Re: [Samba] Samba and OSX
i use OSX too, i don't know how to browse a samba server, but i know to conect a share, may it help's u. you have to press "command +k" then u have to typ "smb://domain;username@samba/share". with jaguar it works great. ( better than win xp ;) marcel Am Mittwoch, 01.01.03, um 23:21 Uhr (Europe/Berlin) schrieb Jim LaSalle: How do I map OSX to Samba file shares? I'm not new to Samba but OSX is a puzzle. I can get the Mac OSX to see the Samba server but not the shares. Maybe I'm so hung up on the Windows "net use D: \\server\share" syntax I can see the forest for the trees. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- marcel beltz beltz.info email: [EMAIL PROTECTED] am mittleren moos 48 fon: +49 177 736 787 1 86167 augsburg ++
[Samba] Virus
Someone (who is on my email address list) said I sent an email with an attachment saying something about Here is a game, I hope you should like it. If you receive any emails from me with an attachment be sure not to open it. It's a virus of some sort. Taylor _ MSN 8: advanced junk mail protection and 2 months FREE*. http://join.msn.com/?page=features/junkmail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ÌؼÛÐÂÊé
ÉîÛÚÍøÂçÊéµê×£ÄúÐÂÄêÓä¿ì£¡ µã»÷½øÈëÉîÛÚÍøÂçÊéµê£º¡¡http://www.szbookshop.com --- ʹÓü«ÐÇÓʼþȺ·¢£¬ÎÞÐëͨ¹ýÓʼþ·þÎñÆ÷£¬Ö±´ï¶Ô·½ÓÊÏ䣬ËٶȾø¶ÔÒ»Á÷£¡ ÏÂÔØÍøÖ·£ºhttp://love2net.51.net/£¬¸ü¶àÃâ·ÑµÄ³¬¿áÈí¼þµÈÄãÀ´Ï¡¡ INFORMATION This message has been sent using a trial-run version of the TSmtpRelayServer Delphi Component. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0 PDC and Active direcory
Samba 3 will not act as an active directory server. You need to use a win2k server for that. - Kristyan Osborne IT Technician Longhill High School 01273 391672 -- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. -Original Message- From: Alex Pita [mailto:[EMAIL PROTECTED]] Sent: 27 December 2002 09:18 To: [EMAIL PROTECTED] Subject: [Samba] Samba 3.0 PDC and Active direcory Hello all, I'm using samba 2.2.7a acting as PDC on my lan (clients are only Windows 2000 Professional). All is working fine except one thing: Active Directory! I read the documentation and i saw that samba 3.0alpa21 it has support for Active directory. I downloaded this version and before start i read the docs. It seems to be not what i am looking for. I said this because for ADS support, is required the following pieces: Windows 2000 Server ^^^ Samba 3.0 Kerberos5 OpenLdap So, the conclusion is only one: I still required a Windows 2000 Server Platform. I suppose because Samba will connect to W2k Server and import from there Active directory policy. What i want is to use ONLY Windows 2000 Professional (for clients) and a Linux box for Sammba PDC and ADS. If W2k server is still required in this case the Linux and Samba become UNUSEFULL (because all things can be done using W2k server platform not only ADS policy) Can somebody tell me if exist any schema to support ADS on Samba without using a W2k Server? For example: In samba - netlogon i have a script which sincronize time between Samba server and W2k clients. Without ADS support is necessary to login on each W2k client OS and add using Local Security Policy Editor each particular settings for an user from my domain which want to connect to this station (Time settings is allowed by default only for power users, or if i add a new group with some particular settings). This thing is verry difficult to implement if i have more then 2-3 client stations in my LAN. Can anybody tell me how can i do this job? I need to implement one global policy which will be applied (imported) to all stations located in my LAN. Thanks in advance for your help, Regards, Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sometimes WBINFO reports Bad Secret for ComputerAccount of ser ver
On Thu, 2003-01-02 at 12:02, Petry Roman, ITS-IT wrote: Hello, we use Samba 2.2.7 in our company to serve files for nearly 800 people.. Sometimes they get errors within the netlogon script which asks them for their passwords.. 1 Minute later after a reboot everything works o.k.. no asking again.. i created a trace file for wbinfo and sometime i get secret is bad.. Tue Dec 31 09:15:00 CET 2002 Secret is good Tue Dec 31 09:16:00 CET 2002 Secret is bad 0xc022 Tue Dec 31 09:17:00 CET 2002 Secret is good We have 3 Domain Controllers with NT4.0 SP6a.. FDDI Backbone.. WINS ready and o.k.. What´s the meaning of this hex code ?? #define NT_STATUS_ACCESS_DENIED NT_STATUS(0xC000 | 0x0022) Any hints .. Strange, it may have some problems with one of the DC? Can you tell if the log say somwthing more useful? you may set debug level to 10 and look what happens? ... uhmm seem we do not have a -d option in wbinfo ... but winbindd have it Try running winbindd with -d 10 and look at logs. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] Winbind
Hi Peter, I'm not really sure, but (depending on your domain environment) you could need some of these lines: template homedir = /home/%D/%U template shell = /bin/bash netbios name = my_computer wins server = 123.123.123.123 security = domain password server = * encrypt passwords = yes workgroup = MY_DOMAIN log file = /var/log/samba/%m Regards, Heiko Peter Milburn wrote: Hi all. Have been running samba fine for ages now, have started to play with winbind. Sad to say I am not having any luck in getting the winbind to work. Here is my winbind part of the smb.conf #Windbind Global Settings winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash and here is what the log.winbind is saying Could not look up dc's for domain SPORTODDS [2003/01/02 12:59:59, 3] nsswitch/winbindd_cm.c:get_connection_from_cache(406) Could not open a connection to SPORTODDS for \PIPE\lsarpc (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) [2003/01/02 13:00:09, 1] nsswitch/winbindd_util.c:init_domain_list(144) Retrying startup domain sid fetch for SPORTODDS [2003/01/02 13:00:09, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(98) Could not look up dc's for domain SPORTODDS [2003/01/02 13:00:09, 3] nsswitch/winbindd_cm.c:get_connection_from_cache(406) Could not open a connection to SPORTODDS for \PIPE\lsarpc (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) [2003/01/02 13:00:19, 1] nsswitch/winbindd_util.c:init_domain_list(144) Retrying startup domain sid fetch for SPORTODDS [2003/01/02 13:00:19, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(98) Could not look up dc's for domain SPORTODDS [2003/01/02 13:00:19, 3] nsswitch/winbindd_cm.c:get_connection_from_cache(406) Could not open a connection to SPORTODDS for \PIPE\lsarpc (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND Is anyone able to point me the right direction. Thanks Pete -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] large file handling problems in 2.2.7a
On Tue, 24 Dec 2002, Carey Jung wrote: Hi, The release notes say 2.2.7a fixes some large file handling problems in smbclient, but I think not all. I'm seeing the following problems still: - large files in mounted filesystems (smbmount) report incorrect file sizes with Unix 'ls' and hence copy incompletely from an smbfs filesystem to an ext3 filesystem. That has nothing to do with smbclient. You need a kernel patch to make smbfs use better read/write SMBs and a tiny smbmount patch to make it negotiate properly. See: http://www.hojdpunkten.ac.se/054/samba/index.html That should fix ls, cp, tar etc. Can't answer for smbclient though. /Urban -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Large File support not quiet working..
On Wed, 18 Dec 2002, CHS wrote: when I configured the samba packages, I used --with-libsmbclient --with-ssl --with-smbmount --prefix=/usr I verified that LFS support in the configure output messages was detected as yes any ideas? http://www.hojdpunkten.ac.se/054/samba/index.html You need to patch the kernel to get smbfs to support LFS. The filesystem code has very little to do with samba (you do need to apply a tiny smbmount patch too). /Urban -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Sometimes WBINFO reports Bad Secret for Computer Account of ser ver
Hello and thanks four your mail, i have just turned the debug level to 10 and set the log size to 10 mb.. stoped and started samba and the log was full.. changed the debug level now to 5 and after 10 minutes the 10 mb log is full... a lot of infos.. i will try to fetch the problem with the help of the log files.. but it could be difficult.. any other hints ?? bye Roman -Original Message- From: Simo Sorce [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 02, 2003 12:23 PM To: Petry Roman, ITS-IT Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Sometimes WBINFO reports Bad Secret for Computer Account of ser ver On Thu, 2003-01-02 at 12:02, Petry Roman, ITS-IT wrote: Hello, we use Samba 2.2.7 in our company to serve files for nearly 800 people.. Sometimes they get errors within the netlogon script which asks them for their passwords.. 1 Minute later after a reboot everything works o.k.. no asking again.. i created a trace file for wbinfo and sometime i get secret is bad.. Tue Dec 31 09:15:00 CET 2002 Secret is good Tue Dec 31 09:16:00 CET 2002 Secret is bad 0xc022 Tue Dec 31 09:17:00 CET 2002 Secret is good We have 3 Domain Controllers with NT4.0 SP6a.. FDDI Backbone.. WINS ready and o.k.. What´s the meaning of this hex code ?? #define NT_STATUS_ACCESS_DENIED NT_STATUS(0xC000 | 0x0022) Any hints .. Strange, it may have some problems with one of the DC? Can you tell if the log say somwthing more useful? you may set debug level to 10 and look what happens? ... uhmm seem we do not have a -d option in wbinfo ... but winbindd have it Try running winbindd with -d 10 and look at logs. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing with CUPS Samba...
Jim Carter wrote on Samba-digest: Message: 17 Date: Wed, 1 Jan 2003 20:10:49 -0800 (PST) From: Jim Carter [EMAIL PROTECTED] To: Brad [EMAIL PROTECTED] Cc: Samba mailing list [EMAIL PROTECTED] Subject: Re: [Samba] Printing with CUPS Samba... On Wed, 1 Jan 2003, Brad wrote: So this is on the client (Red Hat 8 box)? And do you have cups installed on the client? And have you made any changes to the cupsd.conf file on the client? Yes, on the client both client.conf and cupsd.conf are unhacked. While they were given by my distro, it looks like they are just the ones that come with the cups sources. And did you tell it where the printer was? No, the broadcasts are sufficient. Server broadcasts are on by default. No -- they are *not*. Not any more. (They used to be up until about 2 years ago). When popular end-user distros like Mandrake starte to ship CUPS as default printing system, with easy configuration of dial-in into ISP with ISDN and such, it lead to automatic dial-in attempts with each broadcast server occuring, because the default broadcast address was 255.255.255.255 (that is broadcast through all available interfaces). Don't mix up the 2 directives Browsing Om and BrowseAddress 255.255.255.255 While Browsing in CUPS-speak is related to the broadcasting feature, a Browsing On (the default) does *not automatically conduct broadcasts (the server feature) -- it merely enables the *listening* to other broadcasts for the client part of the CUPS daemon. Only with a valid BrowseAddress setting there will be broadcasting done by the server. So, by default, CUPS source code (and all distros known by me) ship with a cupsd.conf configured to make a working *client*. Plug it in and start printing with no further configuration (or printer installation) *if* you are within the reach of some CUPS server's broadcasts. If you want a CUPS *server*: * install printers on it * enable the broadcasts by uncommenting the line BrowseAddress 255.255.255.255 (and possibly adapt the actuall b'cast address to your environment) I can use the printer at work, suspend the laptop, resume at home, and within 30 seconds it realizes that the work server and printer have disappeared and the home server and printer have come to life. I read that the server broadcasts the printer availability, but it doesn't seem to work here. If the clients are on a different subnet from the server, you have to do some special stuff to either send unicast announcements to a list of clients on the other nets, or have a cups server on a gateway machine rebroadcast the real server's packets. ...or make all clients poll the server. For example, are you suggesting that I should be able to just start OpenOffice writer and send a print job to the genetic printer (default) and it will know that there is a CUPS server present and so send it to the server? This will work -- *if* there is a default printer defined and/or if the $PRINTER environment variable isn't empty. OpenOffice looks into /etc/printcap for a list of available printers. CUPS doesn't need a printcap to work. But CUPS can write one for all clients depending on it. Make sure a directive Printcap /etc/printcap is in your cupsd.conf. Then all your printers should appear in your OpenOffice drop-down printer selection menu(s). To make it more spiffy, you could map the Generic Printer to a GUI print command (like KDE's wonderful kprinter, or xpp, or glp of ESP Print Pro, or gtklp) by using the spadmin utility in OpenOffice. There is a more detailed instruction on http://printing.kde.org/faq/kdeprint.phtml#out_6 which once was written for StarOffice, but can easily be used as guideline for OpenOffice too... (I am missing any relation to Samba here -- but I haven't followed the whole thread. Everything I discussed about browsing is, of course only relavant for native CUPS clients on any Unix-based OS. A native Windows client for CUPS is not yet ready for release or beta-testing ;-) Cheers, Kurt P.S.: And don't forget to to uncomment the last lines in /etc/cups/mime.types and /etc/cups/mime.convs should you experience print files from Windows clients (via Samba) which get tagged as unable to convert into printable format... It works for me (using LyX, Opera, etc) -- if the app can do lpr filename or lp filename, the page will go to the printer which the server designates as the default. Can you please post (or email) your cupsd.conf? I'll mail it separately. James F. Carter Voice 310 825 2897FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: [EMAIL PROTECTED] http://www.math.ucla.edu/~jimc (q.v. for PGP key) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] crazy smbpasswd
At 1.01.2003 on 21:08 CET +0100, wrote wing549: help!im really confused, ... i created the user Stealth on my Linux redhat 7.3 machine and when i configure my smb.conf file, for path = /home/Stealth, the machine would show up in Computers Near Me on my other windoez 2000 machine, but would not accept any passwords to the [share], when i run smbpasswd -a Stealth i get this. There must be a unix user Stealth, because samba use this unix user to work on the filesystem. With regards Frank. -- Frank Matthieß[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and OSX
On Wed, 2003-01-01 at 16:21, Jim LaSalle wrote: How do I map OSX to Samba file shares? I'm not new to Samba but OSX is a puzzle. I can get the Mac OSX to see the Samba server but not the shares. Maybe I'm so hung up on the Windows net use D: \\server\share syntax I can see the forest for the trees. Use the Go-Servers option, or something like that - I don't have my iBook in front of me at the moment. When you do that, type the server name, and connect to the server. To see the full list of shares, you may need to click the 'Authenticate' button, and give a valid username/password pair for the Samba server. Once you do this, the full list of shares should be viewable via a drop down list. Once you pick one of the shares and then click the 'Connect' button, it will be mounted as a volume on your desktop. Alternatively, you can use command line tools such as smbclient, and I am sure that the 'mount' command has syntax for mounting an SMB share into the /Volumes directory hierarchy on OS X. I hope that helps. like I said, I am running off memory here, but I have mounted my Samba server shares many times on my iBook, using Finder -- /- | Jim Morris | Email: [EMAIL PROTECTED] || AIM: JFM2001 \- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and OSX
On Wed, 2003-01-01 at 16:21, Jim LaSalle wrote: How do I map OSX to Samba file shares? I'm not new to Samba but OSX is a puzzle. I can get the Mac OSX to see the Samba server but not the shares. Maybe I'm so hung up on the Windows net use D: \\server\share syntax I can see the forest for the trees. Use the Go-Servers option, or something like that - I don't have my iBook in front of me at the moment. When you do that, type the server name, and connect to the server. To see the full list of shares, you may need to click the 'Authenticate' button, and give a valid username/password pair for the Samba server. Once you do this, the full list of shares should be viewable via a drop down list. Once you pick one of the shares and then click the 'Connect' button, it will be mounted as a volume on your desktop. Alternatively, you can use command line tools such as smbclient, and I am sure that the 'mount' command has syntax for mounting an SMB share into the /Volumes directory hierarchy on OS X. I hope that helps. like I said, I am running off memory here, but I have mounted my Samba server shares many times on my iBook, using Finder -- /- | Jim Morris | Email: [EMAIL PROTECTED] || AIM: JFM2001 \- -- /--- | Jim Morris | Email: [EMAIL PROTECTED] | |AIM: JFM2001 \--- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC passwd update to NIS server
Hello,
After some difficulties my samba pdc users can
change there smbpasswd and unix nis password in one go.
(They just use the ctrl-alt-del change
passwd.)
My setup:
A samba pdc running on host x (sunos) (Serving 3
TB, 500 users)
A YP NIS password server running on host y
(sunos)
The lines in smb.conf for this:
...passwd program = /samba/tools/changepasswd.exp %upasswd chat =
*new* %n\n *OK* *OK*...
The needed changepasswd.exp script:
---
#!/app/expect/bin/expect -f
set ypserver "toor@change to fit
your system"set ssh "/usr/local/bin/ssh"set passwd
"/usr/bin/passwd"
# Don't change below
set force_conservative 1 ;# set to 1 to force
conservative mode even
if
;# script wasn't run conservatively originallyif {$force_conservative}
{ set send_slow {1
.1} proc send {ignore arg}
{
sleep
.1
exp_send -s -- $arg
}}
set timeout -1set username [lindex $argv
0]send_user "new"system stty echoexpect_user -re "(.*)\n"set
password $expect_out(1,string)send_user "OK\n"log_user 0spawn $ssh
$ypserverexpect "change to fit your system:"send --
"passwd $username\r"expect -exact "passwd $username\rNew password:
"send -- "$password\r"expect -exact "\rRe-enter new password:
"send -- "$password\r"expect -exact "\rNIS passwd/attributes changed
on change to fit your system\r"expect
"change to fit your system :"send -- "exit\r"log_user
1send_user "OK\n"log_user 0expect eof---
Requirements:
1 root user account without too much stuff
duringthe login
1 install of expect ( http://expect.nist.gov/)
1 install of tcl ( http://www.tcl.tk/)
1 install of ssh or any other remote shell
thingy
Goodluck,
***Leroy R. van
LogchemIT Specialist / UNIX Admin,
AUT***
[Samba] Dos Window Access
Using Samba 2.2.3a with Redhat 7.3. win2k and Winxp client. I can map a samba share and use windows explorer to create files and folders. In the dos window, I can map a drive via 'net use' command, but when I try to do a directory listing, I get an error 'the system cannont find the path specified'. What's missing? Roger __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Share out of space
I seem to have a problem in a folder within a samba share. For some odd reason it's ran out of space in the folder. But other folders within the share aren't out of room. Can someone please help! Thanks, Roger Miranda Sumac Clothing Company 49 Adelaide Street Winnipeg, Manitoba Canada, R3A 0V8 t: (204) 942-0091 (ext. 203) (866) 266-9488 f: (204) 943-5939 c: (204) 228-2032 e: [EMAIL PROTECTED] w: www.sumacclothing.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2000 Terminal Server Connections
We have upgraded from NT Terminal Server to Wk2. In Windows NT we set the registry MulitpleUsersOnConnection = false. What is thier in equivilance for Windows 2000? Our Samba is running out of free connections per Terminal Server. Currently that number is 128. We have 5 terminal servers and each server spawns a single smbd process with 128 connections. Do I have to increase the number of MAX_CONNECTIONS and recompile samba? Or is thier a pain-free method to correct this? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and OSX
Command-K in the 'finder' (aka the desktop) or Go-Connect to Server menu and then smb://servername will let you browse and connect. Or, for unix-terminal freaks, you can use mount_smbfs (there is a man page for it for usage details). Mounted shares will show up as an icon on the desktop as well as in /Volumes/sharename. Oh, btw, you need encrypted password support on the server for the keychain to remember your passwords (this is a similar issue to WinXP's ability to not remember plain-text passwords). Use the help menu to dig up some info on how to connect if you need more help. Also, Apple's web site has a support area with some related documents. OS-X still has some serious problems for network users, though. For example, when connected to a SMB server, most non-ascii chars in file/folder names get mapped to '_'. Yuck! Worst still, some chars do not (like the cursive latin f [option-f]) which get written to the server correctly but confuses OS-X when the directory contents are read back... OS-X then invalidates the entire directory list causing all the files and directories to disappear. Experiment and know these issues before you deploy! Apple still has some work to do... :'( Phil Jim Morris wrote: On Wed, 2003-01-01 at 16:21, Jim LaSalle wrote: How do I map OSX to Samba file shares? I'm not new to Samba but OSX is a puzzle. I can get the Mac OSX to see the Samba server but not the shares. Maybe I'm so hung up on the Windows net use D: \\server\share syntax I can see the forest for the trees. Use the Go-Servers option, or something like that - I don't have my iBook in front of me at the moment. When you do that, type the server name, and connect to the server. To see the full list of shares, you may need to click the 'Authenticate' button, and give a valid username/password pair for the Samba server. Once you do this, the full list of shares should be viewable via a drop down list. Once you pick one of the shares and then click the 'Connect' button, it will be mounted as a volume on your desktop. Alternatively, you can use command line tools such as smbclient, and I am sure that the 'mount' command has syntax for mounting an SMB share into the /Volumes directory hierarchy on OS X. I hope that helps. like I said, I am running off memory here, but I have mounted my Samba server shares many times on my iBook, using Finder -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On Thu, 2 Jan 2003, Ronan Waide wrote: On December 10, [EMAIL PROTECTED] said: Try adding to smb.conf [globals]: interfaces = eth0 loOB Check that this says: interfaces = eth0 lo where lo is whatever the loopback interface is called on your system. To find it's name run 'ifconfig -a' The OB is a glitch. bind interfaces only = Yes Digging up this thread again: the current redhat version of samba seems to disregard the setting of 'bind interfaces only', as I'm still getting occasional external scans poking at my nmbd and getting a response. I had thought it was working correctly until I spotted a scan going through. What is the output of 'netstat -a'? HAve you set up a firewall on your system? How have you firewalled port 137/udp? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba
On Thu, 2 Jan 2003, Ryan oberto wrote: howdie all i hope you enjoyed your xmass and new year well i was just wondering if this is possible i would like to use samba pdc with a acl, binded to 3 aliases for 3 c class networks with dhcp is this possible Yes. thanks Ryan Oberto [EMAIL PROTECTED] [EMAIL PROTECTED] +27 82 877 3002 Live the life you love Love the life you live Escape the Gates of hell run linux -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RH ACL patches ?
-Original Message- From: Daniel Wittenberg [mailto:[EMAIL PROTECTED]] I'd like to use the advanced ACL's, so was curious if anyone has patches for ACL's aginst a stock RH kernel? Is there any particular reason you need to use a RedHat kernel? I've never had any problems running kernels compiled from 'standard' kernel source under RedHat. My file server is currently running kernel 2.4.19 with the ext2/ext3 ACL patches, in a RedHat 7.0 system. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind
-Original Message- From: Peter Milburn [mailto:[EMAIL PROTECTED]] and here is what the log.winbind is saying Could not look up dc's for domain SPORTODDS [2003/01/02 12:59:59, 3] nsswitch/winbindd_cm.c:get_connection_from_cache(406) Could not open a connection to SPORTODDS for \PIPE\lsarpc (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) Try specifying your domain controller directly in smb.conf, using a password server = line. I've had really bad luck with password server = *, it just doesn't work reliably for me. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem authenticating with Samba (security=domain) +Windows 2000 PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 16 Dec 2002, Javier Castillo Alcibar wrote: SMB: R transact - NT error, System, Warning, Code = (5) STATUS_BUFFER_OVERFLOW so, is possible that samba fails to interpret the pdc's answer because of the smb warning?? No. Please see the archives. The STATUS_BUFFER_OVERFLOW error code is used to indicate that a RPC PDU has been fragmented. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FIagIR7qMdg1EfYRAj2rAKDSAM6SPDQ+Efz7oQRsvIyK3/0UaACg2USX imyuHblMqw/F9CrUUpYZSOU= =4WpK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Changing the name of a server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 16 Dec 2002, Romeyn Prescott wrote: Now, when I type \\images on a command line I am asked to authenticate!!!? Images is set to domain authenticate. I switched everything back the way it was before and now it all works again. But I want rackimages to be images. You will need to rejoin the Samba box to the NT 4 domain after you change its name and power down the NT4 box it is replacing. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FIc/IR7qMdg1EfYRAjxOAJ413k260NCEUC7fdZDSqWfYRap8mACg6kap BvnQt+cL/BN9H/sbz4WIHXA= =7viR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] apparent w2ksp3 problem
Believe me, I have tried everytbing I can think of to solve this problem. I will work my tail off to resolve this but I am fresh out of ideas. Any suggestions would be GREATLY appreciated. Here are the details... problem: server can see machines/shares on clients but clients cannot see machines/shares on server workgroup/domain: golgerth no router server: rpms: kernel 2.4.18.19.8.0 net-snmp 5.0.6.8.80.2.i386 samba 2.2.5 xinetd 2.3.7.5.i386 torvalds - 192.168.100.3 clients: pubert - 192.168.100.1 pebbles - 192.168.100.2 toshie - 192.168.100.4 all: w2kp3, client for microsoft networks, file and printer sharing, Netbui, tcp/ip (mask 255.255.255.0, dns blank, wins blank and enable lmhosts lookup and netbios over tcp/ip), hosts and lmhosts accurate all machines have same user names and passwords smb.conf: # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2003/01/02 10:21:08 # Global parameters [global] workgroup = GOLGERTH netbios name = TORVALDS server string = Samba Server encrypt passwords = Yes log level = 3 log file = /usr/local/samba/var/log.%m max log size = 1 os level = 34 preferred master = True dns proxy = No wins proxy = Yes wins support = Yes hosts allow = 192.168.100. 127.0.0.1 nt acl support = No [homes] comment = Home Directories valid users = root Administrator mike read only = No browseable = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes ** tests run on server ** test3a: smbclient -L torvalds added interface ip=192.168.100.3 bcast=192.168.100.255 nmask=255.255.255.0 Domain=[GOLGERTH] OS=[Unix] Server=[Samba 2.2.5] Sharename Type Comment - --- tmpDisk Temporary file space IPC$ IPC IPC Service (Samba Server) ADMIN$ Disk IPC Service (Samba Server) root Disk Home Directories Server Comment ---- TORVALDS Samba Server WorkgroupMaster ---- GOLGERTH TORVALDS ** test3b: smbclient -L pubert added interface ip=192.168.100.3 bcast=192.168.100.255 nmask=255.255.255.0 Domain=[GOLGERTH] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$ IPC Remote IPC D$ Disk Default share print$ Disk Printer Drivers HP642 Printer HP642 PubertCDisk PubertDDisk ADMIN$ Disk Remote Admin MSOFFICE Disk C$ Disk Default share Server Comment ---- WorkgroupMaster ---- ** test4: nmblookup -B torvalds __SAMBA__ querying __SAMBA__ on 192.168.100.3 192.168.100.3 __SAMBA__00 ** test5: nmblookup -B pubert '*' querying __SAMBA__ on 192.168.100.3 192.168.100.3 __SAMBA__00 ** test6: nmblookup -d 2 '*' added interface ip=192.168.100.3 bcast=192.168.100.255 nmask=255.255.255.0 querying * on 192.168.100.255 Got a positive name query response from 192.168.100.1 ( 64.229.225.35 192.168.100.1 ) Got a positive name query response from 192.168.100.4 ( 192.168.100.4 ) Got a positive name query response from 192.168.100.2 ( 192.168.100.2 ) 64.229.225.35 *00 192.168.100.1 *00 192.168.100.4 *00 192.168.100.2 *00 ** test7: smbclient //torvalds/tmp added interface ip=192.168.100.3 bcast=192.168.100.255 nmask=255.255.255.0 Domain=[GOLGERTH] OS=[Unix] Server=[Samba 2.2.5] smb: \ smb: \ quit ** test10a: nmblookup -U -R -M golgerth querying golgerth on 0.0.0.0 192.168.100.3 golgerth1d ** test10b: nmblookup -U -R -M '-'
Re: [Samba] smbclient thinks passwordless account is anonymous
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 26 Dec 2002, John Tyner wrote: I want to use a passwordless account on my windows box to connect to from my linux box. When I do a smbclient -L host -U name, smbclient always prints Anonymous login successful even though I supplied a username. If I supply a password on the command line instead, then I don't get the Anonymous login message. Neither way works since the account actually doesn't have a password, but if I set a password and use it with smbclient then everything works as expected. It seems that if you don't supply smbclient with a password, then it assumes anonymous login regardless of whether or not the -U option was given. Is this the intended behavior or a bug? This sounds like our bug. Do you have a patch? If not, it will be al ittle while before I get caught up and can look into it. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FJDuIR7qMdg1EfYRArzxAJ0flvZhhbPa0rEODkp9ZMNEy61x8ACfQT+4 H+lK+2VFxazqFoRXE6BY1gI= =ci2b -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] what the AD support in 3.0 means?
hi, what is the following sentence from WHATS NEW IN Samba 3.0 alpha21 means: Active Directory support. This release is able to join a ADS realm as a member server and authenticate users using LDAP/kerberos. what I would like to do is a samba as domain contorller (PDC for win9x and domain contorller w2k professional sp3) but there is also a few w2k server. is it possible to use samba with ldap as domain contorller? (like an AC if I run w2k server? or what kind of features can't be used when I use samba with ldap as domain contorller? do I need samba 3.0 or can I do it with 2.2.7? thank you for your help in advance. yours. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On January 2, [EMAIL PROTECTED] said: Check that this says: interfaces = eth0 lo where lo is whatever the loopback interface is called on your system. To find it's name run 'ifconfig -a' I'd realised that. I'm not exactly a newcomer to unix/samba :) What is the output of 'netstat -a'? netstat was originally (I thought) showing nothing listening on 0.0.0.0. Reading the man page I realise this can't be right, since nmbd needs to listen there for broadcast traffic. It's currently showing a listener on 0.0.0.0. Tweaking socket address, interfaces, and bind interfaces only doesn't appear to change this, but as I said that's what I'd expect having read through the manual page. I'm just suffering from some sort of delusion that I managed to switch the service off at some point. HAve you set up a firewall on your system? How have you firewalled port 137/udp? No, the whole point of my setup is to try and configure any services on the machine to be safe in the absence of a firewall. If I don't have a listener on a given interface, then it doesn't matter if the firewall is working or not, you can't get any information from that interface for whatever service you're looking for. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. merde says, in other news, our mini-blimp blew away. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Netware and Samba PDC password sync
Hello all: Setup: Novell Client 4.83 sp1 Windows 2000 sp2 Redhat 7.3 (Samba 2.2.3a) Users are forced to change their password every 60 days by Novell. When they log in it tells them that they need to change their password and they agree to do so. While they are changing there is a dialog box that asks them if they want to change their Windows password as well. If they agree the computer eventually tells them that they don't have the rights to do so. How can I make it so that it will sync up the Samba password during this process? Thanks, A Cline _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] apparent w2ksp3 problem
On Thu, 2 Jan 2003, Michael Munger wrote: Believe me, I have tried everytbing I can think of to solve this problem. I will work my tail off to resolve this but I am fresh out of ideas. Any suggestions would be GREATLY appreciated. Here are the details... problem: server can see machines/shares on clients but clients cannot see machines/shares on server Firstly a quick sumary of your configuration below. Then some pointers. 1. Your samba server: a) Is acting as a stand-alone MS Windows file and print server. If you want it to act as a domain controller then you must add to smb.conf [globals]: domain logons = Yes If you want domain logon support for MS Windows NT4 clients then you also must have an [netlogon] share. b) Is acting as a WINS server. Are all clients configured so that in their TCP/IP configuration all have the IP address of your Samba server as the WINS server addresses? If you leave the WINS entries on your MS Windows clients blank then Win2K will use broadcast name resolution, not WINS. Why then enable samba to be a WINS server? c) You have not indicated clearly, but I conclude from the info you have provided that you did add your MS Windows users to /etc/passwd _AND_ to the smbpasswd file. If you did not add them to the smbpasswd file then do so using: smbpasswd -a 'user_name' 2. You MS Windows clients a) Why have you installed the NetBEUI protocol? Samba does NOT use it. b) When you install more than one protocol under MS Windows NT4/Win2K you may experience network connectivity problems UNLESS you also configure the LANA settings. LANA means Local Area Network Adaptor. It is configurable under the Network Services, NetBIOS interface. One every client the LANA settings should be identical. This way client/server location on all networks (Yes, NetBIOS treats each protocol (TCP/IP, IPX, NetBEUI) as another network!) will work the same way. I hope this info helps. - John T. workgroup/domain: golgerth no router server: rpms: kernel 2.4.18.19.8.0 net-snmp 5.0.6.8.80.2.i386 samba 2.2.5 xinetd 2.3.7.5.i386 torvalds - 192.168.100.3 clients: pubert - 192.168.100.1 pebbles - 192.168.100.2 toshie - 192.168.100.4 all: w2kp3, client for microsoft networks, file and printer sharing, Netbui, tcp/ip (mask 255.255.255.0, dns blank, wins blank and enable lmhosts lookup and netbios over tcp/ip), hosts and lmhosts accurate all machines have same user names and passwords smb.conf: # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2003/01/02 10:21:08 # Global parameters [global] workgroup = GOLGERTH netbios name = TORVALDS server string = Samba Server encrypt passwords = Yes log level = 3 log file = /usr/local/samba/var/log.%m max log size = 1 os level = 34 preferred master = True dns proxy = No wins proxy = Yes wins support = Yes hosts allow = 192.168.100. 127.0.0.1 nt acl support = No [homes] comment = Home Directories valid users = root Administrator mike read only = No browseable = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes ** tests run on server ** test3a: smbclient -L torvalds added interface ip=192.168.100.3 bcast=192.168.100.255 nmask=255.255.255.0 Domain=[GOLGERTH] OS=[Unix] Server=[Samba 2.2.5] Sharename Type Comment - --- tmpDisk Temporary file space IPC$ IPC IPC Service (Samba Server) ADMIN$ Disk IPC Service (Samba Server) root Disk Home Directories Server Comment ---- TORVALDS Samba Server WorkgroupMaster ---- GOLGERTH TORVALDS ** test3b: smbclient -L pubert added interface ip=192.168.100.3 bcast=192.168.100.255 nmask=255.255.255.0 Domain=[GOLGERTH] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$ IPC Remote IPC D$ Disk Default share print$ Disk Printer Drivers HP642 Printer HP642 PubertCDisk PubertD
[Samba] Initial configuration problem
Ok, this has been quite an experience. I have installed and set up Samba on a Linux server (Red Hat 8.0), but I have not had any success connecting the other machines to the server. There are a few Windows XP machines and a few OS X.2 machines that need to use the server. All of the machines can ping the server and vice versa. I can see the server under the workgroup, but when I try opening the server's folder, the folder cannot be opened (possibly due to a lack of permission). Here is my smb.conf: # Global parameters [global] netbios name = FILESERVER server string = Samba %d security = SHARE encrypt passwords = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.1. 192.168.2. 127. printing = lprng [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [tmp] comment = Temporary file space path = /tmp/Users read only = No guest ok = Yes [public] comment = Public Stuff path = /home/samba write list = @staff read only = No guest ok = Yes Any help would be greatly appreciated. And I thought Samba was trivial! --joe sremack -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble Printing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 18 Dec 2002, Chris Dos wrote: I've having a heck of time getting all of my Windows 2000/XP clients to print. Some can print fine. Others get an error that it can't write to the printer. I'm getting this message in log for someone that's having trouble: [2002/12/18 11:05:24, 0] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(398) unmarshall_rpc_header: FIRST endianness flag (0) different in next PDU ! Can you send me a full level 50 debug log surrounding this error. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FKOGIR7qMdg1EfYRAlxuAJwL0c/o+IIbXZk69K1/DslgHgBT0QCg8Tyu YUiweJw0juTqt8FLWdq55UU= =5FMv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] win 2000 - samba unix mount
Happy new year samba supporters!! I am new to samba. I am a UNIX admin and no little of MS shares. I am trying to use samba to mount/share my unix home dir on my pc running win 2000 pro. The samba server is running and I can smbclient to my user id successfully on the server. I have tried security user AND share. Either way, when I try mapping network drive on pc, specify user and password I get 'not authorized' error. Connectivity is NOT an issue obviously. smb.conf is pretty much default, I changed workgroup name. THe PC is on a corp domain which has nothing to do with samba server. DOes this matter?? The PC and server are NOT on the same subnet. Does that matter?? Incidently PC responded differently to security specification so that indicates to me it was indeed effectly communicating with server. thanks in advance -- Michael Matthews UNIX mail mailto:[EMAIL PROTECTED] Corporate mail mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On Thu, 2 Jan 2003, Ronan Waide wrote: On January 2, [EMAIL PROTECTED] said: Check that this says: interfaces = eth0 lo where lo is whatever the loopback interface is called on your system. To find it's name run 'ifconfig -a' I'd realised that. I'm not exactly a newcomer to unix/samba :) What is the output of 'netstat -a'? netstat was originally (I thought) showing nothing listening on 0.0.0.0. Reading the man page I realise this can't be right, since nmbd needs to listen there for broadcast traffic. It's currently showing a listener on 0.0.0.0. Tweaking socket address, interfaces, and bind interfaces only doesn't appear to change this, but as I said that's what I'd expect having read through the manual page. I'm just suffering from some sort of delusion that I managed to switch the service off at some point. Check the code for nmbd. You will see that it is essential that nmbd listens on all interfaces. That means it can reply to requests also. It will NOT broadcast on interfaces that are excluded from the interfaces specification if bind interfaces only has been set. HAve you set up a firewall on your system? How have you firewalled port 137/udp? No, the whole point of my setup is to try and configure any services on the machine to be safe in the absence of a firewall. If I don't have a listener on a given interface, then it doesn't matter if the firewall is working or not, you can't get any information from that interface for whatever service you're looking for. You are way out of good fortune if that is your intent. The only way you can completely isolate your samba server is using a firewall. I am happy to send you my simple iptables script if that will help you. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 2 Jan 2003, Ronan Waide wrote: Well, yeah, my understanding of the manual page was that if I set bind interfaces only, then it'll only respond on those interfaces. So even if someone pokes at the dialup interface, they shouldn't get a response. This doesn't appear to be the case at the moment. No. I think the manual page describes a subtle difference (at least it used to). if bind interfaces only is enabled, then nmbd will only respond to packets whose broadcast address matches the address of an interface listed as a valid interfaces in smb.conf. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FKqiIR7qMdg1EfYRAqfSAJ9wJA2tIKPtpFkQof+AVAc603PgEgCeM+aQ r6wC+sd5VHjzeAArJpa5RHg= =pxXu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On Thu, 2 Jan 2003, Ronan Waide wrote: On January 2, [EMAIL PROTECTED] said: Check the code for nmbd. You will see that it is essential that nmbd listens on all interfaces. That means it can reply to requests also. It will NOT broadcast on interfaces that are excluded from the interfaces specification if bind interfaces only has been set. Well, yeah, my understanding of the manual page was that if I set bind interfaces only, then it'll only respond on those interfaces. So even if someone pokes at the dialup interface, they shouldn't get a response. This doesn't appear to be the case at the moment. can completely isolate your samba server is using a firewall. I am happy to send you my simple iptables script if that will help you. Well, no, as I said, I'm not a newcomer to this stuff. I'm just not inclined to rely 100% on a firewall to do my security; I want the services it's protecting to be secure also. Ok. I understand what you want, but samba does not meet your needs right now. What is the next step then? How do you propose to solve the problem? Send us your samba patches and we will consider them. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Initial configuration problem
On Thu, 2 Jan 2003, Joe Sremack wrote: Ok, this has been quite an experience. Gald you are enjoying it! :) I have installed and set up Samba on a Linux server (Red Hat 8.0), but I have not had any success connecting the other machines to the server. There are a few Windows XP machines and a few OS X.2 machines that need to use the server. All of the machines can ping the server and vice versa. I can see the server under the workgroup, but when I try opening the server's folder, the folder cannot be opened (possibly due to a lack of permission). We are not clairvoyant yet, so if you want meaningful help you need to be a lot more explicit about what you observed. The above is an interpretation not an observation. Precisely, what error message are the MS Windows clients reporting? Also, what is the output of 'ipconfig /all' on one of your MS Windows clients? Here is my smb.conf: # Global parameters [global] netbios name = FILESERVER server string = Samba %d security = SHARE Share mode deos not work too well with recent MS Windows client updates. Suggest you start with user mode. Make sure you add all users to the smbpasswd file as well as to the /etc/passwd file. To add users to the smbpasswd file: smbpasswd -a 'user_name' PS: You can only add a user to smbpasswd if they already have a Unix/Linux system account in /etc/passwd. encrypt passwords = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Is this the correct token sequence for your Linux version passwd program? Check this by running 'passwd' as root and noting the exact token (string) sequence. unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.1. 192.168.2. 127. printing = lprng [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [tmp] comment = Temporary file space path = /tmp/Users read only = No guest ok = Yes [public] comment = Public Stuff path = /home/samba write list = @staff read only = No guest ok = Yes Any help would be greatly appreciated. And I thought Samba was trivial! Some want us to think that MS Windows networking is trivial also! - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind
Thanks for the little work around David. inthe password server I had the IP address changed it to the name of the machine was abale to get users and groups from the nt domain conroller. A problem I am having now is when I am trying ./wbinfo -r user Could not get groups for user peter [2003/01/03 09:28:25, 3] nsswitch/winbindd_group.c:winbindd_getgroups(791) [17886]: getgroups peterm this is what I get from winbind on log level3. Any suggestions on this ? Thanks heaps again Pete -Original Message- From: David Brodbeck [mailto:[EMAIL PROTECTED]] Sent: Friday, 3 January 2003 5:20 AM To: Peter Milburn; Samba (E-mail) Subject: RE: [Samba] Winbind -Original Message- From: Peter Milburn [mailto:[EMAIL PROTECTED]] and here is what the log.winbind is saying Could not look up dc's for domain SPORTODDS [2003/01/02 12:59:59, 3] nsswitch/winbindd_cm.c:get_connection_from_cache(406) Could not open a connection to SPORTODDS for \PIPE\lsarpc (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) Try specifying your domain controller directly in smb.conf, using a password server = line. I've had really bad luck with password server = *, it just doesn't work reliably for me. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Installation of SAMBA 2.2.7a
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 20 Dec 2002 [EMAIL PROTECTED] wrote: Hello, I had downloaded the samba 2.2.7a tarball, the pubkey and the samba-2.2.7a.tar.asc files from your website. The import of the samba-pubkey.asc works probably, but by the verify I get the errormessage that no path to this signature is defined and the signature can't verified. The distribution of Linux is the SuSE 8.0 and I used this lines. gpg --import samba-pubkey.asc gunzip samba-latest.tar.gz mv samba-latest.tar samba-2.2.7a.tar gpg --verify samba-2.2.7a.tar.asc kind regards It's because gpg can't find a path of trust from you to the samba distribution key. See teh GnuPG or PGP documentation for a better explanation of trusts. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FLu8IR7qMdg1EfYRAjnEAKCfX4HkGFtzCCcJ2+WAnOiUZaTIuACfW+gi IL92QjJZCuRS3Y4XNL8ywwM= =aEGD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP, SASL, Invalid credentials???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 22 Dec 2002, Norberto Bensa wrote: # smbpasswd -w admin Setting stored password for [EMAIL PROTECTED] in secrets.tdb # smbpasswd -D 15 -a nbensa . . . Why??? Am I missing something here or is there a bug in smbpasswd when using SASL in OpenLDAP, or it just doesn't work??? Samba uses a simple bind (does not support SASL binds right now). cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FL0bIR7qMdg1EfYRAsdYAKDghnrJxEwcEc+XLwWlC6LvSUYkcACgqlS4 Pl3Blx1BXrf5rzb65vboF0U= =cimT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo
Hi when I do a wbinfo -t I get this Secret is bad 0x8005 how bad is that, and what problems would that cause me ? Thanks Pete -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] printing problem
I just update our server to solaris 8 and now have problem to print there using samba. Here are a few lines that of the log files that could help to understand the problem: unix_clean_name [OSCARXLOVE.f5aGki] 01/02/03 15:14:53 guest opened file OSCARXLOVE.f5aGki read=No write=Yes (numopen=1 fnum=1) 01/02/03 15:14:53 openprint OSCARXLOVE.f5aGki fd=8 fnum=1 cnum=37 Discarding null print job OSCARXLOVE.f5aGki 01/02/03 15:14:53 guest closed file OSCARXLOVE.f5aGki (numopen=0) unix_clean_name [OSCARXLOVE.g5aGki] 01/02/03 15:14:53 guest opened file OSCARXLOVE.g5aGki read=No write=Yes (numopen=1 fnum=1) 01/02/03 15:14:53 openprint OSCARXLOVE.g5aGki fd=8 fnum=1 cnum=37 smbrun - running /usr/local/samba-1.9.15p8/bin/smbrun (/usr/bin/lp -c -dhplj5 /var/SMBtmp/OSCARXLOVE.g5aGki; rm /var/SMBtmp/OSCARXLOVE.g5aGki 21) /dev/null gave 0 Running the command `/usr/bin/lp -c -dhplj5 /var/SMBtmp/OSCARXLOVE.g5aGki; rm /var/SMBtmp/OSCARXLOVE.g5aGki' gave 0 01/02/03 15:14:55 guest closed file OSCARXLOVE.g5aGki (numopen=0) Any idea why the lp command gave 0? It creates the OSCARXLOVE.g5aGki file just OK but nothing is printing. It is print just fine if I manually run the command '/usr/bin/lp -c -dhplj5 /var/SMBtmp/OSCARXLOVE.g5aGki' Please Help. -Oscar -- Oscar Lovera Department of Earth Space Sciences Geology Building 595 Circle Drive East University of California, Los Angeles, 90095-1667 Office: Ph. and Fax: (310) 206-2657 Home: Ph. (562) 928-1849 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 Terminal Server Connections
On Fri, 2003-01-03 at 03:45, Joseph Kezar wrote: We have upgraded from NT Terminal Server to Wk2. In Windows NT we set the registry MulitpleUsersOnConnection = false. What is thier in equivilance for Windows 2000? Our Samba is running out of free connections per Terminal Server. Currently that number is 128. No, MS removed it. We have 5 terminal servers and each server spawns a single smbd process with 128 connections. Do I have to increase the number of MAX_CONNECTIONS and recompile samba? Or is thier a pain-free method to correct this? I don't know why we even have that limit, but yes, that's your only option. You will suffer some nasty performance issues however, as Samba has to change user between different requests (rather than the OS just scheduling a new process). You could consider setting up a (very large) number of 'netbios alias'es, and get each user to connect to a different one - Win2k will make separate connections to each. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
[Samba] samba 2.0.6 on HP-UX 11.0
I've had samba running cleanly on an HP-UX 11.0 system for many months, with DOMAIN security and one-to-one account name mapping. A few days ago I started getting password prompts on connection, and messages like this in the log files... [2003/01/02 15:46:36, 0] rpc_parse/parse_prs.c:(316) prs_mem_get: reading data of size 60 would overrun buffer. [2003/01/02 15:46:36, 0] smbd/password.c:(1430) domain_client_validate: unable to validate password for user cunning in domain ACCT01 to Domain controller *. Error wa s code 0. [2003/01/02 15:46:36, 1] smbd/password.c:(505) Couldn't find user 'cunning' in smb_passwd file. [2003/01/02 15:46:36, 1] smbd/password.c:(505) Couldn't find user 'cunning' in smb_passwd file. [2003/01/02 15:46:36, 1] smbd/reply.c:(909) Rejecting user 'cunning': authentication failed Nothing has changed on the server where samba runs. Could something like growth in the number of accounts on the domain controller cause this ? Any other suggestions ? Dave Dave Cunningham Computing and Network Services (408) 756-1382 Voice, (408) 539-4912 Pager [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with compiling
hi all, am trying to get samba 2.2.7a to compile on redhat 7.2 running ./configure --with-winbind --with-smbmount --with-pam --with-pam_smb I get this error checking configure summary... configure: error: summary failure. Aborting config when running just --with-winbind the configure finished no probs Thanks Pete -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with compiling
On Fri, 3 Jan 2003, Peter Milburn wrote: hi all, am trying to get samba 2.2.7a to compile on redhat 7.2 Ok. Untar samba-latest.tar.gz. tar xzvf samba-latest.tar.gz Now: cd samba-2.2.7/packaging/RedHat sh makerpms.sh Wait ... cd /usr/src/redhat/RPMS/i386 ls -la To install: 1. Delete the Red Hat packages a) List the packages to delete rpm -qa | grep samba b) rpm -e 'name of package' 2. Install Samba-Team package rpm -Uvh samba* You will find the SPEC file that built this in /usr/src/redhat/SPECS. If you want to mess with the settings do it in samba2.spec. To rebuild: rpm -ba -v samba2.spec Simple! - John T. running ./configure --with-winbind --with-smbmount --with-pam --with-pam_smb I get this error checking configure summary... configure: error: summary failure. Aborting config when running just --with-winbind the configure finished no probs Thanks Pete -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] mksmbpasswd.sh
I am in the process of configuring Samba on a Sun box (Solaris Ver. 8). I am using the latest version of Samba (2.22), which I down-loaded from sunfree.com. The problem that I was having is that,when propagate the Unix passwd file to the smbpasswd file, using the following command: cat /etc/passwd | mksmbpasswd.sh /usr/local/samba/private/smbpasswd. I discovered the mksmbpasswd.sh script was not include in this distribution. I eventually used WEBMIN to propagate the Unix password file to Samba. I have followedall of the pointers to this file and used the find command, and still can not locate this file in the current distribution of Samba. Where/how can I obtain only this file. Thanks, Nate Grissom [EMAIL PROTECTED]
Re: [Samba] mksmbpasswd.sh
On Thu, 2 Jan 2003, Nate Grissom wrote: I am in the process of configuring Samba on a Sun box (Solaris Ver. 8). I am using the latest version of Samba (2.22), which I down-loaded from sunfree.com. The problem that I was having is that, when propagate the Unix passwd file to the smbpasswd file, using the following command: cat /etc/passwd | mksmbpasswd.sh /usr/local/samba/private/smbpasswd. I discovered the mksmbpasswd.sh script was not include in this distribution. I eventually used WEBMIN to propagate the Unix password file to Samba. I have followed all of the pointers to this file and used the find command, and still can not locate this file in the current distribution of Samba. Where/how can I obtain only this file. Untar the samba-latest.tar.gz cd samba/source/scripts ls -al - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error in SNIA spec wrt. SessionSetupAndX response when dialect is NT LM0.12
Good evening, On the bottom of page 53, section 4.1.2.2 in the SNIA spec (http://www.snia.org/tech_activities/CIFS/CIFS-TR-1p00_FINAL.pdf), it states if the dialect is NT LM 0.12 and extended security is off (I.e., use traditional NTLMv2/NTLMv2 authentication w/o SecurityBlobs), the SessionSetupAndX response is as shown in section 4.1.2.2 with a word count = 4. However, what I have noticed is this is not the case, but rather, if you are doing NTLMv2 or NTLMv1 authentication w/o extended security, the SessionSetupAndX is really the one shown in 4.1.2.1 with a word count = 3. I tried this a few times, using NT4.0 + SP 6a client against NT4.0 + SP 6a, and Win2k + SP 3 against the NT4.0 + SP 6a server and all resulted in the same SessionSetupAndX response--the one shown in section 4.1.2.1 with a wc = 3. Am I doing something funky to get this result or is this in fact an issue in the spec? thank you and enjoy the evening. Joey. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error in SNIA spec wrt. SessionSetupAndX response whendialect is NT LM 0.12
On Fri, 2003-01-03 at 13:28, Joey Collins wrote: Good evening, On the bottom of page 53, section 4.1.2.2 in the SNIA spec (http://www.snia.org/tech_activities/CIFS/CIFS-TR-1p00_FINAL.pdf), it states if the dialect is NT LM 0.12 and extended security is off (I.e., use traditional NTLMv2/NTLMv2 authentication w/o SecurityBlobs), the SessionSetupAndX response is as shown in section 4.1.2.2 with a word count = 4. However, what I have noticed is this is not the case, but rather, if you are doing NTLMv2 or NTLMv1 authentication w/o extended security, the SessionSetupAndX is really the one shown in 4.1.2.1 with a word count = 3. I tried this a few times, using NT4.0 + SP 6a client against NT4.0 + SP 6a, and Win2k + SP 3 against the NT4.0 + SP 6a server and all resulted in the same SessionSetupAndX response--the one shown in section 4.1.2.1 with a wc = 3. Am I doing something funky to get this result or is this in fact an issue in the spec? Given that's what Samba returns, I would knock it up as an error in the spec. I've CC'ed Steve French, so see if he knows how to get such errata into the next version. For detailed protocol questions, I would suggest joining the developers list - [EMAIL PROTECTED], and the developers IRC channel #samba-technical on irc.freenode.net. (NOTE to other list-members: These are for technical discussions of Samba internals, and is not a help channel) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [Samba] anti-virus
Hi Ian, I see what you're trying to do, and no your correct. I wanted to do a similar thing such as placing it in to a log on script, however this is not possible as you can't set up a user from SAMBA to log on as a service. You would still have to visit every PC to set up the local security policies, and as long as you're there you may as well do the SOPHOS install at the same time. I tried to do a similar thing using Policies to set up a standard configuration and default SOPHOS settings however it became too messy due to checksum checks and the inability of the policy editor to set certain data types that were needed. Oh well, these are some of the problems we must contend with while trying to appease users, yet stay as far out of the Microsoft market as we can. David P.S. I haven't had a good look at SAV Admin or Enterprise Manager but it might be possible to use one of these products to do the job for you from an NT or W2K workstation. To the list, sorry for going off topic. Ian Wright wrote: Hi David Thanks for the reply. What I'm trying to do is deploy samba using Copy Sav Config and Paste Sav Config from the server to the workstations, but actually deploy from the server. Our PDCs are samba and so there is no Log on as a service user ( that I am aware of ) option in samba as with a NT PDC. The basic problem seems to be that the workstations can't create the entries in services. I have been onto Sophos's technical support and they did seem to think that it would be possible to do this, but couldn't be more specific, so I was just wondering if anybody has. Thanks Ian - Original Message - From: David Beards [EMAIL PROTECTED] To: Ian Wright [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 02, 2003 11:08 AM Subject: Re: [Samba] anti-virus Hi Ian, We use SOPHOS in CFA and, sorry, I couldn't quite follow you question. What exactly are you trying to do and what tool are you trying to use? We use the method of installing on each workstation from a CID (at each workstation) which then causes SOPHOS to update automatically. (ala the second part of your email) Time consuming but the only way I could see to do it. As far as using SAV Admin to push the installation out I don't think you can. SAMBA only provides you with an 'NT' like server for sharing of drives and printers. Even if you were running Linux on an x86 platform it wouldn't have the services and function calls required for SAV Admin to do it's job. David Ian Wright wrote: Hello all Have a small problem. We use Samba as our PDC for a large amount of NT clients. We also use Sophos anti-virus to protect the workstations and servers. The problem basically is that although I can get Sophos to work properly I have to go to the actual workstation to install it from the server. Once I've done this Sophos works fine and automatically updates from the server. However when I attempt to deploy Sophos from the server to the workstation it fails to start on the workstation. In a NT PDC domain the Sophos network user is given the permissions to Log on as a Service, and this works ok. However in a Samba PDC domain there is no option that I'm aware of that allows such permissions. Does anyone no how I can give the Sophos user sufficient permissions to start as a Service with Samba? I've made it domain adminstrator, but this didn't help. Thanks Ian -- David Beards Technical Manager Networks and Systems CFA 8 Lakeside Drive Burwood East 3151 Ph: 9262 8204 Mobile: 0419 519 366 CAUTION - This message is intended for the use of the individual or entity named above and may contain information that is confidential or privileged. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited and that you must not take any action in reliance on it. If you have received this communication in error, please notify CFA immediately and destroy the original message. -- David Beards Technical Manager Networks and Systems CFA 8 Lakeside Drive Burwood East 3151 Ph: 9262 8204 Mobile: 0419 519 366 CAUTION - This message is intended for the use of the individual or entity named above and may contain information that is confidential or privileged. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited and that you must not take any action in reliance on it. If you have received this communication in error, please notify CFA immediately and destroy the original message. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbmount
The path available to your startups scripts is not the same path available
to regular users. I would use /root/.credentials (Or where ever that file
is) instead of ~/.credentials.
Joel
On Thu, Jan 02, 2003 at 05:50:42PM -0800, George, John wrote:
Joel,
Thanks for the script commands. The smbmount command is working fine in the
startup script as long as I use username= and password=, or
username=username%password. However, when I try to use the credentials=
option, I receive an error upon startup 'Can't open credentials'.
I created a hidden file called credentials: ~/.credentials
The format for the command is:
smbmount //servername/sharename /mnt/sharename -o credentials=~/.credentials
I can run the command manually and am successfull. I have also tried:
chmod 777 ~/.credentials and am still only able to run this manually.
I prefer to use the hidden credentials file.
Thanks for your help!
John
-Original Message-
From: Joel Hammer [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 19, 2002 4:31 PM
To: George, John; [EMAIL PROTECTED]
Subject: Re: [Samba] smbmount
One way to is put the smbmount commands into your network startup script.
Remember that you don't need to be running nmbd or smbd to run smbmount.
So, in your network script, at the end of the start section, put in the
smbmount commmand. This will run with root priviledge, so you might
want to read about the uid and gid options of smbmount.
I would also put an umount command in the shutdown part
of the script, so these mounts will be gracefully umounted when the network
goes down.
I use this script to kill all smbmounts when my network goes down:
mount | grep type smbfs | sed 's/^.*on *//' | sed 's/ *type.*//' \
| sed 's/ /\\\ /g' | xargs -n1 -i{} umount {}
I suspect there are simpler ways of getting this done, like killall
smbmount, but, this works, at least on my machine.
Joel
On Thu, Dec 19, 2002 at 04:21:01PM -0800, George, John wrote:
Sorry, I restarted the machine.
-Original Message-
From: Joel Hammer [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 19, 2002 4:17 PM
To: George, John; [EMAIL PROTECTED]
Subject: Re: [Samba] smbmount
What are you restarting?
Joel
On Thu, Dec 19, 2002 at 04:08:02PM -0800, George, John wrote:
Hi,
I have successfully mounted 2 directories using smbmount. However, when
I
restart, they are no longer mounted.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Network ( LAN) browsing
HI all , Thanks to the fantastic support i got from the list I am a proud user of samba. I would like to know a little more for network browsing. I am able to access the windows and other samba boxes and access and download the files using " Xfsamba" . But the problem with this is that it allows me only to download one file at a time.. what if i want to download lots of files and folders at a time? i tried using other gui for samba clients like this which allowed me to mount the share in a mount point and use it like a drive. But In Xfsambathere is no need to mount the share before u start using it. Can any one please advice me what u people use this purpose ? what exactly i should use for this ? any help in any form :-D i meant any howtos or steps will be very very useful at this time thanks in advance senthil
Re: [Samba] printing problem
gave 0 means the command was successful. You might look at the printer log file for clues. Maybe the guest user doesn't have the proper permissions to run the lp command but your regular user does. Joel Running the command `/usr/bin/lp -c -dhplj5 /var/SMBtmp/OSCARXLOVE.g5aGki; rm /var/SMBtmp/OSCARXLOVE.g5aGki' gave 0 01/02/03 15:14:55 guest closed file OSCARXLOVE.g5aGki (numopen=0) Any idea why the lp command gave 0? It creates the OSCARXLOVE.g5aGki file just OK but nothing is printing. It is print just fine if I manually run the command '/usr/bin/lp -c -dhplj5 /var/SMBtmp/OSCARXLOVE.g5aGki' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba
howdie all how would i create a samba share that is accessable to everyone but doesnt require a password or for you even to have to log on to the box i have a 2000 and XP network and all the shares i make available asks for a password any ideas thanks Ryan Oberto [EMAIL PROTECTED] [EMAIL PROTECTED] +27 82 877 3002 Live the life you love Love the life you live Escape the Gates of hell run linux -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba
howdie all sorry the other didnt make sense how would i create a samba share that is accessable to everyone a share that doesnt ask for username or passwd just gives everyone the same rights on it but only for that share i have a 2000 and XP network and all the shares i make available asks for a username adn password any ideas thanks Ryan Oberto [EMAIL PROTECTED] [EMAIL PROTECTED] +27 82 877 3002 Live the life you love Love the life you live Escape the Gates of hell run linux -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] T-shirts
howdie all i still have T-shirts available 5 slogans escape the gates of hell run linux Linux the choice of the Gnu generation software is like sex better when its free i read your email get a grep on yourself they come in white black blue Sizes M L XL XXL price 1 x R75.00 2 x R140.00 3 x R250.00 4 x R270.00 5 x R300.00 if you are interrested please contact me off list thanks Ryan Oberto [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] +27 82 877 3002 Live the life you love Love the life you live Escape the Gates of hell run linux -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] can see the netw. but not connect...
I've recently managed to install linux which I'm pretty happy about :) I've tried to set up my home network, now this is what's giving me the head ache... I can get my computers to ping eachother, no problems, my XP and w2k computers can see the linux box in the network neighbourhod they can access the sort of first layer of the linux box but no further. I cannot access any of the shared folders... I ave spent hours and hours trying to understand this abd I have re-configured smb.comf many times. I think the problem is user related, I can get a login window in XP but only for guest and my passord don't work... ether that or a you're not authorized!!! :( any help would be greatly appreciated, I think I've done what I can :( and I can't be the first ontre to encounter this! BTW, I'm running Slackware 8.1, KDE 3 _ Free email with personality! Over 200 domains! http://www.MyOwnEmail.com Looking for friendships,romance and more? http://www.MyOwnFriends.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind Samba 2.2.7a on FreeBSD
Hello all, I've got a weird problem with a fresh install of Samba from the FreeBSD ports collection (btw. the BSD-box is also a fresh 4.7 Stable install). Configured Samba 2.2.7a - without cups - with winbind - with winbind-auth - with audit so far, the installation seemed to work fine... Then I copied the libnss_winbind.so to /usr/lib and softlinked it to /usr/local/lib as well as to the other files mentioned in the howto (with the .so.1 and .so.2 endings). FreeBSD has no /lib directory, so I used the ones below /usr and /usr/local. I left out the pam step because I just want to provide the file-serving capabilities of samba to the clients (hope this is correct - this is my first time playing around with winbind because I'm bored with syncronizing NTUnix Accounts). Then, I joined the domain with smbpasswd -j MYDOM -r NT4PDC -U Administrator (supplied the correct password) and got the success message. The wbinfo otions -u, -g, -t, -a (challenge/response plaintext) do all work fine. But when I want to connect from a w2ksp2-machine to Samba, it doesn't seem to hand over the provided user credentials to winbindd (same with smbclient on localhost). So here are some questions: - I don't need the pam configuration if I don't want other services to be authenticated with winbind, do I? - I don't need more winbind uid's and gid's than Users and Groups on the PDC? - If I enable the winbind use default domain option, I don't need to add the NT-Domainname to the Usernames in valid/admin users, do I? - Which is a good loglevel to see where the authentication fails? - Any other hints from more experienced samba/winbind/freebsd(non-linux) users (maybe you have a look at my smb.conf below)? btw here's my smb.conf: [global] workgroup = MYDOM netbios name = FOO interfaces = xl0 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes update encrypted = Yes password server = NT4PDC, NT4BDC wins server = NT4PDC winbind uid = 15000-15050 winbind gid = 15000-15050 template shell = /sbin/nologin winbind separator = + winbind cache time = 5 winbind use default domain = Yes [sysroot$] path = / valid users = Admin1, Admin2 admin users = Admin1, Admin2 read only = No [raid$] path = /raid valid users = Admin1, Admin2 admin users = Admin1, Admin2 read only = No any hints? would be great ;-) Wolfram -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 2.7.7a and redhat 8
Hi all, thanks to those who have been helping me so far. I am having a problem compiling 2.2.7a with smb-mount. Has anyone had any troubles in doing this ? Thanks, Peter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] hello
hi,happy new year holly -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Patch for unix extensions
On Wed, 2003-01-01 at 21:35, Steve Langasek wrote: On Wed, Jan 01, 2003 at 01:01:19PM +0100, Simo Sorce wrote: My idea was this: let make it so taht if unix extensions are enabled, then we NEVER resolve the links if we permit link creation. If we do not want to have it so rigid, we may also add a proper option, something like wide unix symlinks with all the proper warnings and normally disabled. Then if you do a normal call, the link will be honoured only if inside the exported file system. This way the trick cannot work, and unix applications (or setups) that rely on symlinks to work well are happy. If symlinks will never be resolved outside of the exported share, why do you need to resolve them on the server at all? A Unix client is equally capable of resolving this symlink on the server. They ARE resolved for normal CIFS clients that does not ask for UNIX extensions. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it
Re: [PATCH] parametric options
At 09:07 01.01.2003 +1100, Andrew Bartlett wrote: On Wed, 2003-01-01 at 02:44, Stefan (metze) Metzmacher wrote: Hi *, here are the parametric option changes of my big patch... all lp_param_*() functions now take the default value as last parameter this is usefull for all fn's and needed for the enum,bool,int and ulong functions :-) Is this the best way to do it - if we are going to have a notion of defaults, then doing it per-call is just waiting for disaster! Given that we are moving to a 'registration' style of module system (where we know at startup what modules we have), I think we really should move 'parametric options' to a registrations system too. Indeed, this would allow the implement ion of callback syntax checking, which could make testparm useful again. sounds good :-) but I don't know how to handle this when a vfs modules are loaded in a per share configuration... (it's easier to discuss details on IRC :-) lp_parm_string_list() now use talloc_str_list_make() and talloc_realloc_str_list_make and caches the the result for the called seperator, so if the function is called with the same separator it is not needed to call *_str_list_make() if the function is called with an other separator the old list is free'ed so we didn't get a memory leek if we call: lp_parm_string_list(SNUM(conn), test,name, \n\r\t, NULL); lp_parm_string_list(SNUM(conn), test,name,;,., NULL); lp_parm_string_list(SNUM(conn), test,name, \n\r\t, NULL); lp_parm_string_list(SNUM(conn), test,name,;,., NULL); lp_parm_string_list(SNUM(conn), test,name, \n\r\t, NULL); Why do we allow the separator to be changed at all? The 'normal' options in Samba don't all this - I really don't see the need for the added complexity. Furthermore, how are you going to tell SWAT etc about this - it should display lists as lists, and not depend on function parameters to get it right. I just don't like the idea that a list could change depending on a parameter somebody will always get slightly wrong. talloc_realloc_str_list_make() a add talloc_free() witch free's the memory of one talloc'ed memory segment This doesn't seem right - why not just free and replace that talloc context? I only want to free one segment in the talloc context and all other talloced memory in this talloc context should not be free'ed! a also add a view talloc_realloc_*() functions talloc_realloc_strdup() ... Why? If we have a struct witch is talloced and strings in the struct are talloced on the same talloc context should be replaced, it would be fine to free the memory of the old string...:-) Andrew Bartlett metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Re: [PATCH] parametric options
On Thu, 2003-01-02 at 23:51, Stefan (metze) Metzmacher wrote: This doesn't seem right - why not just free and replace that talloc context? I only want to free one segment in the talloc context and all other talloced memory in this talloc context should not be free'ed! a also add a view talloc_realloc_*() functions talloc_realloc_strdup() ... Why? If we have a struct witch is talloced and strings in the struct are talloced on the same talloc context should be replaced, it would be fine to free the memory of the old string...:-) Talloc doesn't work that way, and should not be made to work that way. If you want that, then you have malloc() and free(). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [PATCH] parametric options
At 00:10 03.01.2003 +1100, Andrew Bartlett wrote: *** PGP Signature Status: good *** Signer: Andrew Francis Bartlett [EMAIL PROTECTED] (Invalid) *** Signed: 02.01.2003 14:10:23 *** Verified: 02.01.2003 14:22:37 *** BEGIN PGP VERIFIED MESSAGE *** On Thu, 2003-01-02 at 23:51, Stefan (metze) Metzmacher wrote: This doesn't seem right - why not just free and replace that talloc context? I only want to free one segment in the talloc context and all other talloced memory in this talloc context should not be free'ed! a also add a view talloc_realloc_*() functions talloc_realloc_strdup() ... Why? If we have a struct witch is talloced and strings in the struct are talloced on the same talloc context should be replaced, it would be fine to free the memory of the old string...:-) Talloc doesn't work that way, and should not be made to work that way. If you want that, then you have malloc() and free(). I think it would be a nice (and usefull!) to have talloc_free() and talloc_realloc_strdup() Does anybody else has an opinion on that??? Andrew Bartlett metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Re: [PATCH] parametric options
On Thu, 2003-01-02 at 14:26, Stefan (metze) Metzmacher wrote: At 00:10 03.01.2003 +1100, Andrew Bartlett wrote: Talloc doesn't work that way, and should not be made to work that way. If you want that, then you have malloc() and free(). I think it would be a nice (and usefull!) to have talloc_free() and talloc_realloc_strdup() Does anybody else has an opinion on that??? If you want to use talloc you do not want to manage memory If you want to manage memory you do not want to use talloc Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it
Re: daemontools patches for SAMBA 2.2.7a and HEAD
Have people had a chance to look at these patches and consider committing them to SAMBA? They're really simple and come with documentation mods, and they'd make life easier for a lot of sysadmins. Gerald had said back on 2002-09-25 that he wanted to get these committed, but by then the patches I had generated for 2.2.4a and HEAD were no longer valid... I wrote: I've revved up my patches to run all SAMBA daemons (nmbd, smbd, and winbindd) under daemontools. The patches add -F and -S options to each of those daemons, which make them run the foreground, and log to stdout respectively. Documentation, in the form of patches to the SGML for the man pages, is included. The patches can be found here: http://www.grendel.net/handler/pub/samba-patches/ If there's any problem with importing these patches into SAMBA, please let me know and I'll be glad to make any necessary changes. Thanks.
Going from 3.0 to 2.2.7
Hello and Happy New Year! I'm considering going to 2.2.7 version of Samba, but currently I'm at 3.0. Is it possible to do this smoothly without having to re-join all client machines to the domain? Any comments really appreciated! Thanks!
Re: Patch for unix extensions
On Wed, Jan 01, 2003 at 01:01:19PM +0100, Simo Sorce wrote: My idea was this: let make it so taht if unix extensions are enabled, then we NEVER resolve the links if we permit link creation. So if unix extensions are true, then all opens set O_NOFOLLOW. Ok if O_NOFOLLOW is defined and exists in the kernel - otherwise it's a nasty security hole waiting to happen. Jeremy.
Re: [homes] share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep, I think I changed the order of that test - because we use use the 'snum' attached to the vuid if possible, so as to avoid expensive lookups. The correct fix would be to fix lp_add_home() not to overwrite things when it finds that the home dir share already exists. (Because all the damage is actually done there - the order that the search is done doesn't matter any more, as the share is added as session setup time). Unfortunately the fix I was about to commit seems to be the opposite of an earlier 'fix' for a related bug. I'll need to stare at this a bit more... Andrew, Changing the order of the lookup without letting everyone know is a really bad thing. This is an incompatible change with 2.2. Since you described the correct fix, please take care of this. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FHWfIR7qMdg1EfYRAroZAKCmA1zv37Cbz5CkXVzBvEG/yAxrCgCgqoeF 0xfeqyczgN14iM8MEmT8GGs= =U5Gm -END PGP SIGNATURE-
smbpasswd and euid detection
Hello Samba folks; For some time now, I've been patching smbpasswd to get rid of the effective UID detection that it does. In 2.2.7a it simply tests if the effective UID differs from the real UID, and if the effective UID is 'root' then it bails: /* Check the effective uid - make sure we are not setuid */ if ((geteuid() == (uid_t)0) (getuid() != (uid_t)0)) This test will bail out if smbpasswd isn't suid 0, but the process that calls it is (eg, a utility agent for changing passwords and such). I've made a preliminary diff to actually stat() the executable to determine if it is suid 0: http://otc.isu.edu/smbpasswd-euid.diff -- Craig Kelley -- [EMAIL PROTECTED] Turn In Your Neighbor Today! http://www.bsa.org/usa/report/report.php http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
Re: Going from 3.0 to 2.2.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 2 Jan 2003, Irving Carrion wrote: I'm considering going to 2.2.7 version of Samba, but currently I'm at 3.0. Is it possible to do this smoothly without having to re-join all client machines to the domain? Probably will be painful. We generally work hard to make upgrades work, but downgrades are going to be troublesome due to TDB versioning changes, format changes, etc cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FHsZIR7qMdg1EfYRAodyAKDZA/621UCjGnQChN/TlC4wfv5vVACdFQlC mFq9lVK3tuIwsNZzujdLCjg= =SkrZ -END PGP SIGNATURE-
Re: smbpasswd and euid detection
On Thu, Jan 02, 2003 at 10:47:32AM -0700, Craig Kelley wrote: For some time now, I've been patching smbpasswd to get rid of the effective UID detection that it does. In 2.2.7a it simply tests if the effective UID differs from the real UID, and if the effective UID is 'root' then it bails: /* Check the effective uid - make sure we are not setuid */ if ((geteuid() == (uid_t)0) (getuid() != (uid_t)0)) This test will bail out if smbpasswd isn't suid 0, but the process that calls it is (eg, a utility agent for changing passwords and such). I've made a preliminary diff to actually stat() the executable to determine if it is suid 0: Why does your suid application not either assume full root privileges, or drop all such privileges, before exec()ing smbpasswd? -- Steve Langasek postmodern programmer msg05154/pgp0.pgp Description: PGP signature
RE: Going from 3.0 to 2.2.7
Thanks for the response! IRV -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gerald (Jerry) Carter Sent: Thursday, January 02, 2003 12:47 PM To: Irving Carrion Cc: [EMAIL PROTECTED] Subject: Re: Going from 3.0 to 2.2.7 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 2 Jan 2003, Irving Carrion wrote: I'm considering going to 2.2.7 version of Samba, but currently I'm at 3.0. Is it possible to do this smoothly without having to re-join all client machines to the domain? Probably will be painful. We generally work hard to make upgrades work, but downgrades are going to be troublesome due to TDB versioning changes, format changes, etc cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FHsZIR7qMdg1EfYRAodyAKDZA/621UCjGnQChN/TlC4wfv5vVACdFQlC mFq9lVK3tuIwsNZzujdLCjg= =SkrZ -END PGP SIGNATURE-
samba ldap pam password syncing woes
I am using an experimental configuration of samba with ldap. LDAP is used for linux login and imap authentication. Samba is used for domain login and file sharing. I have got the following ldap|pam|samba stuff installed on the system pam-0.75-25mdk samba-client-2.2.6-1.1mdk nss_ldap-202-1.1mdk perl-Authen-PAM-0.13-3mdk samba-common-ldap-2.2.6-1.1mdk samba-server-ldap-2.2.6-1.1mdk samba-winbind-ldap-2.2.6-1.1mdk mod_auth_ldap-1.6.0-7mdk openldap-2.0.25-7mdk openldap-clients-2.0.25-7mdk perl-ldap-0.26-2mdk pam-devel-0.75-25mdk libldap2-devel-static-2.0.25-7mdk libldap2-2.0.25-7mdk samba-swat-ldap-2.2.6-1.1mdk openldap-servers-2.0.25-7mdk openldap-back_ldap-2.0.25-7mdk openldap-guide-2.0.25-7mdk courier-imap-ldap-1.6.0-1mdk libldap2-devel-2.0.25-7mdk pam_ldap-148-3mdk Everything is up and running with one exception When I try to do a password change from a windows machine I get the following error ( repeated about 8 times ) [2003/01/02 18:51:48, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,65534) now set to (0,-1) uid=(0,65534) [2003/01/02 18:51:48, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid If I get rid of the password syncing option in the smb.conf the password gets changed with no problems but with the pam password change = yes option set in the file the user password change fails . I want to get the password syncing working because it would be cool for my users to have a single password for mail/unix stuff etc. Anyone encountered this before ? I've done a lot of googling and searched the bugs database but nobody seems to have encountered this problem before. I can change a users unix ( ldap ) password straight from the command line (using the passwd program) without any problems. This is the /etc/pam.d/passwd configuration that I have set up #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so use_first_pass accountsufficient /lib/security/pam_ldap.so accountrequired /lib/security/pam_unix_acct.so # I commented this out in case samba couldn't handle it ... #password required/lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_ldap.so password required /lib/security/pam_pwdb.so try_first_pass This is the /etc/pam.d/samba config #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so try_first_pass accountsufficient /lib/security/pam_ldap.so accountrequired /lib/security/pam_unix_acct.so I also tried this config . #%PAM-1.0 auth required /lib/security/pam_nologin.so auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth No errors with that one but the password remained unchanged Any ideas guys ? I reckon I must have screwed up the pam configuration for /etc/pam.d/samba but I am no pam expert so I am currently thrashing arround in the dark Kind Regards Bryan -- Bryan Hunt Systems Enginering Manager Ossidian Technologies Ltd Blackrock Co Dublin IRELAND Tel +353-1-2787111 Fax +353-1-2787136
Debug Level in pdb_get_set.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi (metze)! In HEAD and 3_0 log files I find that the debug messages from pdb_get_set are a bit annoying. I would like to put them at debug level 11. Would that be ok with you? Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Key-ID D32186CF, Fingerprint available: phone +49 551 370 iD8DBQE+FHbvOmSXH9Mhhs8RAuruAJ42Jt9x5yA6M5jnLQujru+Q95TGAQCfa1sk TON+WalAKbxma1swqnUfazY= =SSKK -END PGP SIGNATURE-
Re: smbpasswd and euid detection
On Thu, Jan 02, 2003 at 01:27:01PM -0700, Craig Kelley wrote: On Thu, 2 Jan 2003, Steve Langasek wrote: On Thu, Jan 02, 2003 at 10:47:32AM -0700, Craig Kelley wrote: For some time now, I've been patching smbpasswd to get rid of the effective UID detection that it does. In 2.2.7a it simply tests if the effective UID differs from the real UID, and if the effective UID is 'root' then it bails: /* Check the effective uid - make sure we are not setuid */ if ((geteuid() == (uid_t)0) (getuid() != (uid_t)0)) This test will bail out if smbpasswd isn't suid 0, but the process that calls it is (eg, a utility agent for changing passwords and such). I've made a preliminary diff to actually stat() the executable to determine if it is suid 0: Why does your suid application not either assume full root privileges, or drop all such privileges, before exec()ing smbpasswd? I've considered that, but thought of it more as treating the symptom instead of the cause. A better question may be, why even check for suid? Why should smbpasswd even care if it's running with effective privileges? The naive may confuse it with the UNIX passwd program, which is suid root on some systems, but those with that much knowledge surely understand the ramifications of giving superuser privileges to an executable. I consider confusing smbpasswd with the Unix passwd command a sign that one doesn't really have that much knowledge, at least where smbpasswd itself is concerned. It's easy to jump to the conclusion that smbpasswd needs root privs to make changes to the smbpasswd file -- it does not -- and the program has *not* been audited for use as an suid program, so it's dangerous to treat it the same as passwd. So if someone can run smbpasswd indirectly from an suid wrapper, there's still a high potential for security problems, the same as if smbpasswd is suid itself. If you need to let users call smbpasswd in an suid root context, your wrapper should do its own vetting of the user input and then assume full root privileges. -- Steve Langasek postmodern programmer msg05159/pgp0.pgp Description: PGP signature
Re: smbpasswd and euid detection
On Thu, 2 Jan 2003, Steve Langasek wrote: On Thu, Jan 02, 2003 at 01:27:01PM -0700, Craig Kelley wrote: On Thu, 2 Jan 2003, Steve Langasek wrote: On Thu, Jan 02, 2003 at 10:47:32AM -0700, Craig Kelley wrote: For some time now, I've been patching smbpasswd to get rid of the effective UID detection that it does. In 2.2.7a it simply tests if the effective UID differs from the real UID, and if the effective UID is 'root' then it bails: /* Check the effective uid - make sure we are not setuid */ if ((geteuid() == (uid_t)0) (getuid() != (uid_t)0)) This test will bail out if smbpasswd isn't suid 0, but the process that calls it is (eg, a utility agent for changing passwords and such). I've made a preliminary diff to actually stat() the executable to determine if it is suid 0: Why does your suid application not either assume full root privileges, or drop all such privileges, before exec()ing smbpasswd? I've considered that, but thought of it more as treating the symptom instead of the cause. A better question may be, why even check for suid? Why should smbpasswd even care if it's running with effective privileges? The naive may confuse it with the UNIX passwd program, which is suid root on some systems, but those with that much knowledge surely understand the ramifications of giving superuser privileges to an executable. I consider confusing smbpasswd with the Unix passwd command a sign that one doesn't really have that much knowledge, at least where smbpasswd itself is concerned. It's easy to jump to the conclusion that smbpasswd needs root privs to make changes to the smbpasswd file -- it does not -- and the program has *not* been audited for use as an suid program, so it's dangerous to treat it the same as passwd. So if someone can run smbpasswd indirectly from an suid wrapper, there's still a high potential for security problems, the same as if smbpasswd is suid itself. If you need to let users call smbpasswd in an suid root context, your wrapper should do its own vetting of the user input and then assume full root privileges. Then let's add suid checking to every program. They can all be abused, and the same argument should apply. Regardless, the patch I presented actually does what the the warning message claims it's doing. It stat()'s the actual binary of smbpasswd to see if it's suid or not. It doesn't add any dependencies, and it should work on all systems capable of handling geteuid(), which smbpasswd already uses. -- Craig Kelley -- [EMAIL PROTECTED] Turn In Your Neighbor Today! http://www.bsa.org/usa/report/report.php http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
Re: At least some people appreciate the effort we put in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 1 Jan 2003, Richard Sharpe wrote: So, while it is clear that there are assholes in the world, there are also those who make it all worth while. Richard, Why are you posting this to the list ? There could be any number of reasons why someone did not respond to your patch. You cannot just assume that someone is being rude. Maybe he/she was or maybe not. Who knows? And what real difference does it make? Would you do it again for someone else? Probably so? cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+FHrVIR7qMdg1EfYRAtwaAJ4sYQYzjuyeGDOck38qZCWzJLRltwCgt04W O2Evn9kvhC+W7/6Q2pNVpfQ= =dGon -END PGP SIGNATURE-
Samba and Kerberos
Hi, I am trying to understand the state of Samba using Kerberos authentication. I see from a search on the web that ADS support is now available in Samba, and presumably this uses an encrypted password communicated over the network rather than the behaviour that was previously available via the --with-krb5 flag. If so, would it not be a matter of implementation (as opposed to it being technically infeasible) to make sure that --with-krb5 now works with encrypted passwords? Can someone clue me in as to this please? Thanks, Kenneth
Re: Patch for unix extensions
On Thu, 2003-01-02 at 18:00, [EMAIL PROTECTED] wrote: On Wed, Jan 01, 2003 at 01:01:19PM +0100, Simo Sorce wrote: My idea was this: let make it so taht if unix extensions are enabled, then we NEVER resolve the links if we permit link creation. So if unix extensions are true, then all opens set O_NOFOLLOW. yes Ok if O_NOFOLLOW is defined and exists in the kernel - otherwise it's a nasty security hole waiting to happen. shit happens ;-) Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it
Re: At least some people appreciate the effort we put in
On Thu, Jan 02, 2003 at 11:45:56AM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 1 Jan 2003, Richard Sharpe wrote: So, while it is clear that there are assholes in the world, there are also those who make it all worth while. Richard, Why are you posting this to the list ? There could be any number of reasons why someone did not respond to your patch. You cannot just assume that someone is being rude. Maybe he/she was or maybe not. Who knows? And what real difference does it make? Would you do it again for someone else? Probably so? Also, it *was* our bug. I always subscribe to the all bugs are our responsibility - after all, we wrote the thing ! I *hate* bugs in my software, I don't care who reports them :-). Jeremy.
Re: smbpasswd and euid detection
On Thu, Jan 02, 2003 at 02:23:09PM -0700, Craig Kelley wrote: I consider confusing smbpasswd with the Unix passwd command a sign that one doesn't really have that much knowledge, at least where smbpasswd itself is concerned. It's easy to jump to the conclusion that smbpasswd needs root privs to make changes to the smbpasswd file -- it does not -- and the program has *not* been audited for use as an suid program, so it's dangerous to treat it the same as passwd. So if someone can run smbpasswd indirectly from an suid wrapper, there's still a high potential for security problems, the same as if smbpasswd is suid itself. If you need to let users call smbpasswd in an suid root context, your wrapper should do its own vetting of the user input and then assume full root privileges. Then let's add suid checking to every program. Most programs don't have the problem of people assuming they're analogous to other suid programs. They can all be abused, and the same argument should apply. Regardless, the patch I presented actually does what the the warning message claims it's doing. It stat()'s the actual binary of smbpasswd to see if it's suid or not. It doesn't add any dependencies, and it should work on all systems capable of handling geteuid(), which smbpasswd already uses. But if you're going to concede that the check is there for a reason (which you seem to be doing by not asking for the check to be removed altogether), then that reasoning applies whether or not smbpasswd itself is the program carrying the suid bit as explained above. -- Steve Langasek postmodern programmer msg05165/pgp0.pgp Description: PGP signature
Re: smbpasswd and euid detection
On Thu, 2 Jan 2003, Steve Langasek wrote: On Thu, Jan 02, 2003 at 02:23:09PM -0700, Craig Kelley wrote: I consider confusing smbpasswd with the Unix passwd command a sign that one doesn't really have that much knowledge, at least where smbpasswd itself is concerned. It's easy to jump to the conclusion that smbpasswd needs root privs to make changes to the smbpasswd file -- it does not -- and the program has *not* been audited for use as an suid program, so it's dangerous to treat it the same as passwd. So if someone can run smbpasswd indirectly from an suid wrapper, there's still a high potential for security problems, the same as if smbpasswd is suid itself. If you need to let users call smbpasswd in an suid root context, your wrapper should do its own vetting of the user input and then assume full root privileges. Then let's add suid checking to every program. Most programs don't have the problem of people assuming they're analogous to other suid programs. Most people who understand how to bless suid powers on an executable are familiar with the ramifications of doing so. Having to write wrappers to deal with it could be even more dangerous (who knows...?) They can all be abused, and the same argument should apply. Regardless, the patch I presented actually does what the the warning message claims it's doing. It stat()'s the actual binary of smbpasswd to see if it's suid or not. It doesn't add any dependencies, and it should work on all systems capable of handling geteuid(), which smbpasswd already uses. But if you're going to concede that the check is there for a reason (which you seem to be doing by not asking for the check to be removed altogether), then that reasoning applies whether or not smbpasswd itself is the program carrying the suid bit as explained above. 'tis but a gift horse of a patch. Ignore it if you wish; at a minimum the warning should be changed to something more accurate and less heart-attack-inducing than smbpasswd must *NOT* be setuid root (because, most likely, it *isn't*); perhaps something like smbpasswd will not run with root privileges if euid is not the same as uid because we believe in security through obscurity ;) -- Craig Kelley -- [EMAIL PROTECTED] Turn In Your Neighbor Today! http://www.bsa.org/usa/report/report.php http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
Re: [homes] share
On Fri, 2003-01-03 at 04:23, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep, I think I changed the order of that test - because we use use the 'snum' attached to the vuid if possible, so as to avoid expensive lookups. The correct fix would be to fix lp_add_home() not to overwrite things when it finds that the home dir share already exists. (Because all the damage is actually done there - the order that the search is done doesn't matter any more, as the share is added as session setup time). Unfortunately the fix I was about to commit seems to be the opposite of an earlier 'fix' for a related bug. I'll need to stare at this a bit more... Andrew, Changing the order of the lookup without letting everyone know is a really bad thing. This is an incompatible change with 2.2. Since you described the correct fix, please take care of this. Yep - will do. While yes, that is the 'correct' fix, the implementation in code isn't as straight-forward, particularly if we want changes to a user's 'homedir' to be updated. I'll certainly keep an eye on this one. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Samba and Kerberos
Hi Kenneth, On Thu, Jan 02, 2003 at 03:38:47PM -0600, Kenneth Stephen wrote: I am trying to understand the state of Samba using Kerberos authentication. I see from a search on the web that ADS support is now available in Samba, and presumably this uses an encrypted password communicated over the network rather than the behaviour that was previously available via the --with-krb5 flag. If so, would it not be a matter of implementation (as opposed to it being technically infeasible) to make sure that --with-krb5 now works with encrypted passwords? Can someone clue me in as to this please? ADS-style Kerberos support only works when both client and server are Kerberos-aware, so such Kerberos encrypted passwords support would be limited to Win2K and WinXP clients. This is a question of technical feasibility, not of implementation. It appears that the --with-krb5 option is currently used in connection with exactly this feature, and that the previous plaintext Kerberos support has been dropped in 3.0. -- Steve Langasek postmodern programmer msg05169/pgp0.pgp Description: PGP signature
Re: Samba and Kerberos
On Fri, 2003-01-03 at 10:50, Steve Langasek wrote: Hi Kenneth, On Thu, Jan 02, 2003 at 03:38:47PM -0600, Kenneth Stephen wrote: I am trying to understand the state of Samba using Kerberos authentication. I see from a search on the web that ADS support is now available in Samba, and presumably this uses an encrypted password communicated over the network rather than the behaviour that was previously available via the --with-krb5 flag. If so, would it not be a matter of implementation (as opposed to it being technically infeasible) to make sure that --with-krb5 now works with encrypted passwords? Can someone clue me in as to this please? ADS-style Kerberos support only works when both client and server are Kerberos-aware, so such Kerberos encrypted passwords support would be limited to Win2K and WinXP clients. This is a question of technical feasibility, not of implementation. It appears that the --with-krb5 option is currently used in connection with exactly this feature, and that the previous plaintext Kerberos support has been dropped in 3.0. It was dropped because that functionality is better implemented via pam_krb5. A patch to re-instate this functionality as an auth module will probably be accepted, if people really want it... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Samba and Kerberos
On Thu, Jan 02, 2003 at 06:28:48PM -0600, Kenneth Stephen wrote: ADS-style Kerberos support only works when both client and server are Kerberos-aware, so such Kerberos encrypted passwords support would be limited to Win2K and WinXP clients. This is a question of technical feasibility, not of implementation. Not sure what this means. If I run the Samba server on the same machine as a server which understood Kerberos authentication (for example, AIX 5.1 with a DCE based KDC), would that qualify? What about the extra info that Microsoft stuffs into the Kerberos protocol that I've heard Win client _need_? I need Samba working with a non-Microsoft KDC. Windows *clients* don't need the extra data; it's only Windows *servers* that need the data -- however, note that I'm using server in the sense of anything that provides a service, which would include a workstation providing login services for members of your Kerberos realm. If your Samba server doesn't need to provide domain auth services for workstation logins, you don't need to worry about the Microsoft PAC. AFAIK, Samba-as-a-fileserver doesn't even *support* using the PAC yet; it gets its group information from other, more Unix-y sources. As for running Samba on a server that understands Kerberos authentication, even that is not required; you can easily run Samba as your only Kerberos-enabled application on a given machine (well, easily assuming you know how to go about setting up Kerberos). Cheers, -- Steve Langasek postmodern programmer msg05171/pgp0.pgp Description: PGP signature
Re: Samba and Kerberos
On Fri, 2003-01-03 at 11:31, Kenneth Stephen wrote: On 3 Jan 2003, Andrew Bartlett wrote: On Fri, 2003-01-03 at 10:50, Steve Langasek wrote: Hi Kenneth, It appears that the --with-krb5 option is currently used in connection with exactly this feature, and that the previous plaintext Kerberos support has been dropped in 3.0. It was dropped because that functionality is better implemented via pam_krb5. A patch to re-instate this functionality as an auth module will probably be accepted, if people really want it... Andrew, What is pam_krb5? Is it an OS level component that is specific to Solaris / Linux or is it a Samba module? It is a PAM module, various versions of which are available for Linux/Solaris and other PAM enabled systems. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Samba and Kerberos
On Fri, 2003-01-03 at 11:39, Steve Langasek wrote: On Thu, Jan 02, 2003 at 06:28:48PM -0600, Kenneth Stephen wrote: ADS-style Kerberos support only works when both client and server are Kerberos-aware, so such Kerberos encrypted passwords support would be limited to Win2K and WinXP clients. This is a question of technical feasibility, not of implementation. Not sure what this means. If I run the Samba server on the same machine as a server which understood Kerberos authentication (for example, AIX 5.1 with a DCE based KDC), would that qualify? What about the extra info that Microsoft stuffs into the Kerberos protocol that I've heard Win client _need_? I need Samba working with a non-Microsoft KDC. Windows *clients* don't need the extra data; it's only Windows *servers* that need the data -- however, note that I'm using server in the sense of anything that provides a service, which would include a workstation providing login services for members of your Kerberos realm. If your Samba server doesn't need to provide domain auth services for workstation logins, you don't need to worry about the Microsoft PAC. AFAIK, Samba-as-a-fileserver doesn't even *support* using the PAC yet; it gets its group information from other, more Unix-y sources. As for running Samba on a server that understands Kerberos authentication, even that is not required; you can easily run Samba as your only Kerberos-enabled application on a given machine (well, easily assuming you know how to go about setting up Kerberos). And telling Samba about that machine's keytab. Currently Samba needs to know the original plaintext password for the machine. It's been on my todo for a while - a long while... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Going from 3.0 to 2.2.7
On Fri, 2003-01-03 at 02:33, Irving Carrion wrote: Hello and Happy New Year! I'm considering going to 2.2.7 version of Samba, but currently I'm at 3.0. Is it possible to do this smoothly without having to re-join all client machines to the domain? Extract the domain sid, and place into a text file called 'MACHINE.SID'. That should help fix the most annoying problem. In fact, I don't think that part of the secrets.tdb changed format, so it might 'just work'. Things like LDAP secret and the like did however. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Debug Level in pdb_get_set.c
On Fri, 2003-01-03 at 04:29, Volker Lendecke wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi (metze)! In HEAD and 3_0 log files I find that the debug messages from pdb_get_set are a bit annoying. I would like to put them at debug level 11. Would that be ok with you? You should be able to turn down just the passdb section in smb.conf if you like. What other level 10 debugs do you need, that this is cluttering? Anyway, I don't mind much, becouse I run with level 100 (and then wonder why I get /tmp full of packet captures :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
hello
hi,happy new year holly
Re: Samba and Kerberos
On Thu, 2 Jan 2003, Steve Langasek wrote: Hi Kenneth, ADS-style Kerberos support only works when both client and server are Kerberos-aware, so such Kerberos encrypted passwords support would be limited to Win2K and WinXP clients. This is a question of technical feasibility, not of implementation. Steve, Not sure what this means. If I run the Samba server on the same machine as a server which understood Kerberos authentication (for example, AIX 5.1 with a DCE based KDC), would that qualify? What about the extra info that Microsoft stuffs into the Kerberos protocol that I've heard Win client _need_? I need Samba working with a non-Microsoft KDC. Yes, Paul Henson's sec_auth patches are available on the net, but my understanding of the way that solution works is that once you have an id working via sec_auth, it wouldnt work via straighforward telnet / ssh. Also, I never quite got it to work correctly with IBM DCE 3.1 . Thanks, Kenneth
Re: Samba and Kerberos
On 3 Jan 2003, Andrew Bartlett wrote: On Fri, 2003-01-03 at 10:50, Steve Langasek wrote: Hi Kenneth, It appears that the --with-krb5 option is currently used in connection with exactly this feature, and that the previous plaintext Kerberos support has been dropped in 3.0. It was dropped because that functionality is better implemented via pam_krb5. A patch to re-instate this functionality as an auth module will probably be accepted, if people really want it... Andrew, What is pam_krb5? Is it an OS level component that is specific to Solaris / Linux or is it a Samba module? Thanks, Kenneth
ÌؼÛÐÂÊé
ÉîÛÚÍøÂçÊéµê×£ÄúÐÂÄêÓä¿ì£¡ µã»÷½øÈëÉîÛÚÍøÂçÊéµê£º¡¡http://www.szbookshop.com --- ʹÓü«ÐÇÓʼþȺ·¢£¬ÎÞÐëͨ¹ýÓʼþ·þÎñÆ÷£¬Ö±´ï¶Ô·½ÓÊÏ䣬ËٶȾø¶ÔÒ»Á÷£¡ ÏÂÔØÍøÖ·£ºhttp://love2net.51.net/£¬¸ü¶àÃâ·ÑµÄ³¬¿áÈí¼þµÈÄãÀ´Ï¡¡ INFORMATION This message has been sent using a trial-run version of the TSmtpRelayServer Delphi Component.
ÌؼÛÐÂÊé
ÉîÛÚÍøÂçÊéµê×£ÄúÐÂÄêÓä¿ì£¡ µã»÷½øÈëÉîÛÚÍøÂçÊéµê£º¡¡http://www.szbookshop.com --- ʹÓü«ÐÇÓʼþȺ·¢£¬ÎÞÐëͨ¹ýÓʼþ·þÎñÆ÷£¬Ö±´ï¶Ô·½ÓÊÏ䣬ËٶȾø¶ÔÒ»Á÷£¡ ÏÂÔØÍøÖ·£ºhttp://love2net.51.net/£¬¸ü¶àÃâ·ÑµÄ³¬¿áÈí¼þµÈÄãÀ´Ï¡¡ INFORMATION This message has been sent using a trial-run version of the TSmtpRelayServer Delphi Component.
Samba-VMS 2.2.4 moves up to 2.2.7a
Hi. As a new year gift, you can now download and use Samba-VMS in version 2.2.7a, at the usual site (http://www.pi-net.dyndns.org/anonymous/jyc/). This is the latest stable (as they say) release available for Unix. In addition, and from a strict VMS point of vue, this version gives some enhancements and bug fixes compared to the last 2.2.4. Performances are once more quite better, essentially for browsing. For those of you who used the last 2.2.4 version, where I introduced a logical name (SAMBA_REAL_FILE_SIZE), this logical name has been suppressed. Now, the size of Variable and VFC files is computed only when needed, i.e. when the file is actually opened, so it no longer slow down the browsing. Performances are better too because I added a memory cache for directory contents. In my opinion, Samba-VMS is now quite good for browsing and for accesing files. However, I must admit that other actions remain quite slow (especially deleting files). I have no planning for enhancing that for the moment. There is a bunch of bug fixes, too : - Correct handling of VFC files (some NULL characters persisted to appear sometimes) - SMBD infinite loop removed, on some cases when there was a great number of client connects/disconnects - You can now share the root (00) directory of a concealed device (i.e. /samba_root/00) - When sharing something defined with a search list (i.e. /sys$sysroot/sysmgr), you can now see and browse all directories, including those on the first elements of the search list - when there was a file named .;1 in a directory, this directory could not be browsed - encrypted passwords has been set to Yes by default I hope that you'll enjoy this new version. Best wishes to all. Jean-Yves COLLOT
RE: Samba-VMS 2.2.4 moves up to 2.2.7a
As a new year gift, you can now download and use Samba-VMS in version 2.2.7a, at the usual site (http://www.pi-net.dyndns.org/anonymous/jyc/). The links on the page still points to the 2_2_4 kits... Jan-Erik Söderholm.
ECHO after exiting smbpasswd
Hi. If I exit smbpasswd with ctrl-C at any of the password-prompts, I have to do SET TERM/ECHO blind before I get any output back on my terminal. Is this expected ? And another thing about the smdpasswd file... I'v never realy understod if this file is a *must* to use SAMBA. Doesn't SAMBA use the UAF ? Each time I test a new SAMBA install, I get the unable to open the passdb database message in the log files. Does it only have to exists, or does it also have to have real usernames ? Jan-Erik Söderholm.
