Re: [Samba] smbldap-useradd
tor, 07.07.2005 kl. 03.12 skrev [EMAIL PROTECTED]: [...] The unix 'passwd' was the same way, but it had a switch '--stdin' so that I could pipe the passwd into it and the smbpasswd actually let you put the password in-line. How about building smbpasswd into your script? smbpasswd modifies both the Unix and Windows passwords at the same time. Two possible shell solutions, one from Nick Soracco and one from an answer to Wim Bakke (which I don't have), both from this list June last (copy 'n paste): printf password\npassword\n | smbpasswd -a -s username echo -n -e $PASS1\n$PASS2 | smbpasswd -as $USERNAME Just read the passwords from your list of details for each pupil. That is actually what my old script did. I just found the '-s' after I posted this message. I do have a question about this though. Since Samba is using ldap, is it alright to use smbpasswd? Do I not have to use smbldap-passwd? Do they modify the same file? smbpasswd is a binary that works fine with LDAP and changes both Unix (in LDAP the userPassword attribute) and Windows passwords - I use it myself in shell scripts. smbldap-passwd is a script without the same functionality. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-useradd
ons, 06.07.2005 kl. 22.02 skrev Scott Mayo: I have my new servers up and going with Samba and LDAP on them. Now I have to add my users. Here is my problem. I have written a perl script that reads a file and adds users to different groups depending on what grade they are in and it also generates a random password, that it exports to a master list. The old script would add the user to unix and then to samba, along with the password of each user. This made it easy for me to have our student records program to export all of their information and then run it through my perl script. Now that I have switched over to Samba/ldap, I see no option to add the passwd in the command line. It always prompts for the passwd. Does anyone have a way that I can add the user and passwd? The '-P' option in smbldap-useradd does not take a password in-line, but rather asks for it to be typed in. The unix 'passwd' was the same way, but it had a switch '--stdin' so that I could pipe the passwd into it and the smbpasswd actually let you put the password in-line. How about building smbpasswd into your script? smbpasswd modifies both the Unix and Windows passwords at the same time. Two possible shell solutions, one from Nick Soracco and one from an answer to Wim Bakke (which I don't have), both from this list June last (copy 'n paste): printf password\npassword\n | smbpasswd -a -s username echo -n -e $PASS1\n$PASS2 | smbpasswd -as $USERNAME Just read the passwords from your list of details for each pupil. Thanks for any help. I really do not want to have to enter all of these passwords by hand, and I also do not want them making their own. It's just that I'm in exactly the same situation as you, with a high school of 750+ pupils, teachers, staff, etc. and everyone in different groups. Best, --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Db4 ldap smldap-tools samba
tir, 05.07.2005 kl. 14.35 skrev Michael Trimarchi: I use the samba widh ldap and smbldap-tools to update the ldap db. If I execute from the terminal a non huge number of operation using the smbldap-usermode for change the mail, sometimes the operation still not respond and lock. After I find the db corrupted and I must do a db_recover. Why? If you're using an early version of OpenLDAP 2.1 (say before 2.1.26, 2.1.30 is the latest stable) with BDB 4.1 or 2.2 (say before 2.2.13, IIRC 2.2.27 is the latest stable) with BDB 4.2.52 your DB will very quickly become corrupt on crashes, or just spontaneously - especially BDB 4.1. You might want to update your OpenLDAP version. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Db4 ldap smldap-tools samba
tir, 05.07.2005 kl. 18.22 skrev [EMAIL PROTECTED]: [...] If you're using an early version of OpenLDAP 2.1 (say before 2.1.26, 2.1.30 is the latest stable) with BDB 4.1 or 2.2 (say before 2.2.13, IIRC 2.2.27 is the latest stable) with BDB 4.2.52 your DB will very quickly become corrupt on crashes, or just spontaneously - especially BDB 4.1. You might want to update your OpenLDAP version. [...] I use this version of software: db4-4.2.52-6 db4-utils-4.2.52-6 openldap-clients-2.2.13-2 openldap-2.2.13-2 openldap-servers-2.2.13-2 This is my situation, is it ok? Should be good. For the sake of interest, what Linux distro and version are you using? What I've found is, that on my RHAS3 machines, OpenLDAP 2.2.17 and above, as well as BDB 4.2.52 and 2 patches, *both installed from source* are stable as a rock, whatever you do to them. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] finding # of people using a share
lør, 02.07.2005 kl. 18.49 skrev Charles McLaughlin: Is there a way to find the number of people using a samba share? I'd like to know if people have files open before I restart samba or reboot the server. I'd start with the requisite 2 smbd daemons at service startup and do 'ps auxwww | grep smbd' (on a RHAS3 server) and count the extra daemons. A rule of thumb is one extra daemon per logged in workstation. If you want to see what shares they have open, do 'lsof -p' on each of the PIDs the extra daemons are using and look for open non-system files. It shouldn't be too difficult to write a little shell/awk script to automate this. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using OID as Samba3 backend
tor, 30.06.2005 kl. 22.45 skrev Alex Canizales: I'm running samba3 Using OID (Oracle Internet Directory) as backend, almost works ok, but the final trick that doesn't work is the change of the passwords from windows dialog box, this change the samba passwords but don't change the userpassword, i have found this line on samba logs files: ldap password change requested, but LDAP server does not support it -- ignoring. You'd have to have the Oracle LDAP administrator add the correct Samba schema to the Oracle LDAP server. This might be problematic, as he'd have to write it himself (if that's at all possible, I don't know Oracle Internet Directory). He could use the examples in the Linux Samba distribution document directory for IBM-DS, IBMSecureWay, or nescape4 or 5, as well as the OpenLDAP schema, of course. And i found in samba.org fourum that this problem is solved with this ACL: access to dn.base= by * read. This will not help you for two reasons: 1: it's an OpenLDAP server ACL and is only applicable to the server configuration; 2: it only gives read access anyway. [...] --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hyldest
Means acclaim in both Norwegian languages (there are new official rules out today for writing both of the 2 Indo-European Norwegian languages). What made me write this acclaim is the number of postings I've seen about Samba's instability - i.e. run-away processes, profiles going wrong, ACL problems and more. My (high school) site with around 80 w2k workstations, of which maximum 40-50 are active all the time, chucked out the old NT4 PDC in April/May last and is now running RHAS3/Samba 3.0.14a compiled on the Samba server (no-one but root has a shell login and it's firewalled) from the Samba org's Red Hat srpm - (as well as OpenLDAP 2.2.17) on an IBM 32-bit x series server. The uptime between a kernel update and the last reboot was around 40 days, the present uptime is 20 days. I'm a part-time sysadmin and work almost entirely remote, almost never have to go to the site for Samba. smbd processes get neatly shut down and restarted at ws login and logout, there are no runaway processes, people's profiles don't get lost, MS Office works ok (though we try to encourage users to use OOo instead), everyone can print on the network printers, Nitrobit's policy editor works a treat (even the 1 1/2 local Windows sysadmins can manipulate it), good AV software, everybody's happy and stays happy. I don't know what more I can say. The whole point about taking the decision to junk the NT4 PDC was to gain performance (we have a Gb fiberglass backbone and 1Mb switches, so the network's adult enough), stability and security (the cracker kids and bots played havoc with the old NT4 rig). Well, the decision has been justified a hundredfold. A lot of negative stuff has been written about Red Hat Linux as a basis for reliable enterprise operations. All I can say, after a year's operation with 5 RHAS3 servers at this site on IBM x series hardware, is that it's been 100% reliable and stable. Herewith my unreserved thanks to the Samba team for their part in the whole. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using OID as Samba3 backend
fre, 01.07.2005 kl. 19.08 skrev Alex Canizales: [...] I need to know which is the difference between the passwod change from smbldap-password and the password change from windows dialog box in order to put the privileges in the correct place. I believe that the problem is because it's trying to access at some attribute in other level when is execute from windows. None, AFAIK. Windows will try to modify the lmpasswd and ntpasswd fields and smbd will (if that option's set) synchronize the Unix password with these. This is what happens for me on Linux and using OpenLDAP: I can see exactly what happens with these using an LDAP GUI such as GQ. If you have a Linux or BSD machine available as an LDAP client with gtk , I suggest you use GQ to see what's going on. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbclient fails to list directory 36 entries
tor, 23.06.2005 kl. 17.58 skrev Jeremy Allison:
I have a problem with smbclient from the samba-client-3.0.14a-2 package
supplied with Fedora Core 2. It hangs when listing any directory with
over 36 items in it on one particular Windows XP Professional box I'm
trying to back up. If I run smbclient -d 3, I get the following output
over and over when listing the directory:
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
received 36 entries (eos=0)
Anyone got any clues what might be wrong here?
This is a bug we fixed when listing files from an exported
drive using a FAT filesystem. Try the 3.0.20 pre-release, the
bug is fixed there.
Or, alternatively (no way you'd get me onto a Samba pre-release) OP
could apply the patch (attached) you yourself gave on 7-04-05 and which
works for our sites on 3.0.14a.
Best,
--Tonni
--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl
--- smbd/dir.c 2005-03-23 12:30:27.0 -0800
+++ /home/jeremy/src/samba3.0/source/smbd/dir.c 2005-04-06 18:57:46.157484483
-0700
@@ -602,7 +603,7 @@
return False;
}
- while (SearchDir(dptr-dir_hnd, name, poffset) == True) {
+ if (SearchDir(dptr-dir_hnd, name, poffset)) {
if (is_visible_file(dptr-conn, dptr-path, name, pst, True)) {
return True;
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tracking down a Samba problem under load
tir, 21.06.2005 kl. 21.12 skrev [EMAIL PROTECTED]: We use Samba as an interop file sharing solution for the ClearCase version control system. Unfortunately we have run into a problem after a recent upgrade to RedHat Enterprise 3. This problem occurs both with the RedHat included 3.0.9-1.3E.3, and a custom compile of the latest 3.0.14a direct from Samba. The symptoms are: under high load, such as during a build, new samba processes will spawn, but not respond. A ps list shows many smbd processes active, but no new connections can be established. Older connections seem to still function ok. Shutting down samba via the standard RedHat method service smb stop only kills the older processes, and the new non-responding ones must be kill -9'd to get them to terminate. Base level logging tells me nothing, and turning up the debug level just gets more of the same, but I'm not extremely well versed in what I'd be looking for to isolate the problem. I have seen a few panic's in the log, usually one or two per day, but the not responding problem doesn't seem to coincide with any of those. My basic problem is, I don't have any way of figuring out where the problem lies, and what to submit as a bug. Any pointers in that direction would be very helpful. Did you install binary rpms? If so, try to build and install the 3.0.14a srpm (source code in the BUILD directory should be patched with the 3.0.14a anti-spin patch). The reason I write this is, that we have no problems with the srpm on a moderately loaded (30-40 w2k workstations) RHAS3 server. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow logon with samba
man, 20.06.2005 kl. 13.23 skrev Ross McInnes: Everything has been running great, untill 2 weeks ago when I applied redhat errata including a new kernel. (done it loads of times before) Rebooted and all seemed ok (it was half term for me, so maybe 20 users in at the very most) It wasn't until last week people started to complain about how long it was taking to log in. unfortunatly everytime I tried it went in straight away. Pure interest: Was this RHEL/RHAS 3 or 4? I din a RHAS3 up2date including new kernel on a Samba 3.0.14a server and no-one's complained yet ... generally around 30-40 logged-in w2k workstations. --Tonni -- The only way I can replicate this is thus; 1st time logon in the morning, any username, takes between 2-3 mins to login. If I log in again straight away it goes in fine. Also im getting curious errors and delays opening up files. Again not all the time, but every now and then. Ive captured level 3 logs of when a user has logged on, what seems to happen is all the initial connections happen, then nothing, for a while then all of a sudden it lets them in, very very odd. Any help gratefully received. Ross -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how can a SYSTEM user access domain shares?
fre, 17.06.2005 kl. 11.15 skrev Tomasz Chmielewski: [...] i think that you can use the netlogon script No, you didn't understand the problem (or I described it in a confusing way). Netlogon scripts are executed with permissions of a user that just logons. So if Joe logons, this script will be executed as Joe, and hence, no software installation, as Joe is not privileged enough (he's not a domain administrator for obvious reasons). runas (standard Windows XP/2k)- encryptedrunas. Google for encryptedrunas - it's not freeware, though. It will enable logon scripts using the runas-type commands, with an encrypted system user password, so that other users can't use it. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldapsam, Sun JES Directory Server, Solaris 9
tir, 14.06.2005 kl. 22.57 skrev Jason Signalness: [...] The files /usr/lib/libldap.so and /usr/include/ldap.h ARE PRESENT and /usr/lib is in my LD_LIBRARY_PATH. These are not the libraries/headers from OpenLDAP, but rather from Solaris. Is this a problem? This is indeed a problem. You need the OpenLDAP libraries and headers. I don't know if they're available for Solaris in pkg form, but the source installs out of the box into /usr/local, so shouldn't conflict with the Solaris stuff. smbd only needs them for client operations; it shouldn't matter what LDAP server you use (as long as the schema is included, of course). Also, a truss on an execution of the resulting smbd indicates that smbd is looking for /opt/btifs/samba/lib/pdb/ldapsam.so, which is NOT there. I don't have an ldapsam.so anywhere on my RHAS3 Linux machine. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] YASQ
ons, 15.06.2005 kl. 04.21 skrev Joe Cipale:
Using Fedora Core 2, I have edited/created my swat file, restarted the
xinetd service,
but when I attempt to launch SWAT using local host, I get the following
message:
The connection was refused trying to contact localhost:901
ANy ideas?
You didn't change disable = no in /etc/xinetd.d/swat?
--Tonni
Tonni,
SOrry I didnt get back to you. Here is my swat config file:
service swat
{
port = 901
socket_type = stream
wait = no
only_from= 127.0.0.1
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = yes
}
Do you notice disable above? You've told xinetd to disable Swat. Set
this to no and HUP xinetd.
Please don't reply to me privately, reply to the list - others might
gain from this.
Best,
--Tonni
--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Solution to smbldap-tools not adding sambaSAMAccount
ons, 15.06.2005 kl. 21.53 skrev Ryan Braun:
Now the problem was that the nss_ldap library was searching in Users only,
and apparently the samba server needs to be able to resolve the Computers
tree aswell to add the sambaSAMAccount objectclass.
rant
I don't want to upset you unduly, but nss has nothing to do with this
and it's not necessary to have the computers dn under the users dn to
make things work. It's all those /@¥{# idealx scripts and peoples'
basic ignorance of how LDAP works at all that fsck up the otherwise
brilliant Samba daemon, ldapsam and command line utilities.How on earth
something so banal as the idealx scripts can have been packaged together
with these brilliant utilities stupefies me.
At my site (3.0.14a) I have masses (5) of different user dns in
different places in my tree, goodness knows how many group dns and a
single computers dn way down deep in the tree, far apart from the users.
The basic Samba utilities (smbd, ldapsam, smbpasswd, pdbedit) can cope
with all of these just fine. But I don't use the idealx scripts, I use
my own awk script to make the initial custom posixAccounts (have to have
masses of special stuff that the idealx scripts have never heard of) and
shell scripts for administering the rest of the Samba stuff.
It's the way the Samba people treat LDAP, as if it were a breeding
ground for morons. LDAP is a never-empty Pandora's box, that is there
for a totally different purpose than that to which the samba people
allude. It is the basis of a network-wide authentication system that
should be installed and understood long before one has even begun to
think about Samba or any other service whatsoever. I realize that the
Samba people have attempted to, and largely attained, the aim of
supplying an out-of-the box solution for averagely intelligent
Windows-minded people (the Samba people have written this themselves),
but it would perhaps be as well if they drew peoples' attention to the
importance of, and wealth of possibilities of, LDAP as a basic sovereign
multi-OS, multi-vendor service on which Samba is dependent, rather than
the idea they convey at the moment that it is some kind of an add-on
purely present to satisfy samba's needs.
/rant
(Now my new problem to follow in the next message :P )
Well, that was my problem.
Best,
--Tonni
--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming Profile Question
tir, 14.06.2005 kl. 17.02 skrev Mark Sarria: I agree this is a desktop.ini, just search for all the desktop.ini in your profile and delete it; this should stop this notepad message from popping up. Unfortunately it will happen to all new users who login; I have not found a way to get rid of that, my solution was to create a mandatory profile. And 'hide files = /desktop.ini/' didn't help? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldapsam, Sun JES Directory Server, Solaris 9
tir, 14.06.2005 kl. 17.47 skrev Jason Signalness: Help!! I'm struggling with ldapsam. I'm trying to configure Samba to use our LDAP directory (Sun's directory server) for the storage of Samba user accounts. It already stores our unix system accounts. I have successfully imported the schema file into our directory server and have compiled samba with the --prefix=/opt/btifs/samba --with-ldapsam options. I did not notice any errors during compile. When I go to start Samba (smbd -D), the daemon dies quickly and this error is written to the log: smbd version 3.0.14a started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/06/14 09:09:02, 0] passdb/pdb_interface.c:make_pdb_methods_name(721) No builtin nor plugin backend for ldapsam_compat found [2005/06/14 09:09:02, 1] passdb/pdb_interface.c:make_pdb_context_list(825) Loading ldapsam_compat failed! Here is my smb.conf file: [global] workgroup = BTIWG1 netbios name = FS1V encrypt passwords = Yes allow trusted domains = No log level = 1 guest account = nobody map to guest = Bad User # passdb backend = ldapsam:ldap://ce.btinet.net # ldap admin dn = cn=Directory Manager # ldap suffix = ou=People,o=tildebob.com,o=usergroups Why did you comment out all the stuff you need? Even if you hadn't, your ldap admin dn = cn=Directory Manager wouldn't work, it's not qualified with the rest of the suffix. Also, the ldap suffix is probably wrong. In fact, your whole DIT is probably incorrectly implemented :( You'd also be missing the machine, group and user suffixes, unless they're under the ldap suffix. --Tonni -- [btifs] path = /opt/btifs read only = No browseable = No hosts allow = . . . hosts deny = ALL guest ok = no Do I need to install some client libraries for this to work? Or did the compilation not work as expected? Any hints or suggestions would be a great help! Thanks, -- Jason, Systems Administrator Basin Telecommunications, Inc. -- -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldapsam, Sun JES Directory Server, Solaris 9
tir, 14.06.2005 kl. 20.14 skrev Jason Signalness:
[...]
I commented out the three lines to see if the error went away. It did
not. smbd dies no matter what is in the smb.conf file, as far as I can
tell.
I realize those options are likely not exactly what is needed. I'm
trying to find better (than the man page or Ch. 10 in the HOWTO)
documentation on what the various smb.conf ldap directives do. If you
know of any, please point them out.
What is the base dn (rootdn, according to slapd.conf) of your directory
tree (DIT)? What you have posted is not good, you could better begin by
setting up a tree as in the OpenLDAP Admin Guide(s) at www.openldap.org.
What you have indicates (doesn't prove) that you don't know what you're
doing.
That's the first step :)
I suggest that you use a suffix of dc=tildebob,dc=com for the suffix (if
that domain belongs to you, otherwise use a more private suffix).
As rootdn: cn=manager,dc=tildebob,dc=com, password secret.
That you stop slapd and rm * the contents of your ldap base directory.
Thtat you start slapd (however you do that). Actually the slapd user
should be a non-privileged user whom you've already put into
/etc/passwd, together with his group.
That you then add your base dn, your organization and cn=manager ldif as
described in the OL admin guide for quick start, *adapting the ldif to
your actual suffix*. (Otherwise it can't possibly work).
After that *works* - test with ldapsearch -x, ('man ldapsearch'), you
adapt your smb.conf
# passdb backend = ldapsam:ldap://ce.btinet.net
# ldap admin dn = cn=Directory Manager
# ldap suffix = ou=People,o=tildebob.com,o=usergroups
to the new parameters.
After that, you have to read and follow to the letter the Samba HOWTO
docs further as to employing the idealx scripts. These should always be
the latest version, regardless of your Samba version.
Whatever: LDAP comes first, get that working first, without Samba or
anything else.
--Tonni
--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: Re: Problems with testing Openldapservertelnetlocalhost 389
fre, 10.06.2005 kl. 12.25 skrev Andreas Bauer: But I need smbpasswd accounts? Tony Earnshaw schrieb All the accounts go into LDAP. All users, machines, groups, are in LDAP. Nothing should go into /etc/passwd. I do not mean in /etc/passwd, but create an account like smbpasswd -a -u user in /etc/samba/ or with pdbedit -a -u user. Because, I need a password to log in as a LDAPuser from my windows client in LDAP Server. It depends on whether you're using the idealx scripts or not. I use my own and use smbpasswd -a for adding Samba users to already existing posixAccounts - the posixAccounts have to exist first. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: Problems with testing Openldapserver telnetlocalhost 389
fre, 10.06.2005 kl. 03.19 skrev Andreas Bauer: Tony Earnshaw: Have I also to create an admin account in passwd? No. /etc/passwd has nothing to do with what you're doing with LDAP. But I need smbpasswd accounts? All the accounts go into LDAP. All users, machines, groups, are in LDAP. Nothing should go into /etc/passwd. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] W2K printer problem
fre, 10.06.2005 kl. 06.32 skrev Joe Cipale: I am getting the following prblem from my Winblows printer. Using the CUPS printer Config tool, the printer can be setup as a smb://host_name/printer When I attempt to send a test page, I get the following message: Description: Brother LaserJet Location: royal Printer State: processing, accepting jobs. Unable to connect to SAMBA host, will retry in 60 seconds...ERROR: Connection failed with error NT_STATUS_ACCESS_DENIED Device URI: smb://royal/lsj I have the printer setup to accept sharing on the WIndows host(royal), I have the permissions set to allow everyone to print/manage printers/print jobs This is a small, 3 workstation network at home. Nothing fancy. This is the one item that CONTINUES to drive me up the g**damn wall (printing to windows...) A wee bit of help, please? Simply set up the cups printer as a normal Unix printer (such that you can always print from that machine), following the instructions in the Samba docs to enable raw printing. In fact, following the docs for setting up the printer is a pre. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] YASQ
fre, 10.06.2005 kl. 06.35 skrev Joe Cipale: Using Fedora Core 2, I have edited/created my swat file, restarted the xinetd service, but when I attempt to launch SWAT using local host, I get the following message: The connection was refused trying to contact localhost:901 ANy ideas? You didn't change disable = no in /etc/xinetd.d/swat? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: Problems with testing Openldapserver telnetlocalhost 389
tor, 09.06.2005 kl. 03.25 skrev Andreas Bauer:
I have done your advices, no result, the same errors:
amd:/etc/samba # /usr/bin/ldapadd -h 127.0.0.1 -D
cn=admin,dc=samba,dc=junits -x -W -f /etc/openldap/example.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Btw, if I restart my slapd Dmon, I get in the logfile, that slapd
stopped? - last part of log
my logs, slapd.conf, example.ldif, smb.conf.
ldaplogs:
sldap starting:
Jun 9 02:35:01 amd slapd[4373]: @(#) $OpenLDAP: slapd 2.2.15 (Jan 26 2005
16:34:33) $
[EMAIL PROTECTED]:/usr/src/packages/BUILD/openldap-2.2.15/servers/slapd
Jun 9 02:35:01 amd slapd[4373]: bdb_initialize: Sleepycat Software:
Berkeley DB 4.2.52: (October 5, 2004)
Jun 9 02:35:01 amd slapd[4374]: slapd starting
/usr/bin/ldapadd -h 127.0.0.1 -D cn=admin,dc=samba,dc=junits -x -W -f
/etc/openldap/example.ldif:
Jun 9 02:35:16 amd slapd[4374]: conn=0 fd=10 ACCEPT from IP=127.0.0.1:32771
(IP=0.0.0.0:389)
Jun 9 02:35:16 amd slapd[4374]: conn=0 op=0 BIND
dn=cn=admin,dc=samba,dc=junits method=128
Jun 9 02:35:16 amd slapd[4374]: conn=0 op=0 RESULT tag=97 err=49 text=
Jun 9 02:35:16 amd slapd[4374]: conn=0 fd=10 closed
/usr/bin/ldapadd -h 127.0.0.1 -D cn=admin,dc=samba,dc=junits -x -W -f
/etc/openldap/example.ldif
Jun 9 02:35:31 amd slapd[4374]: conn=1 fd=10 ACCEPT from IP=127.0.0.1:32772
(IP=0.0.0.0:389)
Jun 9 02:35:31 amd slapd[4374]: conn=1 op=0 BIND
dn=cn=admin,dc=samba,dc=junits method=128
Jun 9 02:35:31 amd slapd[4374]: conn=1 op=0 RESULT tag=97 err=49 text=
Jun 9 02:35:31 amd slapd[4374]: conn=1 fd=10 closed
/usr/bin/ldapadd -h 127.0.0.1 -D cn=admin,dc=samba,dc=junits -x -W -f
/etc/openldap/example.ldif
Jun 9 02:35:41 amd slapd[4374]: conn=2 fd=10 ACCEPT from IP=127.0.0.1:32773
(IP=0.0.0.0:389)
Jun 9 02:35:41 amd slapd[4374]: conn=2 op=0 BIND
dn=cn=admin,dc=samba,dc=junits method=128
Jun 9 02:35:41 amd slapd[4374]: conn=2 op=0 RESULT tag=97 err=49 text=
Jun 9 02:35:41 amd slapd[4374]: conn=2 fd=10 closed
Jun 9 02:35:45 amd slapd[4374]: conn=3 fd=10 ACCEPT from IP=127.0.0.1:32774
(IP=0.0.0.0:389)
Jun 9 02:35:45 amd slapd[4374]: conn=3 op=0 BIND
dn=cn=admin,dc=samba,dc=junits method=128
Jun 9 02:35:45 amd slapd[4374]: conn=3 op=0 RESULT tag=97 err=53
text=unauthenticated bind (DN with no password) disallowed
Jun 9 02:35:45 amd slapd[4374]: conn=3 fd=10 closed
slapd restarting:
Jun 9 02:41:01 amd slapd[4385]: @(#) $OpenLDAP: slapd 2.2.15 (Jan 26 2005
16:34:33) $ [EMAIL PROTECTED]:/usr/src/packages/BUILD/openldap-
2.2.15/servers/slapd
Jun 9 02:41:01 amd slapd[4385]: daemon: bind(8) failed errno=98 (Address
already in use)
Jun 9 02:41:01 amd slapd[4385]: daemon: bind(8) failed errno=98 (Address
already in use)
There's already a slapd daemon running on this port. Kill it and then
restart slapd.
--Tonni
--
Jun 9 02:41:01 amd slapd[4385]: slapd stopped.
Jun 9 02:41:01 amd slapd[4385]: connections_destroy: nothing to destroy.
Now here are my slapd.conf, example.ldif, smb.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
#include/etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/yast.schema
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args
loglevel256
databaseldbm
suffixdc=samba,dc=junits
#rootdn cn=admin,dc=samba,dc=junits
#rootpw {SSHA}nPsYXB7JNQ3KTuZatGCnmkCr2sDJH2dU
#rootpw secret
directory /var/lib/ldap
cachesize 4
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSIDeq
index sambaPrimaryGroupSIDeq
index sambaDomainName eq
index objectClass pres,eq
index default sub
#access to dn=.dc=samba,dc=junits
# by self write
# by * read
access to dn.subtree=dc=samba,dc=junits attrs=cn
by * =cs break
access to attr=userPassword
by self write
by anonymous auth
by dn.base=cn=admin,dc=samba,dc=junits write
by * none
access to *
by self write
by dn.base=cn=admin,dc=samba,dc=junits write
by * read
example.ldif:
dn: dc=samba,dc=junits
objectclass: dcObject
objectclass: organization
o: andreas
dc: samba
dn: cn=admin,dc=samba,dc=junits
objectclass: organizationalRole
cn: admin
smb.conf:
[global]
workgroup = andreas
netbios name = amd
# server string =amd
encrypt passwords = yes
username map = /etc/samba/smbusers
update encrypted = yes
unix
Re: [Samba] Re: Problems with testing Openldapserver telnet localhost 389
ons, 08.06.2005 kl. 03.40 skrev Andreas Bauer: [...] amd:/etc/samba # /usr/bin/ldapadd -h 127.0.0.1 -D cn=admin,dc=samba,dc=junits -x -W -f /etc/openldap/example.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) I took the rootpw secret. I did an account for admin, too with: smbpasswd -w secret. I created also an rootpw with slappasswd. Have I also to create an admin account in passwd? No. /etc/passwd has nothing to do with what you're doing with LDAP. After googlen, there must be a syntax error(ldap_bind: Invalid credentials (49))? Error 49 (invalid credentials) means that the LDAP user and password combination you gave is wrong. I created a simple example.ldif file: You have to add the first admin user using the rootdn and rootpw in slapd.conf. You have to give the admin user sufficient rights, using carefully chosen ACLS, to do anything with anything in the LDAP DIT. You haven't done any of this. When the admin user has all of these rights, you can comment out (or delete) the rootdn and rootpw lines in slapd.conf. dn: dc=samba,dc=junits objectclass: dcObject objectclass: organization o: Example Company dc: samba dn: cn=admin,dc=samba,dc=junits objectclass: organizationalRole cn: admin slapd.conf: databaseldbm suffix dc=samba,dc=junits rootdn cn=admin,dc=samba,dc=junits rootpwsecret directory /var/lib/ldap cachesize 4 dbcache 6000 index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index objectClass pres,eq index default sub access to dn.subtree=dc=samba,dc=junits attrs=cn by * =cs break This ACL is *not* going to work. Use the ACL given in slapd.conf.default. As a start, but the following is better to begin with (taken from the OL Admin Guide): 24.access to attr=userPassword 25.by self write 26.by anonymous auth 27.by dn.base=cn=Admin,dc=example,dc=com write 28.by * none 29.access to * 30.by self write 31.by dn.base=cn=Admin,dc=example,dc=com write 32.by * read --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problems with testing Openldapserver telnet localhost 389
tir, 07.06.2005 kl. 01.45 skrev Andreas: amd:~ # telnet localhost 389 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Trying ::1... telnet: connect to address ::1: Connection refused slapd is not running, check your logs. --Tonni I didn't found any logfile about openldap in my /etc/openldap folder and over files searching in the konqueror. Thats my openldap folder: slapd will output to logfacility local4. By default that will go to syslog, under Linux that's /var/log/messages. Many people edit syslog.conf to output local4 logging to another file - I use /var/log/slapd.log. How to do this: man syslog.conf, edit syslog.conf to output to a new log, kill -HUP syslogd. slapd logs at loglevel 256, which should go far in telling you why slapd is not running. --Tonni amd:/etc/openldap # ls DomainAdmins.ldif DomainUsers.ldif ldap.conf.default schema slapd.conf.default .. DomainGuests.ldif ldap.conf nobody.ldifslapd.conf structure.ldif I think, he is not complete? So, I donwloaded openldap-2.2.26.tgz, unpacked it, openldap-2.2.26, ./configure OK, without configure: error: BDB/HDB: BerkeleyDB not available, but make depend or make not: amd:/openldap-2.2.24 # make make: *** No targets specified and no makefile found. Stop There were the same errors at three other versions, downloaded .tgzs: stable, release, 2.2.26 versions. In my apache logfile, I have other errormessages, Is there a hardwarefault? /usr/local/apache2/logs/error_log: [Mon Jun 06 00:05:24 2005] [notice] child pid 5055 exit signal Segmentation fault (11) [Mon Jun 06 00:05:25 2005] [notice] child pid 5056 exit signal Segmentation fault (11) [Mon Jun 06 00:05:25 2005] [notice] child pid 5057 exit signal Segmentation fault (11) Best regards and many thanks Andreas -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] updating samba via rpm
tir, 07.06.2005 kl. 22.51 skrev Stuart Highlander: current status: samba pdc running samba 3.0.10-1.fc3 on fedora core 3 on a dell server. clients are windows 2000 pro workstations. authentication is via tdbsam. pretty vanilla setup. no active directory, ldap, winbind, etc. i have downloaded the rpm's from samba.org for current stable release samba 3.0.14a-1. usually i perform upgrades to samba server using rpm -Fvh samba-*, with this set of rpm's the update does not run using the rpm -Fvh command. i do recall list traffic that did not recommend upgrading this way, but have not had any problems in the past doing it this way. could someone steer me to documentation that would help me upgrade the samba software via rpm? I don't have Fedora, I have RHAS3 at the moment. The samba.org srpm installs fine on RHAS3. But ... You need to read up on rpmbuild and practice using it. rpmbuild --rebuild package.srpm gives me a vanilla binary rpm package in my /usr/src/redhat/RPM/i386 directory, that I can install with rpm. This assumes I have installed all compiler and development support in advance. However, I'm not satisfied with a vanilla rpm, I want to change compile configure options. So I do rpm -ivh package.srpm, go to /usr/src/redhat/SPECS, edit the spec file I've just installed, go back to the package directory and do rpm -bb /usr/src/redhat/SPECS/samba.spec and I get a custom rpm in /usr/src/redhat/RPM/i386, which I can then install with rpm -Uvh. Sounds daunting, but it isn't really, if one's used to compiling source code (which one should be ;) The samba.org srpms give less trouble than many other srpms, hats off to the maintainers. --Tonni i have downloaded and read the samba pdf manuls by john terpstra, jelmer vernooij, and jerry carter (excellent reading), but did not find my specific issue. -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with userPassword when it's base64 encoded
tir, 07.06.2005 kl. 23.02 skrev Sævaldur Gunnarsson:
I'm switching from OpenLDAP to the newly released Fedora Directory
Server (formely known as the Netscape Directory Server) as a LDAP
backend for my Samba domain.
I'm now faced with a problem regarding how Fedora DS handles the
userPassword field.
Unlike OpenLDAP it encodes it in base64 so instead of reading
userPassword: {SSHA}0lP+r3Z1NVan7Caf4CG9oSgnTbQRrv/p
it reads:
userPassword:: e1NTSEF9MGxQK3IzWjFOVmFuN0NhZjRDRzlvU2duVGJRUnJ2L3A=
I'd say that your problem lies with the Fedora people - I can't see
Samba 3 being changed, though Samba 4 is is still in the melting pot and
this will give the developers something else to chew on. There's an
active thread on Fedora Directory Server on ldap OpenLDAP
interoperability list [EMAIL PROTECTED] at the moment, and I'm
sure that [EMAIL PROTECTED] would be interested in your
findings. However, since it's only Fedora of the Linux fraternity that
has Directory Server, and Fedora itself says that it's far from being
able to open source the code at the moment, it's possible that your cry
will fall on deaf ears.
--Tonni
--
Samba apparently does not like this because when I try to change the
password using the ctrl+alt+del - Change Password method I get the
following error in samba.log (with log level = passdb:5)
-- cut here --
[2005/06/07 19:27:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: gg
[2005/06/07 19:27:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: gg
[2005/06/07 19:27:45, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1704)
ldapsam_update_sam_account: user gg to be modified has dn:
uid=gg,ou=People,dc=kung,dc=foo
[2005/06/07 19:27:45, 2] passdb/pdb_ldap.c:init_ldap_from_sam(893)
init_ldap_from_sam: Setting entry for user: gg
[2005/06/07 19:27:45, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1587)
ldapsam_modify_entry: LDAP Password could not be changed for user gg:
Unknown error
Current passwd must be supplied by the user.
[2005/06/07 19:27:45, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1731)
ldapsam_update_sam_account: failed to modify user with uid = gg,
error: Current passwd must be supplied by the user.
(Success)
[2005/06/07 19:27:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: gg
[2005/06/07 19:27:45, 0] libsmb/smbencrypt.c:decode_pw_buffer(539)
decode_pw_buffer: incorrect password length (-988553355).
[2005/06/07 19:27:45, 0] libsmb/smbencrypt.c:decode_pw_buffer(540)
decode_pw_buffer: check that 'encrypt passwords = yes'
-- cut here --
And a dialog from Windows that says:
The User name or old password is incorrect. Letters in passwords must
be typed using the correct case.
The SambaNTPassword and SambaLMPassword entries change, but the
userPassword entry does not.
I'm using the ldap passwd sync = Yes option in my smb.conf since the
LDAP server is used for Linux authentication as well as Samba
authentication.
However, if I use the smbldap-passwd utility everything works like a charm.
Both the SambaLMPassword/SambaNTPassword and userPassword entries are
changed.
If the ldap passwd sync option is set to No in the smb.conf then Windows
does not complain when I use ctrl+alt+del method, but then of course the
userPassword entry is not modified.
The samba server is a RHEL4 machine with samba-3.0.10-1.4E and
fedora-ds-7.1-2.RHEL4.
Output from ldapsearch of the user gg:
--cut here --
kung.foo.is /opt/fedora-ds/slapd-palladium/config/schema# ldapsearch -x
-ZZ -D uid=gg,ou=People,dc=kung,dc=foo -W uid=gg userPassword
SambaLMPassword SambaNTPassword
Enter LDAP Password:
# gg, People, kung.foo
dn: uid=gg,ou=People,dc=kung,dc=foo
userPassword:: e1NTSEF9OEZaWTRMZFlpMWYxb0E1WWdEdy8raC9SbXkwbUVleU8=
SambaLMPassword: 7B9FBD79429286DBAAD3B435B51404EE
SambaNTPassword: 2352D5C13878770724EA84A32EFCD485
--cut here--
Advise of how to correct this are greatly appreciated.
--
Sævaldur Gunnarsson _ RHCE /
--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with testing Openldapserver telnet localhost 389
søn, 05.06.2005 kl. 23.58 skrev Andreas: Server Starting is ok: no errormessage: /usr/lib/openldap/slapd restart But Testing, not: amd:~ # telnet localhost 389 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Trying ::1... telnet: connect to address ::1: Connection refused slapd is not running, check your logs. --Tonni amd:/usr/lib/openldap # ps -agx | grep lapd Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html 4788 pts/2S+ 0:00 grep lapd my sldap.conf: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/yast.schema include /etc/openldap/schema/nis.schemas pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args databaseldbm suffix dc=samba,dc=junits rootdn cn=admin,dc=samba,dc=junits rootpw secret directory /var/lib/ldap cachesize 4 dbcache 6000 index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index objectClass pres,eq index rid,primaryGroupID eq index default sub access to dn=.dc=samba,dc=junits by self write by *read Best regards and many thanks Andreas -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl !DSPAM:42a3913410226281716564! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
fre, 03.06.2005 kl. 11.19 skrev Ross McInnes: Heh. Well I see the Administrator and Domain Admins and Everyone bits Nothing about adding the user ross to it. Also when I try and add another person, it still comes up access denied :/ I'm afraid at this point I can't help you any more. At this stage you should have a full list of users and groups - sounds as if your basic Samba config isn't right, somehow :( --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AttributeType not found: gidNumber errormessage - SuSE 9.2
fre, 03.06.2005 kl. 12.12 skrev Andreas: I'm geting errormessage, when I start sldap on commandoline: amd:/usr/lib/openldap # /usr/lib/openldap/slapd /etc/openldap/schema/samba.schema: line 432: AttributeType not found: gidNumber I think, I must create a new group with a gid. But is the groupname sambaGroupMapping? No. Forget the above ;) [...] my slapd.conf: # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/yast.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/yast.schema Simply add: include /etc/openldap/schema/nis.schema to the above and restart slapd. nis.schema includes a lot of other stuff you have to have for your users' and machines' posixAccount information. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AttributeType not found: gidNumber errormessage - SuSE 9.2
fre, 03.06.2005 kl. 15.41 skrev Gerald (Jerry) Carter: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tony Earnshaw wrote: |include /etc/openldap/schema/core.schema |include /etc/openldap/schema/cosine.schema |include /etc/openldap/schema/yast.schema |include /etc/openldap/schema/inetorgperson.schema |include /etc/openldap/schema/samba.schema |include /etc/openldap/schema/rfc2307bis.schema |include /etc/openldap/schema/yast.schema | | Simply add: | include /etc/openldap/schema/nis.schema | to the above and restart slapd. | | nis.schema includes a lot of other stuff you have | to have for your users' and machines' | posixAccount information. actually, just move the rfc2307bis.schema to be included before samba.schema and it should fix the problem. Correct. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Password Expiry Date
tor, 02.06.2005 kl. 10.17 skrev Hiu Yen Onn: [...] i prompt in the pdbedit -P maximum password age. it yields to me this account policy value for maximum password age is 4294967295 what is the digits means to me?? how can i make use of it??? thanks 'convdate -c 4294967295' --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tor, 02.06.2005 kl. 11.08 skrev Ross McInnes: I think acl's are working. But it doesnt work from windows. I also get an error message with setfacl. Is there an easy way to tell if ACL is enabled in the kernel? I know ive put in the right syntax in /etc/fstab You're running RHEL3. RHAS3 has native POSIX ACL support, so RHEL3 should have, too. And samba is compiled with acl support. Do 'ldd /path/to/smbd-binary'. You should see both: libattr.so.1 = /lib/libattr.so.1 (0x00387000) and libacl.so.1 = /lib/libacl.so.1 (0x00716000) or suchlike. what does 'mount' show you for the partition for which you think you have ACL support? E.g., on my test rig: /dev/hda10 on /m type ext3 (rw,acl,user_xattr) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tor, 02.06.2005 kl. 12.34 skrev Ross McInnes: [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep attr libattr.so.1 = /lib/libattr.so.1 (0xb74ec000) [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep acl libacl.so.1 = /lib/libacl.so.1 (0xb74e6000) /dev/sdb1 on /export/1 type ext3 (rw,acl,user_xattr) /dev/sdc1 on /export/2 type ext3 (rw,acl,user_xattr) Is what I get :/ Still cannot add another user to a file/directory cd /lib/modules/2.4.21-20.EL/kernel/fs/ext3 grep -i acl ext3.o Binary file ext3.o matches or strings ext3.o | less search for acl: system.posix_acl_access system.posix_acl_default ext3_xattr_set_acl Please do at least CC the samba list. I'd far rather answer there, and others can help you - not just me. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tor, 02.06.2005 kl. 13.55 skrev Ross McInnes: Yeah sorry about that, replied to all this time :) No sweat :) All of those returned positive, so from that I can assume that its running acl/xattr? Well, that's what I have; in short, you have all that I have. But then I can't understand that you're getting errors with setfacl, let alone Windows. Check your syntax, use the examples in 'man setfacl'. As for Samba, you don't have 'nt acl support = no' in smb.conf? Naaaeh :) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tor, 02.06.2005 kl. 15.46 skrev Ross McInnes: Ah... I can use setfacl setfacl -m user:ross:rwx crap Getfacl shows that ross has rwx perms too. However, its not reported back into windows, i.e security permissions for the file crap still shows administrator/domain admins :/ also when I try and add another user, still nothing. But progress! Ok. Now for the last attempt: right click on file crap, security tab, advanced button, try it from one of the tabs there (I've fscked my only Win XP Pro test m/c here, so can't try it for you). --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbclient hangs
ons, 01.06.2005 kl. 01.26 skrev Jeremy Allison: On Mon, May 30, 2005 at 05:09:15PM +0200, Mair Wolfgang-awm013 wrote: Hello, I'm having problems with using smbclient on a win2k share. The server runs samba 3.0.14a on Solaris 9. I want to tar the whole directory of a share. Into a file on the server What I found out so far is, that it works until a maximum file count of 35. It is not size dependant but if the file count in that share exceeds more than 35 the smbclient hangs for ever and with the time is consuming up all the available memory. Until the server hangs as well due to a lack of memory space. Any ideas would be greatly appreciated. This is probably the infinate spin reading directories bug which we've fixed in SVN. Try this patch for 3.0.14a. FWIW this patch fixed exactly the same problem as OP's that I had with 3.0.14a/RHAS3. I posted this, can't find my original posting to quote. Many thanks for the patch. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
ons, 01.06.2005 kl. 16.43 skrev Ross McInnes: Thanks for the replies etc but the issue isnt actually an ACL one. (of sorts) Ah. O.k. I can change permissions on the users/group already assigned to the directory/file, i.e if its already owned by Administrator and Domain Admins, but I cannot replace them. i.e as Administrator I cannot remove the user administrator and put in ross instead, which is what I need to do. If you are using POSIX ACLs, then what you can do from Windows is what you can do with 'setfacl'. setfacl doesn't make it possible to change ownerships. Or even add ross to it. From Windows, again iIf you are using POSIX ACLs, you will be able to add ross to it. If ACLs aren't working, then you can't. Ive tried doing the net -S Server -UAdministrator rpc rights grant 'DEV-DOMAIN\Administrator' SeTakeOwnershipPrivilege to no avail. Is this a support function? As john had pointed out on a *nix system root can do anything. :) To prove this, on my current production system I logged on to a share as root, I could change permissions etc nps. This system however uses standard passwd/smbpasswd and not the AD im trying to implement. Any more thoughts or sugestions gratefully received, else it may be that I have to look at a pure windows environment :/ --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Windows ACL Issue
tir, 31.05.2005 kl. 12.46 skrev Ross McInnes: Heh ok im now very very confused. Ill re state my problem, and then can someone tell me if its an ACL issue or not :) Basically I have a w2k3 domain, and samba 3.0.14a Member service. Samba is basically a FileStore. Its all configured fine (i.e I can log onto the w2k3 domain, and map my home drive to samba nps) User accounts have to be managed/create on windows (since doing it on the *nix machine just doesnt work, cant set homedir, if its enabled etc) Problem is that the script that does the user account creation needs to change the permissions on the home directory it just created. Thats when I get a permission denied error. Thats using cacls.exe or using the GUI. Even tho administrator is the owner, he cannot change the grp or add another user etc. The above's all a bit vague (I don't know why a Samba root preexec script shouldn't do what you want abov); however: getfacl/setfacl -rw-r--r--1 root root0 May 27 13:23 crap [EMAIL PROTECTED] 2005]# getfacl crap # file: crap # owner: root # group: root user::rw- group::r-- other::r-- [EMAIL PROTECTED] 2005]# setfacl -m crap -R group:students:rwx setfacl: Option -m: Invalid argument near character 1 You haven't ACL support on the mounted filesystem. If I chown Administrator:Domain Users crap I can see the file, but as stated before, cannot change the permissions. You could if you did it as the file owner in Windows and the Samba filesystem really had ACL support, since smbd is running as root and Bruno Guerreiro told you how to remount without a reboot. JHT already told you what to change in /etc/fstab. Is this an ACL/FileSystem issue? Or something else? Likely ACL. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind - nsswitch.conf - SLES9
fre, 27.05.2005 kl. 14.28 skrev PIGNOL, Christian: After installing Samba (3.0.4) Winbind on a SLES9 server , configuring them and register my server into the windows domain (wtih net join command) ... everything seems working fine . getent group getent passwd wbinfo -m wbinfo -u wbinfo -g ... OK OK OK So ... I put the following lines into the /etc/nsswitch.conf : passwd: files winbind shadow: files winbind group: files winbind An after that ... connections (local console or remote telnet-ssh) are very very very slow ... (around 40 minutes) ... but it works ! After applying the SLES9 SP1 (upgrading to samba 3.0.9) it seems to be a little better ! Around 2-4 minutes for a connection ... resolver problems? resolver is libraries that look at /etc/hosts and DNS, amongst other routines; is also configured in nsswitch.conf. --Tonni IfI stop the winbind service or if I put the following lines in the nsswitch.conf passwd: compat group: compat every connection is instanaeous ... Any help would be very appreciated ? Christian PIGNOL -- Notice: This e-mail message, together with any attachments, contains information of Merck Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp Dohme or MSD and in Japan, as Banyu) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. -- -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows ACL Issue
fre, 27.05.2005 kl. 15.20 skrev Ross McInnes: Hi all got a bit of and odd problem with ACL. Ive read up on a few bits in the samba howto and read some threads on here about it. Im not sure if this is a bug, something ive not done, doing wrong etc so anyone that could shed some light on it that would be great. Basically the windows box handles all user account processing and during creating a script for all this it will attempt to change the permissions on the HOME directory to the user in question (i.e C:\cacls Z:\Students\2005\sb05 /G sb05:F /T /E) But I always get Access is denied. Even tho its currently owned by administrator. Trying the manual way, and the ways listed in the offical samba howto guide produces similar results. Sounds as though you don't have POSIX ACLs enabled on the Samba share mount. The only way I can change the owner is to go into linux and use the chown command. After that its set to the correct user and all is well... Except by doing it by hand kinda rains on my lovely automatic user creation script! Samba.log file shows me no errors, as do any of the others. If there a switch/option I need to enable? Below is smb.conf Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode. [...] The OS has ACL support as standard, but it's not enabled by default. What does /etc/fstab look like for the share mount? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows ACL Issue
fre, 27.05.2005 kl. 17.46 skrev John H Terpstra: The fstab below shows that your file systems are NOT mounted with ACL support. To gain ACL support you need: 1. A the ACL and EA functionality in the Linux kernel 2. To mount the file systems with ACL and XATTR support 3. Samba compiled and linked with the ACL and XATTR libraries An example fstab entry to mount a file system with ACL and XATTR support is given here: LABEL=/export/1/export/1 ext3defaults,acl,user_xattr 1 2 Yea! Furthermore, Ross will have to reboot the server after using vi, since an unmount/mount will not be possible. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Storing GPC and GPT
man, 23.05.2005 kl. 01.04 skrev Gabriel Acquistapace: Is possible to store the Group Policy Container (GPC) on a OpenLDAP? Not as far as I know. Is possible to store the Group Policy Template (GPT) on a Samba share? The idea is to manage windows desktop policies using the new Win200x GPOs without using an Active Directory. Any other hints? I (my site) stores the Win 2000 GPO on the netlogon share using the Nitrobit tools (www.nitrobit.com). This shouldn't be confused with poledit, it uses the standard Win 2000 mmc snapins, plus Nitrobit's editor. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba4 openldap
man, 23.05.2005 kl. 17.50 skrev Caleb O'Connell: Is there a change however you can just choose a different datastore in the config file though? so you can choose to use the built in ldap or to just use an openLDAP datastore. The ldap scheme I imagine would stay the same, just the database itself and the ldap program itself ldb samba4 is giong to be using. I was just curious for obvious reasons. There won't be a schema any more. During the weekend I googled for Samba4 docs and subscribed to the tecchie list. What came up was enough to ensure that I'll keep my mouth shut about Samba4 and LDAP until they're there. There will basically probably be a complete LDAP and total database rethink (keyword is ldb). Unless people are *very* familiar with OpenLDAP's (2.2 and 2.3) meta backend and proxy concepts, unless the Samba crew is willing to do it all for one, one'd better forget everything one ever learned about integrating Samba and any present OpenLDAP DSE. The explanations I got from the above were, that time is moving on, NT4 (and therefore 2000) is at end of life, and Microsoft's support can be expected to terminate (or at least quickly ebb out). It's important that Samba fully supports the ADS concept of DC authentication and that's not possible with the present mumble_sam constellation.. Even when that is done, the docs I dug up say that the present state of Samba 4 technology will be where Microsoft was 10 years ago (which would take us back to Windows NT 3.5 and its antiquated technology, men skitt la gå). So either go out digging for docs to find out what is going to overwhelm you, or lie back and be prepared to let it do so ;) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba with win xp home
søn, 22.05.2005 kl. 23.00 skrev Luca Papaleo: I've a fedora core 3 system with following situation 2.6.11-1.14_FC3smp samba-common-3.0.14a-1 samba-3.0.14a-1 samba-client-3.0.14a-1 I have 2 clients win98 and 2 clients winxp home (sp2). I've a client pgm installed on the clients and it seems to work correctly. But if I try to copy few folders from my winxp clients to the shared linux directory after a few of files the copying stop with message similar to the following Error Copying File/Folder It is not possible to copy filename. The given Network Name is no longer available I've tryed with win98 and my winxp pro laptop and it seems to work correctly. Before fedora c3 there was win2000server and hadn't any error in copying. I've updated samba from 3.0.10 to 3.014, I've tryed to change server NIC card, but I couldn't find solution to problem. Purely subjective, but it seems to me that there is an abnormal number of Fedora Core 3 people that are having Windows client stop/start problems with Samba 3. I'm running Samba 3.0.11 on RHAS3 at a client site, IBM eSeries x235 with 2GB RAM, RAID5, with 80+ Windows 2000 Prof workstations and the server runs week in week out with no problems, no reboots, no daemon restarts, everybody can just work, print, whatever. I can't seem to gain much confidence in Fedora as production server OS. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] some cannot join domain
søn, 22.05.2005 kl. 23.59 skrev Chuck Theobald: [...] Any ideas as to where I can look to begin to track this down? I can manually create the machine accounts, but am leary of doing so due to the requirement of having unique SIDs. Samba RIDs are calculated automatically on the basis of posixAccount or account uidNumbers/gid/Numbers and will always be unique. I don't use the idealx scripts for anything, I write my own shell stuff to generate first the posixAccount, then the sambaSamAccount (using smbpasswd). For both users and machinessmbpasswd always guarantees unique RIDs. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba4 openldap
fre, 20.05.2005 kl. 18.02 skrev Caleb O'Connell: I see that samba4 will have it's own LDAP database. Quote your source ;) And exactly what are you inferring? How will the support for OpenLDAP be? If it's any different from Samba 3, there will be one hell of a to do with all previously installed bases. Just imagine ... if anyone knows. Will I have the option to use OpenLDAP still for all the new features so as to be able to use current apps that use OpenLDAP already? If anyone has info regarding this, it would be appreciated. As far as I'm concerned, if Samba suddenly stops working with the site-wide LDAP database that I already use for umpteen other site-wide services, then Samba rots out, not the other services (pam Unix and gdm authentication and login, e-mail, printer quota, etc.) --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
fre, 20.05.2005 kl. 18.43 skrev Misty Stanley-Jones: So do I, awk/sed/shell. I use smbpasswd (amongst other Samba utilities) and I don't have your problem. Don't you know what smbpasswd is? Try 'man smbpasswd' ;) Yes, I know what it is. No, I did not use it. I use LDAP, and I did all of my entries in LDAP directly, skipping the Samba layer. It may have been the wrong way, but it is done and I have a fully running domain that has been running for more than 6 months that way. I do not even use smbpasswd now, but smbldap-tools. To each his own poison ;) I can't use the idealx tools. smbpasswd will do what you want, if you already have posixGroup entries for users, groups and computers. Are you telling me that smbpasswd will change the RIDs for already-existing Samba users? I did not know that. No. If you have added a new LDAP posixAccount with your favorite script (I write my own), OR after you have deleted the sambaSAMAccount objectClass from a combined posixAccount/sambaSAMAccount record, then by running 'smbpasswd -a' on that account you wil get a sambaSAMAccount entry that adds algorithmically calculated SIDs (with RIDs) for that machine or user, based on the uidNumber and gidNumber. These RIDS will be perfectly acceptable across your whole database, but ONLY IF you haven't gone and messed up the database by inserting your own RIDs on the basis of your own whims. If you have done the latter (as you have), then the smbpasswd method can't help you. I get the feeling I have really frustrated you. Sorry. Not really. Background: in February last I had an 1150+ user LDAP posixAccount database (made using an awk script) for other things than Samba. It was completely differently structured than the idealx scripts would have done things. Then I had to migrate from an old NT4 PDC to Samba and decided to use my LDAP database as ldapsam backend. By running a simple shell ldapsearch/smbpasswd script on the database, I made all my posixAccount users into Samba users, with all RIDs calculated automatically, as documented in 'man smbpasswd'. Machines get added with a separate LDAP shell script and smbpasswd, but with correct RIDs. If I seem frustrated, it's only because the whole thing was so damned easy and it works so well, that I'd like for others to be able to understand how brilliant the Samba tools are for implementing custom solutions. Completely independently from any smbldap-tools solution. -Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] run a script with administrator credentials?
fre, 20.05.2005 kl. 19.05 skrev Tomasz Chmielewski: I saw Active Directory a bit today and was impressed with the ease one can manage many Windows workstations with that. Especially I liked the software installation (too bad it can install MSI packages only) and the ability to run custom scripts on the workstations (when the boot up etc.). Is it possible to run a custom script for a given machine when it boots up (that is already joined to the domain), with administrator credentials (for example, to install software)? I don't know about running scripts as a *machine* at logon/boot time, but I've discovered that Windows 2000 and later have an executable called runas, which can run .msi installation programs (using msiexec) with elevated privileges at *user* logon. However, this method introduces so many security risks (password in scripts on the netlogon share, etc) that it probably isn't worth the hassle. I've gone off it, anyway (even though there are doubtful workarounds such as commercial/paid encryptedrunas). I don't have any details to hand right now, but google for msiexec and runas and look in the Microsoft knowledge base. There have been those on this list who've written that they're no Windows experts. Well, I've hated Windows and pushed its tecchie details from me for years, but as soon as one begins with Samba, one bloody well has to become a Windows expert, like it or not. I could rant on, but nuff said. For now it seems to me that it's only possible to run a machine script - %m or a user script - %u with the credentials of a user. No, you can run at elevated privileges. But for me it ain't worth the extra hassle with my machine and user park (respectively 80 and 1150+ at a single site). --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] run a script with administrator credentials?
lør, 21.05.2005 kl. 12.00 skrev Tomasz Chmielewski: Is it possible to run a custom script for a given machine when it boots up (that is already joined to the domain), with administrator credentials (for example, to install software)? I don't know about running scripts as a *machine* at logon/boot time, but I've discovered that Windows 2000 and later have an executable called runas, which can run .msi installation programs (using msiexec) with elevated privileges at *user* logon. I don't have any details to hand right now, but google for msiexec and runas and look in the Microsoft knowledge base. For now it seems to me that it's only possible to run a machine script - %m or a user script - %u with the credentials of a user. No, you can run at elevated privileges. But for me it ain't worth the extra hassle with my machine and user park (respectively 80 and 1150+ at a single site). So how do you distribute software then? Are you really paid to go and click many times to install software on each of these machines? :) I don't administrate the Windows side, I look after the Samba bit. However, Windows 2000 Prof workstations are installed using a Ghost mirror image, most non-native Microsoft applications (OpenOffice.org, Thunderbird, Firefox etc.) are run from a centralized server-based installation and, for example, Nitrobit Group Policy client utility is indeed installed automatically by a single administrator login/logout at each workstation. Centralized server-based utilities are easy to update/upgrade when needed. Think of all the Firefox updates during the last months. It's up to each admin to evaluate which method is best for his site. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba4 openldap
lør, 21.05.2005 kl. 14.46 skrev Andrew Bartlett: if anyone knows. Will I have the option to use OpenLDAP still for all the new features so as to be able to use current apps that use OpenLDAP already? If anyone has info regarding this, it would be appreciated. As far as I'm concerned, if Samba suddenly stops working with the site-wide LDAP database that I already use for umpteen other site-wide services, then Samba rots out, not the other services (pam Unix and gdm authentication and login, e-mail, printer quota, etc.) Discussion about the design of Samba4 is welcome over on the samba- technical list. I'll subscribe and take a look. Samba4 is taking on a very different tack from previous versions, particularly from a database schema perspective (needing to be able to express an generalised LDAP server holding an AD-compatible schema as one interface). My hope is that ideas of schema mapping, and meta directory technologies will be placed behind the 'ldb' pluggable interaface (which currently supports both local db and ldap backends). But I strongly suspect that existing Samba 3.0 LDAP sites will find a migration to an initial Samba4 release quite difficult. It would be good to know in what way ... We will provide migration tools, but if you (rightly) don't want to turn your LDAP directory upside down, it will be hard. I wonder in what way ... That's why I'm talking about schema mapping and metadirectories, we need the directory to look different to different clients. Thanks for taking the time. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
fre, 20.05.2005 kl. 15.42 skrev Misty Stanley-Jones: When I set up my initial users for the Samba domain i did not realize that RIDs were supposed to be dynamic. I was creating the user as a posixAccount in LDAP, and then adding the Samba elements via a script that I wrote. Their RIDs are the same as their UID. For instance if I have a user with uidNumber 1036, her SID would be domain-SID-1036. This is fine except for idmapping for member servers, for ACLs. I have about 30 users with this problem. Is there a non-disruptive way for me to convert their RIDs to be algorithmic based on their UIDs, without destroying their roaming profiles etc? If not I think we will just have to deal with not being able to use ACLs on member servers, but I thought I would query first. To reiterate, we are using a LDAP backend. I use 3.0.11/3.0.14a (2 sites) on RHAS3 and LDAP. When I use smbpasswd -a to add a POSIX group user to Samba, both user and group RIDs are calculated from uidNumber and gidNumber on the basis of a simple algorithm. This is something that smbpasswd just does; moreover it's documented. Why should mine be different from yours? --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
fre, 20.05.2005 kl. 17.13 skrev Misty Stanley-Jones: I use 3.0.11/3.0.14a (2 sites) on RHAS3 and LDAP. When I use smbpasswd -a to add a POSIX group user to Samba, both user and group RIDs are calculated from uidNumber and gidNumber on the basis of a simple algorithm. This is something that smbpasswd just does; moreover it's documented. Why should mine be different from yours It is obviously that I did not use those scripts. What scripts? I wrote my own scripts to create an LDIF. So do I, awk/sed/shell. I use smbpasswd (amongst other Samba utilities) and I don't have your problem. Don't you know what smbpasswd is? Try 'man smbpasswd' ;) I am no Windows admin and simply had no idea that it mattered. It's all fully documented and explained in the Samba doco, all you have to do is read it. The simplest solution would be to change the UIDs but that would put them below 1000. smbpasswd will do what you want, if you already have posixGroup entries for users, groups and computers. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 on SCO Openserver
fre, 20.05.2005 kl. 16.13 skrev [EMAIL PROTECTED]: I'm tryng to compile and install samba 3.0.14a on a SCO Openserver 5.0.6 server (i want to use some shared printers from MS server2003 on a customer network, but with samba SCO ver 2.2, i can't obtain the authorization from the domain controller to use shared resources), but i'm havig a lot of trouble. I had dowloaded samba-3.0.14a.tar.gz fro Samba.org. I had put all the source code in the directory /local/samba, and i have uncompressed and unzipped all the files using gunzip an tar. I have installed the development package (SCO) on my machine so now i have cc. Then i run /local/samba/samba-3.0.14a/source/configure to obtain the Makefile (ad i think it's all OK) When i run make, i obtain a lot (one for each source file .c) of WARNING like this: UX:ACOMP:WARNING: include/vfs.h, line 475: no macro replacement within a string literal then the linker stop with a fatal error: Undefined first referenced symbol in file __unsafe_string_function_usage_here__ smbd/msdfs.o UX:ld: ERROR: BIN/smbd: fatal error: Symbol referencing errors. no output written to bin/smbd UX:MAKE: ERROR: FATAL ERROR. Can anyone help me please? Note that i'm not a C or Shell programmer so i don't know what i'm really doing!!! I think that something is wrong in the compiler directive (./configure?)o in some of the include files (includes.h?) are not good for SCO openserver environment. You'll not find that you have half the headers or libraries you need, even though you've installed SCO's development system. Furthermore, all the utilities are years out of date. You'd at least stand a better chance if you installed GNU's gcc, binutils and other stuff. I once compiled all these on Open Server 5.0.5, but I wouldn't recommend it to anyone. Go to usenet comp.unix.sco.misc and ask there. Jean-Pierre Radley has an arsenal of ready-compiled stuff; furthermore, I'm sure other Open Server users have done/tried to do what you want and could help one way or another. Better still is ditching Open Server and choosing a more modern OS, but then you probably already know that. Best, --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] (no subject)
tir, 17.05.2005 kl. 14.45 skrev Michael_Börjesson: Hello Andreas I´ve read yor thread about the opening word files read only protection failure. I have the same problem. Have you got any answer on the problem you will share. Alt fra Michael_Börjesson går fra nå av hei dundrende rett i kill-fila mi. Den der eier nemlig ikke noe som helst folkevett. --Tonni Hmmm ... det var det med svensker og dansker (idag er syttendemai :) De har ikke det, hedningene som de er ... -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net command replacements for smbldap-tools
tir, 17.05.2005 kl. 09.18 skrev Jim C.: I sure would like to see a series of net commands that could replace smbldap-tools. Wouldn't this be more appropriate for administration? Why, in particular, would you want to? Why in particular do you want to see net commands? What's with the other Samba utils, such as smbclient, rpcclient, smbpasswd, etc., etc.? They're all bleeding brilliant utilities. I use them all in shell script (and awk, and sed). These and the OpenLDAP tools) are my particular glue to stick them together. Others use Perl, Python, whatever. If you want to look at shell scripting genius, look at http://contribs.martymac.com. shell scripts are not just learned by heart. They're also from looking at and thinking: bejase, how'd he ever come to think of that?, working it out and giving him the laurels for this time. Next time, you know it and someone else takes the laurels over. Between times, you're the winner. Summa summaraum: -- The Samba tools (not just net) are brilliant and work perfectly; -- They need glue to stick them together. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: nazi spam in German over list address
søn, 15.05.2005 kl. 18.46 skrev Jerome Alet: Personally I kill this stuff with dspam, thanks to my MTA Postfix. Same as with all the other spam and shit that gets posted here. I too use DSpam. DSpam is VERY good, however it voluntarily takes into account the messages' headers during scoring. Having a bunch of messages with Samba headers being filtered out as spam, the risk increase of losing innocent Samba messages. In addition, preventing the messages from being sent in the first place would save time, bandwidth, anger, etc... If we can vote to change the actual policy it's +1 for a change here. This is a crap thread and utterly worthless. I get rid of all this spam/virus by adjusting my own MTA's/MDA's filtering. After the first couple of shit examples, I never get to see any of this nonsense, anyway. My kill files work in the same way. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Workgroups
tir, 17.05.2005 kl. 13.22 skrev Ron Grout: I am very new to samba and have installed samba 2.2.8 on a sco unix open server 5.07 system with wins. Bad, bad, bad. I used to be (MANY years ago) a SCO OpenServer sysadmin (left it at 5.0.6, IIRC, never to return). SCO OS 5 (and Unix 3.2 before it) used to be a really good OS while Doug Michel's founder father was running the outfit, in Santa Cruz, in California. Then Doug took over and began to work with his butcher's instinct and illusionist meat cleaver. Buying in Novell's UnixWare and chopping it's head off, (like giving it Linux binary personality, like shitting on Novell who was the golden goose, like selling the name SCO to Caldera and trying to keep a finger in the pie). The present acronym SCO and all OS versions associated with it is synonymous with Daryl McBride and a would-be, of infantile IQ, card-sharper. Who elected to take it up against far sharper sharpers than he. Like IBM and SGI and the Linux community (including Linus Torvalds) and tried, using his (Daryl McBride's) infantile thought processes against those sharper giants. At present he's sat with his bum firmly wedged into the John and can't pull himself out. What's worse is, that no-one's willing to try and help him. Mainly because he's a contemptuous figure who has turned the once famous name of SCO into a huge aunt Sally (or coconut shy,for those of you familiar with British fairgrounds). Hmmm ... of concrete material: Do not use any SCO-based operating system as a base for Samba. SCO Open Server, in particular, exceeded its sell-by date in 2001 and UnixWare is presently quietly putrefying. Nobody wants them any more, nobody (apart from people that are forced to, because of application dependency) buys them any more. Choosing OpenServer 5 as OS for samba will make it extremely difficult for you to adhere to modern versions of anything. No, sorry, it will make it impossible unless you elect to become one of the free, unpaid genii, developing SCO OS 5 system software and willing to work for nothing for SCO, such as Jean-Paul Radcliffe, Bela Lubka, and many others of those who ever helped me and whom I ever tried to help. -- The Samba development posters on this list say in unison: Samba 2 is dead. -- I say, you'll never compile the basic library or OS support for Samba, including ACL support, Openldap 2.2 support including Sleepycat BDB 4.2.52 and later and after that Samba itself. So, this is all negative shit: don't, don't, don't ... O.k.: *DO*: -- Find the funds to purchase hardware and an OS for a PDC machine (which seems to be what you more or less are looking for) -- Make your hardware dependable, fast and thoroughly reliable. Me, that says IBM and then stops dead, but that's your throw. -- Ditto, me that says Red Hat Linux, but others would choose other OS/distros. Red Hat runs on IBM hardware and is supported (if you do things correctly). With the above, you will be able to implement (at least) a Samba PDC for umpteen, scores of Windows workstations. At least, that's how it's worked for me up to date. Best of all, you'll be able to update it regularly (both OS and utilities) and follow the Samba guidelines to make things work. Samba guidelines for version 2 just don't apply any more. The Samba PDC would run in the same network as your present, obsolete, SCO Open Server 5 machine(s). Best, --Tonni [...] -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about ACL.
man, 16.05.2005 kl. 16.55 skrev Meli Marco: Hi, I running samba-3.0.13-1 connect to W2k3, attr-2.4.19 and acl-2.2.27-1. What's attr-2.4.19? What's acl-2.2.27-1? Would they by any chance be rpm library versions? What's the OS and distro? Looks as if it might be late Red Hat. Then again, it might not. I've a strange problem with ACL settings, following the data structure.I would that user1 could read/write only his personal folder, user1 belongs to domain users and can reach the user folder but he can't see his personal folder. I have tried to run setfacl -b (remove all ACL entries) and setup them again, format the data partition with mkfs xfs ... an mounted it again but it doesn't works, I have a twin pc installed and on this it works fine. But the strange matter, is if I connect to the data share and reach the user folder with smbclient //smbserver/data -Uuser1%*** , I can see the user1 personal folder and it works I expected. Why it works with smbclient but not with Winodws client? Possibly because Samba doesn't have ACL support compiled in? Where did your Samba package(s) come from? Were they srpms? How did you install? And what can I do to found the problem? /data [domain users r-x] /user [domain users r-x] /user1 [user1 rwx] This doesn't look like ACL stuff to me. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about ACL.
man, 16.05.2005 kl. 18.13 skrev Meli Marco: So, what you suggest? Answer questions? Learn to quote? There could be other things, too ... --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't See All Linux Shares
man, 16.05.2005 kl. 17.33 skrev Chris: The four shares in question are: [winstuff], [music library], [photo library], and [uop]. The two that show up okay are: [winstuff] and [uop]. The two that don't show up are: [music library] and [photo library]. An observation: the two that don't show up have spaces in them. Indeed. I tried this out on my test rig (RHAS3 and Samba 3.0.14a) and not only does smbclient not like spaces in the share name, neither does it like underscores or hyphens. I can't find this anywhere in the docs. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Alternative way of installing Windows printer drivers on a Samba 3.0 server
Base: Red Hat RHAS3, PDC security = user Samba 3.0.14a Cups 1.1.17 Windows XP Pro Epson C42UX (cheap inkjet) USB to the server I was looking for an alternative to the immensely complicated Add Printer Wizard procedure (APW) detailed in chapter 19.6 of the Samba HOWTO guide. The following is a method that works for me, I don't necessarily expect it to work for others, and I'd value any comments, criticism or whatever. It only takes into account Cups, not lpd and only tested with Red Hat RHASx. 1: Make sure Cups printing works perfectly from the server itself. Install the Cups printer(s) for raw output as described in the Samba HOWTO. This should automatically give the Cups printer names in the shares browse list detailed in the PDC's shares list, when a Windows workstation has joined the domain. I have a Cups printer called Epson_Samba and it shows up in the PDC's list of shares, viewable both with smbclient and Windows workstations. My smb.conf Cups printer share looks like: [printers] comment = Epson C42UX path = /var/spool/samba/raw_q admin users = Administrator, @domadm printer admin = @domadm guest ok = Yes printable = Yes use client driver = Yes browseable = yes 2: Make the [print$] share as described in the Samba HOWTO. In fact, for the method described here, you can call it anything, as long as it's a valid share. From my single XP Pro ws I can't browse to the print$ share anyway, I can't see it. Nor does it show up in 'smbclient -L'. If I just call it print, it does, but it doesn't get the fancy Windows Printers and Faxes icon. Doesn't matter, since it will simply be a repository for the driver install, from which each Windows ws will install the driver. My print share looks like: [print] comment = Printer Drivers path = /m/samba3/drivers admin users = Administrator, tonni, @domadm guest ok = yes read only = yes browseable = yes read only = yes write list = administrator, tonni, @domadm 3: Mount the CD ROM on the appropriate mount point, copy the necessary printer driver hierarchy from the driver CD ROM as supplied by the printer manufacturer to the print driver share. mount -t iso9660 /dev/cdrom /mnt/cdrom -o ro,user,noauto,unhide On my CD ROM I have many installation directories for drivers, in many languages. I'm only interested in the english directory, which has drivers for WIN2000 and 9x. mkdir -p /m/samba3/drivers/epsonc42ux/win2000 cd /dev/cdrom /mnt/cdrom/english/win2000 cp -pr * /m/samba3/drivers/epsonc42ux/win2000 This copies .inf and cab files to the destination directory without changing any archive details. Repeat for the Win 9x hierarchy if needed. Furthermore, none of the help, document, analytical or other bloatware get copied. 4: Install the drivers on the Windows ws: Browse to the PDC's shares, find the advertised Cups printer and double click on it. Windows goes wild and says it doesn't have any driver. It searches around for a while and comes up with a useless list, but it also gives the have disk. Browse to the printer driver server share, the win2000 directory you just copied, and it finds the appropriate .inf file. Choose open and Ok, then your printer, then Ok. A few seconds and the printer is installed. 5: Verify the installation: Go to Control Panel, Printers and Faxes for the Windows ws itself, printer is there. Right click, choose properties wander around and look especially at ports. The printer's port should be redirected to \\server\printer_name LAN Manager Printer Port. That's all, really. There's nothing to stop you going around with the CD to each ws instead and installing that way, but remember we've cut out all the nasties from the CD and that saves a handful of time. I wouldn't mind knowing why my [print$] share doesn't show up, though. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sarbanes-Oxley headaches
lør, 14.05.2005 kl. 16.12 skrev Craig White: i am currently using samba version 3.0.7 with smbpasswd. does the account lockout feature not work with smbpasswd? smbpasswd doesn't have anything to do with this, it's used for setting / synchronizing passwords. Perhaps you meant smbclient; yes it works both for Windows (XP Pro in my case) and smbclient. smbpasswd is not just a command but also a backend storage type for user accounts passwords. http://us1.samba.org/samba/docs/man/Samba-HOWTO- Collection/passdb.html#id2552851 I stand corrected :) I dived straight in at the deep end with Samba, already had my LDAP DIT set up my way and if Samba didn't work with that, Samba was useless. As it happens, smbpasswd is brilliant used in my own shell scripts ... I'll bear in mind that there's an smbpasswd backend. I'd forgotten. I gather that OP would be better served by using a tdb or ldap backend. Probably. The doco doesn't seem to be too wildly enthusiastic about the smbpasswd backend, not surprisingly. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] permissions not transferred using robocopy, xxcopy, net share migrate shares
John H Terpstra wrote: Thanks for the feedback. I will make sure that some of the information in your email gets into the documentation. The implementation and use of ACLs with UNIX/Linux is very complex. The OS, the file system, the implementation of the file system, and the compilation of Samba, must all support ACLs. As you explore the use of ACLs it becomes apparent that many smb.conf parameters can affect the behavior of ACLs. For example, the default create mask can really mess things up on some systems. I am working to complete the second edition of the HOWTO this week-end. Your input is timely. Thanks. Maybe worth the effort to look at star as ACL backup utility. That's according to the Red Hat POSIX ACL documentation (System Administration).I haven't tried it yet, but will be doing so shortly. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they ? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: nazi spam in German over list address
søn, 15.05.2005 kl. 16.38 skrev Adam Cody: Or offering a simple rebuttal I watched this recently : http://www.pbs.org/wgbh/pages/frontline/camp/ Memory of the Camps , you can watch the whole thing online. Those who haven't seen it might want to, especially if you haven't been to a holocaust memorial. My people (30th generation English/Welsh) helped kill Hitler, Göbels, Göring, Himler and crowd at the end of 5 years of shit. My aunt Lucy was one of the first Allied nursing staff into Bergen Belsen, So what? This has nothing to do with Samba. Personally I kill this stuff with dspam, thanks to my MTA Postfix. Same as with all the other spam and shit that gets posted here. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sarbanes-Oxley headaches
fre, 13.05.2005 kl. 19.54 skrev Stuart [...] suppose i wanted to set up account lockout for 3 failed login attempts for my w2k workstations with the ability to try again in 5 minutes. would these be the commands to use: pdbedit -P bad lockout attempt -C 3 pdbedit -P reset count minutes -C 5 I asked the meaning of each of these parameters on the list, but no one seemed to know; at least no one replied. E.g., for the second of your examples, I'd rather fancy lockout duration. I tried certain things out for myself on my test system (3.0.14a, ldapsam with GQ LDAP help) and succeeded in locking user Kvikk the Cat out for more ore less ever, found out what I'd done wrong, remedied it but got cold feet and didn't dare touch pdbedit -P again for the time being. I'd love some explanation ... O.k., I reduced all pdbedit -P parameters to default and began again on locking out Kvikk the Cat. Policy: more than 3 bad login attempts and the account is locked out for 5 minutes: 1054 [root:tru] /etc/postfix # pdbedit -P bad lockout attempt -C 3 debug_lookup_classname(rpc): Unknown class account policy value for bad lockout attempt was 0 account policy value for bad lockout attempt is now 3 1057 [root:tru] /etc/postfix # pdbedit -P lockout duration -C 5 debug_lookup_classname(rpc): Unknown class account policy value for lockout duration was 30 account policy value for lockout duration is now 5 [...] i am currently using samba version 3.0.7 with smbpasswd. does the account lockout feature not work with smbpasswd? smbpasswd doesn't have anything to do with this, it's used for setting / synchronizing passwords. Perhaps you meant smbclient; yes it works both for Windows (XP Pro in my case) and smbclient. For those of you with ldapsam backend and GQ to play around with, when the above lockout policy is implemented, the two attributes sambaBadPasswordCount and sambaBadPasswordTime are updated from zero for both to the bad password count and the Unix time (for the Unix time 'convdate -c' can be a real handy tool). These are reset to zero on the next successful login after the lockout. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Sarbanes-Oxley headaches
fre, 13.05.2005 kl. 20.51 skrev Robert Kelly: 1) Logon/Logoff times are not being recorded The last logon time recorded in my ldap entries are pre-nt4 migration. Bad luck? By bad luck, do you mean your sambaLogonTime and sambaLogoffTime attributes are get updated? They don't get updated with Samba 3.0.14a and ldapsam backend. 2) Do the Audit Policy values in user manager have any effect? Are they implemented? Can they be syslogged? No to both, please read the official Samba HOWTOs. Experiment. Like we all have to. Thanks, I didn't see any mention of audit policy only account and user rights. This is more or less covered in the Samba HOWTO html doc, chapter 14 on ACLs Viewing File Security on a Samba Share, where it says that auditing doesn't work. Verifying this from a Windows ws confirms it. 3) How can I get a hook into logons? Without turning up the debug values, how can I tell if an account has had repeated login failures? Try 'man pdbedit' and search for -P. Hmmm ... a bit short winded. If you use ldapsam backend and a GUI tool such as GQ you can see it literally under the sambaBadPasswordCount attribute. Using ldapsearch from the CLI you can get a list, for all users. It will be zeroed out, though, at the next successful login. I have never understood why people complain about any item of software's supposed limitations until they have read and thoroughly understand all aspects of all the documentation. Perhaps they aspire toward posthumous beatification, attaining al martyrs' brigade status or whatever. Again, I'm aware of the account policies, how to view and set them. I'm asking about the auditing policies e.g. logon/logoff success or failure. There are very few possibilities in Samba. What you ask you can get, at least using the ldapsam backend. Thanks for your input Tonni. I've been using samba as our production fileservers for years and migrated our NT4 domain to Samba/ldapsam last August. It's been running great, but with the SOX audits, I don't have answers for them about the audit functions. I just now learned about SOX audits. Being European, they don't apply to us - I'm having to do some reading up. From what I've seen to date, Samba has minimal auditing capability, but one of the more clued-up people could comment more fully on this, would be useful if they could.. Of course I have gone through the documentation and googled. I'm posting to this forum because the information I needed wasn't found there. The documentation is excellent and without it I wouldn't have even thought about migrating domain control to samba. What I don't want is the auditors to make a recommendation to migrate from samba to Active Directory just because of the missing audit functions. I understand that now. All that I can say is, that using LDAP as pdb backend, together with an LDAP client GUI such as GQ will demonstrate many things graphically that are not easily envisaged otherwise. Best, --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sarbanes-Oxley headaches
fre, 13.05.2005 kl. 16.36 skrev Stuart Highlander: i had an examiner yesterday ask similar questions about my system yesterday. thank you for direction to the pdbedit manpage. It was too sharply worded, blame the flu attack ... suppose i wanted to set up account lockout for 3 failed login attempts for my w2k workstations with the ability to try again in 5 minutes. would these be the commands to use: pdbedit -P bad lockout attempt -C 3 pdbedit -P reset count minutes -C 5 I asked the meaning of each of these parameters on the list, but no one seemed to know; at least no one replied. E.g., for the second of your examples, I'd rather fancy lockout duration. I tried certain things out for myself on my test system (3.0.14a, ldapsam with GQ LDAP help) and succeeded in locking user Kvikk the Cat out for more ore less ever, found out what I'd done wrong, remedied it but got cold feet and didn't dare touch pdbedit -P again for the time being. I'd love some explanation ... Since the meaning of all these parameters *is* so vague, this would be an excellent point for JHT to document in the updated HOWTO. as for logging some of the requests of the original poster, i have found a free program that will log the windows event log to a remote syslog server. here is the link: http://www.netadmintools.com/art284.html Looks good :) --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Doing a Node status request to the domain master browser at IP 11.11.11.11 failed
tor, 12.05.2005 kl. 19.01 skrev Richmond Dyes: I added a second network card with a new ip address that was say 11.11.11.11. I removed it and samba is still trying to reference it. This server is my domain master. I did not put in an interface parameter in my smb.conf so I am assuming this ip address was recorded as part of my domain master. Where would this ip address been saved? This server is also my PDC and winserver. Any suggestions? WINS? Thanks for giving no details about anything. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sarbanes-Oxley headaches
tor, 12.05.2005 kl. 18.54 skrev Robert Kelly: With the new scrutinization by auditors on account policies and auditing, how can Samba be SOX compliant? Using 3.0.14a-sernet on Suse 9.1 - ldapsam Specifically, a couple of things seem to be lacking: 1) Logon/Logoff times are not being recorded The last logon time recorded in my ldap entries are pre-nt4 migration. Bad luck? 2) Do the Audit Policy values in user manager have any effect? Are they implemented? Can they be syslogged? No to both, please read the official Samba HOWTOs. Experiment. Like we all have to. 3) How can I get a hook into logons? Without turning up the debug values, how can I tell if an account has had repeated login failures? Try 'man pdbedit' and search for -P. I have never understood why people complain about any item of software's supposed limitations until they have read and thoroughly understand all aspects of all the documentation. Perhaps they aspire toward posthumous beatification, attaining al martyrs' brigade status or whatever. Thanks, *Wake up* and at least make *some effort* to read the docs and follow the threads and experiment for yourself as 1001 others on this list, including the undersigned choose to do. Hanging yourself out is not to your own advantage. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Force GID specific number
ons, 11.05.2005 kl. 07.32 skrev Nir B: My linux machines are part of NIS domain, I want to move them to work with my AD using winbind. The clearcase permissions are based on specific GID (50). I saw that you define on the smb.conf idmap gid = 1-2 and all your AD gruops GID start at 1 Is there any way to force that each user will get GID 50 as one of his groups? If you use LDAP as backend and design and implement your own tools/scripts, yes (I can put each of my users into whatever and however many groups I wish). Otherwise I don't see how. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and recursive permission
ons, 11.05.2005 kl. 10.11 skrev Jérôme_Deliège: I'm trying to setup a Samba with ACL support. Everything is working fine BUT I have a problem when I try to change permission on a share from a Windows XP/2000 environment. When I select a directory and goes on the Security tab and change the permissions (for exemple set write for user xyz), it changes the ACL for the directory but it doesn't change the subfolders and subfiles permissions. The same operation on a Windows 2003 share works perfectly. So what am I missing ? You missed the Advanced tab and the 2 options under it below and to the left which will do what you want. At least, it does for me with Samba 3.0.14a and an XP workstation. If yours doesn't, there has to be something wrong with your underlying system. You might have to use map acl inherit = yes in the global or share for which you want it to work. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cifs share / unable to load nls charset utf8
ons, 11.05.2005 kl. 14.07 skrev Julius Junghans: ive got some problems with my shares(cifs), the server/client (both gentoo) is utf8 ready but i cant get typical german sings like öäü to work, all i get is ? instead of the chars. i can see the chars from my windows xp machine, but why not from the linux client? What do you have for display charset in [global]? Mine's unset, which gives LOCALE by default, which means I get to see Norwegian letters at the CLI, but *only* because my LANG=no_NO.UTF-8. I also get the wanted result when I set display charset to UTF-8. If your LC_LANG is other than whatever_WHATEVER.UTF-8 you probably won't get to see German characters at the CLI anyway, sniff sniff. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] structuralObjectClass and smbldap-tools
ons, 11.05.2005 kl. 15.27 skrev Leonard Tulipan: Sorry, if this has been dealt with before, but I couldn't find it. Hei Leonard! I tried installing openldap 2.2 + samba 3. Currently I only have one install of openldap 2.0 and samba 2.2 running. Now, it all looks quite good, but the smbldap-tools do not add the necessary structuralobjectClass entries, so using the tools fails. I was able to manually change the first populate - which could be exported as an ldif. I had a quick look inside the perl scripts, but it looks like one probably needs to touch ALL of them. Maybe one does. I have vented umpteen spews against the smbldap tools on this list. The basis has always been, the scripts' naivety. They cater for a gang of kiddies with no knowledge of LDAP and kid them along that they've done a good job when things work the Samba way, but make it impossible for the kiddies thenceforth to develop their LDAP database structure into what the LDAP architects had envisaged. Has anybody done this. Should I revert back to an older openldap version which doesn't enforce ldap v3 structuralobjectClass? No way revert! Older OpenLDAP versions (i.e. anything before 2.1, which itself is at present lying on its deathbed, because it's useless for loaded production systems) are to be regarded as cadavers. Those administering them as deadibones. any tips and pointers are greatly appreciated Basically, learn OpenLDAP *LONG* before you learn Samba. Or Postfix, or Courier, or Pykota or whatever. OpenLDAP is the holy grail within Unix, as far as authentication and authorization is concerned. It is the only sustainable way of realizing SSO (Single Sign On). Learning and adapting LDAP long before you begin with Samba will teach you exactly what weaknesses the Samba LDAP model introduces. (Open)LDAP confers a completely open method of establishing an authentication model. There is no such strict regime such as the smbldap tools infer and implement. For those with the racism laws stuck up their derriers, the smbldap tools confer a kind of racism. You can't be anything other than white. Oh, why not? Because we say so. In my - disjointed - (Open)LDAP model a group may be in any container I choose. E.g., maybe I have a base dn of dc=example,dc=edu. Under that, maybe, (which I do), I have Posix groups cn=teachers, cn=pupils, cn=staff, cn=directors, whatever. Under cn=teachers etc. I have all my Posix account teachers. My system can cope with them all, since I write my own (disjointed) scripts to make them all. And consequently execute them all. The secret is the Samba 3 binary utilities that knit the whole together. Who said that the smbldap scripts are in any way capable of initiating a Postfix account, a Courier account, a Pykota account? Of course they're bleeding well not. They're utterly useless at doing anything other than racist things, entirely confined to Samba. So what tools are one supposed to use to make LDAP records for each user comprising Samba, Postfix, Courier, Pykota and GDM, ssh, etc.? Answer: learn ksh, bash, shell, awk, the Samba binary utilities, and use them to write your tools. Try to make them work together, as far as possible. Sheesh ... --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] the profiles keeps mapping!
tir, 03.05.2005 kl. 20.49 skrev Guido Lorenzutti: The problem is that i don't know why when a user logs in it gets mapped a network share of his remote profile. I wan't to stop this. You mean you want to stop roaming profiles for users? --Tonni Nop, i just want to NOT see the logon drive on my pc on windows. If a define logon drive = G On windows i have the G: drive with my profile. And... logon drive = (nothing) On windows, i have the Z: drive with my profile. I just don't wan't the ANY_LETTER: drive mapped on windows. Oh. Write a logon script for each user, using, for example, 'net use z: /delete' for each drive letter that's mapped and you don't want to see. Actually, the profiles share should not be mapped anyway. If you don't have a profiles share, the profiles will get put in the user's home directory, which you probably don't want. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] the profiles keeps mapping!
ons, 04.05.2005 kl. 10.38 skrev Thomas Widhalm: Oh. Write a logon script for each user, using, for example, 'net use z: /delete' for each drive letter that's mapped and you don't want to see. Actually, the profiles share should not be mapped anyway. If you don't have a profiles share, the profiles will get put in the user's home directory, which you probably don't want. Unfortunately I got a similar problem, since I updateded my Samba Server the last time. I used the z: drive for a share with offline- available versions of desktop and my files (I hope it's correct, I just use German Windows, where it's Eigene Dateien). Since the last update my home share gets mapped to z:, overwriting the already mapped z: drive. I just did a workaround with setting my own desktop/myfiles share to y:, but as Guido I just don't want my home share get mapped. I suppose you'd both have to include your smb.conf - I don't have my home share mapped at all with 3.0.11 (obviously each user's home directory is mapped on H:). I'm too new to Samba to be able to give off the cuff advice, and most things just work for me. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Username are case sensitive.
tir, 03.05.2005 kl. 07.58 skrev HEG - Info (DIP): Is there any1 that can answer my question and help me... I really need an answer quickly... 'man smb.conf', username level? Didn't take me long to find that ;) --Tonni -- _ De :HEG - Info (DIP) Envoyé :vendredi, 29. avril 2005 11:50 À : 'samba@lists.samba.org' Objet : Username are case sensitive. Hi, I'm using samba for a while and now, on my linux computer, I need to install OpenOffice. OpenOffice is working fine with local account but failed to install with samba user. I've detected that for exemple if my domain is TEST and my user is BOB, Samba create a home folder /home/bob. And when I try to install OpenOffie for this user, the installer try to install files in /home/Bob and failed cause Bob bob ! When I've got a look at username variable, it's set to : TEST+Bob. Is there a way to : 1. when creating home folder, to respect case sensitive ? Or 2. to change the username variable to lowercase ? Thx Hegms -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems when try access to share
tir, 03.05.2005 kl. 12.11 skrev Elisio Catana: I have configured my samba server at my RedHat AS3 and I use nss_ldap to access to my W2k domain. Everything works fine. Now i have upgraded my server to RedHat EL4, and all my Windows users when the username have Uppercases in username can't acces to my samba shares, and all other users works. Did you try username level? 'man smb.conf'. --Tonni -- I modify my log level to 10 and when any user try access to samba server the log message is: May 3 11:08:48 wichita smbd[6001]: [2005/05/03 11:08:48, 0] auth/auth_util.c:make_server_info_info3(1134) May 3 11:08:48 wichita smbd[6001]: make_server_info_info3: pdb_init_sam failed! May 3 11:08:48 wichita smbd[6001]: [2005/05/03 11:08:48, 0] auth/auth_util.c:make_server_info_info3(1134) May 3 11:08:48 wichita smbd[6001]: make_server_info_info3: pdb_init_sam failed! May 3 11:08:48 wichita smbd[6001]: [2005/05/03 11:08:48, 0] auth/auth_util.c:make_server_info_info3(1134) May 3 11:08:48 wichita smbd[6001]: make_server_info_info3: pdb_init_sam failed! May 3 11:08:48 wichita smbd[6001]: [2005/05/03 11:08:48, 0] auth/auth_util.c:make_server_info_info3(1134) May 3 11:08:48 wichita smbd[6001]: make_server_info_info3: pdb_init_sam failed! May 3 11:08:48 wichita smbd[6001]: [2005/05/03 11:08:48, 0] auth/auth_util.c:make_server_info_info3(1134) May 3 11:08:48 wichita smbd[6001]: make_server_info_info3: pdb_init_sam failed! May 3 11:08:48 wichita smbd[6001]: [2005/05/03 11:08:48, 0] auth/auth_util.c:make_server_info_info3(1134) May 3 11:08:48 wichita smbd[6001]: make_server_info_info3: pdb_init_sam failed! May 3 11:08:48 wichita smbd[6001]: [2005/05/03 11:08:48, 0] auth/auth_util.c:make_server_info_info3(1134) -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] the profiles keeps mapping!
tir, 03.05.2005 kl. 15.52 skrev Guido Lorenzutti: I just cant stop this! Sorry, but what would the below be in Windows/Samba terminology/English? The remote profiles of the users keeps mapping everytime they login What is mapping? so they have this new remote unit What is a remote unit? In what way is it new? with the contents of the profile of the user logged in. The user is logged on (not in), so presumably he'd get the contents of his profile. Or is he getting someone else's profile? How can i stop this? As you describe it, it's what's supposed to happen. Why would you want to stop it? --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] the profiles keeps mapping!
tir, 03.05.2005 kl. 17.44 skrev Guido Lorenzutti: [...] What is a remote unit? In what way is it new? When i say remote unit i mean a network share. Well, for goodness so say so, then. A remote unit might mean part of a firm/business that is located at a separate site ... or anything else. Certainly not a network share. The problem is that i don't know why when a user logs in it gets mapped a network share of his remote profile. I wan't to stop this. You mean you want to stop roaming profiles for users? --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Directories and group permissions
tir, 03.05.2005 kl. 19.52 skrev [EMAIL PROTECTED]: ... I feared that. Any document you recommend? Do I have to rebuild the kernel or can I just patch it? RHAS3, here. You don't have to touch the kernel. POSIX ACLs have been supported for the last couple of hundred years. You have to make sure Samba is compiled for them. I have to add --with-acl-support \ to the srpm spec file that I extract from the Samba Red Hat srpm and use for 'rpmbuild -bb'. Since I have to build my own Samba. Then I have to modify any Samba partition I want to support ACL by adding ,acl,user_xattr to column 4 of /etc/fstab for that partition, and rebooting. The RH sysadmin docs are clear enough about POSIX ACLs, they could go deeper, though. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and copy/move file
man, 02.05.2005 kl. 00.34 skrev Andi: Inside a single directory, I have 2 subdirectories: dirname=working (root.root rwsrwsr-x) user::rwx group::rwx user:user1:rwx group:group1:rwx default:user::rwx default:group::rwx default:user:user1:rwx default:group:group1:rwx dirname=controlled (root.root rwsrwsr-x) user::rwx group::rwx group:group2:rwx default:group:group2:rwx default:user::rwx default:group::rwx The idea being that files from the 'working' directory get copied/moved into the 'controlled' area, and are then read-only to everybody (except for group2). When a file is *copied* from 'working' to 'controlled' the default acl of 'controlled' is applied. If the file is *moved*, the acl's that are on the file in the 'working' directory, are also transferred - effectively allowing that file to be modified. With WinXP, the permissions from the destination directory are applied to the file, whether it is copied or moved. I believe the same is true on WinNT. Is this a bug with Samba? (Using Samba 3.0.14a) Last week I asked a tangential question. The answer was, naturally, that, given a dual environment Windows/Unix, the underlying Unix rules for a filesystem will always apply to files on the Samba server. In your case (as in mine) what you're seeing is the normal Unix cp/mv behavior and I wouldn't call it a Samba bug. I suppose a routine could be written into samba to counter this, the developers would have to answer that. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3 by Example Ch 6
man, 02.05.2005 kl. 07.07 skrev taso: I am following Chapter 6 of Samba-3 By Example to set up Samba on a Fedora 3 box. It seems to go Ok until page 144 step 5. # net getlocalsid [2005/05/02 00:22:04, 0] lib/smbldap.c:smbldap_search_suffix(1155) smbldap_search_suffix: Problem during the LDAP search: (No such object) SID for domain SIROCCO is: S-1-5-21- etc The smbldap_search_suffix: error went away when I added the following entries to LDAP directory. dn: dc=esands,dc=com objectclass: dcObject objectclass: organization o: ESS dc: esands dn: cn=Manager,dc=esands,dc=com objectclass: organizationalRole cn: Manager http://www.openldap.org/doc/admin22/quickstart.html shows how to do the above. Now net getlocalsid sirocco produces the same SID as net getlocalsid esands, ie the same SID for both the host (PDC) and the domain. Can anybody confirm that it's supposed to be like that? There is no such command as net getlocalsid user. What you're seeing in both cases is the output of net getlocalsid. 'man net', search for getlocalsid. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbclient - recently broken?
pb wrote: forgive me if this is old news but it seems to me that smbclient is prone to getting into an infinite loop when mget'ting a stack of files. I have tested (compiled from source with defaults) samba versions 3.0.10, 11, 12, 13, 14, 14a Versions prior to 3.0.13 are fine, in my environment, versions 3.0.13 and later are causing the problem. The basic data on my system is -a P4 3.2 Ghz, 512 Ram, Slakware 10, Intel Etherexpress Pro Nic. this server is very lightly loaded. -The client is a NT4 with SP6a, with a 100 day uptime habit (i.e. really reliable). It is the current file server and is backed up daily with smbclient. I had client problems with Win98 clients with samba v3.0.10,11 and 12 during this testing, but I have a stable situation with samba v3.0.7 where both smbclient as well as the Win98/XP Pro clients work fine. I can provide packet captures of the infinite loop if needed. Whilst I can't corroborate the exact symptoms you describe, I can confirm that on my test server (Red Hat RHEL3 update 3) using smbclient to connect to the C$ (root) share of an XP Prof workstation with 1.8GB files: Using Samba 3.0.11, dir immediately returns all files and folders; Using 3.0.14 dir hangs and never returns anything. Connecting to a share of smaller size works normally. Drat, I installed 3.0.14 on the test rig yesterday and everything else works fine. Now I've reverted to 3.0.11. 3.0.11 is being run in production at a site with 75+ Win 2000 workstations, RHEL3 Update 4, I administer and gives no problems with anything. Best, --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they ? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP shared files error
Jamrock wrote: I am installing Samba 3.0.14a on Whitebox Linux 3.0 with Openldap 2.2.24. Openldap is working well and we can query the entries that we have in our addressbook. I have installed Samba from source. The configure, make and make install appear to go okay. When I try to start Samba with /usr/local/samba/sbin/smbd -D I ge the following error /usr/local/samba/sbin/smbd: error while loading shared libraries: libldap.2.2.so.7: cannot open shared object file: no such file or directory I see the libldap.2.2.so.7 in /usr/local/lib and /usr/local/openldap-2.2.24/libraries/libldap/.libs My include/config.h file contains the line #define HAVE_LDAP 1 What am I missing? This is for Red Hat 3.0: Firstly, you'd be far better off using the official Samba RH srpm, installing the spec file, changing that to suit your needs and rpmbuilding -bb from that. That's my experience on RHAS3, anyway - even though I've got OL 2.2.4 installed from source, just as you have :) Secondly, have you added /usr/local/lib to /etc/ld.so.conf and run ldconfig? Presumably you have, and /usr/local/BerkeleyDB.4.2/lib, etc also, otherwise OL 2.2.4 wouldn't work. Otherwise, try try to start the smbd daemon by hand from the CLI after doing 'export LD_LIBRARY_PATH=/usr/local/lib' and see what happens. If that works, try adding 'LDFLAGS=-L/usr/local/lib' to your Samba configure options. Although I have the RH 2.0.27 client libraries on my test and production rigs, Samba seems to want the latest libraries of everything I have. Best, --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they ? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with norwegian letters when browsing samba share.
søn, 01.05.2005 kl. 12.18 skrev Ørjan_Pettersen: I have three machines, from witch I browse a samba share. The problem is that if I create a cataloge with a norwegian letter(Æ, Ø, Å) in it, the only machine that can show this correct it sthe machine that created the cataloge. The other machines don't show this correct. The letters get swapped out with either underscore or some other funny looking letters, depending on witch machine created the cataloge. The three machines is, the samba server itself, running ArchLinux a workstation, running ArchLinux and another workstation, running Windows XP The software is up to date. Does someone have an idea what the problem might be, and how to fix it? I have to be able to use Norwegian letters, can, see/write them both in Windows and on TTY and pts CLIs. Make sure you have: display charset = ISO-8859-1 (or -15 if you want to write EURO signs) dos charset = 850 in [global]. If you don't have anything for unix charset, you'll get UTF-8, which is what you need. Best, --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbclient - recently broken?
søn, 01.05.2005 kl. 11.08 skrev Jeremy Allison: Using Samba 3.0.11, dir immediately returns all files and folders; Using 3.0.14 dir hangs and never returns anything. Connecting to a share of smaller size works normally. Drat, I installed 3.0.14 on the test rig yesterday and everything else works fine. Now I've reverted to 3.0.11. 3.0.11 is being run in production at a site with 75+ Win 2000 workstations, RHEL3 Update 4, I administer and gives no problems with anything. Before I left for germany I tested a XP SP2 client serving a directory with 6000 files with smbclient - all files were listed correctly. If you're having problems with 3.0.14a smbclient I'll need better info than this. Understood, Jeremy. I'm perfectly happy with 3.0.11, I was simply corroborating OP's findings in as much as I could. 3.0.15 is coming along: There's not much point in pursuing 3.0.14a. As it happens, 3.0.15pre2 gives much worse problems than 3.0.14a; my XP Pro (unpatched) ws (100Mb/s on a cross cable, so no network problems) continually loses network connections to the server. This is RHAS3 update3. I take it that: either others will have the same problem, or: it's a quirk with my test server. I'm waiting to see what other RHAS2, Centos, White Hat, whatever people report. It's too premature to report it as a bug. All versions are installed from official Samba srpms. Best and thanks for a fine product :) --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3 by Example Ch 6
søn, 01.05.2005 kl. 16.39 skrev taso: I am following Chapter 6 of Samba-3 By Example to set up Samba on a Fedora 3 box. It seems to go Ok until page 144 step 5. # net getlocalsid [2005/05/02 00:22:04, 0] lib/smbldap.c:smbldap_search_suffix(1155) smbldap_search_suffix: Problem during the LDAP search: (No such object) SID for domain SIROCCO is: S-1-5-21- etc [...] Before you go any further, no such object from LDAP usually means that you have your LDAP base (suffix) seriously screwed up. I suggest that you sort that out first, since it keeps on occurring. You can test with OpenLDAP's (if that's what you're using) ldapsearch (read the man page, for goodness sake) and do try to figure out how LDAP works, from the ground off. It's worth the trouble, since LDAP is a pot of gold for Unix admins. Best, --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACL / default permissions question
Samba 3.0.11, 3.0.14a, 3.0.15pre1 on Red Hat RHAS3 Samba server is an NT4 PDC (no ADS) passdb backend = ldapsam I could try it out for myself, since I've a test machine besides my regular site. But I'd really rather have a definitive answer. I have POSIX ACLs working fine. In smb.conf I set nt acl support = yes (default anyway). Let's presume that I go and put all sorts of funny directives for a given shaere into smb.conf. I.e., I put in smb.conf force group = @domuser or whatever I give a Unix file group setting. I then contradict this with my ACLs from Windows by allowing full control to Everyone. Which takes precedence, the ACLs or the smb.conf directives? I mean, it's running like a dream anyway, but this was a question from one of my Windows admins. Thanks! --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they ? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to apply user must change password at next logon and expire password
fre, 29.04.2005 kl. 06.57 skrev Guido Lorenzutti: Hi people, i was experimenting with the pdbedit and i found the user must change password at next logon. The thing i wan't able to make it work. I just can login and im not asked to change my password! How's that? Samba version? OS? It all works for me with 3.0.11 and RHS3, OpenLDAP 2.2.24, after much experimentation. In fact, it all works *too* well and you have to Google to find Jerry carter's annotated code remarks to help change things back, when you've been frigging about and users never get to get to logon again until you've fixed your own mistakes, caused by lack of clearness in the man page. What are the following supposed to mean in clear English? - reset count minutes - disconnect time - user must logon to change password - bad lockout attempt --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Automatic creation of home directories
fre, 29.04.2005 kl. 16.56 skrev James Watkins: [...] Cheers, that worked a treat. I thought there had to be some way to run an arbitrary script, god bless unix. Any thoughts on the other question? Perhaps I should start another thread for it. I can't get winbind to do getent at all, let alone with encrypted passwords (though ntlm_auth and everything else works). My getent works, of course, using the standard ldap entries in nsswitch.conf (otherwise my users couldn't log in to Unix), but that's not what winbind wants. I don't care at the moment, since I'm only using a single PDC for all machines on a single segment (and thus don't have to use winbind at all) , but I suppose I probably will do in the future. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain master list - cross subnet?
fre, 29.04.2005 kl. 20.31 skrev Alexander Lazarevich: Does anyone, using samba 3 as a PDC master browser on a subnet, see other subnet's on the WAN? Yes. For instance, if your subnet is dude.udump.edu, can your samba master browse list see the windows domain chick.udump.edu (assuming it exists)? Yes If I just know it's possible, then I know I'm doing something wrong. It's possible. I don't want any inter-subnet contact whatsoever and it's all incidental, but domain-1's browser on 192.168.2.0/24 sees the domain-2's PDC master bowser on 192.168.0.0/24 - both Samba 3.0.11 machines. Both are wins servers. How? I dunno, they just do. I'd rather they didn't, I don't really want them to. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] charset problem with smbmount
[EMAIL PROTECTED] wrote: I have a test file with all special characters of hungarian language on a windows share: .txt (I hope Your mailer wiill show them correctly :-)) It doesn't. When I use smbclient to connect to share, I see correct characters, I can get the file to local disk and ls shows the correct name too. When I try to mount with smbmount the closest result I produced was: IAuUoOUO.txt cp says no such file or directory... Any ideas? Simply leave your Samba 3 things for Unix/Linux as they are. Relevant (I hope all) settings: smbmount ... -o charset=cp852,iocharset=iso8859-2 Certainly don't use the above (ugh ;) Just leave things as they are. smb.conf: unix charset = iso8859-2 NO ;) ugh ugh. This should be left at UTF8, as (should be) the default. Though you don't give your basic OS - mine's Red Hat RHAS3. My default LOCALE is NO_NB. I have NO problems with what you describe using Norwegian characters (). All locale variables set to en_US Mine is no_NB, which caters for 8-bit UTF (in all shapes and forms). I.e., I have a(n emulated) Norwegian keyboard both in TTY1 and pts/0. Best, --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they ? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Username are case sensitive.
HEG - Info (DIP) wrote: I'm using samba for a while and now, on my linux computer, I need to install OpenOffice. Me Samba 3.0.11 (basic NT4 RPC - non-ADS) on a Red Hat RHS3 test system, ldapsam based, with an XP Prof test client. I have around 10 test users on the rig. I have a production site with 75+ Windows 2000 clients and 1,150+ users that uses exactly the same install and maintenance technique, same OS and Samba version, that works the same. OpenOffice is working fine with local account but failed to install with samba user. I installed Open Office 1.98 (OOo 2.0 beta) for Windows on an administrative share ([apps]) on my Samba test server and all test users can use it, create and retrieve, rewrite etc. docs and have no problems with it. All users get their OOo preferences installed to their My Documents directories. I've detected that for exemple if my domain is TEST and my user is BOB, Samba create a home folder /home/bob. I have no problems with case. Why should I? My users are created in mixed lower and uppercase characters. However, their POSIX UIDs are always lower case, since that's what my (awk) install scripts tell them to be. And when I try to install OpenOffie for this user, the installer try to install files in /home/Bob and failed cause Bob bob ! I have no such problems.. I have a system-wide OOo install and never have any problems with case, either way? When I've got a look at username variable, it's set to : TEST+Bob. You'd have to include your global parameters. As well as the other parameters. Are you using ADS? As well as your OS version, Samba version and OOo version. You haven't here. As I said, I have no problems with my basic OS, Samba install and OOo install. They all work for multiple users. Is there a way to : 1. when creating home folder, to respect case sensitive ? Mine do. But my awk install stuff tells them to use lower case for all POSIX UID, GID etc. details. Even if it didn't, LDAP would not discern between cases. Or 2. to change the username variable to lowercase ? As it happens, mine (see above for versions) are always lower case. But I can't see any reason why Windows should demand lower case for anything. I guess this is a works for me case, where few, if any, Samba users have ever complained before. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they ? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles Support: Is it working correctly?
tor, 28.04.2005 kl. 11.45 skrev [EMAIL PROTECTED]: i have the following Problem with a Samba Server 3.0.9 If an Windows XP SP2 client saves it profile back to the server and the profile directory does not exist, windows will create it. It users the following permissions: - user: rwx - primary group: wx And that's the problem, logging off and on prevents windows from reading the saved profile, although the user has full access rights, his primary group has none and windows stops reading the profile. If you manually change it to rwx for the primary group, windows is able to read it's profile perfectly. The question is now, how to get windows creating it's profile correctly! Don't; have a root prexec script create the profile dir and chmod it at the user's first logon. Same with his home directory, etc. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Automatic creation of home directories
tor, 28.04.2005 kl. 20.09 skrev James Watkins: Hi all, after searching the archives of this list and extensive general googling, I still haven't worked this problem out so I thought it was time to join the list. I'm trying to make my samba server create home directories on-the-fly when new users login. As I understand it, the way to do this is to use the mkhomedir module and enable obey pam restrictions in smb.conf. The trouble is that I'm using domain security to allow existing domain users to login which means I have to use encrypt passwords = yes. Now, as I understand from the official samba howto: http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html pam is automatically ignored when encrypted passwords are used. So how do I resolve this conflict? And on a related matter, if I use pam_winbind to authenticate users of a unix system against a windows domain controller does this mean that the passwords are send unencrypted? Any suggestions would help to preserve my sanity. With my Samba 3.0.13 (and previous back to 3.0.7 when i started) theres a share possibility 'root prexec'. There you can enter scripts to run on connecting to the share. You can write a tiny script to make home and profile dirs on the fly, if they don't exist, based on users and groups, and even chmod. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Guest user?
ons, 27.04.2005 kl. 15.04 skrev [EMAIL PROTECTED]: Am trying to set up a guest account for employees from other offices to come in the office to login and do stuff. I want to block access to all public drives so this is what I've done: Consider the SAMBA server in Office A and I want to create a guest account so that people from Office B and C can access. There is a public drive that everyone in Office A can edit, and a drive called Restricted that one person in Office A can edit, but everyone else in Office A can access but not edit. You say nothing of Samba version or platform. I've discovered POSIX ACLs on Red Hat RHAS3 and Samba 3.0.11, and the whole shop's gone wild with joy. Depending on your Samba version, do 'man smb.conf' and search for 'inherit acls'. Maybe something for you. --Tonni Created a group called everyone and added everyone in Office A to that group Created a group called Restricted and added the person who's allowed to edit this drive to that group Created the following lines in smb.conf file: [public] comment = shared folder writeable = yes path = /home/samba/public write list = @everyone guest ok = no create mode = 0777 directory mode = 0777 [signmatters] comment = shared folder writeable = yes path = /home/samba/restricted write list = @restricted valid users = @everyone @restricted guest ok = no create mode = 0775 directory mode = 0775 guest isn't part of either everyone or restricted groups. The permissions of the 2 folders are: drwxrwx--- 3 root everyone 4096 2005-04-27 14:56 public drwxrwx--- 2 root restricted 4096 2005-04-27 14:56 restricted As it is, guest can't access either drives, everyone in Office A can access the public drive and edit stuff on there, the person who's allowed to edit the restricted files can do so, but no-one in Office A is able to access the restricted files? How do I set it so that guest can't access the restricted files, but everyone in Office A can? Thanks very much for your help in advance Cheers - Piers -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question to the Samba-Developer
ons, 27.04.2005 kl. 15.59 skrev Holger Wesser: as mentioned in a thread before, I'm in trouble when trying to add a local group via NT-Usermanager. I think the problem is the following line in the smb.conf: add group script = /usr/local/sbin/smbldap-groupadd -p %g In this case, the only parameter that is handed over to the smbldap-groupadd script is the name of the group (%g). Unfortunately the script doesn't know, which type of group it has to create. By default, it creates a global group. So is there a variable available, that specifies the type of group? I hope, you understand what I mean. I think that local groups can only be added on local machines. By definition a Samba (P|B)DC is not a local machine, at any rate the Samba people never designed it as such. The regular Samba tools, plus the official Samba documentation, plus diverse idiot HOWTOs, only make mention of sambaGroupType 2. The reason for that is, that one can't add local groups to a site-wide DOMAIN database. Reasonable, when one thinks about it. Why the smbldap scripts should infer that one can I dunno. They do other useless things, too, that prohibit me from using them at all. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD Rules in Samba
tir, 26.04.2005 kl. 14.57 skrev Paul Gienger: How can I create group policies in Active Directory using Samba 3? (Such as only allow three time incorrect login and ect.) Are you saying that you are running an samba controlled domain and would like to make use of the GPO functionality like one would get in an AD domain? If that is the case, you can't. The closest you can get is using NT4 style policies. Are there any pages that I can refer to. Please refer to the official books from www.samba.org. They go into some detail about using poledit and such. Actually, that's not quite correct. There is at least one commercial tool available for Samba that makes it possible to use mmc (the Microsoft Management Console) and many of its snapins (especially Group Policy, but some others work too) to write policy to netlogon and read it in at user logon time. Obviously Samba has to support these :) --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with unicode filenames
tir, 26.04.2005 kl. 19.00 skrev Cristian Thiago Moecke: I have a file server with windows and I am creating a new Fedora Core 3 + Samba 3.0.10-1.fc3 file server... But i have many, many files that have chars like ç, ã, é in their name... When I move the files to the Samba server, all that unicode chars are changed to ? I need a solution for that to move on, because my boss will not like to stop using that chars... What does 'testparm -v -s | grep unix charset' return? I have the same need as you, only mine's for Norwegian characters. My unix charset's UTF-8. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
