[swinog] Linux, LDAP/Krb auth samba - no group access
Hi List Anyone ever had to do with a Domain integrated samba? (otherwise just delete this mail :)) I got a bit a strange issue: I have a w2k3 ADS with Server for Unix (schema-extension so that UID, Homedir and loginshell can be hold within the ADS), have a Linux Box integrated into ADS (fully integrated, LDAP Kerberos5, no winbind needed) The domain users are visible via 'getent passwd/group', the users can login and have the right memberships. Everything is fine, user can access files which have the appropriate rights on group (root:Domain Users, rwxrwx---) When a file is owned by the domain user itself samba lets me do whatever i want to do. But, when the shared directory is owned by someone other, but the domainuser should have access through the group permissions, nothing works anymore and i get a NT_ACCESS_DENIED A bit testing showed that files on the samba can only be accessed when the file is owned by the appropriate user, but not else (neither Group nor World accessrights seems to work) After spending hours with google i feel quite alone :) Did someone else ever had issues with domain-joined samba and group-access? Cheers Josh ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
AW: [swinog] Blacklist at bl.csma.biz
Hi Martin Don't know the blacklist, but googling for it, found this in google's cache: http://209.85.135.104/search?q=cache:xYXAqS2MhJ0J:bl.csma.biz/+%22bl.csma.biz%22hl=enct=clnkcd=1 Looks like the domain is down at the moment. Normally, if there is no result for a check, it is assumed that it's not listed... Cheers, Mike -- Mike Kellenberger [EMAIL PROTECTED] Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Martin Ebnoether Gesendet: Freitag, 2. November 2007 15:37 An: [EMAIL PROTECTED] Betreff: [swinog] Blacklist at bl.csma.biz Hi Swinogers and Swinogettes. Does anyone here know the blacklist at bl.csma.biz? One of our users wanted to send a mail somewhere and it was rejected by the remote mailserver because we are listed in that list. Though, bl.csma.biz does not resolve. My understanding of blacklist is, that if there is no result for the check (that is based on DNS, right?), it assumes it is listed. In that case, the remote mailserver, rejecting mails from listed servers, would accept no mails at all? Now they will have serious fun over there, since the remote server belongs to one of the big US stock exchanges... =:-) Oh and I fully agree that it is a very bad idea to block mails on a single criteria. CU, Martin -- Ungenügender Speicher zur Anzeige der ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] bluewin mail servers load balancers don't like AAAA - breaks email
Adrian Ulrich wrote: Hi Jeroen ;; -HEADER- opcode: QUERY, status: REFUSED, id: 22394 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 We are aware that ns.bwlbmsg1zhh.bluewin.ch. doesn't play well with IPv6 (and we also know that some lb-vendors are not able to fix such simple bugs). And tada, my sweet postfix/bind/powerdns combo will give up on it as there is clearly no answer to be gotten for that hostlabel. [EMAIL PROTECTED]:~$ dnsmx bluewin.ch 10 mxbw.bluewin.ch-- ns.bwlbmsg1zh[hb].bluewin.ch 42 mxzhh.bluewin.ch -- dns[1234].bluewin.ch 42 mxzhb.bluewin.ch -- dns[1234].bluewin.ch 66 mx49.bluewin.ch-- dns[1234].bluewin.ch Why doesn't your postfix/bind/powerdns combo use mxzhb/mxzhh ? It does, but it does give up on the mxbw one. The reason that I noticed is that for signup we do an MX check, to check if they are setup correctly, bluewin.ch failed the test with flying smudged colors... It is on the whitelist now though, but before that it was nicely rejecting any signup attempt from people using that as an email address. It also doesn't leave a good impression on customers I guess that the ISP can't even have a proper email setup. Nevertheless, I would gently try and suggest to fix it for real instead of letting it run like this. Of course that is easier said than done, especially with a magic blackbox which is broken which resides in your network... Greets, Jeroen signature.asc Description: OpenPGP digital signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] UCEProtect Blacklist
Hi there We have some Problems with the UCEProtect.net blacklist. He lists some Subnets and AS who dosnt send Spam from us Customers... e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have Problem on E-Mail Services. But really Spammers are not listed :D Maybe the Blacklists add some subnets of Big Companys, cause for delisting you need to pay some money... dnsstuff.com uses this blacklist in the lookup tool i dont know how many providers using this list. Anyone there know more about this Blacklist? The Service is Provided by admins.ws and for the fun try www.admins.ws/../../etc/passwd Marco -- For list-off Contact use: silicium (-at-) natural-geek.org PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715 -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w-- O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+ G++ e+ h++ r y+ --END GEEK CODE BLOCK-- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
AW: [swinog] UCEProtect Blacklist
Hello, This is the Problem Sunrise won't pay money. And they want make money. I think the best way is to removie UCEProtect.net level 3 from your Blacklist. Greetings Xaver -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marco Meile Gesendet: Freitag, 2. November 2007 21:47 An: [EMAIL PROTECTED] Betreff: [swinog] UCEProtect Blacklist Hi there We have some Problems with the UCEProtect.net blacklist. He lists some Subnets and AS who dosnt send Spam from us Customers... e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have Problem on E-Mail Services. But really Spammers are not listed :D Maybe the Blacklists add some subnets of Big Companys, cause for delisting you need to pay some money... dnsstuff.com uses this blacklist in the lookup tool i dont know how many providers using this list. Anyone there know more about this Blacklist? The Service is Provided by admins.ws and for the fun try www.admins.ws/../../etc/passwd Marco -- For list-off Contact use: silicium (-at-) natural-geek.org PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715 -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w-- O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+ G++ e+ h++ r y+ --END GEEK CODE BLOCK-- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog