eEye Retina 5 required by our security to check our workstation
security complains no MIN PASSWORD, AGE, and a dozen others related to
access rules against my only two Samba (3.0.10) servers on Solaris 8
fail security scans.
Running strings on smbd binary, I find most of the parameter strings.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/27/2007 03:57 PM, Daniel Davidson wrote:
I have found a fixed my previous problems (two typos that were hard to
find) and now the smbldap-tools all work as expected if I run them as
root. However when I try to join a domain from a windows
This is really getting frustrating. The exact message when joining the
domain is user name could not be found, however I have the
Administrator account set up with the proper data. And i have tried
administrator with and without the A in caps. I can take this username,
log into the server, and
Daniel,
Try adding ldap idmap suffix = ou=People
Since I noticed that ldap user suffix and ldap group suffix do not
seem to be used.
Also, check you LDAP log files to see if you can spot the samba search
string!
Andrew
This is really getting frustrating. The exact message when joining
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel,
This is really getting frustrating. The exact message
when joining the domain is user name could not
be found,
When joining a Samba domain usually this means that
the machine account could not be found.but I haven't
followed this
Apologies for the nast of the accompanied text, but I thought it best to
include everying from the ldap log in relation to a request to join a
domain. It all looks fine to me, except for the text= string never
being populated, but please let me know if you can find anything of if
that is a
I was looking around for more help on my problem and found this info on
a gentoo page even though I am using RHEL4 regarding the configuration
of ldap. Anyone know what they are talking about by Field names here
must be all caps?
Dan
for database you can either use bdb or ldbm. bdb is
I have found a fixed my previous problems (two typos that were hard to
find) and now the smbldap-tools all work as expected if I run them as
root. However when I try to join a domain from a windows machine, the
scripts never run and get an Access is denied message. Since I am
using 0.10 I do not
I have a Macintosh Xserve running OS 10.4.8 and it's running Samba 3.0.10.
Everytime a Windows XP workstation logs off the Macintosh Xserve server, the
following shows up in the log.smbd (located at var/log/samba):
[2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045)
make_a_mod: INVALID VALUE!!!
On Thu, Jan 11, 2007 at 03:20:39PM -0800, Niatross wrote:
I have a Macintosh Xserve running OS 10.4.8 and it's running Samba 3.0.10.
Everytime a Windows XP workstation logs off the Macintosh Xserve server, the
following shows up in the log.smbd (located at var/log/samba):
[2007/01/11
On 12/01/07, Volker Lendecke [EMAIL PROTECTED] wrote:
On Thu, Jan 11, 2007 at 03:20:39PM -0800, Niatross wrote:
I have a Macintosh Xserve running OS 10.4.8 and it's running Samba 3.0.10.
Everytime a Windows XP workstation logs off the Macintosh Xserve server, the
following shows up in the
What OS are you using?
Usually all package handlers have krb5 in their repos.
Just do a apt-get install libldap2-dev libkrb5-dev acl libacl1-dev on
debian.
Here is a good link - http://www.enterprisenetworkingplanet.com/
netos/article.php/3487081
Cheers,
7 nov 2006 kl. 01:15 skrev Brad
Any help would be very much appreciated.
My Configuration-
Solaris 8 - hostname = vail
Samba 3.0.10 (downloaded from sunfreeware.com)
As per the instructions on sunfreeware, I have also installed the
following packages-
libgcc-3.3
libiconv-1.9.2
libintl-3.4.0
ncurses-5.4
popt 1.7
readline 5.1
Any reason why you don't use security=ads and kerberos so that you
get single sign on for shares with your AD users?
This way they don't need to supply user/pass to samba shares as samba
kan handles the kerberos tickets issued when they logged on to the
win box.
The packages I downloaded from
Any reason why you don't use security=ads and kerberos so that you
get single sign on for shares with your AD users?
This way they don't need to supply user/pass to samba shares as samba
kan handles the kerberos tickets issued when they logged on to the
win box.
cheers
6 nov 2006 kl. 21:59
When I first startup smb
service smb restart
nmbd seems to be starting up correctly.
nmblookup -M chemistry
querying chemistry on 128.148.nnn.255
128.148.nnn.server's-ip chemistry1d
and
nmblookup -B SERVER __SAMBA__
querying __SAMBA__ on 128.148.nnn.server's-ip
server's ip __SAMBA__ 00
We have successfully installed Samba on a Sun Server 3.0.10 and can access
it via PC Clients. We can read/ write files on the Unix drive.
However when we click 'My computer' on the PC, and highlight the Unix drive,
it shows :
FileSystem : NTFS
Free Space : 0 bytes
Total Size: 20.0 MB
The actual
I really hope someone can point me in the right direction. I have a few
servers setup with samba 3.0.10 and recently the Windows servers have been
upgraded to W2K3. The problem that I am having is since the upgrade users
without accounts that are in both windows and ldap, cannot access the
samba
Hi List,
need your help, property the here following.
OS / Samba = samba-3.0.10-1.4E (RHEL4)
Error message in Samba logfile = Invalid key XXX given to dptr_close
This message comes then if by NT server with BrighStore a Backup is started.
The Backup is made by a Share.
all the same
I recently set up a new RHEL4 server with samba-3.0.10 in a Windows 2003
server PDC domain.
I can log on as one user from different workstations on to the new samba
server. With several other users, I get this error:
Oct 18 16:41:34 samba-server smbd[2502]: krb5_rd_req(CIFS/[EMAIL PROTECTED])
I'm trying to set up a Samba file server inside of an NT4 domain. I'm
using Samba 3.0.10 My config files are at the bottom of this post.
The server appears on the windows network inside the domain called for
in it's smb.conf. But when you try to access it from any client which
does not have an
How about some thread necromancy.
Here's the issue I was working to resolve back in December of '04.
http://lists.samba.org/archive/samba/2004-December/097804.html
Until today I never really resolved this problem to my satisfaction.
Samba worked with ADS, and that was fine. Today I was
Hi,
I have a working samba setup using ldap from following the
smbldap-installer scripts etc, but now have one remaining problem. This
is the second time I have installed it and had it working reasonably well
being used in an educational environment.
My problem this time is that each
Hello,
I have a problem with samba.
I want to restrict the access to a share. But with NT users.
Ex: I have to give write access to users fquintans and epinto (NT users) to the
share testeedu.
I´m using net join command to join the NT domain.
# Global parameters
[global]
I am currently running a RedHat Linux Enterprise 4 server and have
configure Samba 3.0.10-1.4E on this server. I have successfully joined
a Windows 2003 Active Directory domain and have been able to provide
access to a share on the Samba server to certain members/users/groups of
the domain that
I have successfully, well somewhat successfully, joined a native Windows
2003 Active Directory domain as a domain member. The home domain has
a two-way trust relationship with another domain in the same Forest.
The Samba server can provide proper access to any object within it's
home domain,
I am having a bit of a problem and hope someone on here can help (if it
has been covered already please feel free to point me in the right
direction - I have searched and searched but found nothing!)
Setup:
Linux box : Debian Sarge using Samba 3.0.10-Debian
windows Box : Windows 2003 SBS acting
On Wed, 2005-03-16 at 14:54 +0530, ankush grover wrote:
On Wed, 16 Mar 2005 08:03:42 +, Phil Foxton [EMAIL PROTECTED]
wrote:
I am having a bit of a problem and hope someone on here can help (if
it
has been covered already please feel free to point me in the right
direction - I have
Hi,
I'm trying to get Samba to act as the PDC for a domain populated by Win2k
boxen. All the machines are running Windows 2000 Professional. Unfortunately,
the 2k boxen all produce this error when I try and log in as a normal user:
Windows cannot log you on because the profile cannot be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Piszcz wrote:
| I have found the problem; it was a single patch
| from microsoft, remove it and fixed! :)
which patch ? We'll need to fix Samba to work with it.
cheers, jerry
The patch fixes a 'drag and drop' vulnerability.
The patch ID is: KB890047
http://www.microsoft.com/technet/security/bulletin/MS05-008.mspx?pf=true
On Sat, 12 Feb 2005, Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Piszcz wrote:
| I have found the problem; it
Hallo Justin Piszcz,
I have found the problem; it was a single patch from microsoft, remove it
and fixed! :)
Please can you tell us the Patchnumber?
Greetings
Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions:
Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Piszcz wrote:
| I have found the problem; it was a single patch
| from microsoft, remove it and fixed! :)
which patch ? We'll need to fix Samba to work with it.
Samba 3.0.11, AIX 5.2 linux RH9 2.4.20-28.9smp
I can confirm by uninstalling and re-installing that patch the problem
exists and is fixed by removing that patch on two separate windows 2000
professional (SP4) machines and additionally; another win2k box (sp1?)
with no patches never had any problem during any of this (used as a
control).
On Sat, 2005-02-12 at 20:41 -0500, Justin Piszcz wrote:
I can confirm by uninstalling and re-installing that patch
Each patch has a Q number. Can you tell us what it is, so we can
pursue our testing?
Andrew Bartlett
--
Andrew Bartlett
On Sun, 2005-02-13 at 16:36 +1100, Andrew Bartlett wrote:
On Sat, 2005-02-12 at 20:41 -0500, Justin Piszcz wrote:
I can confirm by uninstalling and re-installing that patch
Each patch has a Q number. Can you tell us what it is, so we can
pursue our testing?
I thought that he did -
When Microsoft released their 8-9 new patches this week, around Tuesday,
02/08/05; I can no longer copy files to any of my samba shares.
Before Microsoft's patches, everything worked OK; I have multiple Linux
SAMBA servers and two separate Windows 2000 Professional SP4 machines;
each were
Just a note: It has _ALWAYS_ worked, I applied the patches on Windows 2000
yesterday and it stopped working after that.
Perhaps a Windows 2000 problem? Do you use Windows 2000 and have updated
to the latest patches? *THAT* is when the error began!
Here it is:
# The global is required for all
Yes i have the ServicePack 4 on my Win2K, and is works fine.
Set your debug Level to 10 and debug it...
I have not this Problem and the same Server and Client.
I Think Win2K have a security-user Patch in the Service Pack 4 and this
make your Problems.
You must debug your Problem, or i hope
I have found the problem; it was a single patch from microsoft, remove it
and fixed! :)
On Fri, 11 Feb 2005, Andreas Koch wrote:
Yes i have the ServicePack 4 on my Win2K, and is works fine.
Set your debug Level to 10 and debug it...
I have not this Problem and the same Server and Client.
I Think
[SPAM]?
Ur, what spam is this in response to?
On Fri, 11 Feb 2005, Justin Piszcz wrote:
Date: Fri, 11 Feb 2005 18:38:01 -0500 (EST)
From: Justin Piszcz [EMAIL PROTECTED]
To: Andreas Koch [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: Re: [SPAM] Re: Re: [Samba] Samba 3.0.10
Installing and probing samba-3.0.10 stable like fileserver (and
3.0.11stable too), we´ve registered impossibility to login us
into a PDC samba using the [EMAIL PROTECTED] format. The validation was
successfully using user_domain format.
The PDC samba (version 2.2.12) is running over a Freebsd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel Romeo wrote:
| Installing and probing samba-3.0.10 stable like fileserver
| (and 3.0.11stable too), we´ve registered impossibility
| to login us into a PDC samba using the [EMAIL PROTECTED]
| format. The validation was successfully using
|
Nevertheless with a file server samba-3.0.7, drawback is not present.
Greetings, Daniel.
Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel Romeo wrote:
| Installing and probing samba-3.0.10 stable like fileserver
| (and 3.0.11stable too), we´ve registered
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel Romeo wrote:
| Nevertheless with a file server samba-3.0.7, drawback
| is not present. Greetings, Daniel.
File Server vs. PDC are different things.
You cannot logon to a Samba Domain using
[EMAIL PROTECTED] syntax from a Windows client.
We did it and we do it translating @ to _ in
/usr/local/samba/private/username.map (user_domain = [EMAIL PROTECTED]) in the
PDCserver (Linux and BSD) and Fileservers (microsoft and unix´s family),
but the question is other: Until samba-3.0.7 it´s possible. Anything
have changed.
Gerald (Jerry)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel Romeo wrote:
| We did it and we do it translating @ to _ in
| /usr/local/samba/private/username.map
| (user_domain = [EMAIL PROTECTED]) in the PDCserver (Linux
| and BSD) and Fileservers (microsoft and unix´s family),
Ahh... I see. I had not
I don't understand this statement. Do you mean that the
changes to the username map semantics in Samba 3.0.8
broke your servers ?
I simply say that its not functionally after 3.0.7 (only work with the
user_domain format, in all clients),
I added a line 'jerry = [EMAIL PROTECTED]' and the logon
Hi all!
I have a problem and I can't seem to figure out what is causing it.
Because of this I think it's important to tell the whole story...
One of my clients has a small office network, where these used to be a
Samba 2.x.x server using smbpasswd acting as PDC. A few month ago I
installed a
I'm trying to track down these errors myself. They are usually
attributed to a virus or trojan that happens to be on the network...
The weird part about them, is they do come from valid IPs on the subnet
in some cases and are related to specific machine IPs. So, I'm not sure
why samba is
Though I'm still concerned about the error, it looks like everything
is actually working. Winbind is authing users no problem, domain users
can gain access, so all seems well.
--
Andrew S. Zbikowski | http://andy.zibnet.us
A password is like your underwear; Change it
frequently, don't share
Hello,
I'm constantly getting those errors on my samba server:
[2005/01/24 11:04:16, 0] lib/util_sock.c:read_socket_data(384)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2005/01/24 16:54:32, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was
Hi
(sorry I do this question again, but my computer is block and I lost all my
e-mail)
I will install samba 3.0.10 in solaris 9/10. I would like to know if this
version of samba
is multi task. Today I use the samba 2.2.2 in solaris 8 (server with 2
processor), bat the
sons process of samba work
On Mon, 3 Jan 2005, Andrew Zbikowski wrote:
I don't know if it might also work in your case. After defining an
uppercased netbios name on smb.conf, the segfault warnings stopped.
netbios name = TTLNX01
Mine was already uppercased, so that's not it.
I've seen similar error messages when
Hi,
I am buying a server SUN with 4 processor and work with solaris 10, and
I am going to install
samba-3.0.10-sol10-sparc-local.gz.
Please: I would like to know if this version of samba is multi task (work
with more one processor)
or if all sons trials work in only one processor)
Thank you
I open an excel file from a samba share, modify it, the *first* (and
only first) time I save, Excel says:
The file 'foo.xls' may have been changed by another user since you last
saved it. In that case, what do you want:
O Save a copy
O Overwrite changes
Any ideas what's
Using samba-3.0.10(*) on RedHat Enterprise 3, and client WinXP boxes
with Office 2003. All servers and clients have synchronized clocks (ntp).
I open an excel file from a samba share, modify it, the *first* (and
only first) time I save, Excel says:
The file 'foo.xls' may have been changed by
On Wed, Jan 12, 2005 at 01:18:37PM -0600, Rex Dieter wrote:
Using samba-3.0.10(*) on RedHat Enterprise 3, and client WinXP boxes
with Office 2003. All servers and clients have synchronized clocks (ntp).
I open an excel file from a samba share, modify it, the *first* (and
only first) time
On Wed, 12 Jan 2005, Jeremy Allison wrote:
On Wed, Jan 12, 2005 at 01:18:37PM -0600, Rex Dieter wrote:
Using samba-3.0.10(*) on RedHat Enterprise 3, and client WinXP boxes
with Office 2003. All servers and clients have synchronized clocks (ntp).
I open an excel file from a samba share, modify it,
Earlier I had written regarding an issue with ADS
support not compiling in in the 3.0.9 release. As of a
few days ago, we scrapped the 3.0.9 install, and set
up 3.0.10, and ADS support compiled in immediately. It
looks like there might be something funny in the make
file for 3.0.9 building on
I don't know if it might also work in your case. After defining an
uppercased netbios name on smb.conf, the segfault warnings stopped.
netbios name = TTLNX01
Mine was already uppercased, so that's not it.
--
Andrew S. Zbikowski | http://andy.zibnet.us
A password is like your underwear;
I'm afraid it is no the issue (that about ACLs).
Winbind resolves local permission with Windows IDs. That not works in
local files with a winbind user.
The smbclient thing is a proof that something goes wrong.
Thank you anyway.
On Thu, 30 Dec 2004 05:40:22 -0800, Thomas M. Skeren III
[EMAIL
The netbios name is defined as:
l%h
so I don't think it is a problem, but I'll try.
thx
On Thu, 30 Dec 2004 14:28:18 +0100 (CET), [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
On 30 Dec, Pau Capdevila wrote:
Authentication does work but it does not permission resolution (we use
winbind).
Authentication does work but it does not permission resolution (we use
winbind). Neither smbclient -U domain user.
I don't know the solution yet.
We also use Debian but I'm afraid it is not Debian related because
I've tried to compile Samba and MIT kerberos from source and it keeps
failing.
On 30 Dec, Pau Capdevila wrote:
Authentication does work but it does not permission resolution (we use
winbind). Neither smbclient -U domain user.
I don't know the solution yet.
We also use Debian but I'm afraid it is not Debian related because
I've tried to compile Samba and MIT
Pau Capdevila wrote:
Authentication does work but it does not permission resolution
Huh? Do you mean that there's file access permission issues? If so
have you set up acl's? Remeber posix permissions are User, Group,
Other. All clients authenticating via W2K3 are Other.
(we use
winbind).
i have successfully joined to an active dir server with 1000 users
all is work fine but sometimes when i try to run wbinfo -u i have this
message in the winbind log file:
return critical error. Error was Call timed out: server did not respond
after 1 milliseconds
is there a way to increase
Does Samba 3.0.x can be compiled on RH AS 2.1 (using glibc 2.2.4)? I can't
complete the compilation! Here are the configuration options:
./configure --prefix=/usr --sysconfdir=/etc/samba \
--localstatedir=/var/samba --with-ldap --with-ads \
--with-smbmount --with-pam --with-pam_smbpass \
abrams:~# kinit [EMAIL PROTECTED]
This seems to work just fine.
abrams:~# net ads join TwinCities\TTAGS\SERVERS
[2004/12/28 18:52:20, 0] libads/ldap.c:ads_add_machine_acct(1475)
Warning: ads_set_machine_sd: Unexpected information received
Using short domain name -- CORP
[2004/12/28 18:52:23, 0]
Andrew Zbikowski wrote:
Since smb.conf is a link..let me try.
I've experienced some strange things as well, the question is, can ADS
users get a share properly? I had similar probs, but the share works.
What does net ads testjoin show?
Also in smb.conf you have a passdb backend. DON'T.
Commented out passdb backend
abrams:/etc/samba# net ads testjoin
Join is OK
abrams:/etc/samba# net ads join
[2004/12/28 20:00:31, 0] libads/ldap.c:ads_add_machine_acct(1368)
ads_add_machine_acct: Host account for ttlnx01 already exists -
modifying old account
Using short domain name -- CORP
Andrew Zbikowski wrote:
Commented out passdb backend
abrams:/etc/samba# net ads testjoin
Join is OK
abrams:/etc/samba# net ads join
[2004/12/28 20:00:31, 0] libads/ldap.c:ads_add_machine_acct(1368)
ads_add_machine_acct: Host account for ttlnx01 already exists -
modifying old account
Using short
Well I spoke a bit to soon. While I was able to get to the stage of
doing a make I get the following errors when the make ends, this is
using Kerberos 5:
libsmb/clikrb5.c: In function `krb5_set_real_time':
libsmb/clikrb5.c:49: dereferencing pointer to incomplete type
libsmb/clikrb5.c:50:
I am attempting to setup Samba 3.0.10 on a Windows 2000 Active Directory
domain. The problem I'm having is getting Samba to configure correctly
to get the Kerberos library.
I've gone through previous posts and have tried doing what others
suggested but I still keep getting the error of:
Follow up:
Sorry to have bothered all, after signing up to the list I was able to
look at other archives but didn't do so until after I sent the email I
found a post with the following link in it which had a helpful little
piece in it.
http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html
Hope
Jon Starbird wrote:
Follow up:
Sorry to have bothered all, after signing up to the list I was able to
look at other archives but didn't do so until after I sent the email I
found a post with the following link in it which had a helpful little
piece in it.
I wouldn't use that. It's gopt usefull
Gerald (Jerry) Carter schrieb:
| A question to the thread 3.0.9 and macro %f
|
| http://marc.theaimsgroup.com/?l=sambam=110260704009010w=2
|
| Do you have a patch for that?
Not fixed yet. Is tehre a bugzilla number for it ?
Just so I don't forget.
no. You wrote on 2004-12-09:
ok.
yesterday I upgrade my samba from 3.09-1 to the current 3.0.10-2 after
completing the upgrade process I can nolonger connect to my samba sever from
windows xp client. I start the serveces list to see what smbd nmbd is doing,
and notice that smbd has 6 pid running and nmbd has only 2 running.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas Bork wrote:
| Gerald Carter schrieb:
|
| This is the latest stable release of Samba. This is the version
| that production Samba servers should be running for all current
| bug-fixes. This is primarily a security release to address
|
Gerald Carter schrieb:
This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all current
bug-fixes. This is primarily a security release to address
CAN-2004-1154.
Compiles ok with changed configure and printing-3-0-10.patch :)
A
80 matches
Mail list logo