 for opensuse 10.2
Am 29.12.2009 13:47, schrieb peter grotz: Hi Robert, I think this might be a good idea but for the 10.2 would it be better to take the SLES 10? -Peter yes try first sles 10 rpm src recompile download from http://download.opensuse.org/repositories/network:/samba:/STABLE/SLE_10/src/ http://download.opensuse.org/repositories/network:/samba:/STABLE/SLE_10/src/samba-3.4.3-10.1.src.rpm do rpmbuild --rebuild samba-3.4.3-10.1.src.rpm etc you might need to download more additional libs for recompile too but after all sernet rpms should work too At Dienstag, 29. Dezember 2009 13:35, Robert Schetterer has wisely spoken thusly: RS Am 29.12.2009 11:33, schrieb peter grotz: At Dienstag, 29. Dezember 2009 08:23, Karolin Seeger has wisely spoken thusly: Hi Karolin, Hi Peter, On Mon, Dec 28, 2009 at 07:09:40PM +0100, peter grotz wrote: JM On Mon, Dec 28, 2009 at 5:54 AM, peter grotz peter.gr...@grotz.org wrote: I need the rpm-files of samba 3.3 or later for opensuse 10.2. The repo isn´t available any more, so can anybody help me here? JM You need 3.3 or _later_ ? It shipped with 3.4.2, so that would be JM later. Or do you specifically need 3.3? no, you´re wrong! It´s shipped wigth 3.0.23! I hav here opensuse 10.2 and it´s really 3.0.23!! you can find a lot of Samba versions for opensuse 10.2 e.g. on http://ftp.sernet.de/pub/samba/. thanks for the link. In the meantime I found it by myself, but in past I was avoiding it because these builds work somehow differently from the normal suse-rpms. But I´ll give it a try again. Thanks again, Karolin! Cheers, Peter RS you may also try recompile from source rpm taken out of the enterprise RS suse 9 or 10 rep , i did this last time for having recent samba versions RS for an old 9.3 server , it worked without problems -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] IMAP Authentication
Ray Klassen schrieb: No. But authenticating both against LDAP makes good sense On Sun, Feb 1, 2009 at 8:54 AM, John Casterlin jcaster2...@comcast.net wrote: Does anyone have any experience using an IMAP server to authenticate Samba users? The idea is to control viability and read/write access to file/print services using an Internal only email server. Thanks, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi, with dovecot you can use winbind and ldap should work too http://wiki.dovecot.org/Authentication/Mechanisms/Winbind?highlight=(winbind) -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Outlook and roaming profiles?
Thierry Lacoste schrieb: you may put pst files on a samba share, as the place where they get hosted is free configurable in outlook i e. you can setup their default place with an adm to users home which has normally nothing to do with profile share but as default a pst file can only be opened by one user at the same time, the other problem is open big pst files over the network is very slow and may damage the pst file, Are there any recommandations about the maximum size of a pst file hosted on a samba server ? regards, Thierry Hi Thierry, depending on your network speed reality shows that you might get into Problems if a pst file grows bigger then 0,5 GB dont use the idea of hosting default Outlook pst files on samba or whatever windows server its ok for backup pst files which you might use only in special cases , but not as default because outlook then does a lot of writes and reads in the pst so if any small network problem comes up you will loose parts or damage the pst file -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Outlook and roaming profiles?
Ong Chin Kiat schrieb: Hi list, I'm trying to migrate from a workgroup based Samba server to a domain based Samba server. I need the following features - Roaming profiles - LDAP based user administration / authentication I think the LDAP part is mostly doable, though I do foresee some hair tearing, but my main concern is with the roaming profiles. Users do not have a fixed workstation and log-on to whichever workstation is available. However, they need to be access their mail through Outlook. This is the crucial point. AFAIK, there is no way to use Outlook with roaming profiles. A quick search on the Microsoft website indicates that I would need an Exchange server to implement roaming profiles+mail. My question is - can it be done without Exchange (ie using PST files)? My understanding is that the size of the PST files prohibits roaming profiles. FWIW, my mail configuration is IMAP based, not POP-based, so it _might_ make the PST files smaller, though I'm not sure. Thanks. Hi, you may put pst files on a samba share, as the place where they get hosted is free configurable in outlook i e. you can setup their default place with an adm to users home which has normally nothing to do with profile share but as default a pst file can only be opened by one user at the same time, the other problem is open big pst files over the network is very slow and may damage the pst file, better use an internal imap server like dovecot -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logon Script Via Group
Jeff L schrieb: Hello, In order to use Samba and migrate our Windows domain we need to be able to map users to a drive based on the Unix groups they are a member of. IE: If user is a member of finance, map drive f:\ finance If user is a a member of domainusers, run logon script logon.bat I tried placing differnet logon scripts in a directory named after the groupname and using the %g variable in Samba but it did not work. It only looks up the FIRST group ignoring the rest. Please let us know a easy way to do this. Thanks = New York Film Academy Study Abroad Filmmaking Acting. London, Paris, Florence, USA. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=160d32aa7f559fb3e9e7cf46485a3294 Hi, you might give all users a default.bat in this you may split running other scripts by hostname username groupname group can be matched with the ifmember.exe util i.e default.bat @echo off REM default login script [EMAIL PROTECTED] REM --- REM exec bat for logged in machine ( maybe software status for machine ) echo %COMPUTERNAME% call %COMPUTERNAME%.bat REM --- REM exec bat for login user echo %USERNAME% call %USERNAME%.bat REM - REM exec bat for different groups REM ifmember.exe must be in the netlogon share download it at m$ REM be aware that ifmember will give result in the current win language REM unlike normal dos REM positive result from ifmember will match in errorlevel 1 ifmember /v /l DOMAINNAME\Domain Users if errorlevel 1 call domainusers.bat ifmember /v /l DOMAINNAME\Domain Admins if errorlevel 1 call domainadmins.bat and domainusers.bat @echo off REM install the pdfprinter drivers must allready be uploaded REM typical use with cups-pdf rundll32 printui.dll,PrintUIEntry /dn /n \\YOUR-PDC-NAME\pdfprinter /q rundll32 printui.dll,PrintUIEntry /in /n \\YOUR-PDC-NAME\pdfprinter net use z: \\YOUR-PDC-NAME\users /persistent:no with such logic you should be able to solve login stuff NT Group related -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem usmgr Version 3.2.4
hi , i have a few problems with usmgr on Version 3.2.4 ( Version 3.2.4-8.1-1931-SUSE-SL11.0 ) samba pdc ldap the download version from ms http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2displaylang=en doesnt work giving device attached to the system is not functioning whatever i do a old version from usermgr works partially but magic only with the first user in Domain Admins Group other users in Domain Admins dont work ( root works too ) with the old usrmgr version i cant only add a user in first case i want to add other stuff like name etc i dont works , so i have to do it in asecond usermod als password creating doesnt work in first useradd here are also comming up device attached to the system is not functioning but operations final works and is shown after refresh win client is win xp prof german serv pack3 german latest patch level i finally found some error code in the logs using usrmgr with some user from the Domain Admin Group smbldap_open: cannot access LDAP when not root 2008/10/17 00:37:09, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490) Returning domain sid for domain FIDO - S-1-5-21-213567364-2628613513-2492443612 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 0] lib/smbldap.c:smbldap_open(1029) smbldap_open: cannot access LDAP when not root [2008/10/17 00:38:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) any ideas how do get this fixed ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem usrmgr Version 3.2.4
hi , i have a few problems with usmgr on Version 3.2.4 ( Version 3.2.4-8.1-1931-SUSE-SL11.0 ) samba pdc ldap the download version from ms http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2displaylang=en doesnt work giving device attached to the system is not functioning whatever i do a old version from usermgr works partially but magic only with the first user in Domain Admins Group other users in Domain Admins dont work ( root works too ) with the old usrmgr version i cant only add a user in first case i want to add other stuff like name etc i dont works , so i have to do it in asecond usermod als password creating doesnt work in first useradd here are also comming up device attached to the system is not functioning but operations final works and is shown after refresh win client is win xp prof german serv pack3 german latest patch level i finally found some error code in the logs using usrmgr with some user from the Domain Admin Group smbldap_open: cannot access LDAP when not root 2008/10/17 00:37:09, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490) Returning domain sid for domain FIDO - S-1-5-21-213567364-2628613513-2492443612 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 0] lib/smbldap.c:smbldap_open(1029) smbldap_open: cannot access LDAP when not root [2008/10/17 00:38:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) any ideas how do get this fixed ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem usmgr Version 3.2.4
Jeremy Allison schrieb: On Fri, Oct 17, 2008 at 05:08:47PM +0200, Robert Schetterer wrote: hi , i have a few problems with usmgr on Version 3.2.4 ( Version 3.2.4-8.1-1931-SUSE-SL11.0 ) samba pdc ldap the download version from ms http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2displaylang=en doesnt work giving device attached to the system is not functioning whatever i do a old version from usermgr works partially but magic only with the first user in Domain Admins Group other users in Domain Admins dont work ( root works too ) with the old usrmgr version i cant only add a user in first case i want to add other stuff like name etc i dont works , so i have to do it in asecond usermod als password creating doesnt work in first useradd here are also comming up device attached to the system is not functioning but operations final works and is shown after refresh win client is win xp prof german serv pack3 german latest patch level i finally found some error code in the logs using usrmgr with some user from the Domain Admin Group smbldap_open: cannot access LDAP when not root 2008/10/17 00:37:09, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490) Returning domain sid for domain FIDO - S-1-5-21-213567364-2628613513-2492443612 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 0] lib/smbldap.c:smbldap_open(1029) smbldap_open: cannot access LDAP when not root [2008/10/17 00:38:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) any ideas how do get this fixed ? Can you re-run smbd with debug level 10 so I can track down the codepath that isn't doing the become_root() correctly. It's possible that this is already fixed but I don't see an exact commit that would fix this. Thanks, Jeremy. Hi Jeremy, i am just testing one thing is solved, my fault admin users in smb conf overrides permission for other users from group Domain Admins edit with usrmgr the other bugs stayed, yes i will do debug level 10 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem usmgr Version 3.2.4 solved partlly
Jeremy Allison schrieb: On Fri, Oct 17, 2008 at 05:08:47PM +0200, Robert Schetterer wrote: hi , i have a few problems with usmgr on Version 3.2.4 ( Version 3.2.4-8.1-1931-SUSE-SL11.0 ) samba pdc ldap the download version from ms http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2displaylang=en doesnt work giving device attached to the system is not functioning whatever i do a old version from usermgr works partially but magic only with the first user in Domain Admins Group other users in Domain Admins dont work ( root works too ) with the old usrmgr version i cant only add a user in first case i want to add other stuff like name etc i dont works , so i have to do it in asecond usermod als password creating doesnt work in first useradd here are also comming up device attached to the system is not functioning but operations final works and is shown after refresh win client is win xp prof german serv pack3 german latest patch level i finally found some error code in the logs using usrmgr with some user from the Domain Admin Group smbldap_open: cannot access LDAP when not root 2008/10/17 00:37:09, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490) Returning domain sid for domain FIDO - S-1-5-21-213567364-2628613513-2492443612 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1007 [2008/10/17 00:37:09, 0] lib/smbldap.c:smbldap_open(1029) smbldap_open: cannot access LDAP when not root [2008/10/17 00:38:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) any ideas how do get this fixed ? Can you re-run smbd with debug level 10 so I can track down the codepath that isn't doing the become_root() correctly. It's possible that this is already fixed but I don't see an exact commit that would fix this. Thanks, Jeremy. Hi Jeremy, did a useradd with usermgr level 10 wich invokes device attached to the system is not functioning after done grep tester team.newcompr1.log string : 'tester' string : 'tester' Checking whether [tester] can be created lookup_name: tester = (domain), tester (name) map_name_to_wellknown_sid: looking up tester smbldap_search_ext: base = [dc=fido,dc=intern], filter = [((uid=tester)(objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwnam: Unable to locate user [tester] count=0 smbldap_search_ext: base = [ou=Groups,dc=fido,dc=intern], filter = [((objectClass=sambaGroupMapping)(|(displayName=tester)(cn=tester)))], scope = [2] ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(|(displayName=tester)(cn=tester))) tester does not exist, can create it Finding user tester Trying _Get_Pwnam(), username as lowercase is tester Checking combinations of 0 uppercase letters in tester Get_Pwnam_internals didn't find user [tester]! _samr_create_user: Running the command `/etc/opt/IDEALX/smbldap-tools/smbldap-useradd -a -m -P tester' gave 25 Finding user tester Trying _Get_Pwnam(), username as lowercase is tester Get_Pwnam_internals did find user [tester]! pdb_set_username: setting username tester, was pdb_set_profile_path: setting profile path \\fidoserver\profiles\tester, was pdb_set_homedir: setting home dir \\fidoserver\tester, was pdb_set_username: setting username tester, was tester smbldap_search_ext: base = [dc=fido,dc=intern], filter = [((uid=tester)(objectclass=sambaSamAccount))], scope = [2] ldapsam_add_sam_account: User 'tester' already in the base, with samba attributes i am not really sure but i think User 'tester' already in the base, with samba attributes is guilty for make usrmgr noisy, but addition of the user is done but no password creation nor addtional attributes ( like name ) where taken at user firstcreation time one magical thing is etc/opt/IDEALX/smbldap-tools/smbldap-useradd -a -m -P %u my older insts dot need the -a , and it is also dokued as smbldap-useradd -m -P %u http://www.iallanis.info/smbldap-tools/docs/smbldap-tools/#htoc13 but without -a ( which i found by google ) it works so i finally checked it again it must be smbldap-useradd -m -P %u cause ldap sync allready worked smba stuff in ldap the story is the whole mist startet with not having a patched version of smbldap-tools so wrong group mapping etc... ( see mailings today ) i patched it repopulated it, fixed my broken smb.conf entries and with the old version of usrmgr now everything works as it should with ms downloadversion of usrmgr i have still problems i will investigate in this later -- Best Regards MfG Robert Schetterer
[Samba] vscan-clamav.so package bug opensuse 11 ?
[EMAIL PROTECTED] with latest stable samba opensuse 11 the samba-vscan pack seems to be broken with scan-clamav.s Error trying to resolve symbol 'init_samba_module' in /usr/lib64/samba/vfs/vscan-clamav.so: /usr/lib64/samba/vfs/vscan-clamav.so: undefined symbol: init_samba_module shouldn it be init_module now ( taken somewhere from google) -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] opensuse 11 samba 3.2.4 ldap add machine solved
Robert Schetterer schrieb: Hi @ll, i didnt worked on samba for a while now had setup a new domain contoller on opensuse 11 i used the repositories from download.opensuse.org samba 3.2.4 i mostly copied stuff from working suse 10 samba ldap pdc and configured /etc/nsswitch.conf smb.conf in equal ways , testparm shows no bugs as well as getent passwd etc does not, populating ldap worked fine fixing dbus boot stuff in /etc/ldap.conf by boot_policy soft etc but i didnt got managed joinig the domain by the root user with a new installed winxp serv pack3 german client bug message means no such user it looks like it haves problems finding the root user adding another user and putting him in the domain admin with the latest smbldaptools script group doesnt helped either. samba client logs doesnt report root not to be not found I just googeld around and found likly problems with opensuse 11 mostly telling to upgrade openldap and samba, but now i am on the latest upgrade level, so before i just loosing more time , just wanna ask if there are known problems with samba ldap on opensuse 11? And if ther are known one ,how were they fixed solved in /etc/ldap.conf nss_base_user ou=Users,dc=...,dc=... changed to nss_base_user ou=Computers,ou=Users,dc=...,dc= -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] opensuse 11 samba 3.2.4 ldap add machine
Hi @ll, i didnt worked on samba for a while now had setup a new domain contoller on opensuse 11 i used the repositories from download.opensuse.org samba 3.2.4 i mostly copied stuff from working suse 10 samba ldap pdc and configured /etc/nsswitch.conf smb.conf in equal ways , testparm shows no bugs as well as getent passwd etc does not, populating ldap worked fine fixing dbus boot stuff in /etc/ldap.conf by boot_policy soft etc but i didnt got managed joinig the domain by the root user with a new installed winxp serv pack3 german client bug message means no such user it looks like it haves problems finding the root user adding another user and putting him in the domain admin with the latest smbldaptools script group doesnt helped either. samba client logs doesnt report root not to be not found I just googeld around and found likly problems with opensuse 11 mostly telling to upgrade openldap and samba, but now i am on the latest upgrade level, so before i just loosing more time , just wanna ask if there are known problems with samba ldap on opensuse 11? And if ther are known one ,how were they fixed -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista Roaming Profiles and GPMC.MSC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Robinson schrieb: Hi All Our company got a Windows Vista installed laptop even though we ordered it with XP. Now I'm faced with the task of integrating the beast into our samba controlled domain. Something I was hoping to delay for some time. Our PDC is samba 2.2.8a with openldap 2.1.4 We also have a Domain Member Server running samba 3.0.10. There is a document on the Microsoft site that I downloaded (http://www.microsoft.com/downloads/details.aspx?FamilyID=311f4be8-9983-4ab0-9685-f1bfec1e7d62DisplayLang=en) explaining how to do folder redirection so that at least some of the XP/Vista profile will roam. To do this you have to logon to Vista as a Domain User and run GPMC.MSC. The problem is that, even though I logon as a domain user (DOMAIN\user) the GPMC.MSC issues the warning: To manage Group Policy, you must log on to the computer with a domain user account. With samba 2.2.8a we have no Domain Users group. Could this be the problem? How would I add this group to the PDC? Is there a workaround for this? Any help is appreciated. Thanks, Tom Hi Tom, i dont think you will get vista to join a samba 2.2.8a pdc domain, at my tests upgrade to samba latest was needed to handle vista in a minimum, the adm format ( policies ) changed in vista its now called admx, after all a simply folder redirect reg patch should work in vista include it as local admin, i would recommend setup win xp, and wait for stabelizing vista, in mean time upgrade your samba setup to latest. But maybe someone else can give you more advice handle vista, my tests where very basic, cause i will not implement vista anywhere in the next year, and will not sombody advice to do so. - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGDTXjfGH2AvR16oERAjmtAJ9HfVHp2+yZTqQugQmU8IbKcdVkuwCcD25Z YVTCYFZmfiejB4iSVQhXHtA= =rrYB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Updating System Policy Templates
Mike Petersen schrieb: Hi all, I am going to be in the process of updating my custom system policy templates (probably within a month or two) and I am asking for what policies anyone is in need of to help them deploy samba as a domain controller. Currently I basically have a single template.adm file, a few people have asked me to separate them into a few different files that would serve an overall single purpose - I guess like having a folder_redirection.adm file, a security.adm file, etc. Any ideas on this ?? I am definitely going to create policies for IE7 - I am planning on creating policies to make it look similar to IE6 instead of the horrible interface it has now. I am also going to create a policy that will allow it to use Google as the default search engine, and I will somehow try to figure out how to enforce the Home Page to a specific site (currently the policy is apparently different than IE6 as it currently doesn't work). Is there anything else that needs to be done for Internet Explorer 7 ? Does anyone need Windows Vista Policies ? Does anyone know if Vista will accept system policies from a Domain Controller ? Does anyone want to donate a copy of Vista to help create these policies (I haven't seen Vista, don't want it, definitely won't pay for it - but I will take the time to create policies for it if it is necessary and if Vista will allow System Policies). In lieu of anyone donating a copy, does anyone know if there is a trial version available that I could use to create the policies ? Finally, I am thinking of creating a few NTConfig.POL files so people can download so they don't have to create their own files. I would just adjust the Default User and Default Computer items and would probably just stick with what people would probably want on their network. This would probably alleviate some of the emails I receive (some people just don't comprehend the whole policy thing - I have heard it all). Does anyone think this is a good or bad idea ? Thanks all - feel free to email me directly on these questions. Mike Petersen [EMAIL PROTECTED] http://www.pcc-services.com/custom_poledit.html HI Mike, creating policies is always welcome, i dont tried vista adms for now, cause i dont think most of my customers will switch to it, the plan is to get totally out of m$. I am nearly sure that adms will work for vista too, cause i dont read something that vista isnt any longer compatible to nt 4 pdcs ( but i may fail here ) Be sure that you dont make work which is allready done by others, there are few sources of adms on the web. -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Updating System Policy Templates
Hi Mike, Mike Petersen schrieb: On Thu, 2007-03-22 at 16:58 +0100, Robert Schetterer wrote: HI Mike, creating policies is always welcome, i dont tried vista adms for now, cause i dont think most of my customers will switch to it, the plan is to get totally out of m$. I am in the same boat on a few networks that I maintain. Most people are sick of Microsoft Products. If you are interested in testing SLED10 on your network(s), I have created quite a few RPMs for SLED10 that fills the gaps of what Novell doesn't provide. Most of the people that I introduced it to really like it and SLED10 is probably the most network friendly OS out there today (politics aside). You can get my custom RPMs from: http://www.pcc-services.com/sled10_rpms.html sled is good , but no need to make marketing for them , samba works on other nixes very fine too, and each one has plus and minus points one minus of novell is now that they contracted somehow with m$ wihtout need.But this is my personal political meaning i run suse on my most systems and i will as long as they get not near to m$ , but i will stop this if i get the feeling they sold their soul to the devil *g I am nearly sure that adms will work for vista too, cause i dont read something that vista isnt any longer compatible to nt 4 pdcs ( but i may fail here ) Hopefully I will get more info from the samba list on this. I especially want info on if people are going to use Vista at all. I don't want to spend the time on Vista if no one is going to deploy it anyway (I personally won't touch it for any of my networks). i am having this partner pack from m$ its very cheap to it includes and holds all of their products and a number of licenses, so this is fine for testing stuff, vista runs fine in vmware which you could download for free. I personally will not test vista against samba deeply unless i get paid for Its an unwritten law m$ products should not be used on production nets before they go to stage service pack 1 with one exception if you really need to some new invention included in one product. But for vista i dont this. For now it would high the total costs by my customers, by bying new hardware, software upgrades and much trouble with dirvers and applications. Be sure that you dont make work which is allready done by others, there are few sources of adms on the web. About 2 years ago I sat down and created a comprehensive custom.adm file that implemented just about any policy anyone wanted for Window XP machines. Ever since then I apparently became the defacto person on asking system policy questions (get about 2-3 emails a week). As far as I know no one has spent the time to create IE7 policies or Vista policies yet. I am going to have time on my hands this summer and I personally will need IE7 policies on my networks, so I am asking a few questions on whether or not I need to add any additional policies to my policy template while I am at it. Thanks for the reply, and if you are in need of any weird or interesting policies for your network, now is the time to ask. i would be very lucky to have adms for ie7 and vista here is a german website which do much of adm stuff, perhaps you should get in contact with them http://www.gruppenrichtlinien.de/ as i see no vista adms but for all other oses of m$ and ie7 see here http://www.gruppenrichtlinien.de/index.html?/RiLi/Zahlen.htm or http://www.heise.de/ct/tipps/adms.shtml has also adms as i just read adms go to a new format called ADMX in vista, so it seems this format ist better then the old but not compatible with adm http://www.microsoft.com/technet/technetmag/issues/2007/02/Templates/Default.aspx?loc=de (give it a try in english too) but here they wrote adms will still work on vista if they dont conflict with default admx policies, so i have no idea for now how to implement this with a current samba pdc, this question should go to samba gurus perhaps there is a way to implement policies like active dir does with the recent samba ( but i havent read this ) but i think it must be included in upcoming samba 4 as it should work as active dir contoller http://www.microsoft.com/germany/technet/prodtechnol/windowsvista/library/1494d791-72e1-484b-a67a-22f66fbf9d17.mspx -snip-- • Sie können ADM-Dateien weiterhin mit der Option Vorlagen hinzufügen/entfernen hinzufügen oder entfernen. Für das Hinzufügen oder Entfernen von ADMX-Dateien gibt es unter Windows Vista keine Schnittstelle. Um ADMX-Dateien hinzuzufügen, kopieren Sie diese einfach in den Ordner %systemroot%\PolicyDefinitions\ und starten Sie den Gruppenrichtlinienobjekteditor neu. • Gruppenrichtlinieneinstellungen aus ADMX-Dateien werden unter dem Knoten Administrative Vorlagen angezeigt. Einstellungen aus alten ADM-Dateien werden unter Klassische Administrative Vorlagen (ADM) angezeigt. • Der Gruppenrichtlinienobjekteditor erkennt ADM
Re: [Samba] Updating System Policy Templates/ found admx migrator
Robert Schetterer schrieb: Hi Mike, Mike Petersen schrieb: On Thu, 2007-03-22 at 16:58 +0100, Robert Schetterer wrote: HI Mike, creating policies is always welcome, i dont tried vista adms for now, cause i dont think most of my customers will switch to it, the plan is to get totally out of m$. I am in the same boat on a few networks that I maintain. Most people are sick of Microsoft Products. If you are interested in testing SLED10 on your network(s), I have created quite a few RPMs for SLED10 that fills the gaps of what Novell doesn't provide. Most of the people that I introduced it to really like it and SLED10 is probably the most network friendly OS out there today (politics aside). You can get my custom RPMs from: http://www.pcc-services.com/sled10_rpms.html sled is good , but no need to make marketing for them , samba works on other nixes very fine too, and each one has plus and minus points one minus of novell is now that they contracted somehow with m$ wihtout need.But this is my personal political meaning i run suse on my most systems and i will as long as they get not near to m$ , but i will stop this if i get the feeling they sold their soul to the devil *g I am nearly sure that adms will work for vista too, cause i dont read something that vista isnt any longer compatible to nt 4 pdcs ( but i may fail here ) Hopefully I will get more info from the samba list on this. I especially want info on if people are going to use Vista at all. I don't want to spend the time on Vista if no one is going to deploy it anyway (I personally won't touch it for any of my networks). i am having this partner pack from m$ its very cheap to it includes and holds all of their products and a number of licenses, so this is fine for testing stuff, vista runs fine in vmware which you could download for free. I personally will not test vista against samba deeply unless i get paid for Its an unwritten law m$ products should not be used on production nets before they go to stage service pack 1 with one exception if you really need to some new invention included in one product. But for vista i dont this. For now it would high the total costs by my customers, by bying new hardware, software upgrades and much trouble with dirvers and applications. Be sure that you dont make work which is allready done by others, there are few sources of adms on the web. About 2 years ago I sat down and created a comprehensive custom.adm file that implemented just about any policy anyone wanted for Window XP machines. Ever since then I apparently became the defacto person on asking system policy questions (get about 2-3 emails a week). As far as I know no one has spent the time to create IE7 policies or Vista policies yet. I am going to have time on my hands this summer and I personally will need IE7 policies on my networks, so I am asking a few questions on whether or not I need to add any additional policies to my policy template while I am at it. Thanks for the reply, and if you are in need of any weird or interesting policies for your network, now is the time to ask. i would be very lucky to have adms for ie7 and vista here is a german website which do much of adm stuff, perhaps you should get in contact with them http://www.gruppenrichtlinien.de/ as i see no vista adms but for all other oses of m$ and ie7 see here http://www.gruppenrichtlinien.de/index.html?/RiLi/Zahlen.htm or http://www.heise.de/ct/tipps/adms.shtml has also adms as i just read adms go to a new format called ADMX in vista, so it seems this format ist better then the old but not compatible with adm http://www.microsoft.com/technet/technetmag/issues/2007/02/Templates/Default.aspx?loc=de (give it a try in english too) but here they wrote adms will still work on vista if they dont conflict with default admx policies, so i have no idea for now how to implement this with a current samba pdc, this question should go to samba gurus perhaps there is a way to implement policies like active dir does with the recent samba ( but i havent read this ) but i think it must be included in upcoming samba 4 as it should work as active dir contoller http://www.microsoft.com/germany/technet/prodtechnol/windowsvista/library/1494d791-72e1-484b-a67a-22f66fbf9d17.mspx -snip-- • Sie können ADM-Dateien weiterhin mit der Option Vorlagen hinzufügen/entfernen hinzufügen oder entfernen. Für das Hinzufügen oder Entfernen von ADMX-Dateien gibt es unter Windows Vista keine Schnittstelle. Um ADMX-Dateien hinzuzufügen, kopieren Sie diese einfach in den Ordner %systemroot%\PolicyDefinitions\ und starten Sie den Gruppenrichtlinienobjekteditor neu. • Gruppenrichtlinieneinstellungen aus ADMX-Dateien werden unter dem Knoten Administrative Vorlagen angezeigt. Einstellungen aus alten ADM-Dateien werden unter Klassische
Re: [Samba] Updating System Policy Templates / ie7 adm found
Robert Schetterer schrieb: Hi Mike, Mike Petersen schrieb: On Thu, 2007-03-22 at 16:58 +0100, Robert Schetterer wrote: HI Mike, creating policies is always welcome, i dont tried vista adms for now, cause i dont think most of my customers will switch to it, the plan is to get totally out of m$. I am in the same boat on a few networks that I maintain. Most people are sick of Microsoft Products. If you are interested in testing SLED10 on your network(s), I have created quite a few RPMs for SLED10 that fills the gaps of what Novell doesn't provide. Most of the people that I introduced it to really like it and SLED10 is probably the most network friendly OS out there today (politics aside). You can get my custom RPMs from: http://www.pcc-services.com/sled10_rpms.html sled is good , but no need to make marketing for them , samba works on other nixes very fine too, and each one has plus and minus points one minus of novell is now that they contracted somehow with m$ wihtout need.But this is my personal political meaning i run suse on my most systems and i will as long as they get not near to m$ , but i will stop this if i get the feeling they sold their soul to the devil *g I am nearly sure that adms will work for vista too, cause i dont read something that vista isnt any longer compatible to nt 4 pdcs ( but i may fail here ) Hopefully I will get more info from the samba list on this. I especially want info on if people are going to use Vista at all. I don't want to spend the time on Vista if no one is going to deploy it anyway (I personally won't touch it for any of my networks). i am having this partner pack from m$ its very cheap to it includes and holds all of their products and a number of licenses, so this is fine for testing stuff, vista runs fine in vmware which you could download for free. I personally will not test vista against samba deeply unless i get paid for Its an unwritten law m$ products should not be used on production nets before they go to stage service pack 1 with one exception if you really need to some new invention included in one product. But for vista i dont this. For now it would high the total costs by my customers, by bying new hardware, software upgrades and much trouble with dirvers and applications. Be sure that you dont make work which is allready done by others, there are few sources of adms on the web. About 2 years ago I sat down and created a comprehensive custom.adm file that implemented just about any policy anyone wanted for Window XP machines. Ever since then I apparently became the defacto person on asking system policy questions (get about 2-3 emails a week). As far as I know no one has spent the time to create IE7 policies or Vista policies yet. I am going to have time on my hands this summer and I personally will need IE7 policies on my networks, so I am asking a few questions on whether or not I need to add any additional policies to my policy template while I am at it. Thanks for the reply, and if you are in need of any weird or interesting policies for your network, now is the time to ask. i would be very lucky to have adms for ie7 and vista here is a german website which do much of adm stuff, perhaps you should get in contact with them http://www.gruppenrichtlinien.de/ as i see no vista adms but for all other oses of m$ and ie7 see here http://www.gruppenrichtlinien.de/index.html?/RiLi/Zahlen.htm or http://www.heise.de/ct/tipps/adms.shtml has also adms as i just read adms go to a new format called ADMX in vista, so it seems this format ist better then the old but not compatible with adm http://www.microsoft.com/technet/technetmag/issues/2007/02/Templates/Default.aspx?loc=de (give it a try in english too) but here they wrote adms will still work on vista if they dont conflict with default admx policies, so i have no idea for now how to implement this with a current samba pdc, this question should go to samba gurus perhaps there is a way to implement policies like active dir does with the recent samba ( but i havent read this ) but i think it must be included in upcoming samba 4 as it should work as active dir contoller http://www.microsoft.com/germany/technet/prodtechnol/windowsvista/library/1494d791-72e1-484b-a67a-22f66fbf9d17.mspx -snip-- • Sie können ADM-Dateien weiterhin mit der Option Vorlagen hinzufügen/entfernen hinzufügen oder entfernen. Für das Hinzufügen oder Entfernen von ADMX-Dateien gibt es unter Windows Vista keine Schnittstelle. Um ADMX-Dateien hinzuzufügen, kopieren Sie diese einfach in den Ordner %systemroot%\PolicyDefinitions\ und starten Sie den Gruppenrichtlinienobjekteditor neu. • Gruppenrichtlinieneinstellungen aus ADMX-Dateien werden unter dem Knoten Administrative Vorlagen angezeigt. Einstellungen aus alten ADM-Dateien werden unter Klassische
Re: [Samba] Updating System Policy Templates / ie7 adm found
Mike Petersen schrieb: Thanks for all of the links, I can't read German but I did manage to get some info from them. Also thanks for the link to the article on the new admx format - I don't know why MS is changing everything to something x (docx, xlsx and now admx) - I preferred the old format anyway, the Microsoft Engineers just made it extremely confusing reading their policy templates. Which turned out to be just fine for me because unfortunately I cannot base any of my policy template work off of any current Microsoft Templates - I contacted them about it 2 years ago, before I started working on my Custom Policies (just to be sure it was alright) and at first they were OK about it, but after a while I was contacted again to not base any work off of any policies they created (Go figure). So when I created my custom policy templates last time I simply searched the web for any registry settings that people were using to adjust Windows behavior, then implemented those as a policy. For the ones I didn't find I simply ran an Un-installer program to track registry changes to the system as I adjusted settings. This is what I will probably have to do with the IE7 policies since there are very few references to registry settings regarding Internet Explorer 7 yet. Also, for the IE7 policies I am going to try to start doing those at the beginning of next month, the Vista policies will probably have to wait a little longer (especially since no one seems to want to deploy Vista anyway). So if you want any specific policy for IE 7 just let me know and I will try to implement it. I will also try to keep an eye on the mail list. Thanks again, Mike Petersen [EMAIL PROTECTED] Hi Mike, the main question is how to server the new admx format with a recent samba pdc ( my short overflow seems that they are stored in a different place, i maybe fail here), also i think if you wanna install a mixed setup with winxp and vista which isnt recommended anyway you have deploy both adms and admxs configured in the same way, as the complexity with configurations possible in policies this doesnt seem very easy done. So anyway the possibility to serve admx (or equal)should be included in samba 4 as it should work as active dir controller. So thats the question to the samba gurus. Maybe at interim reg patches ( or extracted from adms/x) will do the job, but i think they have to be different in xp and vista, also the admx migrator should help. As i understood the format change was made to near the admx programming language to other programming languages and simplify writing of it. in my eyes it just another example that windows version are not really compatible and shot users to upgrade their whole network . It dosnt make me wonder that m$ dont want you to create adms, in my eyes the dont wanna people doing free unlicend stuff anymore, so 2 days ago the pressed some windows friendly sites to get off their offline update packs for xp from the web. In the ie7.adm from gruppenrichtlinien.de should be allready some specials in, like configure search engine ( this what i read in parts there ) Sorry i havent a good english site for you. But i rememeber there where a few unfree tools creating adms, maybe they upgraded to admx edit -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Updates management using Samba
Siju George schrieb: Hi, I was just wondering there if there is anything/setup to make a Samba 3/4 PDC to fetch MS Windows Updates from the Microsoft website and push it to the clients. Some thing Like WSUS? If it is not already th ere is there any plans to add this functionality to Samba? I am wondering how updates are done on Windows Machines under a Samba domain. The data transfer multiplies with the no. of clients right? May be one way is to put a caching server like Squid on the firewall and allow the cache to serve the requested file. Is there any other/better way than this? Thankyou so much Kind Regards Siju Hi , you can use http://www.heise.de/ct/ftp/projekte/offlineupdate/ctupdate303.zip this is a script which makes win updates but its not real samba related, but very handy anyway -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] test please ignore
test please ignore -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Use Microsoft shared fax printer?
Neil Aggarwal schrieb: Hello: Is it possible to use Samba to send documents to a Microsoft Shared Fax Printer? How would I give it the phone number and other recipient details that normally comes in the popup window when I print to a shared fax printer from Windows? Thanks, Neil -- Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com FREE! Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details. Hi MS Fax ist ugly but you can look at this http://www.purpel3.nl/sambafax/sambafax_6B.html or a few other faxsolutions mostly with hylafax which is runnig fine in linux on the same machine which services your samba -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Use Microsoft shared fax printer?
Neil Aggarwal schrieb: Shaun: Correct me if I am wrong, but I think you are suggesting using HylaFAX on the Linux server and then have the Windows PCs use it. What I am trying to do is to have the Linux server send faxes using the Windows Machine as a Fax Server. Is that possible? It will be *much* harder to convince the client that they now have to change their fax server to Linux. Thanks, Neil -- Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com FREE! Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Marolf Sent: Sunday, January 28, 2007 10:41 AM To: samba@lists.samba.org Subject: Re: [Samba] Use Microsoft shared fax printer? On Sunday 28 January 2007 09:56, Neil Aggarwal wrote: Hello: Is it possible to use Samba to send documents to a Microsoft Shared Fax Printer? How would I give it the phone number and other recipient details that normally comes in the popup window when I print to a shared fax printer from Windows? Thanks, Neil -- Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com FREE! Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details. Yes it is using Hylafax Samba printer share. www.hylafax.org --Shaun Hi Neil, you know a place which has has pure ms fax up and running and working, wow ( i never saw that , i only know third party solutions for that on windows ) try study it features in which way you can inject faxes in its spool dir or the tcp port you have to use and try to script it with linux. ( whatever samba etc ) But i would recommend using hylafax cause it surle more stable than any ms fax service. Perhaps Technet should help ,searching a solution. -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multi office samba domains
Asier Baranguán schrieb: Hi all! I've a computer acting as a PDC in a network with Samba+OpenLDAP working fairly well ina Debian Sarge for several months (Samba servers, XP cients). It's working so well that my company wants to deploy this system to all the offices (five offices physically separated). Each office has it's own peculiarities so each one has to have it's own domain with shares and so on. But there some users with special requirements: + Normal users only access to their local domain resources + Users from marketing and sales dpt. travel across all the offices and it would be great allow this users to login in all the offices with the _same_ user account and access to shares, printers, etc. + Some special users are willing must be allowed to access remotely -via VPN link- to other office shares + And admin users be able to access to all office shares Inter-office communication will be done with some VPN so in theory I can have one main LDAP server with all the users, groups, computers and domains and replicate them. In other words: share all the users and groups between offices but with several domains and access policies. Can this be done -almost partially-? perhaps with domain trust relationships? Thanks! -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. Hi Asier, this can be done, i did this with bdcs in the offices (ldap slaves samba ) an connected them with openvpn. For traveling user i used pptpd. But you have to think about lot of things before you start this so how are the coenncting qualitiy of the lines the offices use, how implement wins browsing, and the generall net architekture. If you only want one domain , no trust ist needed. If you want let the offices independent, use different domains and trust them to one another, but i would not recommend it. You should setup internal dns with replication, maybe dhcp with relay. normaly the homes/profiles of the office users are lying on there bdcs. Make different policies for workstations and laptops, cause of of profile caching etc. Think about slow traffic vpns , sometimes it makes no sense to push them printers etc. The layout goes along with you would do with nt windows servers , see exmaple in the samba books and faqs. It a lot of work at the start, but then it works very nice. I dont know how time lines are for samba 4 ( active dir emulation) but it should be a little be easier then, with those setups Best Regards -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba instead of SBS2k+3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Przemyslaw Smiejek schrieb: Hi, I'm a teacher and I have got 20 computers with Windows XP and server Windows SBS 2003 with Active Directory. I use AD to set policy tu WinXP and to authorize users. Is it possible to set up Samba to this instead AD? Can someone help me in this? Hi, jep samba can act as a win nt (4) domain controller PDC. If you really need AD ( which i dont think ) you have to wait samba reaches version 4. but having Samba in a school enviroment is very typical, there are many special Linux distros for schools which have allready included this look http://www.skolelinux.org and the samba faqs, setting up samba as domain contoller. But you will make your live much more easier , and save money for the children, if you switch totally to linux. There is nothing on windows which is really need to learn for pupils which cant be handeled by modern linux distros. Mostly they need office ( open office ) a browser and mail. For keeping them out of scum websites squid (guard) is the right choice on your firewall. And will have no nightmares about viri in the futures using a better os. i give my free time to youth projects to admin their networks and they mostly have mixed setups , with linux and windows. in former days the wanted windows to play some games , but now they switching to consoles , which get easier to handle. After all , here in germany , there are much laws , which you have to look for , giving internet and computer access to children. - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFE6FsYNxddAhXBw7QRAo/UAJ4/xBaJwI958HrneipYIzHNMoHrWQCghOJQ QD5SfXdSrEgqHvHqSTt8W0g= =UcyF -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Latest Samba for SuSE 9.0 ?!?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rory Vieira schrieb: Hi, What is the latest version of Samba for SuSE 9.0, and where can I find it. Shame support was dropped for this one... still being used a lot... try this ftp://ftp.sernet.de/pub/samba/suse90-i386 after all searching about the rpms is easy with google, and building rpms too , if you have a spec valid for suse 9.0. if you wanna longer support why not using enterprise versions which have longer support, upgrading versions older than 2 years makes no sense ( my opinion ), after all why not switch to debian...i ll think they give longer updates as the only linux distro - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFE2xcMNxddAhXBw7QRAu3EAJ9zZ0DlAi0h8oVMTPwBS4CefNVw9ACfcOaH zCu8+oD8HQ5m73X1sbuAW3Y= =XYne -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] This list is a black hole.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Mason schrieb: Seems that many questions get answered... but most to the original requestor... not the list. Plus, many of us watching don't know as much as the esteemed 30 or so experts so we can only help on that which we have tried. Are you having a problem? I'll try to answer it. -Original Message- From: [EMAIL PROTECTED] on behalf of Steven Rice Sent: Tue 8/8/2006 8:12 AM To: samba@lists.samba.org Subject: [Samba] This list is a black hole. Many questions goes in, Very few answers come out. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Hi John, Stefan, maybe most of the questions ar allready answered if using the mail archive or/and read the faqs, i answered a lot in that list but i am not willing to answer same questions every day, in comparing to other lists , this one is very nice - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFE2JjZNxddAhXBw7QRAlmWAJ48Mg8G1veWeb6QYoH5sXZR+GEDEwCfdXJE SkT2yzIaBAg5gXW5lf9jw9k= =9tHh -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.20 + squid 2.5 : automatic logon with internet explorer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rodolphe A. schrieb: hello, samba is setup PDC with ldap client : windows xp pro sp2 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard is it possible to create an automatic logon with internet explorer ? perhaps with ntlm_auth, but i can't find the good sentence. thanks. Hi, i ve did right this and i works now perfekt for nearly a year. But you have many choises to realize this. The setup which will include all possible features with a smb pdc ( with ldap )is like this. If you use firefox or ie with the automatic search proxy setting the search to files like proxy.dat , proxy.pac wpad.dat on a webserver on the gateway of the lokal network, these files held the data which where the browser will find the proxy. Additional you hav to have entries in you internal dns like wpad.tcpSRV 0 0 80 wpad wpadA 192.168.110.1 TXT service: wpad:!http://intranet.gundk.intern:80/proxy.pac; and on the internal dhcp server like this option wpad code 252 = text; option wpad http://192.168.110.1/proxy.pac\n;; you can find faqs an doku about this on the squid side. I have implemented different groups in the win domain like wwwuser , which can join the internet via proxy , and a group filteroveride to join directly www without using squidguard ( for admins etc ). So you can manage the groups out from usrmgr. so i have entries like this in squid.conf # user group which are allowed to access the internet in general auth_param ntlm program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-ntlmssp - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-basic - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic children 5 # auth_param ntlm use_ntlm_negotiate on # auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 15 minutes auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl user proxy_auth REQUIRED http_access allow user #pam auth agains a system group works here too (nss_ldap), we use it to overide the redirector vor vips external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g wwwdirect acl direct external unix_group wwwdirect redirector_access deny direct always_direct allow direct http_access allow direct as you see i used the sid of the nt groups , cause their names didint work, to overide the squidgauard i use a system group which is tha same as a nt group cause there is mapping over nss_ldap ( other setups may be better but this works ) the i configured winbind to use the lokal smb pdc ( just join your own domain )...im not sure why i did this but i think it was a must with squid , squid must run with a user that is able to join the winbind socket ( see squid, samba doku ) After all you need a few iptables rules to forbid bypass the proxy. note you cant use squid auth with a transparent proxy squid setup! But if you dont need auth and the group stuff a setup with a squid transparent proxy and iptables is much more easy to implement automatic filtering ( see squid faqs how to do this ), if you do so you can only manage things with the source ip of the client computer , but not by user name or group auth. ( dont copy and paste this , read the faqs ) Best Regards - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s kf/FSvVp4RbIfgdY6pj1Hmw= =RYf+ -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA-LDIF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Boukari Ouédraogo schrieb: Hello! How to get samba users in a file in ldif format? samba 3.0.14 Many thanks for all Boukari hi do it like this slapcat -l ldap.ldif - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD4DBQFEheWANxddAhXBw7QRAla2AJIC8aJ86kno7FHZXZEEHxQCAJ1oAJwKE0JR GH1foXq4WIVzE/NDeHeD0A== =Sz5G -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] max number of users in passwd ( out of topic )
Hi @ll, this is a little out of topic, sombody knows which is is the maximum number of users possible in /etc/passwd ? i looked around google and man but did not find the info, i read somewhere its like 65000 is this true? thx Robert -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
Hi Jerry , isnt it fine to have a parameter if you want to talk to ldap bound to a different port, and isnt ldap server making it more clear ? Or is this just the entry in the conf and such a function can be defined elsewhere? Regards Collen Blijenberg schrieb: Quite a list, but no non we use. might i do a sugestion ? all with all, there are a lot of changes is the up coming release. not only these parameters en config options, but also the removal of the sql backends that multi passwd backend thing.. isn't it smarter , or it makes more sense to push these rather big changes through the 3.1 release ??? Cheers, Collen Gerald (Jerry) Carter wrote: Here's a short list of parameters I'd like to remove from smb.conf. hosts equiv read bmpx wins partners ldap server ldap port homedir map nis homedir magic script magic output Comments? I'd also like to kill the following configure options --with-nisplus-home --with-ldapsam --with-automount --with-dce-dfs -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question: Universal group support
[EMAIL PROTECTED] schrieb: Samba 3.0.x support Windows NT domain. Therefore, Samba support only a global group and a local group. Is this correct? And Samba 3.0.x not support Universal group. Universal group support on Samba 4.x. Is this correct? -- --- Oota Toshiya --- oota at mail.linux.bs1.fc.nec.co.jp NEC Computers Software Operations Unit Shiba,Minato,Tokyo OSS Promotion CenterJapan,Earth,Solar system (samba-jp Staff/postmaster,mutt-j/faqomatic admin,analog-jp postmaster) Hi, this may off topic , but some nt-admins of very large ad domains ( 1 workstations and more ) warned me to use universal groups as it may lead to perfect chaos in the groups of ad which might terrible to debug. in failure situations Best Regards -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating a trust on an unstable network
Hi Ray, i had a vpn based on openvpn and tap interfaces, with a trust between two samba domains this worked like charme , the conection was resetted 2 times a day by the adsl provider. If the trust brakes on a longer timeout you have to reestablish the trust which causes a lot of traffic over the vpn, also it can be very frustration in use if the the trust is not in sync, cause it may lead to failures at logon , share rights etc Best Regards Ray Greene schrieb: I would like to create a trust between a Samba domain and a Win2K domain. The Samba domain connects via VPN to the Win2K domain. The Samba domain users need access to files on the Win2K domain and a trust would make it easier to handle permissions on the files. However the VPN connection isn't very stable and drops the connection every day or two. The Samba Howto says this is a bad thing to try, but doesn't say why. What exactly happens in this situation when the connection between the domains is dropped? -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: URGENT!!!!! Problem: outlook.pst with samba 3.0.21c!!!!!!!!
Hi Joerg, pst are a special kind of files, and its not not recommended hosting them on network shares, see technet, cause they get corupted But i know many people do it. So keep clear that the psts are not growing very large ( under 1G is ok ) stop any vfs antivir at the pst shares, play with lock parameters. i have one costumer who is hosting his pst on network shares with samba 3.0.14 and there is no bug with it. I dont have testet it with latest samba. But i am nearly sure this is not a samba problem, i recommend you install a kolab server which works nice to outlook. pst where never thought to be hosted on networks. For testing copy a working pst file to the place ( share ) where the not working one is hosted and try to open it, if this works you know the pst got corupted , there are a few tools by ms to reconstruct such files ( search technet ) but do it by copy them to a local client. In your scenario you should have daily backups of the psts anyway But i read a lot about problems with solaris samba , maybe the bug is only in solaris samba, as workaournd switch back to former samba version Best Regards Jörg Nissen schrieb: You should give us a look at your smb.conf. AFAIK from my very own experience: 3.0.21c somehow behaves different from 3.0.20 with the same smb.conf. Maybe you have to set some values which did not have to be set before. MfG Jörg Nissen - Original Message - From: WolverineJR [EMAIL PROTECTED] Newsgroups: mailing.unix.samba Sent: Friday, March 10, 2006 9:40 AM Subject: URGENT! Problem: outlook.pst with samba 3.0.21c Hello Samba-Gurus!! Following really really important problem: Yesterday evening, we have upgraded our Solaris9-Samba-Fileserver from Samba-Version 3.0.11 to 3.0.21c. All worked fine. But today, we have following problem: Some users, which outook.pst-file is situated on the samba-fileserver in their home-share, cannot send or get mails via Outlook2000 und Outlook2003. When we try to change the path to the PST-file, we get the messages, that the file cannot be accessed. Here is a sample of the samba-log of one of the clients: [2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(70) unix_mode(outlook.pst) inheriting from . [2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(78) unix_mode(outlook.pst) inherit mode 40700 [2006/03/10 07:39:03, 2] smbd/open.c:open_file(350) abm opened file outlook.pst read=Yes write=No (numopen=2) [2006/03/10 07:39:03, 2] smbd/close.c:close_normal_file(308) FRANKFURT+abm closed file outlook.pst (numopen=1) [2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(70) unix_mode(outlook.pst) inheriting from . [2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(78) unix_mode(outlook.pst) inherit mode 40700 [2006/03/10 07:39:03, 2] smbd/open.c:open_file(350) abm opened file outlook.pst read=Yes write=No (numopen=2) [2006/03/10 07:39:03, 2] smbd/close.c:close_normal_file(308) FRANKFURT+abm closed file outlook.pst (numopen=1) [2006/03/10 07:39:03, 2] smbd/dosmode.c:unix_mode(70) What here stand out is, that samba try to open the outlook.pst - file with READ=YES and WRITE=NO... this can not be right Another thing is, that after the samba-upgrade, we don´t get the absolut pathes from the opened files in samba. In SWAT we only get something like: outlook/outlook.pst Normally it should look like: /homes/xxx/outlook/outlook.pst Does have anybody a solution or idea?? THIS IS REALLY IMPORTANT THX -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: URGENT!!!!! Problem: outlook.pst with samba
i looked at my costumer which is using psts in their homes this works if the psts are under 1GB ( later it slow very much , which is relate to outlook and pst not to samba ) [homes] comment = Home of %U on %L read only = No csc policy = disable browseable = No inherit acls = Yes create mask = 0700 directory mask = 0700 locking = No oplocks = False level2 oplocks = False valid users = %S profile acls = Yes store dos attributes = yes dos filetimes = yes delete readonly = yes Jörg Nissen schrieb: You could try adding valid users = %S to the [homes] section. MfG Jörg Nissen - Original Message - From: WolverineJR [EMAIL PROTECTED] Newsgroups: mailing.unix.samba Sent: Friday, March 10, 2006 10:35 AM Subject: Re: URGENT! Problem: outlook.pst with samba # Global parameters [global] unix charset = ISO8859-1 display charset = ISO8859-1 workgroup = x realm = xxx.xxx.xxx netbios name = --- Hostname server string = Server Samba-Fileserver security = ADS password server = xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx log level = 2 log file = /var/log/samba/%m.log max log size = 50 keepalive = 0 logon home = \\xxx\%U ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 idmap gid = 1-2 winbind separator = + admin users = xxx , xxx inherit permissions = Yes inherit acls = Yes [homes] path = /homes1/%U read only = No browseable = No veto oplock files = /*.pst/*.PST/*.Pst/ --- this entry we have entered just before 2 minutes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba4wins only with samba =3.0.21?
hi, it a independed daemon, if you recompile the src rpm it should work Best Regards Michael Gasch schrieb: [update] releases say: yes greez Michael Gasch schrieb: hi, i read about samba4wins, which is really a great work from the team! do you know, if this will work with samba v3.0.14a? i ask because a german news service writes that it´s only possible with 3.0.21 (http://www.heise.de/newsticker/meldung/69132), but i can´t find this information in the notes on http://ftp.sernet.de/pub/samba4WINS/samba4wins-1.0.0-16/ thx for helping me! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] many servers and mobile users - always use the most fresh user profile - ideas?
Hi Bob, the normal setup would be a bdc in other locations, and setup users profiles in their home offices, if they have only short terms of visit in other offices they must life with longer logon time, if they stay lets say longer than two week than move their profiles and homes to the other bdc, so its done in very large ( 1 users ) windows networks ,i know. this is can very easy be done with ldap and samba. I dont think rsync profiles will be a satisfactory solution, cause users can also comming from vpn adsl/wlan etc so the profile are never in sync int that case ( ie if they work in hotels at night etc ) in my cenarios. choose a good vpn connect 2 MB synchron with openvpn was enough for me with 100 users 90% sitting in their home offices 10 % traveling around. I had limited the profiles to 30 MB maximum, so even in the worst case in ca. 3 minutes they got their profile staying in any kind of office net. This stuff deeply depends on the conection limits, so i.e i know companies they have black fiber lines in usa , europe, asia , but isdn in africa and have to sync more than just profiles, i.e exchange data etc. so the have bdc in africa office ( with good connect ) so they syncing with europe every hour , from there africa office b wich has only isdn is synced further only in night. after all have this global network a full working time service across the networks is needed, just a lot what admins much think of at syncing any data. Best Regards Gautier, B (Bob) schrieb: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Tomasz Chmielewski Sent: 10 March 2006 14:14 To: samba Subject: [Samba] many servers and mobile users - always use the most fresh user profile - ideas? I have a situation like below: Samba servers in many cities; one backup server in the central location that fetches user profiles each night (changes really with rsync). Users work in many locations; sometimes one user can work in city A, and a day later he can work in city B. This means that they have problems with their profiles - user profile for city A will be different from his profile in city B. Using the central server for storing all profiles is not a good solution - it would take too long to fetch/upload user profile over WAN/VPN. Pulling the profile from the central server should only happen if the local profile is older. I tried using preexec, to launch a script which would compare the local and remote profile, and pull the newest version from the central server if necessary. However, Windows logon times outs after 2 minutes, and usually it takes longer to download the profile. Has anyone ever dealt with the situation where users work in multiple locations, but would like to have the profiles the same? I know it can be done easily with Windows 2003 R2, what about Samba? About a year ago I worked out an architecture in which rsync would be used to replicate profiles from location to location (replication being triggered by *logout*, not *login*) but it never got anywhere near implementation as far as I am aware. You just have to make sure you have enough bandwidth so you can move the profiles faster than the people. :-) Of course rsync helps quite a bit. Bob Gautier -- Tomasz Chmielewski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba _ This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat. _ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth via PAM or /etc/passwd
hi, i you not wanna use ldap study this http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html auth via pam is possible but i would not recommend this, i had testet this a long time ago and it works Best Regards Andrea Venturoli schrieb: Mikhail Ramendik wrote: Hello, A friend wants to set up Samba (3.0.9-2.6-SUSE) so that users would log on using the same credentials as on the local Linux system, without a separate password database. He would like Samba to use PAM or /etc/passwd. Is it possible, and if so, how? AFAIK no. I think it would not be possible without disabling password encryption, which would also mean he'll have to do without a lot of other things. I'm doing it the other way round, i.e. using Samba as my authentication engine and let any other service authenticate through pam_smb. Then I use nss_ldap to complete the thing. bye av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two PDC's conflict
Hi, its no problem to have 2 pdcs , but its a problem to have two wins server on the same network, configure only on pdc to be wins server Regards Pavan schrieb: Hi All, I am currently running two PDC's with different domain names on the same network. But after a day of smooth running I am starting to have problems with the users accessing the network resources with an error message. As far I understand there must not be such conflict with the Samba PDC's with different domain names on the same subnet. Can any one suggest what might be wrong in such case? thanks for the help, Pavan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 1 byte writes
Hi Thomas, i dont see any bugs in your conf, but in general there is no performance issue known to me with current samba, what are the samba log say , or/and tcpdump have you firewall on the server etc how is your setup in wins browsing have you tested another nic Bets Regards Thomas Limoncelli schrieb: After migrating a particular W2K file service to Samba 3.0.21c on SuSE 9.3 Pro (a DMS with winbindd against a W2K3 ADS), the W2K clients are suffering performance issues (in a switched LAN). Looking at the traffic with Ethereal (latest SVN), it looks like the client writes the data in *1 byte* pieces likes this (c=client, s=server): c-s NT Create AndX Request c-s NT Create AndX Response c-s Trans2 Request, SET_FILE_INFO c-s Trans2 Response c-s Trans2 Request, QUERY_FILE_INFO, Query File Basic Info (1004) c-s Trans2 Response c-s Write AndX Request, 1 byte at offset 119 -- sigh c-s Write AndX Response, 1 byte c-s Trans2 Request, QUERY_FILE_INFO, Query File Standard Info (258) c-s Trans2 Response c-s Write AndX Request, 1 byte at offset 155 -- sigh again c-s Write AndX Response, 1 byte c-s Trans2 Request, QUERY_FILE_INFO, Query File Standard Info (258) c-s Trans2 Response c-s Write AndX Request, 1 byte at offset 191 -- see above c-s Write AndX Response, 1 byte ... c-s Write AndX Request, 1 byte at offset 6629781 -- 100 secs later!! c-s Write AndX Response, 1 byte c-s Trans2 Request, QUERY_FILE_INFO, Query File Standard Info (258) c-s Trans2 Response c-s Write AndX Request, 4096 bytes at offset 0 -- the file header? c-s Write AndX Response, 4096 bytes c-s Write AndX Request, 2454 bytes at offset 6627328 -- strange c-s Write AndX Response, 2454 bytes c-s Flush Request c-s Flush Response c-s Close Request c-s Close Response resulting in incredibly poor write performance. Does this ring a bell with anyone? Searching the list archives, this issue seems to be only known with particular poorly-written applications: http://groups.google.com/group/mailing.unix.samba/browse_thread/thread/89c619c8ea1e48/256e1ebf227819cc but we're running none of those mentioned there (but may have found yet another ;-)). Then, still, there haven't been any noticeable performance issues with the same application against the original W2K file server, so /me ends up as the one being pointed at. :-( smb.conf global settings are the same as in an earlier thread (http://lists.samba.org/archive/samba/2006-February/118057.html) plus the following share-level settings: [grp$] path = /cifs/grp valid users = +XXX\mygroup read only = No create mask = 0770 directory mask = 0770 nt acl support = Yes acl group control = Yes map acl inherit = Yes Any ideas? -TL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 1 byte writes
Hi Thomas, Jeremy allready gave you good advice, i just wanted to ask about the ask the all day questions before go further Best Regards from snow white munich Thomas Limoncelli schrieb: Robert Schetterer wrote: but in general there is no performance issue known to me with current samba, what are the samba log say , or/and tcpdump I've posted a (hopefully reasonable) summary of the on-the-wire traffic as seen with Ethereal. What are you expecting to gain from tcpdump here? As for samba logs, I don't see any particularly suspicious entries, but I'm not sure what to look for either :-/. After all, if the client is asking for 1 byte writes, Samba just serves it. If anyone wants to look into my level 10 debug log, I'll be happy to provide it (off-list). have you firewall on the server etc how is your setup in wins browsing have you tested another nic I'm not seeing any network packet loss nor packets dropped by iptables. WINS browsing is working fine from my perspective, but I'm unsure how this is releated. Further comments welcome. -TL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth via PAM or /etc/passwd
Hi ,why not use ldap it works like charme ( and would work exactlty as you like ) and its easy to setup with suse Regards Mikhail Ramendik schrieb: Hello, A friend wants to set up Samba (3.0.9-2.6-SUSE) so that users would log on using the same credentials as on the local Linux system, without a separate password database. He would like Samba to use PAM or /etc/passwd. Is it possible, and if so, how? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Samba Version 3.0.20b-3.4-SUSE]: WinXP-Error writing to share
Hi Bjoern, in general there is no problem with suse samba etc ich have very large samba domains up and running, but dont forget samba 3 is acting like win nt 4 server ( pdc ) its not an active dir controller as win 2003 server if you need acitve dir for i.e exchange version higher than 5.5 you have to wait until samba 4 gets released, so think about that before your migration. at a look at your logs this seems a network problem have you any firewalls enabled on the suse or/and on the win client? -Transport endpoint is not connected for testing do not use this parameters use sendfile = large readwrite = max xmit = hosts allow = your conf does not look very logical to me why dont try edit the suse default conf create mask = 0777 directory mask = 0777 dont do this in global perhaps you should study more in the smb faqs which are online in german too, ther are easy examples in it for testing and migration examples. dont mess around with groups etc at starting with samba Best Regards Björn Mayer schrieb: Hello mailing-list, this is my first post and i hope that you enjoy my very bad but sometimes funny english. My Problem is the following: First of all, my server-config: Samba Version 3.0.20b-3.4-SUSE on a SUSE Linux Enterprise Server 9 with Kernel 2.6.5-7.252-smp Now the problem is, that samba generally works fine, but it doesn't work to work with a special application directly on a samba-share. This app is EPLAN, who is configured to save his project-data on the servershare, because of the fact that there everything will be backuped regularly. All this worked prior with a Windows Server 2003, which now should be replaced with the linux samba-server. Now when we switched to Samba for testing purposes the error occured, that Windows throws the following Error while working with EPLAN on the networkshare: --- Windows - Datenverlust beim schreiben Es konnten nicht alle Daten für die Datei \\UNC-Path-to-share\file.ext gespeichert werden. Die Daten gingen verloren. Mögliche Ursache könnten Computerhardware oder Netzwerkverbindung sein. Versuchen Sie, die Dateien... --- which in english means something like --- Windows - data loss at writing It was not possible to save all data for the file \\UNC-Path-to-share\file.ext. The data was lossed. Possible reasons can be the Hardware or networkconnection. ... --- Copying data on the share while using copy ans paste with the explorer seems to be working fine. I have no idea which reason this can have. Maybe some pro here outside has an idea. Of course there can be recognized something in the /var/log/messages: Mar 7 11:14:47 mve-server2 smbd[8195]: [2006/03/07 11:14:47, 0] lib/util_sock.c:write_data(554) Mar 7 11:14:47 mve-server2 smbd[8195]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Mar 7 11:14:47 mve-server2 smbd[8195]: [2006/03/07 11:14:47, 0] lib/util_sock.c:send_smb(762) Mar 7 11:14:47 mve-server2 smbd[8195]: Error writing 5 bytes to client. -1. (Connection reset by peer) Mar 7 11:18:55 mve-server2 smbd[8244]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8244]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/access.c:check_access(328) Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: Denied connection from (0.0.0.0) Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:get_peer_addr(1222) Mar 7 11:18:55 mve-server2 smbd[8250]: getpeername failed. Error was Transport endpoint is not connected Mar 7 11:18:55 mve-server2 smbd[8250]: Connection denied from 0.0.0.0 Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07 11:18:55, 0] lib/util_sock.c:write_data(554) Mar 7 11:18:55 mve-server2 smbd[8250]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Mar 7 11:18:55 mve-server2 smbd[8250]: [2006/03/07
Re: [Samba] [Samba Version 3.0.20b-3.4-SUSE]: WinXP-Error writing to share
Hi, if it is a bug it is relate to winxp 64 versions, i had never such problems with suse/samba during all upgrades from first samba 3 release up to now on different servers 32/64 intel /amd with mutliple nics perhaps somthing is allready in bugzilla about win xp 64? Regards Beschorner Daniel schrieb: We have a similar or same problem with one of our servers after upgrade from 3.0.14 to 3.0.21x (incidentally??). The log shows things like: write_data: write failure in writing to client 192.168.17.249. Error Broken pipe [2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected [2006/03/06 20:46:47, 0] lib/access.c:check_access(328) [2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0) [2006/03/06 20:46:47, 1] smbd/process.c:process_smb(1187) [2006/03/06 20:46:47, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected Connection denied from 0.0.0.0 [2006/03/06 20:46:47, 0] lib/util_sock.c:write_data(557) write_data: write failure in writing to client 192.168.17.250. Error Connection reset by peer [2006/03/06 20:46:47, 0] lib/util_sock.c:send_smb(765) Error writing 5 bytes to client. -1. (Connection reset by peer) Clients are XP x64. When saving fails the Windows log reports mrxsmb - delayed write failed. I still suspect the network hardware (switch? NICs?) to do something wrong, but can't Samba take out yet. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] preexec and client timeout when script long to execute
Tomasz Chmielewski schrieb: I wrote a script which downloads user profile from a remote server if the profile doesn't exist on a local server - and executes it via preexec in [profiles] share. It works fine, however, there is a major glitch with it. After 3 minutes or so, the client times out, and says that that the server-side profile cannot be found, contact your administrator etc. The script is still running and downloads the profile from the remote server, which will take few more minutes. Is there a way to tell the client not to time-out during logon, when the script is being executed? Hi i also tested such stuff, and failed ,it maybe possible if you are increasing the time value with poldedit.exe Ntconfig.pol for profile logon waiting time to this user and/or machine Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] preexec and client timeout when script long to execute
Tomasz Chmielewski schrieb: Robert Schetterer wrote: Tomasz Chmielewski schrieb: I wrote a script which downloads user profile from a remote server if the profile doesn't exist on a local server - and executes it via preexec in [profiles] share. It works fine, however, there is a major glitch with it. After 3 minutes or so, the client times out, and says that that the server-side profile cannot be found, contact your administrator etc. The script is still running and downloads the profile from the remote server, which will take few more minutes. Is there a way to tell the client not to time-out during logon, when the script is being executed? Hi i also tested such stuff, and failed ,it maybe possible if you are increasing the time value with poldedit.exe Ntconfig.pol for profile logon waiting time to this user and/or machine If such a value exists. Anyone knows? for sure this value exists ( and many tuning stuff about logins and time ), its special made for low traffic conections,which are typical for vpn or modem cons , but it musnt solve your problem cause login is very complex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Repost] Offline Files No Go
Hi Peter, i dont know any bugs with samba and offline files, sync is a complex stuff on native windows servers too, on the samba side there is only this parameter to controll them, so other stuff is client related which can be very fine controlled by adms or/and local machine policies. for sure you should have the latest samba version , and a brand new win client for testing with all patches installed. i recommend study tech net working with offline files. As i did synced homes for laptops last time i had no problem with it, but i was not very lucky about the gereral implementation of this feature in windows. so i did it with rsync wich works more nice. theres only one good stuff and this is the general controll of this behavior in a domain from NTconfig.pol which i like very much Best Regards [EMAIL PROTECTED] schrieb: Robert, I understand about the configuration options on the Windows side, but what my problem is that no matter what I setup on the windows side, the clients do not behave properly with offline files from my Samba server. If I set them offline from a windows server, there is no problem. I only have issues when I make a samba share available offline. I need to make every user's home directory available offline for laptop travel, but I can't get the system to work. I am really starting to think this is a bug in my version of Samba. Thanks! -Cheers, Peter. In specification, Murphy's Law supersedes Ohm's Law. --Unknown Robert Schetterer [EMAIL PROTECTED] r.org To [EMAIL PROTECTED] 03.03.2006 12:42 cc samba@lists.samba.org Subject Re: [Samba] [Repost] Offline Files No Go Hi Peter, there is only one parameter in smb.conf with offline files to a share from man smb.conf csc policy (S) This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable. These values correspond to those used on Windows servers. For example, shares containing roaming profiles can have offline caching disabled using csc policy = disable. Default: csc policy = manual Example: csc policy = programs but if you wanna fine tune i.e by users/groups/host etc you have to do this with NTconfig.pol in the netlogon share created by poledit.exe which is more flexible so would say use csc policy = manual in your conf so it depends to users entries when or what offline sync in a share, but i dont think this is a good idea at the profiles share ( as i saw it in your conf ,i use disable here ) Best Regards [EMAIL PROTECTED] schrieb: Robert, Ah, I now see what you are meaning... I have used the Active Directory policy manager to create the policies that I want and have successfully run offline files from a Windows server, my trouble is that when I move to a Samba server, the Windows PCs have improper behavior. (i.e. files can not be accessed even with proper permissions, applications report the files as non-existant, etc.)I am thinking that my problem is either related to my Samba configuration or my Samba version. How does my configuration file compare to your configuration? Thanks so much! -Cheers, Peter. In specification, Murphy's Law supersedes Ohm's Law. --Unknown Robert Schetterer [EMAIL PROTECTED] r.org To 03/02/2006 05:26 [EMAIL PROTECTED] PM cc samba@lists.samba.org Subject Re: [Samba] [Repost] Offline Files No Go hi, sorry that i wrote
[Samba] test
test -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with AUTOCAD (german version) and samba
hi Kurt, control your locale settings on the samba server and your settings in smb.conf, but at a short look on your log i would say you have a oplock problem in suse you can change local in /etc/sysconfig/language to [EMAIL PROTECTED] and parameter root uses language = yes ( note this might break yast ncurses display in tty.. in suse versions prior 10 ) in smb conf ( samba3 )set unix charset = ISO8859-1 display charset = ISO8859-1 dos charset = 850 the file names with umlauts should be visible in the native linux filesystems too , if they arent you have to rename them if using this entries. in the share try using this parameters locking = No oplocks = False level2 oplocks = False acl check permissions = no controll the file permissions ( ls -la ) of the desired file , too make sure that there is no problem with ownership you might test this first perhaps setting this may your fix your problems without changing locale Good Luck Best Regards Kurt Weiss schrieb: a problem occurs, if somebody tries to access a file, named with ü in path- or filename: AUTOCAD acnnot access this files - throwing error (translated) cannot find drawing, make sure, that your networkdrive is available and the file exists. this only happens, with germen special letters ü and Ü opening with other applications and opening with ACAD on all other files is successful. does anyone have an idea, why this happen? e.g.: networkdrive N: opening N:\tmp\_täst\test.dwg - ok opening N:\tmp\_tüst\test.dwg - with ACAD error, other applications: success smbd logfile: unix_mode(temp/_tüst/test.dwg) returning 0770 [2006/03/03 10:43:24, 2] smbd/open.c:open_file(369) marcel opened file temp/_tüst/test.dwg read=Yes write=No (numopen=1) [2006/03/03 10:43:24, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(166) linux_set_kernel_oplock: got kernel oplock on file temp/_tüst/test.dwg, dev = 2103, inode = 4489682, file_id = 1092 [2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194) Transaction 6011 of length 90 [2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993) switch message SMBopenX (pid 10348) conn 0x83fa2e0 [2006/03/03 10:43:24, 3] smbd/dosmode.c:unix_mode(121) unix_mode(temp/_tüst/test.dwg) returning 0770 [2006/03/03 10:43:24, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(515, 102) : sec_ctx_stack_ndx = 1 [2006/03/03 10:43:24, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2006/03/03 10:43:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/03 10:43:24, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (515, 102) - sec_ctx_stack_ndx = 0 [2006/03/03 10:43:24, 3] smbd/oplock.c:initial_break_processing(320) initial_break_processing: called for dev = 0x2103, inode = 4489682 file_id = 1092 Current oplocks_open (exclusive = 1, levelII = 0) [2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194) Transaction 6012 of length 55 [2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993) switch message SMBlockingX (pid 10348) conn 0x83fa2e0 [2006/03/03 10:43:24, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(515, 102) : sec_ctx_stack_ndx = 1 [2006/03/03 10:43:24, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2006/03/03 10:43:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/03 10:43:24, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (515, 102) - sec_ctx_stack_ndx = 0 [2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194) Transaction 6013 of length 90 [2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993) switch message SMBopenX (pid 10348) conn 0x83fa2e0 [2006/03/03 10:43:24, 3] smbd/dosmode.c:unix_mode(121) unix_mode(temp/_tüst/test.dwg) returning 0770 [2006/03/03 10:43:24, 2] smbd/open.c:open_file(369) marcel opened file temp/_tüst/test.dwg read=Yes write=Yes (numopen=2) [2006/03/03 10:43:24, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(161) linux_set_kernel_oplock: Refused oplock on file temp/_tüst/test.dwg, fd = 27, dev = 2103, inode = 4489682. (Resource temporarily unavailable) [2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194) Transaction 6014 of length 53 [2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993) switch message SMBsetattrE (pid 10348) conn 0x83fa2e0 [2006/03/03 10:43:24, 3] smbd/reply.c:reply_setattrE(5460) reply_setattrE fnum=9542 ignoring zero request - not setting timestamps of 0 [2006/03/03 10:43:24, 3] smbd/process.c:process_smb(1194) Transaction 6015 of length 45 [2006/03/03 10:43:24, 3] smbd/process.c:switch_message(993) switch message SMBclose (pid 10348) conn 0x83fa2e0 [2006/03/03 10:43:24, 3] smbd/reply.c:reply_close(3271) close fd=27 fnum=9542 (numopen=2) [2006/03/03 10:43:24, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(515, 102) : sec_ctx_stack_ndx = 1 [2006/03/03 10:43:24, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(100) :
Re: [Samba] [Repost] Offline Files No Go
Hi Peter, there is only one parameter in smb.conf with offline files to a share from man smb.conf csc policy (S) This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable. These values correspond to those used on Windows servers. For example, shares containing roaming profiles can have offline caching disabled using csc policy = disable. Default: csc policy = manual Example: csc policy = programs but if you wanna fine tune i.e by users/groups/host etc you have to do this with NTconfig.pol in the netlogon share created by poledit.exe which is more flexible so would say use csc policy = manual in your conf so it depends to users entries when or what offline sync in a share, but i dont think this is a good idea at the profiles share ( as i saw it in your conf ,i use disable here ) Best Regards [EMAIL PROTECTED] schrieb: Robert, Ah, I now see what you are meaning... I have used the Active Directory policy manager to create the policies that I want and have successfully run offline files from a Windows server, my trouble is that when I move to a Samba server, the Windows PCs have improper behavior. (i.e. files can not be accessed even with proper permissions, applications report the files as non-existant, etc.)I am thinking that my problem is either related to my Samba configuration or my Samba version. How does my configuration file compare to your configuration? Thanks so much! -Cheers, Peter. In specification, Murphy's Law supersedes Ohm's Law. --Unknown Robert Schetterer [EMAIL PROTECTED] r.org To 03/02/2006 05:26 [EMAIL PROTECTED] PM cc samba@lists.samba.org Subject Re: [Samba] [Repost] Offline Files No Go hi, sorry that i wrote this like missunderstanding, what i mean you can fully control offline file/directory behavior with NTconfig.pol for user ,groups ,client machines so this is the tool/function you need i use it to disable offline files on workstations and have it possible with laptop with different samba shares. there are a lot of ohter features possible, so exclude filestypes etc.. Regards [EMAIL PROTECTED] schrieb: Robert, I don't want to disable this... I want to make it work. That is what I am looking for help with. Thanks. -Cheers, Peter. In specification, Murphy's Law supersedes Ohm's Law. --Unknown Robert Schetterer [EMAIL PROTECTED] r.org To [EMAIL PROTECTED] 02.03.2006 04:09 cc samba@lists.samba.org Subject Re: [Samba] [Repost] Offline Files No Go Hi, yo can do disabling offline features via NTconfig.pol. for users and/or machines and different folders study google and smb faqs how to use this Regards [EMAIL PROTECTED] schrieb: Dear All, I want to enable Offline Files support on several Win2K SP4 laptops. We have a samba file server. I have researched as much as I could to get answers and here is what I have. I am unfortunately unable to get this working properly. If anyone can answer or point me in to a good resource, I would greatly appreciate that. I am attempting to offline profile directories mapped to network drive letter X:. Here is my config
Re: [Samba] [Repost] Offline Files No Go
Hi, yo can do disabling offline features via NTconfig.pol for users and/or machines and different folders study google and smb faqs how to use this Regards [EMAIL PROTECTED] schrieb: Dear All, I want to enable Offline Files support on several Win2K SP4 laptops. We have a samba file server. I have researched as much as I could to get answers and here is what I have. I am unfortunately unable to get this working properly. If anyone can answer or point me in to a good resource, I would greatly appreciate that. I am attempting to offline profile directories mapped to network drive letter X:. Here is my config for the profiles share: - [Profiles] comment = Shared User Profiles path = /home invalid users = nobody, guest create mask = 0600 directory mask = 0700 map acl inherit = Yes case sensitive = Yes hide special files = Yes store dos attributes = Yes csc policy = documents dos filemode = Yes dos filetime resolution = Yes - I get an error similar to the following for every file that I try to make available offline: Could not make 'somthing.doc' available offline. The specified file can not be found. If I create a new file, it appears as available offine, but I can neither delete nor rename it. At that point I usually start to get an Access Denied error on the entire shared drive and am forced to restart. The share is stored on a RHEL 3 server running Samba 3.0.9-1.3E.5 with an EXT3 file system with ACL support enabled. I have also included my global configuration at the bottom of this email. Here is my test procedure. -I make a share available offline. -It synchronizes showing all current files as Unable to make 'file.txt' available offine on '\\server_b\profiles\testuser\My Documents'. The system cannot find the file specified. -I create new files in the folder while online. They appear oplocked in samba status: DENY_NONE RDWR EXCLUSIVE+BATCH /home/testuser/My Documents/New Text Document.txt -I attempt to give the file a name. This results in X:\My Documents folder does not exist. Do you want to create it? -The oplock is removed. -If I edit the file and attempt to save changes, I get This file exists with Read Only attributes. Please use a different name. -If I then name the file something else, the file is created on the windows side and appears offline available. The file appears on the samba server also. -If I try to save this file again, I repeat the This file exists with Read Only attributes... situation from above. -Now, if I take the computer offline by disconnecting the NIC... all files behave normally. -After reconnecting, all files that were changed on windows while offline are synced to the samba server. Could this have something to do with case sensitivity or such? ANY help is greatly appreciated. Thanks! -Cheers, Peter. [global] workgroup = EXAMPLE realm = EXAMPLE.COM server string = File Server [ServerB] (Samba %v) security = ADS password server = SERVERA username level = 5 log level = 1 log file = /var/log/samba/%m max xmit = 65535 name resolve order = host wins bcast socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY load printers = No logon script = \\servera\netlogon\logon.bat logon drive = X: logon home = \\SERVERB\Profiles\%U lm announce = No preferred master = No local master = No domain master = No wins server = 10.0.2.1 lock spin count = 30 lock spin time = 15 ldap ssl = no idmap uid = 1000-2000 idmap gid = 1000-2000 template primary group = @ template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind cache time = 10 winbind use default domain = Yes winbind nested groups = Yes printer admin = jdoe read only = No create mask = 0660 directory mask = 0770 inherit permissions = Yes inherit acls = Yes delete veto files = Yes veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/ veto oplock files = /*.sem/*.qbw/*.mdb/*.nsf/*.log/*.id/*.ini/ csc policy = disable strict locking = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Repost] Offline Files No Go
hi, sorry that i wrote this like missunderstanding, what i mean you can fully control offline file/directory behavior with NTconfig.pol for user ,groups ,client machines so this is the tool/function you need i use it to disable offline files on workstations and have it possible with laptop with different samba shares. there are a lot of ohter features possible, so exclude filestypes etc.. Regards [EMAIL PROTECTED] schrieb: Robert, I don't want to disable this... I want to make it work. That is what I am looking for help with. Thanks. -Cheers, Peter. In specification, Murphy's Law supersedes Ohm's Law. --Unknown Robert Schetterer [EMAIL PROTECTED] r.org To [EMAIL PROTECTED] 02.03.2006 04:09 cc samba@lists.samba.org Subject Re: [Samba] [Repost] Offline Files No Go Hi, yo can do disabling offline features via NTconfig.pol. for users and/or machines and different folders study google and smb faqs how to use this Regards [EMAIL PROTECTED] schrieb: Dear All, I want to enable Offline Files support on several Win2K SP4 laptops. We have a samba file server. I have researched as much as I could to get answers and here is what I have. I am unfortunately unable to get this working properly. If anyone can answer or point me in to a good resource, I would greatly appreciate that. I am attempting to offline profile directories mapped to network drive letter X:. Here is my config for the profiles share: - [Profiles] comment = Shared User Profiles path = /home invalid users = nobody, guest create mask = 0600 directory mask = 0700 map acl inherit = Yes case sensitive = Yes hide special files = Yes store dos attributes = Yes csc policy = documents dos filemode = Yes dos filetime resolution = Yes - I get an error similar to the following for every file that I try to make available offline: Could not make 'somthing.doc' available offline. The specified file can not be found. If I create a new file, it appears as available offine, but I can neither delete nor rename it. At that point I usually start to get an Access Denied error on the entire shared drive and am forced to restart. The share is stored on a RHEL 3 server running Samba 3.0.9-1.3E.5 with an EXT3 file system with ACL support enabled. I have also included my global configuration at the bottom of this email. Here is my test procedure. -I make a share available offline. -It synchronizes showing all current files as Unable to make 'file.txt' available offine on '\\server_b\profiles\testuser\My Documents'. The system cannot find the file specified. -I create new files in the folder while online. They appear oplocked in samba status: DENY_NONE RDWR EXCLUSIVE+BATCH /home/testuser/My Documents/New Text Document.txt -I attempt to give the file a name. This results in X:\My Documents folder does not exist. Do you want to create it? -The oplock is removed. -If I edit the file and attempt to save changes, I get This file exists with Read Only attributes. Please use a different name. -If I then name the file something else, the file is created on the windows side and appears offline available. The file appears on the samba server also. -If I try to save this file again, I repeat the This file exists with Read Only attributes... situation from above. -Now, if I take the computer offline by disconnecting the NIC... all files behave normally. -After reconnecting, all files that were changed on windows while offline are synced to the samba server. Could this have something to do with case sensitivity or such? ANY help is greatly appreciated. Thanks! -Cheers, Peter. [global] workgroup = EXAMPLE realm = EXAMPLE.COM server string = File Server [ServerB] (Samba %v) security = ADS password server
Re: [Samba] SAMBA WINS
Travis Bullock schrieb: Is Samba still unable to replicate WINS information? I have a Samba WINS server in place now at Location A. I am establishing Location B which will connect to Location A via OpenVPN behind a IPCop box. I would like to place a Samba WINS server in Location B so that client WINS traffic will not travel across the VPN, however I am unsure if Samba's inability to replicate WINS has since been changed. Cheers, Travis hi, a wins replicate daemon has been released by sernet the german host of samba, catch it there compile and test ( it worked for me with suse 10 ) but if you use openvpn with a direct vpn tap connect between 2 sambas only the right configs where needed in my setup, you can start samba with tap devices so they should find each with broadcast on the same net or with pointing browsing entries in smb.conf to oneanother for sure this connect where long times vpn connects Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain user notifications?
why not looking smb faqs, there is much info and examples about that Mark Rutherford schrieb: Is there a method of notifying users of a domain about a server or print queue reboot/shutdown/maintenance/problem? Our old Netware servers used to do this, and everyone seems to rely on the fact that they will be told they have X minutes remaining on a power failure, ect. Ideas on this anyone? -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backup Servers
Hi Ian, the nt 4 domain schema ( which is valid for samba ) resides in a pdc and bdcs ( this is done via ldap replication with samba ), so if the pdc istn allive the bdc will you give auth for logon with a windows client. The problem is ,a users home or/and roam profile can only be hosted on one place, so if the server ( smb pdc, bdc,nas whatever) which is hosting the homes and profiles, is down, there is no chance to get home and/or profile at logon,cause this is a unique entry in ldap. So a real backupserver on the fly is not possible with nt4, in case the pdc is not longer online the bdc must be upgraded to pdc and/or the home/profile files must be copied with all user permissions to i.e the new pdc ( i.e. upgraded from bdc, or other online smb/cifs machines ) and the entries of the users homes/profiles must be changed to point there. for shure you can use rsync ( or equals) to have files/profiles/homes synced with your pdc so you would have them online in case of failures. I guess this will be better with samba 4 as it acts as ad controller ( but i am not sure), but for now i see no cheap solution which makes which makes it possible to have backup servers full functionally without any admin intervention in case of failures. I maybe fail , but in this case Jerry will have the right stuff for you , i never used this patch because i see no real sense in it, having pdc and bdc rightly configured. Best Regards Ian Barnes schrieb: Hi, I am using a patch that Jerry wrote that will auto discover any secondary servers on your network and if the one its joined to dies, it will join another one. That's fine, I can join and everything works fine, until I unplug the server im joined to. It takes a few minutes to kill over, and once its detected that its dead, it swaps over and I get this if I then try wbinfo -a username%pass: plaintext password authentication failed error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc18b) error messsage was: No trusted SAM account Could not authenticate user Administrator%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc18b) error messsage was: No trusted SAM account Could not authenticate user Administrator with challenge/response Any ideas as to why this happens when it fails over? I can logon to both servers individually and everything works fine if they are both up, only if one dies, does this happen. Thanks Ian -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Outlook path to pst file is lost when using roaming profiles
Hi, i have all kind of versions of outlook ( 2000/xp/2003) running with roaming profiles and samba pdc and i dont have any problem loosing the pst path, on win 2000/xp, perhaps this was a bug from outlook configured using with imap, check about that, note that every outlook patchlevel behaves different, so check the outlook patch level too. I dont recommend setting regs , for the default pst i think it is better to use a adm/ntconfig.pol Regards Douglas Phillipson schrieb: Is nobody else losing their Outlook profile/path to pst when using roaming profiles? Doug P Douglas Phillipson wrote: We are having a problem getting the path to the Outlook PST file to move from machine to machine using roaming profiles (Samba 3.0.10 on RHEL 4). When a user logs off on one machine and logs on to another, the outlook path to the PST file is gone. I found this message in the archive back in 2002 but I see no resolution for it: http://lists.samba.org/archive/samba/2002-July/047507.html Here is the text from that post: Does anybody know how to manage roaming profiles with outlook 2002 ? I have XP boxes with roaming profiles and all work fine. The only problem is that XP doesn´t export the path where outlook stores ist .pst file. This is not the problem for the .pst file where outlook stores contacts and so. The path of the normal pst is on a network drive. But I have an IMAP mail account for every user and if you configure outlook for imap it creates another .pst file under the normal path ...Local Settings../outlook/ I am not able to store this file under a different path e.g. a network drive. I think that there are 2 ways for my problem: 1.) show outlook the path to a network drive for the imap pst as I did it for the normal pst -- I don´t know how 2.) export the whole outlook path under local settings -- It works, but not for a long time: After you create an outlook account for the first time, outlook adds a registry entry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -- ExcludeProfileDirs In this entry you can add directories of the roaming profile not to export. -- because of that, the outlook pst would not exported with the roaming profile. If I delete this entry on all workstations under the default and the user profile of the registry it works for some time. But after some time, I don´t know why the entry is back in the registry to not export the outlook folder. Does anybody have an idea ? Regards sven Has anybody else seen this problem or found a resolution? Thanks Doug P -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 + Exchange 5.5
Lars Boegild Thomsen schrieb: Hi Everybody, I've been asked to upgrade an old NT4 server with a new server running Debian/Samba. I've got no problem with migrating the old server, but I do have one unknown. The company mail run on an Exchange server that is most likely part of the NT4 network. Has anybody tried this setup? I did look in documentation and google and found precious little - which to me indicates that it might not be a problem at all (or nobody is running Exchange). you should have no problem with samba 3 and exchange 5.5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about policies [OT?]
Koenraad Lelong schrieb: Amit Sharma schreef: Yea, that is possible. First of all find the registry hive/key over any of your XP client, which controlls the 'firewall' then create a new custom ADM file to provide you the power to control the firewall settings from policy editor (search google for how to create custom adm files ~~ http://www.google.co.in/search?hl=enq=how+to+create+adm+filesbtnG=Google+Searchmeta=). Now import your first customised ADM file in policy editor then disable firewall from there. Save all your changes to a filename as NTCONFIG.POL. Place it in your netlogon share its all done. Let your XP clients log off n log on for changes to take effect. With the same way you can control any registry setting. But make sure you revert back the setting in policy editor to get that effect off from clients as these changes are tattooed to your box need to revert back precisely for reverse effect. Regards Amit.. Thanks (also Tomasz Chmielewski). I'm going to try these (with caution ;-)). Regards, Koenraad Lelong. you can use i.e. reg2adm tool to do such jobs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 3 + Exchange 5.5
Lars Boegild Thomsen schrieb: Robert Schetterer wrote: Lars Boegild Thomsen schrieb: have one unknown. The company mail run on an Exchange server that is most likely part of the NT4 network. Has anybody tried this setup? I did look in documentation and google and found precious little - which to me indicates that it might not be a problem at all (or nobody is running Exchange). you should have no problem with samba 3 and exchange 5.5 It should be noted that I have absolutely zero experience with Exchange. Would it be possible to configure this setup so Exchange automatically create email accounts to valid and active users in the network - or would they have to be manually created on the Exchange server. If you have no experience with exchange you shouldnt touch or use it ( my opinion ), samba is accting as nt4 server , so if you migrate the accounts from the old nt server to samba in the right way ( see samba migration faqs ) you should not go into trouble with exchange and all stuff would work as before Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] recycle:exclude
Franz Strebel schrieb: Hello, The recycle bin vfs module is working with samba 3.0.21b as it does move deleted files to the bin. However, it seems to ignore my settings in the exclude parameter. Any ideas? This is the relevant line in my smb.conf: recycle:exclude = *.tmp,*.temp,~$*,*.$$$,*.ldb Thanks in advance for any help. Regards, Franz Hi Franz on suse system this syntax works recycle:repository = Papierkorb/ recycle:keeptree = yes recycle:versions = yes recycle:touch = yes recycle:exclude = ?~$*,~$*,*.tmp,index*.pl,index*.htm*,*.temp,*.TMP recycle:exclude_dir= /tmp,/temp,/cache recycle:noversions = *.doc,*.xls,*.ppt Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New 3.0.21b-1 Samba does not respect system Groups
Hi, at default smb does not honor linux groups, use ldap , map your systemgroup via the net command to a smb group read the smb faqs to this Regards Siju George schrieb: Hi all, I am running ii samba 3.0.21b-1 a LanManager-like file and printer server fo ii samba-common 3.0.21b-1 Samba common files used by both the server a on Debian 3.1 (Sarge) Linux 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux I have noticed that the Samba software does not recognize newly created groups with the groupadd commands. I'll demonstrate the following. I am running the Samba Server with security = user I have a share defined like this [grtest] comment = Intersight Website path = /var/www/grtest read only = no read list = @phpprogrammers valid users = @grtest force group = grtest force create mode = 0775 force directory mode = 0775 The Unix permissions for this folder is # ls -l /var/www |grep grtest drwxrwxr-x 2 root grtest48 2006-02-13 14:27 grtest The members of the group grtest are # cat /etc/group |grep grtest grtest:x:1029:administrator The group was created using the groupadd command. Now the Samba user administrator has the same password as the user administrator on the Windows 2003 Small business server I am sitting. When I try to access the [grtest] share from the Win2k3 SBS I am asked for a user name and password for which I enter sambaworkgroup\administrator and password But I am not able to connect. But if I just change the Share description to have valid users set to any group that was created earlier I can access the share with no problems. I'll demonstrate it again The group # cat /etc/group |grep maverick maverick:x:1004:administrator,mvarghese was create long back. And If I put that group in the valid users list as shown below [grtest] comment = Intersight Website path = /var/www/grtest read only = no read list = @phpprogrammers valid users = @maverick force group = grtest force create mode = 0775 force directory mode = 0775 and restart the Samba Server, I can go to the Win2k3 SBS and click on the share and I can access the share without giving a user name and password. ( Password for administrator is same on both Systems) I found that this problem is only for Groups created recently and not for groups created earlier. I find it really puzzling :-( Could Someone please explain what could have gone wrong? Thankyou so much Kind Regards Siju -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles on different network?
Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba RPM packages for all SuSE Linux products
Lars Müller schrieb: On Mon, Jan 30, 2006 at 08:33:50PM -0600, Gerald Carter wrote: [snip] Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ RPM packages of Samba 3.0.21b for all SuSE Linux products are available at ftp://ftp.SuSE.com/pub/projects/samba/3.0/ or http://ftp.SuSE.com/pub/projects/samba/3.0/ Currently there are packages for SuSE Linux (x86 and x86_64) 9.1, 9.2, 9.3, 10.0, UnitedLinux 1/ SuSE Linux Enterprise Server (SLES) 8, SLES 9, and factory (= the currently developed product). Packages for ppc are only available for 10.0, SLES 8, SLES 9, and factory as there are no other SuSE Linux product of this architecture. Please inform us if you have different architectures (ia64, s390) and like to see Samba RPM packages for these too. The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SuSE mirrors. A list of international mirror sites is at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html A list of mirrors in Germany is at http://www.novell.com/products/suselinux/downloads/ftp/germ_mirrors.html If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.0, then select 'component' Packaging and set 'assign to' to lmuelle at suse dot de. Or use http://bugzilla.Novell.com instead. Our customers, our products, our responsibility. Have a lot of fun... Lars hi Lars, thx again for this fast work Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] test ignore
-- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SUSE 10.0 and firewall
Oygle schrieb: Hi Robert, On Thu, 19 Jan 2006 15:11:05 +0100, Robert Schetterer [EMAIL PROTECTED] wrote: no the log are in /var/log/firewall and/or in /var/log/messages Okay, found both of those, lots of info in the files, but I wouldn't know what to look for. :) but a tcpdump -i eth0 will show you better results in realtime There was no tcpdump, then I realised it had to be installed, then ran it, and tried to browse the 'windows network' and got an error message about not being able to find a workgroup, and something about possible firewall settings ?? I think I will read up on some of those docs that were mentioned, and redo the setup for both the Samba client and server. What I can't seem to understand is that Firefox has no problems doing this: smb://ipaddress.of.XP.box and I can see/browse all the shares on the XP box, but ANY sort of 'file browser' (Konqueror, Nautilis,etc) cannot 'see' the XP workgroup, let alone the shares. There are no firewall messages on the XP box, when I'm trying to use those file browsers from Linux. As I'm going to set it all up as per those docs, one question ., should I enable or disable simple file sharing on the XP computer and the Linux computer. As I'm the only person using both of the computers, it seems unecessary to force a login to the XP box (which is what happens if I enable simple file sharing on XP). Thanks, Oygle Hi Oygle simple file sharing is a thing from windows not known to linux, and it only relates to that win client where you enable it. ( so it doesnt matter if you do so ,or not for samba ) samba knows a security level which is named share which is something equal, read the smb faqs to that. Wins browsing stuff will work fine if you let act samba as wins server ( there should be only one in the network ) and give the ip of the wins ( samba server ) to the win client in the properties of tcp by your windows client nic. A internal name server ( bind 9 ) is pretty good to have too. ( wich can dynamicly updated by the client machines ), so this can act as fallback to wins. You can easily manage this stuff having a dhcp server on the linux machine bound to the intranet nic, and tell all windows clients to use dhcp this makes sure that all machines get the right win server entry, and the router ip , domainname , name server etc. All that stuff is written in the samba faq with good examples , or just buy the book written by Andrew. for now try this on the explorer of the win client \\ip.of..smb.ser.ver ( for sure you need numbers here ) this should show you shares on the samba server anyway. ( just for test ) Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SUSE 10.0 and firewall
Hi, normally a samba server should stand behind a firewall, so you dont need a firewall turned on until you dont expect attacks from inside your intranet. In case your samba is running on the firewall machine itself, use the suse firewall model with external dmz and internal zone with yast. You can have more advanced firewall features with editing the firewall stuff in /etc/sysconfig/SuSEfirewall2 and restart rcSuSEfirewall2 so read the faqs about suse firewall and yast. Note, that every distro Firewall ( kernel 2.4 2.6 ) is based on iptabels, so yast or else are only interfaces to make users happy with iptables. So you dont need the susefirewall, you can use either an other iptables interface like i.e. shorewall ore else or write your own script. There are many examples online for iptables. Best Regards Oygle schrieb: Using Samba 9client and serve) installed on a SUSE Linux, version 10.0 I have read various Samba documents, and it appears that to use samba from a Linux box, I need to first turn off the firewall, use samba, then turn the firewall on again. Is this just a SUSE thing, or is it a Samba problem in general ? Oygle -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SUSE 10.0 and firewall
Hi, if both samba and windows are behind a firewall , you dont need any firewall working on samba and windows machine if you trust your intranet otherwise you have to open the smb/cifs ports as minimum here is typical drop table for iptables #drops #block smb from outside /usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 135:139 -j DROP /usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 445 -j DROP /usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 135:139 -j DROP /usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 445 -j DROP so open udp/tcp 135-139 and 445 should do the samba jobs working Regards Oygle schrieb: Hi Robert, The Samba computer, and the Win XP computer that are on the LAN, both sit behind a firewall. So, it sounds like I don't need to have the firewall active at all on the Linux box. I guess because I have always had a firewall on any Win boxes (acting as an 'application' firewall, to enable/disable requests going out from various software), that I just followed that pattern and setup the firewall on the Linux box. (Sometimes even Firefox goes to sites like newsrss.bbc.co.uk, and I block that from the Win firewall, ... it just eats up bandwidth otherwise). So, as long as it is safe to disable the firewall completely, if that will fix the Samba problem, then that's okay. (Still it must just be a port that Samba needs to have open ?? ). Thanks for your help, Oygle -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SUSE 10.0 and firewall
no the log are in /var/log/firewall and/or in /var/log/messages but a tcpdump -i eth0 will show you better results in realtime Oygle schrieb: Thanks Ryan, I will read up on those documents you mentioned. Regarding NETBIOS, I can see the Linux assigned NETBIOS name appear on the XP computer, but try to open it, the password windows opens, and no amount of trying diff. passwords will work. I would like to examine the firewall logs at the time that an attempt is made to connect from XP. I assume the logs reside at /etc/sysconfig/SUSEfirewall2/ Hmm, being a noob to Linux I'm not sure, maybe more like the /usr/ path ? Thanks, Oygle -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SUSE 10.0 and firewall
/etc/sysconfig/SuSEfirewall2 FW_SERVICES_INT_TCP=135 136 137 138 139 445 FW_SERVICES_INT_UDP=135 136 137 138 139 445 may fix the stuff but untested cause i wrote my ow firewall scripts Robert Schetterer schrieb: Hi, if both samba and windows are behind a firewall , you dont need any firewall working on samba and windows machine if you trust your intranet otherwise you have to open the smb/cifs ports as minimum here is typical drop table for iptables #drops #block smb from outside /usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 135:139 -j DROP /usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 445 -j DROP /usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 135:139 -j DROP /usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 445 -j DROP so open udp/tcp 135-139 and 445 should do the samba jobs working Regards Oygle schrieb: Hi Robert, The Samba computer, and the Win XP computer that are on the LAN, both sit behind a firewall. So, it sounds like I don't need to have the firewall active at all on the Linux box. I guess because I have always had a firewall on any Win boxes (acting as an 'application' firewall, to enable/disable requests going out from various software), that I just followed that pattern and setup the firewall on the Linux box. (Sometimes even Firefox goes to sites like newsrss.bbc.co.uk, and I block that from the Win firewall, ... it just eats up bandwidth otherwise). So, as long as it is safe to disable the firewall completely, if that will fix the Samba problem, then that's okay. (Still it must just be a port that Samba needs to have open ?? ). Thanks for your help, Oygle -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Patching XP clients on Samba PDC
Hi, so you wanna have a internal windows update server? This is called sus or now wus, the pack can be free downloaded at ms. Normally you need iis on a win server running this. But the sus pack can be modified and will installed and run on a win2000/xp workstation, giving the win clients a entry in .pol pointing to it. Configure sus to look for downloads every day. the sus server must stay alive most time , this would work with a vmware or bochs setup too. This is the normal windows way for updates. There are other more linux related project that will do equal, like unattend, or wkpg in sourceforge.( which will deploy other software too.) you can find some wget batch scripts at the german magazine ct, or in the wild that should do jobs like patching too. ( but they need to be modified every time a new update comes up ) There is a way that configure a squid proxy so that updates stay in the cache if one client machine has fetched it. i would preffer using iis and sus on linux with wine, but i didnt find any doku that says iis with wine is possible. in the near future xen should be able to setup a win machine on a linux host which i would prefer to vmware ( payware ). At last the whole update procedure for windows is terrible in comparing it with linux stuff like you apt yum Best Regards -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Does anyone have a good suggestion for patching XP clients on a Samba PDC domain? I've tried using autoit and sysinternal's psexec to write a script to do this but this doesn't work well because the computer has to be active and our machines lock the machine if it's not active in 15 minutes. I hate having to log onto every machine every time another ms patch is released. Any suggestions or thoughts on the matter would be greatly appreciated. - -- Glen Smith Technology Development Administration D. Miller Associates P.L.L.C. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDzaEJ/sRktXv59fkRAoMDAKC8faxJlj+RLdUm5eKUR+89l+e7OQCglXaG 6BDb9GeE/v1i3qa26FgZAKc= =RSdb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deployment of software
Hi Martin, i use a tool which is named reexec http://www.veloci.dk/index.asp?visnu=reexec/reexec.htm if you integrate this in a computername.bat ( netlogon script ) and build software packs which silent installs reexec will deploy the pack out of the batch, you can also use it later from a windows client it needs no heavy batch coding and is very handy for smaller networks it freeware, i just tested it with the new thunderbird release Regards Martin Miethe schrieb: I have Samba and about 40 WinXP Clientes running. Now I´m trying to find a way to deploy software (for example updates of E-Mail Client, Windows Patches) to my Clients. I was playing around with AutoIt and some switch-user-tools for windows, which really works but also is kind of complicated and time consuming. In my environment, every user got his own Logonscript on the Linuxserver where I place the call for an installation (for ex Thunderbird update). If the installation on the client succeeded, I need a feedback signal from the user (e-mail, phone call...) that the script ran properly and I can remove the call in this script. I could also use one Logonscript for all users and turn on machines by myself in the morning if a certain user is not in the office. But all this does not seem to be the best way for me. I´m really interested if there is another possibility to achieve this more efficiently without buying an expensive deployment software for Windows Server or something like that. So far I did not have a closer look at unattended.sourceforge.net, maybe someone has experience with that. Thanks a lot regards -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba RPM packages for all SuSE Linux products
Hello Lars, thx for your hard work , and a happy new Year Regards Lars Müller schrieb: Hello, On Thu, Dec 29, 2005 at 09:44:42PM -0600, Gerald Carter wrote: [snip] Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ RPM packages of Samba 3.0.21a for all SuSE Linux products are available at ftp://ftp.SuSE.com/pub/projects/samba/3.0/ or http://ftp.SuSE.com/pub/projects/samba/3.0/ Currently there are packages for SuSE Linux (ppc, x86, and x86_64) 9.0, 9.1, 9.2, 9.3, 10.0, UnitedLinux 1/ SuSE Linux Enterprise Server (SLES) 8, and SLES 9. Packages for ppc are only available for 10.0, SLES 8 and 9 as there are no other SuSE Linux product of this architecture. If requested by our users we'll provide packages for the s390 and ia64 architectures too. The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SuSE mirrors. A list of international mirrors sites is at http://www.Novell.com/products/linuxprofessional/downloads/ftp/int_mirrors.html A list of mirrors in Germany is at http://www.novell.com/products/linuxprofessional/downloads/ftp/germ_mirrors.html If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.0, then select 'component' Packaging and set 'assign to' to lmuelle at suse dot de. Or use http://bugzilla.Novell.com instead. Our customers, our products, our responsibility. Have a lot of fun... Lars -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21 Available for Download
Hi Jerry , are there any special config parameters needed ( in smb.conf) for this feature o The capability to manage Unix services using the Win32 Service Control API. Best Regards and merry x-mas Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === Done with Fish. -- John Laroche (Adaptation) === Release Announcements = This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. Please read the following important changes in this release. Common bugs fixed in 3.0.21 include: o Missing groups in a user's token when logging in via kerberos o Incompatibilities with newer MS Windows hotfixes and embedded OS platforms o Portability and crash bugs. o Performance issues in winbindd. New features introduced in Samba 3.0.21 include: o Complete NTLMv2 support by consolidating authentication mechanism used at the CIFS and RPC layers. o The capability to manage Unix services using the Win32 Service Control API. o The capability to view external Unix log files via the Microsoft Event Viewer. o New libmsrpc share library for application developers. o Rewrite of CIFS oplock implementation. o Performance Counter external daemon. o Winbindd auto-detection query methods when communicating with a domain controller. o The ability to enumerate long share names in libsmbclient applications. Download Details The uncompressed tarball and patch files have been signed using GnuPG (ID 157BC95E). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.21.html Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDqG1WIR7qMdg1EfYRArtBAJ9n8jKA3CfrHOEqJETi8ljVqNRumQCdGkX5 vSj04v58QT0zsSNhKm4Obok= =9JAS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21 Available for Download
Dennis B. Hopp schrieb: Robert Schetterer wrote: Hi Jerry , are there any special config parameters needed ( in smb.conf) for this feature o The capability to manage Unix services using the Win32 Service Control API. Best Regards and merry x-mas Yes you have to tell samba which services you want to make available and how to do the necessary actions (start, stop, restart, etc.). I believe the option you want is svcctl list In smb.conf you do: svcctl list = postfix httpd Then create a svcctl directory in samba's $(libdir) and inside there you create symbolic links to the necessary init scripts (you could make it a symbolic link to anything really, just as long as wherever you make the link to knows how to do the actions). --Dennis Hi, thx for the Info, is it allready in the current faqs? Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21 Available for Download
Dennis B. Hopp schrieb: Robert Schetterer wrote: Dennis B. Hopp schrieb: Robert Schetterer wrote: Hi Jerry , are there any special config parameters needed ( in smb.conf) for this feature o The capability to manage Unix services using the Win32 Service Control API. Best Regards and merry x-mas Yes you have to tell samba which services you want to make available and how to do the necessary actions (start, stop, restart, etc.). I believe the option you want is svcctl list In smb.conf you do: svcctl list = postfix httpd Then create a svcctl directory in samba's $(libdir) and inside there you create symbolic links to the necessary init scripts (you could make it a symbolic link to anything really, just as long as wherever you make the link to knows how to do the actions). --Dennis Hi, thx for the Info, is it allready in the current faqs? Regards The man page on samba.org ( http://us5.samba.org/samba/docs/man/manpages-3/smb.conf.5.html ) is already update so I imagine the one in the release download is. --Dennis Wow i see just another killing feature which i will test soon but i am not clear what $(libdir) means , does it mean i.e /var/lib/samba ( usally the standart path for profiles etc ) ? Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21 Available for Download
Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert Schetterer wrote: Wow i see just another killing feature which i will test soon but i am not clear what $(libdir) means , does it mean i.e /var/lib/samba ( usally the standart path for profiles etc ) ? Regards No. That's the $(lockdir). Run `smbd -b | grep -i LIBDIR` to find $(libdir) for your installation. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDqWF2IR7qMdg1EfYRAvAZAJ9bCy0J8Dor4xdOUeAQlz54OkI0AwCdHYV0 cmxc/zNPqK6z7K/t+TU72EE= =SLrY -END PGP SIGNATURE- Hi, works ( path for suse 9.3) pdc:~ # smbd -b | grep -i LIBDIR LIBDIR: /usr/lib/samba pdc:~ # thx to make all this stuff clear Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba related Student Project
Hi Hisain, youre welcome, but equal stuff allready exists , do a search at freshmeat, smbpasswd is nearly outdated, perhaps you try to do some other stuff which is leaking i.e. a webbased logging tool to the audit vfs modul Best Regards Hisain Elshaafi schrieb: Hi all I am doing a final year project which is to develop a web-based application that allows accessing a samba PDC through a browser. The application is to allow an administrator to modify computer and user accounts in smbpasswd file and allow access to smb.conf. I am seeking help from you if you know an application like that already exist so that I can benefit from it. Note that I use java servlets to develop this application thanks Hisain Elshaafi -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT clients syncronyzing in a Samba PDC Domain
Joel Franco Guzmán schrieb: No, i think... The instalation is standard with classic components like Office, Outlook Express, etc.. The synchronizing window (at logoff) appears strongly be of Windows environment. Thank You, Hi, if redirected some folder ( ie eigene Dateien...in German. somting like own files in Englisch ) the default behavior for win xp to sync this folder , this is different to win 2000 , win xp ignores the samba parameter not to do sync in this case, you can stop this by setting this with either an adm group policy local on the winclient or ntconfig.pol ( netlogon share ) and poledit for the winclients computer name and a adm ) But other reasons for sync are possible too, but this one makes me really wonder cause this change from win 2000 to xp was not documented by m$ at my knowledge Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Guide, SuSe and Yast
Olivier Thibaut schrieb: Hi, I'm using SuSe Linux Enterprise Server 9. I've setup a Samba/LDAP solution according to ch5 of the Samba Guide. It's working - that's great :-) Now I'd like to know if anyone tried to manage the users database using tools provided by Yast. Is there a risk to mess up everything ? Did anyone try that before ? Thanks for your help, Olivier Thibaut. hi, you can edit a feww ldaps attributes ( like user home ) with yast but i.e edit Group names will fail ( i.e.yast ldap doesnt like whitespace in Group names ), sometime the whole user getting to another place in the ldap tree after editing, in different suse versions this behavior is different. The reason is that yast ldap module is more orientated on suses thoughts from a ldap directory ( ldap yast layout follows nearer to the ie. mail layout for ldap) . So i advice you not to use yast for edit ldap if you populated the ldap tree from samba sources. Better use a ldap editor which are either on the suse distro ( linux ) itself or as freeware from a windows client, so there many ldap edit solutions at freshmeat. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] test please ignore
test please ignore -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTConfig.POL not working for Win 2000 (for XP working fine)?
Tomasz Chmielewski schrieb: Robert Schetterer schrieb: Tomasz Chmielewski schrieb: Tomasz Chmielewski schrieb: I'm just exploring the Profile Editor, described on http://www.pcc-services.com/custom_poledit.html - and policies saved to NTConfig.pol file and copied to the netlogon share work great for Windows XP machines. However, with Windows 2000, they don't work at all. Winh XP machines - policies are applied. I see in Samba logs that the NTConfig.pol is copied from the server to the w2k workstation, but it has no effect. This Profile Editor is designed for Windows 2000, as it was shipped with w2k SP4, so I expected it will work with 2000. Am I missing something? I searched the internet, but no clue about the issue :( In the event log it is as eventid: 1000, source: uservenv, and in the log itself it says something like (translated from German): RegLoadKey aborted. Returned value False Parameter. for C:\Documents and Settings\Administrator.DOMAIN\prfCA.tmp prfCA.tmp (and other such tmp files) are the exact copy of the NTConfig.POL that is saved in the netlogon directory. I tried creating other NTConfig.POL files (with only basic setting like IE start site), but this message just shows all the time, and settings are not applied. Any clue? I use Windows 2000 SP4, and Samba 3.0.20. Windows XP works fine with NTConfig.POL files and the same Samba. this ist stuff need to be fixed in the profile share should be like this [profiles] path = /var/lib/samba/profiles # vfs objects = extd_audit read only = no create mask = 0755 directory mask = 0755 browseable = No guest ok = Yes profile acls = yes csc policy = disable force user = %U hide files = /desktop.ini/ntuser.ini/NTUSER.*/ locking = No oplocks = False level2 oplocks = False # valid users = %U, @Domain Admins why [profiles]? as it's explained here: https://bugzilla.samba.org/show_bug.cgi?id=3042 one has to put this into [netlogon] share: acl check permissions = no hi, C:\Documents and Settings\Administrator.DOMAIN\prfCA.tmp is in the users profile and in know this behavior and fixed it with this entries in profile share my netlogon share is like this [netlogon] path = /var/lib/samba/netlogon/ vfs objects = vscan-clamav, extd_audit read only = no public = yes write list = @Domain Admins create mask = 0755 directory mask = 0755 browseable = No locking = No oplocks = False level2 oplocks = False the prfCA.tmp always comes up for me when the win client crashes at backwriting ( power loss etc ) the profile to the server , after reboot this file has the wrong permissions an cant be loaded from the server profile so a profile failure apears with this file. I cant image what setting acl check permissions = no in the netlogon share should be involved to this failure i only use server profile no caching on the clients , controlled by adms, i dont wanna struggle with bugzilla but i see no relation to the netlogon share as it only a share for the scripts neeeded at login time, but has nothing to do with C:\Documents and Settings\Administrator.DOMAIN\ which is always part of the profile, but after all setting the parameter acl check permissions = no mabe a good idea at all cause it will help against failures with acls in the netlogon and the profile share, perhaps John has som clearing words. I guess setting create mask = 0755 directory mask = 0755 fixes this failure too, but that could a security lack at all, and will not like by some people or network setups. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Login scripts
Paul Gienger schrieb: jep it can be done , use ifmember.exe from the resource kit, and install printers by group membership like this #defautllogin.bat @echo off ifmember /v /l YOURDOMAINNAME\teachers if errorlevel 1 call teachers.bat this is fine but for the fact that you need to install the ifmember.exe in *all* the computers. We use the poorman's version of it which You could put this on a network share, which is either called via UNC (speculation, don't know if this works) or you could map the drive before running the ifmember tests. There are no files requiring an install, just the ifmember.exe. for sure ifmember.exe must be sit in the netlogon share, i used simular setups in wide smb installs and it works like charme with multiple funktions, its easy to setup as it only depends on bat coding. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Login scripts
José M. Fandiño schrieb: Hello, Just a quick question about login scripts for a large number of users who change rooms a lot. I have several rooms each with a printer, and nearly a thousand users divided into two main groups - pupils and teachers who change rooms on a routine basis. Is it possible to set up multiple login scripts that would be executed in sequence i.e. run by user is %u, and machine is %m is it possible to say run %u to set up shares followed by %m to set up the right printers for the room their in? I have been using a lightly modified version of the perl logon script in the samba contrib directory. Perhaps it can help you with that. The advantage of this script is that the secondary unix groups are automatically mapped to windows units (M:, J:, ...) based in their membership to those unix groups. For you case simply add %m to the list of netlogon parameters and write the desired configuration. regards, smb.conf: = [global] logon script = %U.bat [netlogon] ... root preexec = /usr/local/bin/logon.pl %U %G %L // logon.pl: = #!/usr/bin/perl $usuario = $ARGV[0] ; $grupoPrimario = $ARGV[1] ; $servidor = $ARGV[2] ; # log login activity ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); open LOG, /var/log/samba/netlogon.log; print LOG $year/$mon/$mday $hour:$min:$sec; print LOG - User $ARGV[0] logged into $ARGV[1]\n; close LOG; # check the presence of a home directory $idnum = (getpwnam ($usuario))[2]; $gidnum = (getpwnam ($usuario))[3]; $homedir = (getpwnam ($usuario))[7]; if ( ! -d $homedir) { mkdir(${homedir},0700) || die No pude crear $homedir: $!; chown($idnum , $gidnum , ${homedir} ); } # Start generating logon script open LOGON, /var/lib/samba/netlogon/${usuario.bat}; print LOGON [EMAIL PROTECTED] OFF\r\n; # generic stuff. print LOGON NET USE /persistent:no\r\n; print LOGON NET TIME $servidor /set /yes \r\n; print LOGON NET USE U: /HOME \r\n; print LOGON NET USE F: $servidor\\publico \r\n; # specific user maps if ($usuario eq jefazo) { print LOGON NET USE z: $servidor\\CEO\r\n; } # primary group maps if ($grupoPrimario eq informatic) { print LOGON NET USE H: $servidor\\$grupoPrimario \r\n; } # secondary group maps while (($grupoSecundario, $passwd, $gid, $members) = getgrent) { if ( grep /\b$ARGV[0]\b/, $members ) { if ( $grupoSecundario eq telefonia ) { print LOGON NET USE N: $servidor\\$grupoSecundario \r\n; } } } close LOGON; Hi this scripts are very usefull if you want things coming up on demand, but for every change this has to be rewritten, ifmember.exe in an default logon.bat is more flexible as it is only one file in one place which has to be edited and it needs no prexec. After all every win admin can rewrite it too, some of them hat deep problems with perl Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTConfig.POL not working for Win 2000 (for XP working fine)?
Tomasz Chmielewski schrieb: Tomasz Chmielewski schrieb: I'm just exploring the Profile Editor, described on http://www.pcc-services.com/custom_poledit.html - and policies saved to NTConfig.pol file and copied to the netlogon share work great for Windows XP machines. However, with Windows 2000, they don't work at all. Winh XP machines - policies are applied. I see in Samba logs that the NTConfig.pol is copied from the server to the w2k workstation, but it has no effect. This Profile Editor is designed for Windows 2000, as it was shipped with w2k SP4, so I expected it will work with 2000. Am I missing something? I searched the internet, but no clue about the issue :( In the event log it is as eventid: 1000, source: uservenv, and in the log itself it says something like (translated from German): RegLoadKey aborted. Returned value False Parameter. for C:\Documents and Settings\Administrator.DOMAIN\prfCA.tmp prfCA.tmp (and other such tmp files) are the exact copy of the NTConfig.POL that is saved in the netlogon directory. I tried creating other NTConfig.POL files (with only basic setting like IE start site), but this message just shows all the time, and settings are not applied. Any clue? I use Windows 2000 SP4, and Samba 3.0.20. Windows XP works fine with NTConfig.POL files and the same Samba. this ist stuff need to be fixed in the profile share should be like this [profiles] path = /var/lib/samba/profiles # vfs objects = extd_audit read only = no create mask = 0755 directory mask = 0755 browseable = No guest ok = Yes profile acls = yes csc policy = disable force user = %U hide files = /desktop.ini/ntuser.ini/NTUSER.*/ locking = No oplocks = False level2 oplocks = False # valid users = %U, @Domain Admins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Speeding up Samba
Chuck Forsberg WA7KGX N2469R schrieb: I have a 3.2 GHz P4 Win XP Pro connected to a Fedora Core 4 server running on a 2 GHz Celeron. I get about 350 MB/s FTP transfer over a Gigabit Ethernet connection. Samba is very much slower between the same computers. Can Samba be sped up to where it approaches the FTP performance? normally ftp should be faster than smb, related to the nature of the protokoll, which performane parameter doyou use in smb.conf? Samba performance is deeply related to the setup. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Login scripts
Julian Pilfold-Bagwell schrieb: Hi all, Just a quick question about login scripts for a large number of users who change rooms a lot. I have several rooms each with a printer, and nearly a thousand users divided into two main groups - pupils and teachers who change rooms on a routine basis. Is it possible to set up multiple login scripts that would be executed in sequence i.e. run by user is %u, and machine is %m is it possible to say run %u to set up shares followed by %m to set up the right printers for the room their in? Thanks in advance... Cheers, Jpb Hi, jep it can be done , use ifmember.exe from the resource kit, and install printers by group membership like this #defautllogin.bat @echo off ifmember /v /l YOURDOMAINNAME\teachers if errorlevel 1 call teachers.bat #teachers.bat @echo off REM install the pdfwriter rundll32 printui.dll,PrintUIEntry /dn /n \\pdc\pdfwriter /q rundll32 printui.dll,PrintUIEntry /in /n \\pdc\pdfwriter REM install Lexmark t630 Laserprinter rundll32 printui.dll,PrintUIEntry /dn /n \\pdc\lext630 /q rundll32 printui.dll,PrintUIEntry /in /n \\pdc\lext630 this works if you install the printer drivers on samba, how to in smb faqs you can do any jobs by having a default login.bat for every domain user and lead to others bats by lead from ifmember.exe so there are many combinations thinkable Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vfs problem
Sascha schrieb: Hi list, we are running a samba pdc version 3.0.20pre2-1 on sles 8. we are using 2 vfs objects (vscan-clamav and recycle). with vscan-clamav enabled the deleted files on a samba share are not added to recycle directory. When i remove the vscan entry the recycle object works fine. May we only use 1 vfs object with samba? Thanks for help and best regards __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com Hi, no you can combine any vfs , check your setup Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Homes on different server...
Olivier Houde schrieb: Hi list is there any way to specify on wich server a user's home is ? Let me explain myself... I have a Samba3 PDC here at the head office using LDAP as an authentication backend. We have offices in other cities and we would like them to be on the same domain. All those offices are linked using VPNs. I have no problem to configure LDAP and Samba to work together. The problem is that i want all those offices to be completely independant in case the VPN link goes down. For that, i need to split all my user's home between the BDCs and the PDC (depending in wich office the user is working), if want the users to still have an access to their home and profiles. I have an LDAP master here and a LDAP slave in each office. How can i tell samba that depending on the user, its home is on a different server ? Can i use LDAP for that ? If it's possible, how can i do that ? Should i use an other solution ? Trusted domain instead ? Thanks Olivier Houde Hi, the home dirs of users can be hosted anywhere , just change the home path in ldap Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba