Re: [Samba] migrating samba shares to a netapp filer?
Am 31.01.2013 16:43, schrieb Luca Olivetti: Al 31/01/13 16:09, En/na John P Arends ha escrit: If I were you I'd connect to both shares using a Windows machine and run robocopy to copy all the permissions. I thought about that but I'd prefer a Linux solution (if possible). There is a lack of standardization in ACLs on the Linux/Unix side (fine grained ACLs beyound User/Group/World). AFAIK XFS does have Posix ACLs (which never left draft status) and NetApp might be able to do NFSv4 ACLs on volumes with NTFS security exported via NFSv4 (not sure about that). If your ACLs follow a simple pattern (user and group directories with fairly uniform access rights) you might just recreate the ACLs from scratch, otherwise robocopy does a fairly good job in translating the ACLs. Kind Regards Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Client access multiple shares with different usernames...
Am 03.01.2013 21:12, schrieb Modulok: List, I have a FreeBSD box with samba and two shares '\\bsd\foo' and '\\bsd\bar'. Each require a different password. (Different system user accounts and different corresponding samba account.) They both work. The problem is that from Windows 7 and windowsXP clients I can connect to '\\bsd\foo', but then I can never connect to '\\bsd\bar' until I restart. Thereafter I can never connect to '\\bsd\foo' until I restart... and so on. Is there a way I can connect to multiple shares from the same client, using different authentication for each share? For example, if I could put a username in a UNC path that would solve everything: This is a limitation in Windows clients and not really a Samba issue. (People accessing shares on Windows servers face the same problem.) Basically the client can only handle one user name per server name. AFAIK there is no elegant workaround for this. One solution is to access one share via the NetBIOS name and the other via a DNS name (e.g. using \\bsd.some.domain\bar) or even the IP address. Another solution would be adding NetBIOS aliases to the server and accessing different shares with different authentication via different aliases. Kind regards Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can mkdir on samba share but not copy directory from local disk to samba share
Hi We are running a large samba servers within an NT4.0 domain (yes, I know) The samba version is 3.5.10: smbd -b|less Build environment: Built by:root@sfw10-patch Built on:Wed Oct 26 11:23:15 PDT 2011 Built using: /ws/on10-tools/SUNWspro/SS12/bin/cc Build host: SunOS sfw10-patch 5.10 Generic sun4u sparc SUNW,Sun-Fire-V210 SRCDIR: /sfw10/builds/build/sfw10-patch/usr/src/cmd/samba/samba-3.5.10/source3 BUILDDIR: /sfw10/builds/build/sfw10-patch/usr/src/cmd/samba/samba-3.5.10/source3 (...) running on Solaris (Sparc:) uname -a SunOS XX 5.10 Generic_147440-13 sun4u sparc SUNW,Sun-Fire-V440 File system is ZFS. The system has been recently moved from older OS and samba versions. (I'm not the primary admin but the guy supposed to know about the samba part.) I've found now that since we moved there is trouble with some file operations: I can create directories on the share with mkdir (from Win XP) just fine, but copying directories from a local file system to a samba share with xcopy ... /e fails. xcopy from samba share to samba share works, as well as xcopy'ing files. Where should I start to dig? Here's my configuration [global] workgroup = Y netbios name = XXX server string = Samba Server %v, Solaris 10 (ZFS) security = DOMAIN allow trusted domains = No username level = 1 log level = 1 log file = /var/samba/log/clients/%m_%I max log size = 512 load printers = No printcap name = /dev/null dns proxy = No wins server = z winbind trusted domains only = Yes hosts allow = 137.248., 192.168. nt acl support = No printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [homes] comment = Home Directories read only = No create mask = 0740 directory mask = 0750 veto files = /public_html/ hide files = /desktop.ini/ browseable = No volume = HOME [public_html] comment = User Webspace path = %H/public_html read only = No hide dot files = No mangled names = No [ntprofiles] comment = Benutzerprofile path = /WinNT-Profiles read only = No create mask = 0740 directory mask = 0750 hide files = /desktop.ini/ browseable = No csc policy = disable Kind regards Wolfgang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to allow only particular users to logon to a particular computer?
I have a pc (already joinned the samba domain 'DOMAIN') that I want to keep off other domain users but user DOMAIN\mark and DOMAIN\thomas whilst letting both of them to logon freely to other computers. You might want to manipulate the SeInteractiveLogonRight and possibly SeNetworkLogonRight on the PC itself. Have a look at http://support.microsoft.com/kb/279664 Two hints: - You might want to define a group and assign rights to the group instead of single users. - Avoid locking out yourself and the admins. Kind regards, -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] security=server comment
It really didn't strike me at the time, but just tonight as I was in the process of setting up a new server as a new domain controller on a new domain, what are we supposed to use for a Samba primary domain controller if not security=server? Just use the default setting, which is security=user. security=server is not for domain controllers. Regards Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users can read/write to other user's directories
Richard Thomas schrieb: Hi, I am setting up Samba on my CentOS server and have Samba version 3.0.28-1.el5_2.1. I started configuring the smb.conf file and then went on to use webmin to configure it. I have made sure I have restarted Samba after making changes. When I connect from my Windows PC to the Samba server, I can read and write to other Samba user's directories. This is due to the force user setting in your share definitions. With force user samba effectively switches to the forced user when accessing the share. (This is only useful for special shares where you might want to force one special user for all samba access to the share.) Regards Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Still unresolved: adding printers as a non admin domain user doesn't work
I did it on each machine. I don't know what file it edits, if any. Neither do I know whether it can be enforced domain wise if you don't use AD. I know, this thread is growing old, but I just want to add this piece of information. Samba 3 can do old style (i.e. NT4 domain) policies, and the point and print restrictions are covered by that. Basically these old style policies consist of registry values that are set upon login. As for the point of print restrictions, the relevant value is found at HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP - Userid in the Start Menu
I login from my workstations running Win XP, I then click on the Start Button (bottom Left). The very top of the popup window displays the fullname of the user (i.e. first, initial and lastname). After some time, the fullname gets replaced my the userid. Also happens with an NT 4.0 domain controller, so it might not be a Samba problem at all ;-). -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installing Samba as non-root user at work - please help.
Hi, Speaking of ports, I specify ports of 1445 and 1139 for smdb, since I cannot use a port below 1024 without having root access. Similarly, I attempt to use higher port when I start nmdb. Even if this would work, you would be stuck with the problem of convincing your windows system to talk to these ports. Given the information I've provided, and knowing that I do not have root access, can anyone provide any information to at least steer me in the right direction? I greatly appreciate your help. Without root access you can pretty much give up on installing samba. If your linux box allows ssh access, you might want to try something like winscp to transfer your files from and to windows. Regards, Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.25a idmap_ldap ldap suffix used instead of idmap config DOMAIN:ldap_base_dn
Hi, I'm trying to setup a samba domain controler trusting a NT4 domain. and want to use Idmap information already stored in an LDAP location. smb.conf snippets are below. I'm not getting this to work. What I see, reading log.winbindd-idmap at log level 10 is that search for Idmap entries seems to use the ldap suffix parameter instead of the idmap config DOMAIN:ldap_base_dn as a search base, i.e. it starts at ou=Trusting,ou=MyAccounts,o=Universitaet Marburg,c=DE while it should start at ou=Idmap,ou=Trusted,ou=MyAccounts,o=Universitaet Marburg,c=DE Any hints? regards, Wolfgang Ratzka --- [global] (...) workgroup = TRUSTING server string = %h security = user encrypt passwords = true obey pam restrictions = No passdb expand explicit = No domain logons = Yes preferred master = Yes os level = 65 domain master = Yes enable privileges = Yes logon home = logon path = passdb backend = ldapsam:ldap://somewhere.uni-marburg.de/ ldap ssl = start_tls ldap admin dn = uid=samba,ou=Access,o=Universitaet Marburg,c=DE ldap suffix = ou=Trusting,ou=MyAccounts,o=Universitaet Marburg,c=DE ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap delete dn = Yes # Idmap for trusted Domain TRUSTED should come from LDAP idmap domains = TRUSTED idmap config TRUSTED:backend = ldap idmap config TRUSTED:readonly = yes idmap config TRUSTED:ldap_base_dn = ou=Idmap,ou=Trusted,ou=MyAccounts,o=Universitaet Marburg,c=DE idmap config TRUSTED:ldap_user_dn = uid=sambaanon,ou=Access,o=Universitaet Marburg,c=DE idmap config TRUSTED:ldap_url = ldaps://somewhere.Uni-Marburg.DE/ idmap config TRUSTED:range = 8-9 -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Member Server Migration from NT4 to Samba 3.024
Aravinda Guzzar wrote: I need to migrate the local SAM database of NT4 Domain Member Server to Samba. Does this mean that you are sharing resources from this domain member server and using accounts the local SAM database for authenticating access? Regards, Wolfgang -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC on a read-only (and not configurable) LDAP server
Matteo Rosati wrote: (...) now, we want to change this system (obsolete), and the central administration has given us the possibility to connect via LDAP to their databases. we CANNOT modify the ldap entries and the configuration files, and we cannot isert the samba schemas into the ldap. in other words, we cannot touch in any way the ldap server. we only have full access to our server with samba, and we would like to connect to ldap so our users can do the login. do you have any suggestions? i am going crazy, i have no more ideas... If you want to build a *real* PDC, your only chance is setting up your own LDAP-Server and somehow sync that to the central LDAP. In principle this is not much different to what you are doing now with your /etc/smbpasswd and the files distributed once a week, but on a technologically advanced level ;-). -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem accessing SWAT with Firefox
Mike Stewart wrote: Thing is that nothing had been altered on the Samba servers, just my PC, so I can't understand why I can't connect now when it all worked OK before :-( It does work OK with Internet Explorer so I don't see that I need to change my hosts files. Are you sure that your Firefox does not have a proxy configured that your IE hasn't (or vice versa)? Regards -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Chinese lanuage problem
DR. Lee - NS1 wrote: (a) export LANG=zh_CN.GB2312 ... (b) export LANG=zh_TW.BIG5 or LANG=en_GB.ISO-8859.1 Are there any Chinese locales that use UTF-8 (i.e. Unicode mapped to 8-bit characters) instead of these special encodings? To be compatible with the Windows world, samba speaks Unicode on the wire. For a lossless mapping of Windows filenames (just throw in some Cyrillic or some Western European characters...) UTF-8 is pretty much the only option. Regards -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 and XP roaming profiles
contact_mahajan schrieb: Also regarding my logon script, my smb.conf fille says like this: [GLOBAL] .. logon script = scripts\login.bat . [netlogon] ... path= /var/samba/netlogon/%U This definition is trying to be subtle by defining a per-user-netlogon share, as %U expands to the session user name. Normally you will not want to do this, so you will strip off the /%U and simply put your login scripts below /var/samba/netlogon. (Permissions should of course be so that everyone can read and only admins can write.) The logon script parameter is a (windows) path relative to the netlogon directory. There is no need to put those in a subdirectory. (Sou you can do away with the scripts\ part...) You should note that the logon script parameter in the [global] section can be overridden by per-user-settings in ldap (if you are using ldap). Kind regards -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 and XP roaming profiles
contact_mahajan schrieb: I will appreciate if you can please suggest me something. I can script a batch file to map the network drives. But dont know how my to automate this at the logon for all the profiles. Have you ever tried a login script? Kind regards, Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backup Domain Controller
Jason Baker schrieb: I created a BDC for my network, running a slave LDAP server. Do I need specify the same workgroup as the PDC in the smb.conf? I was thinking I'd put it on a different workgroup just for organizational purposes. The workgroup name serves as the domain name if you are running your samba servers as domain controlers. A BDC must have the same domain name as the PDC, so the answer is no. Once you start with PDCs and BDCs you must stop thinking of workgroups. You have a domain. -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc vampire umlauts (äöü ß) problem
Stefan Drees schrieb: Hi, im using net rpc vampire to migrate users/ groups from nt4 to samba3 with ldap backend. But the umlauts (äöüß) in the displayname are malformend. Unix charset in smb.conf is set to ISO8859-1. Any hint how to correct this? Regards S.Drees Did you consider switching your unix charset from ISO8859-1 to UTF-8? Windows does allow unicode characters in file names and in other places. Translating them to ISO8859-1 will not always work. Kind regards Wolfgng Ratzka -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LF vs CRLF (Was: Mapping a network drive to a Windows Drive Letter)
[EMAIL PROTECTED] schrieb: We have this working. however Some developers edit files using windows editors and when they then copy them to the Windows Drive Letter which is mapped to a Unix machine, the resultant file is full of ^M characters. build breaks. and so on Until now we have been telling users to run dos2unix beforehand, but somebody told me that Samba can handle this if properly configured ? Is this possible ?If so can somebody please help me ? This cannot be done. Samba would need to decide for every file whether it is DOS text, that needs to be recoded, or a binary file, which must not be touched. -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP/W2K on Samba 3
To prevent users from changing their profile you could assign to them a mandatory profile, that is not stored back to the server and is deleted from the client upon logout. (I haven't used such a thing, I only know that it is supposed to exist.) An easier way of making the user's profile go away upon logout is to put him/her into the guest's group. (I am not shure which other consequences this will have.) To modify the default storage location for documents etc., you use a policy that does folder redirection. (You can also use folder redirection without using policies by directly editing the registry of the [mandatory] profile assigned to the users.) Some of these topics are covered in Chapter 5 (Making happy users) of Samba-3 by Example aka The Samba Guide, see http://www.samba.org/samba/docs/man/Samba-Guide/ and in Chapter 27 (Desktop Profile Management) of the Samba Howto Collection, see http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ HTH Wolfgang Ratzka Okay, let me try to explain it the simple way as I understand it. We are running a debian-server with debian-clients and also a mixture of WIN98SE, WIN2000 and XP-clients. Users are logging in from all these four types of clients. They have one personal share on /home/username accessible from all types of clients (via SAMBA for Win-clients). This is working fine, but as soon as a user is logging into the domain on one of the WIN2000 or XP-clients for the first time on this client, the client is creating a local user-directory. In a first step I would like to avoid this creating of local user-directories, because after a while each user has a local home-directory on every win2000/XP-client. Opening the explorer he should only find one home directory, which is his samba-share on the server. In a second step it would be great, if he is trying to save data, WORD or what ever automatically offers the users samba-share for saving data. What I do not want to offer is a personal desktop that is available from every computer he is logging in. I want to have the Win2000 or XPdesktop the same for all users. They can use the Linux-KDE-computers if they want their own desktop. How can this be achieved? Thank you for helping. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-root accounts cannot join the Samba PDC:s domain
Since I need to migrate *lots* of clients to the Samba PDC, I need to setup a method so that each user can change to the new domain on its computer. And giving out the root password of course is not an option. I think there is a setting in one of Samba's config files that makes it so non-root users can join the domain, right? If your Samba version is pretty recent (privilege support was started in 3.0.11 and has been improved since then) you can assign the SeMachineAccountPrivilege to arbitrary accounts. You can set this either from Windows in User Manager (Menu Policies-User Rights) or from the comman line on your samba server: net rpc rights grant some_account_name SeMachineAccountPrivilege Regards, Wolfgang Ratzka -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new problem: PDC is not member of own domain? (was: 'ldap machine suffix' is ignored?)
Mike A. Kuznetsov schrieb: If I try to save new permissions (without extended acl's, but they are supported) I see error (in russian in original, translate not equal): We havn't know about machine PDC - does it member of domain DOMAIN? Did you join your PDC to the domain? Something along the line of net rpc join -U root -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need to remove domain from Winbind group entries
Steven Rice schrieb: Hi, This looks as if your BDC gets its user and group info via winbind. As BDC it should point to the same ldap server as the PDC (or to a replica). Kind regards Hi, I have server setup as BDC on a subnet different from the PDC. The BDC can auth fine against the PDC and they can browse each other just fine. The problem is on Unix side of the BDC. When I do a 'wbinfo -g' or 'getent group' each group fit the format 'DOMAIN\group_name' and the PDC does not. This is causing problems when synchronizing as the group perm is being set by name, not uid. I have configured both the PDC and BDC with the following entries: winbind trusted domains only = yes winbind use default domain = yes obey pam restrictions = Yes Yet the domain name still show in in the groups on the BDC. I tired every I know but with no luck. What can I do to remove the domain from the group entries on the BDC? Thnaks! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows 2000/xp authentication through samba/ldap?
Mike schrieb: I run the computers in a small shop and want to change my users from using the local accounts on their windows boxes to a central account managed through ldap (openldap). I now have samba working with ldap and using ldap for authenticating shares as windows users ask for those shares to be mounted to their workstations. What I want is for the initial ctl-alt-del login to authenticate through samba to ldap. What you want to do is, set up a domain controller. Look at the Chapter Making Happy Users in the Samba by Example book available on the Samba web site. (This is not for a small shop but covers using LDAP as a password backend.) -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installing software as a user
Huck schrieb: After joining machines to my Samba domain (in a school setting)some accounting software no longer functions as it needs to be run as the user that installed the software. So I uninstalled the software and attempted re-install as that user, but was told via a pop-up error message that the user did not have rights to install. The user exists on the local machine(XP Pro) and has administrative privileges, but apparently when logging into the domain it changes the user's effective rights. A local user PCXYZ\username is always distintct from a domain user DOMAIN\username, so PCXYZ\username's rights don't apply to DOMAIN\username. Is there some simple 'user configuration' on the Samba side that I need to do with 'smbpasswd' or with the linux groups to allow users to install software? Just add the domain user to the local Administrator's group. As a local administrator on the machine enter the following command: net localgroup Administrators DOMAIN\username /add This gives admin privileges to the domain account. Kind regards, Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] computer outside domain can access resource to inside
[EMAIL PROTECTED] schrieb: But, I have one problem. There is one user, bring the private notebook. He create ip address (same with his office-computer), local account and password (same with his account in PDC) in his notebook.Then he un-plug LAN cable from his office-computer and plug-in to his private-notebook. And he can access share-file in other computer. A user who has physical access to the network will be able to do all kinds of things. (Samba's behaviour in this case is Windows-NT compatible.) As for technical means to prevent this kind of thing: Some switches can be configured to shut down a port if they see an unknown MAC-address. (Cisco's name for this is port security. Of course there are ways to circumvent this :-/ ). -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Redirection of Desktop
Matthew Crites schrieb: Hi, I am using a logon script to modify the HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop to %LOGONSERVER%\profiles\%USERNAME%. On the samba server I have a share that hosts the profiles under %N\profiles\%U Do not do this. The profiles share will be overwritten by the local copy of the user profile (usually C:\Documents and Settings\%username%) upon user logoff. So you should not directly write to this directory. -- Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC with no roaming profiles ?
Roberto Salvatierra schrieb: now... if i tweak [profiles] or [netlogon] is there a way to totally stop the roaming profiles from the server ? just have the PDC to authenticate the users, and to serve files to those users ? thank you very much. Just set the logon path option in smb.conf to an empty string and also delete the profile path information that may be attached to each user account in the passdb backend you are using. (With LDAP it is the sambaProfilePath property.) Kind regards Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] load printers = Yes produces working but invisible printers
Hi, I am running samba 3.0.21c (Sernet packages on Debian Sarge) and trying to automatically share cups printers via load printers = Yes - Printing seems to work if you install the printers on the client by calling con2prt.exe, but - the printers do not appear as shares when browsing the network neighbourhood or calling net view \\servername on the client. - They do appear, if I include an explicit section for each printer in smb.conf Bug or feature? My configuration options: [global] ... printcap name = cups cups server = localhost printing = CUPS load printers = Yes ... [printers] comment = SMB print spool path = /var/spool/samba guest ok = yes printable = yes browseable= yes use client driver = no Kind regards, Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] sernet-samba 3.0.21a-6 (Debian): wrong path for registry.tdb
Hi, I am running sernet-samba 3.0.21a-6 (Debian) with winbind as a member server in a (NT4-)domain. When trying to assign ACLs from a Windows 2000 client in Windows Explorer, I get the error message Object Picker cannot open because it cannot determine whether nt04001 is joined to a domain. ... At the same time I get error messages in smdb.log: (...) [2006/01/04 10:32:14, 0] registry/reg_db.c:regdb_open(259) regdb_open: Failed to open /var/run/samba/registry.tdb! (No such file or direc tory) (...) Adding a symlink /var/run/samba/registry.tdb pointing to /var/lib/samba/registry.tdb seems to cure the problem. Kind regards, -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles not supporting quota
Allori Lorenzo schrieb: Here is my problem: if a user copies a big file to the desktop (bigger than the quota set for that user), when he logs off, the profile wont syncronize with the server with the message disk full. Is there a way to let the WinXp client to understand how much space is available also for the local profile that must be syncronized later with the server? In other words: how can i manage to solve this problem not having to make mandatory profiles? I want the users to do whatever they want with the quota i gave them. Limiting the size of roaming profiles is a good idea anyway. You can use policies to move some folders (e.g. the Desktop folder) out of the profile (e.g. into a subdirectory of the user's homedirectory). And you can use policies to tell windows to enforce a size limit for the roamin profile. (NB: for replication to work you will need windows to limit the profile size to half the quota size. Of course, you will need to have separate quota for profile directory and user home directory.) http://www.pcc-services.com/custom_poledit.html looks like a nice starting point for using profiles on samba. Kind regards, Wolfgang Ratzka -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba banner string
How do I do to rid of the banner SAMBA 3.0.14a on debian on sarge (pdcsrv) Just edit the server string parameter in your smb.conf file. -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restricted folder inside public share
Carsten Gehling wrote: I've been assigned the task to make a fileserver with the following share: 1) I open \\my-samba-server\public - The folder is opened without any username/password requests. Inside this folder I can create files and folders. 2) Inside \\my-samba-server\public there is a sub folder called event. If I try to open this, I will be prompted for username/password before access is granted. How do I do that? Is it at all possible, or can I only make it with event as a separate share? It will not work this way. Once a Windows client has connected to the public share, nothing will make it re-autheticate the connection. You will just get an access denied for the protected subfolder. You may even run into problems if you work with two separate shares on the same server, as windows does not support connecting to two different shares on the same host with different credentials. -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT 4 Issue
Doug Hubbard schrieb: The issue appears to be related to mapping subdirectories of the share Yes. NT4 as a client OS cannot do that. There are dirty tricks to work around this limitation, you can do SUBST F: \\doug-linux\LAN\VOL1 but there are weird side effects if you do so (e.g. subst'ed drive mappings are not cleaned up automatically as you log off). So this is not realy something one can recommend. -- Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Remote conection!
Deleo Paulo Ribeiro Junior wrote: One of my clients asked me to access the shared directories outside the company. I tried to use windows net use \\ip.xxx.xx.xx\share and I allways receive a error 53 message. This is the error message one would expect if a firewall blocks SMB and CIFS protocols. Using those protocols for external acess is usually not recommended. -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fonts on shares (thai)
Krisztian Andre wrote: On what lever does my samba server has to support thai fonts for the thei filenames on the shares to work? By default Samba 3 uses UTF-8 filenames on disk and talks Unicode to the network. Basicly Thai filenames should just work, but they might look a bit weird when viewed from the unix side. -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: change list post policy was: Re: [Samba] Re: nazi spam in German over list address
Jason Pyeron wrote: How can we go about changing the long standing policy of anyone can post? Do we need a vote? if so who can vote and what percentage would be needed? Does one person make a decision? if so who? I don't think this decision is needed. Someone just needs to update the spam filter that just fails to detect these messages. Regards -- Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] the desktop.ini incident again
Matthias Eichler wrote: I think the real problem is the following: - windows saves the settings of the desktop and folder view in this file which is normally hidden, so the desktop.ini is more or less always there - it just comes up (via autostart e.g.) or in the quickstart- panel if you configure windows to display all system and hidden files... Or (what seems to be the case here) if storing the roaming profile in a samba share somehow fails to preserve the hidden-flag. -- Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Staus of Sernet Debian packages?
Has anybody out there tried the Debian packages offered by sernet? The seem to be ina not-yet-usable state right now. (E.g. the scripts normally found in /etc/init.d seem to be missing.) -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WIN2K with SP4 unab;e to save profiles on a Samba PDC
I have been noticing for a certain time that the Win 2K with Service Pack 4 wasnt able to save its profile to a Samba PDC. Is this a known fact or I have a problem ? This is most probably due to additional permissions checks Microsoft introduced in some patch leading to SP4, see http://support.microsoft.com/kb/327462/ . One way to cure this is to set a registry key on the clients, see http://www.samba-tng.org/docs/tng/windows-registry-patches/WinXP_RoamingProfiles.reg (This also works on W2k.) Kind regards, Wolfgang Ratzka -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: rpc trust gives NT_STATUS_INVALID_HANDLE with 3.0.11
Gerald (Jerry) Carter wrote: Wolfgang Ratzka wrote: | I get exactly the same error message when trying to build a trust from | Samba 3.0.11 (samba.org binaries on Debian, using ldap backend) to | Windows NT 4.0. | I see EventID 537 on the NT 4.0 Server (An error occured during | logon...) which is different from what I get when I enter a wrong | trust password. Patch is at http://www.samba.org/~jerry/patches/post-3.0.11/ I decided to go for the bleeding edge and built debian packages from 3.0.12-pre1, which as far as I can see contains the patch. I now get: Could not connect to server NTRZ04 [2005/03/08 23:14:51, 0] rpc_parse/parse_prs.c:prs_mem_get(537) prs_mem_get: reading data of size 4 would overrun buffer. [2005/03/08 23:14:51, 0] utils/net_rpc.c:rpc_trustdom_establish(4566) WksQueryInfo call failed. (I can produce more output, if necessary.) Regards, Wolfgang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: rpc trust gives NT_STATUS_INVALID_HANDLE with 3.0.11
Thorkil Olesen wrote (samba Digest, Vol 26, Issue 26):
Date: Wed, 16 Feb 2005 17:11:16 + (UTC)
From: Thorkil Olesen [EMAIL PROTECTED]
Subject: [Samba] rpc trust gives NT_STATUS_INVALID_HANDLE with 3.0.11
When I try to establish a trust from SAMBA 3.0.11 to Windows 2003 I get the
error: NT_STATUS_INVALID_HANDLE. I have no problem the other way. I had no
problem either, when I ran SAMBA 3.0.9, and the problem disappeared when I
down-graded to 3.0.9.
Here is what happens ('CALYPSO' is the Windows-server and 'KONTOR' is its
domain-name):
[EMAIL PROTECTED] /root]# net rpc trustdom establish kontor
Password:
Could not connect to server CALYPSO
[2005/02/16 17:20:27, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
cli_pipe: return critical error. Error was NT_STATUS_INVALID_HANDLE
[2005/02/16 17:20:27, 0] utils/net_rpc.c:rpc_trustdom_establish(4560)
WksQueryInfo call failed.
I get exactly the same error message when trying to build a trust from
Samba 3.0.11 (samba.org binaries on Debian, using ldap backend) to
Windows NT 4.0.
I see EventID 537 on the NT 4.0 Server (An error occured during
logon...) which is different from what I get when I enter a wrong
trust password.
Any hints?
Using --debug=10 gives me a lot of output. I'm not sure whether
I should post that to this list.
--
Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994
Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany
http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Configuring firewall to allow Samba to work
-BEGIN PGP SIGNED MESSAGE- [EMAIL PROTECTED] wrote: | | This is a note for all those people out there who had to turn off their | firewalls (iptables) to get Samba to work. First start the GUI | interface to the firewall by typing - - Your hint should only apply to a firewall that serves to harden your server ~ installation, i.e. if you use iptables on your server to control, which ~ kind of packets *from your local net* your server responds to. ~ If your firewall has the additional purpose to separate your local net ~ from the internet, then allowing NetBIOS over TCP/IP is not a good idea. ~ There are currently several windows worms that scan random IP address ~ ranges for weakly protected windows shares, so opening up your network to ~ these protocols is a bad idea! ~ To repeat that: You should open Ports 137, 138 and 139 (UDP and TCP) ~ only for your local net, not for the internet. - - Are we going to accept hints from someone without a name and with an ~ address [EMAIL PROTECTED]? I have the strong suspicion, that your ~ real purpose might be to trick people into opening up their firewalls. - -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany ~ http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBPnBG2xwiO5rz0xULAQEyFwf/YD1AEn7jz5W9Pzp3KbyMpPv+XbFZA0qw 1pM0EY72XzJ1Dn6X1N4aJ7PT+Cwqr6CVj/fxaVaOBY+C4HYZ9pJomTDevp9W/npp GZM4mkHylVHH/D59nHsd6x4IhLYllENTIGeHOdxRVN19XnYsIPt4EJ9R1GADrjRA 5dMowsaFBsX2Qymj7MM9N3wIzHkHft9eHHKXfMJd5bmPinqmtMFHHEOcgKSzutHZ Z5d5vijP9DQuPxv2v5kLx6OKYPwmLXP+6sKOno0Q/l08EZUROaBHTQD6heeYCqC2 hPaWGaxRrtF/IO2YVLH9A5UFSOK9/Qiwwihv7cFTDn/VIB/IbY0yjw== =xV38 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: gpedit.msc as centralized policy for 2k/xp clients indomain
-BEGIN PGP SIGNED MESSAGE- John Newhouse schrieb: | I found this from http://charon.minilab.bdeb.qc.ca/anonym/nt/2000/ads/TTGW2KGP_Vol1through4.pdf | | I would like to figure out how to do this gpedit.msc+AD+gpc+gpt magic for win2k/xp with | linux+samba(2.2/3.0/tng)+openldap and is it possible at all? Group policies are stored in Active Directory. Current samba development is still improving on good old Windows NT 4.0 domain services. I would suspect, that Active Directory services on samba will not be available anytime soon. (I would love to be proven wrong :-) on that.) - -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany ~ http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBPm9PiRwiO5rz0xULAQHG8Qf+NmOjxJfMAG8vKu0UQiSub4P9bM/vh9k7 67H/B5105nICEnK8VCX4WcGr9+bKv5P5EwnrhJ0CNnFwAGc2uxT99utECsKnV7Tp czvU3YarmVxFXGF6eLz5ZF1ApA8l+qusKhdNn1F9BBx57a4qYeVUqXGbMdLcUmOi 7IyH34S8LNELlc49eyHB7pBKjsjv48iecVrcMotqPaGXxZGgv37yOx1fd4cKMI8I d8bJKckzLy/WKrhq55zEd1pu8//KEbUY56tGgFTMNmWn8e0b+d9HKS/5DPa76aOO c8gNQA7zjUWnBk5bPdIxkKmmWItWlMwYx/OMGPPH2ODGQAxHtasAyw== =p713 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: cups printing and user names from trusted domains
Kurt Pfeifle wrote: Andrew Bartlett wrote on Samba-Digest: (...) I've looked into this, and it looks like our CUPS printing is quite broken in this respect. (...) However, when looking at the code in relation to your problem, I noticed that we send completely the wrong username to CUPS. For both the print job's submission, and later attempts to cancel or pause a job, we send the *original* 'smb_name'. This is the unqualified username of the user that originally sent the job, before any mapping. The correct thing to send would be the unix name - possibly directly from current_user, but I need to check on this. Hmmm... I'm not so sure this is what most people would desire. CUPS logs the names in question, for example in its page_log for accounting purposes. If we serve Windows clients, and if we now and then want to evaluate the page_log and create statistics and reports from it -- is it the Unix name or the Windows user name we want to appear there? Well, in my case (using winbind) the Unix name would just be Windows Domain Name\Winbind User Name, which would fit my purposes quite nicely. I can, however, imagine some setups where the unix username does not contain any information (e.g. printing without authentication with unix users generally mapped to nobody). Kind regards, Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] cups printing and user names from trusted domains
-BEGIN PGP SIGNED MESSAGE- Im currently running some tests for a samba/CUPS based print server. The print server is a member of an NT domain and uses winbind to import NT domain users. Users accessing the print server will be not from the same domain but from trusted domains. Everything basically seems to work, once you use sufficiently new versions of cups and samba. (I'm on Debian woody, so I needed to get the 2.2.7a debs from samba.org, and cupsys-* 1.1.18-2 from Debian unstable to get a version of cupsaddsmb that actually works.) One remaining problem is that the print jobs show up in the CUPS queue as owned by user instead of domain\user. Moreover, print jobs submitted by domain1\user1 can be deleted by another user domain2\user1 who has the same user name in a different trusted domain. Am I doing something wrong? I remember vaguely, that during the first stage of my experiments (maybe with an older version of the cupsys packages), some printjobs showed up with a qualified name domain\user. Kind regards, Wolfgang Ratzka - smb.conf--- [global] ~ workgroup = MYDOMAIN ~ server string = %h print server running samba %v ~ load printers = yes ~ printcap name = cups ~ printing = cups ~ printer admin = @MYDOMAIN\Druck-Admins ~ admin users = @MYDOMAIN\Druck-Admins ~ guest account = nobody ~ log file = /var/log/samba/log.%m ~ max log size = 1000 ~ syslog = 0 ~ security = domain ~ password server = * ~ encrypt passwords = true ~ socket options = TCP_NODELAY ~ wins server = edited out ~ dns proxy = no ~ passwd program = /usr/bin/passwd %u ~ passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ~ obey pam restrictions = yes ~ winbind uid = 1-6 ~ winbind gid = 1-6 ~ character set = ISO8859-1 ~ client code page = 850 [printers] ~ comment = All Printers ~ browseable = yes ~ path = /tmp ~ printable = yes ~ public = no ~ writable = no ~ create mode = 0700 ~ printer admin = @MYDOMAIN\Druck-Admins [print$] ~ comment = Printer Drivers ~ path = /var/lib/samba/drivers ~ browseable = yes ~ guest ok = no ~ read only = yes ~ write list = @MYDOMAIN\Druck-Admins ~ create mask = 0755 ~ directory mask = 0755 - -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany ~ http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBPmjTFRwiO5rz0xULAQHiZwf9HH6OcbQHGF9kUnveS+JEDIauoBYQeBb0 bMgOe60CnKzhKt0+aRHVdBaK2hzQ+x66NdtmW3nPmmSvChqCzeY/plMcFPnxFN02 PA8h1ycD9dfAjVoMLr/+XZkTvpEKz5tXlZFg5WuSreBMYfA+MNZ11VXvLk2W6Y9N O9ReJFbZNJzvKrjOKNUODzsfMIljzBzvRGDgKotrnXZM5ytlIkofWKnfKmmYU58i sdBZRrSBjn/x5CHDOdC2i8Tv/uRTFW1CDJCxb1ow6DKSue2rrrjTKhQZlyLqVBEO yQD+X/LqAsrnXkC8GhWOBeHZb28f4CcgGMAmmf/N6lmbgMjRua3SSg== =NLPa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
