[Samba] Re: DNS and DHCP setup
Greetings ... Does anyone know of a document that gives details on how to set up Bind 9 and DHCPD 3.x so that dns is updated when clients log on? I saw this is not in the howto collection (http://www.bibsyst.no/samba/docs/man/DNSDHCP.html#id2981727) so I was kind of hoping someone else has some notes. I would be greatfull for any tips and links. I don't know if this is an acceptable alternative, dnsmasq. http://www.thekelleys.org.uk/dnsmasq/doc.html Which will take your dhcp.leases and create dns structure for you ... very easy to and nice to use. Hope this helps. Have fun. Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc vampire problems
But if I user lowercase, it works. I wasn't aware of a restriction on creating uppercase usernames. Is this supposed to happen? Anyone else know why my machine accounts aren't getting migrated? Pretty please? Dan, What flavor of Linux are you using. I just did a migration using Samba 3.0 and RedHat ES 3.0. I ran into the same problem. That is because RedHat does not allow you to create user names with uppercase letters. The other problem I had was with group names. The way I got around it was to write my own scripts that change the machine name from upper to lower case. I put the reference in the smb.conf: add machine script = xx.sh This is the script:** #!/bin/sh # Script to add machines # Checks to see if a command line argument was passwd if [ $# -eq 0 ] then echo . echo Did not pass an argument on the command line echo usage: conv.sh \THIS is a TEST\ echo . exit 0 fi # Passes the command line argument. Reduces the string length and converts to lower case lower=`echo $1 | sed y/[ABCDEFGHIJKLMNOPQRSTUVWXYZ\ ]/[abcdefghijklmnopqrstuvwxyz\_]/` #This is the section in which you call the useradd and pass the Unix compliant name /usr/sbin/useradd -g machines -s /sbin/nologin -d /dev/null $lower exit 0 It doesn't make any difference if I run the above script or not. The creation of the machine trust account still fails. Interestingly, if I run manually: useradd DKASAK$ I get the error: useradd: invalid user name 'DKASAK$' But if I user lowercase, it works. I wasn't aware of a restriction on creating uppercase usernames. Is this supposed to happen? Anyone else know why my machine accounts aren't getting migrated? Pretty please? Dan -- Daniel Kasak IT Developer NUS Consulting Group Level 5, 77 Pacific Highway North Sydney, NSW, Australia 2060 T: (+61) 2 9922-7676 / F: (+61) 2 9922 7989 email: [EMAIL PROTECTED] website: http://www.nusconsulting.com.au -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net groupmap
Hi everyone,
What means parameter [type={domain|local|builtin}] in net groupmap (samba 3.0.0)?
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: multiple ldap servers in bdc/pdc environment
Thomas Hannan wrote: Hi all, I'm setting up a number of samba DC's across several branch offices using the Samba 3.0.0 release's native LDAP support. I'd like to build some redundancy into my setup, such as having slave LDAP servers in case the master is down/unavailable. However, when I have multiple ldapsam entries in my smb.conf I get duplicate or triplicate users listed when performing a /usr/local/samba/bin/pdbedit -L, and all 2 or 3 LDAP servers get queried no matter what. Is there anyway to list multiple backup LDAP servers instead of just having overlapping SAMs? Also, there will be some remote offices connected via relatively high-latency WAN links to the master LDAP server. Will this be a problem in terms of adding machine accounts or changing passwords (and that data being replicated to the local slave LDAP server at the branch offices in a timely manner)? I'd like to only have the remote offices send traffic over the WAN links when absolutely necessary (such as changing passwords or receiving replica updates pushed out from the master LDAP server). Regards, Thomas [global] passdb backend = ldapsam:ldap://192.168.1.60 ldapsam:ldap://192.168.1.215 ldapsam:ldap://192.168.1.98 passdb backend = ldapsam:ldap://192.168.1.60/ ldap://192.168.1.215/ ldap://192.168.1.98/; should do the job ldap suffix = ou=accounts,ou=people,dc=pharm-olam,dc=com ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap user suffix = ou=users ldap admin dn = uid=smbldap,ou=accounts,ou=people,dc=pharm-olam,dc=com ldap ssl = off -- metze --- Stefan (metze) Metzmacher metze at metzemix.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] W2k client using synchronize on a samba configured RH Linux 9 file server ...
... does not work. I use the W2k functionality synchronize on my laptop to have up2date synchronized copies of my files both at the laptop and the file server. The file server is a P 200 MHz running RH Linux 9. When on-line the synchronization of files works, except for my swedish letters åäö. However when off-line working with my files, then reconnecting to the network and issuing a synchronization it fails. The updating of the files on the server fails. Am I doing something wrong here or is the SMB protocol used by samba not up2date to support this W2k functionality? My samba version is 3.0.0-2 regard s /Ripan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tall tale of woe....
On Mon, 15 Dec 2003, Gerald (Jerry) Carter wrote: The kernel should log the oops in /var/log/messages. Yeah, its not there. log stops at 11:29:07 the next entry is at 11:47 when its booting. We can't be blamed for a kernel oops. If a user space app can cause the kernel to die, then that's a kernel bug. I would start pursuing this with RedHat (if you have support), or logging it in bugzilla.redhat.com. not trying to aportion blame here. Just trying to get the good old stable server back :/ was wondering if anyone else has had anything like this before? i will contact redhat and see if they can offer any suggestions. many thanks Ross McInnes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to join Samba server to Win2k domain
Anyone know what could cause all these problems or a straight solution how to solve them? Upgraded to 3.0.1, and i still can't add my Samba server to the Windows 2000 domain. Same errors as described in my previous mail. What information more than the one i supplied could be usefull if i should add this as a bugreport? Best regards Henrik -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem with admin users
McKeever Chris wrote: On Mon, 15 Dec 2003 12:09 , Luiz Fernando Aguiar Leme [EMAIL PROTECTED] sent: Hi all, on my smb.conf, contents the following lines: admin users = root claudio roberto security = server when this users save or write files on shared folders, they saves with root:wheels. How do i force this users to save your own user:group and not root:wheels??? On the shared folders contents the following lines, for example: [publico] comment = Diretorio publico path = /usuarios/publico public = yes writable = yes security mask = 770 create mask = 0770 force create mode = 770 force directory mode = 770 force security mode = 770 printable = no thanks! not 100% your answer, but for shared folders, you can force the user and group that it is written as, in this case, force it to administrator and domain admins ... does the above scenario only happen with the admin-level users? so standard users save with thier username and default group? Be careful with this one. When a user is present in the « admin users = » clause, it is mapped to root (on the Unix side of Samba) whatever he does. It was done to circumvent access control (and problems with group mappings) to allow users to do administration tasks. The downside is that their files are now owned by root... The worst problem with this is that their profile is also partially owned by root (if they have one), and when they are no more in the « admin users = » clause, they won't be able to use their profile. Regards, Jérôme -- Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre Groupe Expert Managed Services - LogicaCMG France http://www.logicacmg.com/fr/ - mailto:jerome.fenal AT logicacmg.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How much memory does your smbd take up?
This is partly to do with my Tall tale of woe thread... ive noticed in the past that when its crashed and ive had to restart etc when the system comes back up i have odles of memory available... yet seemingly in the space of a few hours the amount available is taken from 2GB down to 11MB total used free sharedbuffers cached Mem: 2016 2004 11 0543 1257 -/+ buffers/cache:204 1811 Swap: 4000 18 3982 now obviously applications DO use memory but i was wondering how much, and is this normal behavior for a server running samba? (it also runs dns and dhcp) i have another server which runs samba but only 2 people connect to it... total used free sharedbuffers cached Mem: 1006982 23 0 69818 -/+ buffers/cache: 95911 Swap: 2000 0 2000 pulling at straws now, but someone else asked the question and i didnt know. Many thanks Ross McInnes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Unable to join Samba server to Win2k domain
Hi , It will be good if you can paste your krb5.conf and smb.conf with the mail, so that we can see where you have gone wrong. But just to double check some basic issues: 1) Are winbind and smb services restarted everytimes you did any changes to the config files? 2) Since you are using AD mixed mode, instead of using net ads join , can you try net join -U Administrator? 3)By the way, did you try the method of adding Samba server into the domain from the AD server? Regards, Ivan Toh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henrik Larsson Sent: Tuesday, December 16, 2003 5:02 PM To: [EMAIL PROTECTED] Subject: [Samba] Re: Unable to join Samba server to Win2k domain Anyone know what could cause all these problems or a straight solution how to solve them? Upgraded to 3.0.1, and i still can't add my Samba server to the Windows 2000 domain. Same errors as described in my previous mail. What information more than the one i supplied could be usefull if i should add this as a bugreport? Best regards Henrik -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 3.0.1 for Debian
All, does someone has 3.0.1 Debian Packages ready? Thank you, Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] configure error with --enable-dmalloc
Hi Gerry/All, I've tried running with sh -x but this only provides information on the first few commands when running configure, I assume the others are being executed in sub shells (processes). I've also looked at config.log and can't see anything that looks meaningful or related to the problem (I haven't included this as even compressed it's to big an attachment). I have looked in the configure script and it is the last five or so lines that are failing, and all they seem to be doing is echoing some information on enabling dmalloc. Does anyone know what these commands are, could be that Samba will actually compile ok but I didn't get the message telling me how to enable dmalloc, thanks Andy. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Posted At: 12 December 2003 16:09 Posted To: Samba Conversation: [Samba] configure error with --enable-dmalloc Subject: Re: [Samba] configure error with --enable-dmalloc -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ww m-pubsyssamba wrote: Hi Gerry list, I assume you mean /usr/ucb as I have no /usr/usb Yeah. Sorry. typo. directory, however /usr/ucb or /usr/usb are not in my PATH at all and when I tried a configure with /usr/ucb listed at the end of my PATH I still get exactly the same error, Check for any errors list at the end of config.log.or maybe run sh -x configure other options herer to see what configure is actually exectuting at the end. - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2egOIR7qMdg1EfYRAuUyAKDOi+RVrzu0H9Am6ZFLPA55phppcQCfeGMQ yq2X4l+6qDiEzyUtNFw/Gp0= =zD1e -END PGP SIGNATURE- BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Configuring Samba in domain
Hi! I am getting difficulties in settings of Samba Server, running on SuSE 9. Please, can youytell me what should I do to make my Linux machine see the other machines running Windows 2k/XP pro in this domain? The PDC is Windows 2000 Server with Active Directory. What I have managed to do already is to make a share on my linux machine that is accessibe from the win machines in the same domain, but I do not know how to make the other way? Thanks in advance!!! Best regards, Konstantin Nikolov -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Ver 3 for SCO Openserver
Hope you can help I am trying to find out if there is a port of Samba ver3 for SCO Openserver, as I desperately need to use the ADS features. Thanks John Milner PCI Systems -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows2000 + Winbind
Dear All, I use Redhat 9, Samba 2.2.7a-8.9.0. I have Windows2000 server as a Domain Controller. I try to use winbind. I followed the document comes with samba. I can join Win2k domain. The problem is wbinfo does not show the correct list. Here is the tail of the result from winbindd -i -d 8 rpc_api_pipe: len left: 0 smbtrans read: 48 rpc_api_pipe: fragment first and last both set 18 samr_io_r_connect 18 smb_io_pol_hnd connect_pol 0018 data1: 001c data2: 0020 data3: 0022 data4: 0024 data5: 00 00 00 00 00 00 00 00 002c status: NT_STATUS_ACCESS_DENIED refresh_sequence_number: backend returned 0xc022 refresh_sequence_number: seq number is now -1 returning extended error 0xc022 client_write: wrote 1304 bytes. read failed on sock 11, pid 16786: EOF And wbinfo -u produced: 0xc022 Would you please tell me how to solve the problem? Thanks, Theewara -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind pdc bdc problem
Do I need to use winbind between pdc and bdc if I'm using LDAP backend? I have a PDC setup with LDAP master on backend and a BDC with slave LDAP in another building.I'm just having a problem with getting users to authenticate and use the BDC for home directories and exactly how to have W2k clients join the domain.. The BDC is in another building (connected by a slow connection) so it needs to have a copy of LDAP for authentication purposes. I've tested LDAP replication and it works fine and receives updates from the master. The PDC does everthing that it should. I can join W2k clients, and users can get to their home directories. My problem is in Samba and how to configure the BDC for users to use it. System description RedHat 8.0 LDAP 2.1.23 Samba 3.0 Any help or suggestions would be appreciated. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Group mapping problem
Hi, I'm using tdb and Samba 3.0.0 in /etc/group I have domadm:x:502:yo,tu net groupmap Domain Admins (S-1-5-21-1113206677-1823813211-1234567-512) - domadm Output of testparm: Processing section [netlogon] Processing section [profiles] Processing section [homes] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] unix charset = ISO-8859-15 display charset = ISO-8859-15 workgroup = MYDOMAIN netbios name = SERVIDOR root directory = administrator add machine script = /usr/sbin/useradd -d /dev/null -g maquinas -s /bin/false -M %u logon script = logon.bat logon path = \\%N\profiles\%u logon drive = I: logon home = \\%N\profiles\%u\.profiles domain logons = Yes os level = 64 preferred master = Yes domain master = Yes [netlogon] path = /usr/local/samba/lib/netlogon browseable = No [profiles] path = /profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [homes] read only = No create mask = 0770 directory mask = 0770 browseable = No Thanks. - Original Message - From: Jérôme Fenal [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 15, 2003 1:55 PM Subject: [Samba] Re: Group mapping problem Gonzalo Aguilera wrote: Hi, I have Samba 3 as Domain controller. From a Windows 2000 Professional I share a folder (c:\test) with access permission for certain domain user (MYDOMAIN\yo). I can access to that folder from other w2000 with that user validated into it. If I add that user to a unix group (domadm) and map this group to Domain Admins (net groupmap modify ntgroup=Domain Admins unixgroup=domadm) and change w2000 shared folder access permission for group MYDOMAIN\Domain Admins I get Access Denied. What's wrong? Thanks. Please include more informations about your setup : - What sam type are you using (tdb, ldap, etc.) ? - Include a copy of testparm output - Include the content of the mapping (ie. which RID dd you give to the domadmin group?) - What version of Samba 3 (3.0.0, 3.0.1pre?, 3.0.1rc?) - and any more information that would be valuable to answer you Regards, Jérôme -- Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre Groupe Expert Managed Services - LogicaCMG France http://www.logicacmg.com/fr/ - mailto:jerome.fenal AT logicacmg.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] colon in filename
Hello, I have some directories with colon on my linux server. I want to share them to windows box. For example, when i share: [EMAIL PROTECTED]:54:47 In windows i can see this like: 2003-~8! Is it possible to convert on the fly : to something other, for example dot? greetings, Bart -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Patch to Samba 3.0.1?
Dear list, Is it sufficient to patch my 3.0.0 install to 3.0.1 on my Solaris 9 machine? Or do I have to recompile the whole lot from scratch? Does the new version put all the files in the right places, e.g. pam_winbind.so and libnss_winbind.so? (I think the HOWTO still says you have to copy these to the right places and make links if you want to use winbind) I'm just wondering whether it would be worth my while upgrading as the only problem I have right now is that I cannot make PAM let me log in as an NT user and create home directories on the fly. Thanks, Sapan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Patch to Samba 3.0.1?
Ah! I've made a discovery, if I put the NT user I am trying to log in as into /etc/passwd then it will allow me to log in with the user's NT password. This isn't supposed to be the way it works right? I shouldn't have to have the users in /etc/passwd, that's the whole point of winbind, right? It still won't create the home drives on the fly though. Can anyone help me now? I don't seem to get any logs like I do on Redhat. -Original Message- From: Ganguly, Sapan [mailto:[EMAIL PROTECTED] Sent: 16 December 2003 10:20 To: '[EMAIL PROTECTED]' Subject: [Samba] Patch to Samba 3.0.1? Dear list, Is it sufficient to patch my 3.0.0 install to 3.0.1 on my Solaris 9 machine? Or do I have to recompile the whole lot from scratch? Does the new version put all the files in the right places, e.g. pam_winbind.so and libnss_winbind.so? (I think the HOWTO still says you have to copy these to the right places and make links if you want to use winbind) I'm just wondering whether it would be worth my while upgrading as the only problem I have right now is that I cannot make PAM let me log in as an NT user and create home directories on the fly. Thanks, Sapan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem Using Windows XP Pro w/Samba
I tried today to setup WinXP Pro to logon to my Linux Domain Server running RedHat Enterprise 2.1 with samba version 2.2.8a. WinXP is complaining it can not locate the domain server or is unable to authenticate with the server. Everything is working fine for Win9x, Win2k, and WinNT systems. When setting up the XP system it was able to connect and create a system account (jeff-system). Can anyone point me to where/how to identify and solve the problem? Obviously, the best answer is not use MS junk, but I have no choice, some apps still are only available as MS FoxPro apps, which will never be available on Linux. Would it help me to upgrade to Samba 3.0? Patrick J. Shoaf, IT Manager [EMAIL PROTECTED] Model Cleaners, Uniforms, Apparel 100 Third Street Charleroi, PA 15022 http://www.model-uniforms.com/http://www.model-uniforms.com Phone: 724-489-9553 ext. 105 or800-99 MODEL Fax: 724-489-4386 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] downloaded win98 print drivers fail in Samba 3.0
The issue was a bug in the PrintPro export function of printers, their printer/CUPS setup utility. The solution (from the PrintPro support group) was to use cupsaddsmb -v -U root PRINTERNAME PrintPro says their export function will be fixed next release. Grant Basham (305)361-4026 University of Miami [EMAIL PROTECTED] RSMAS Computer Facility/Systems grant basham wrote: A PrintPro CUPS (v4.4.1) running Samba 3.0.0 on Fedora/Redhat Linux does pointclick driver download for WinXP just fine, but fails to do pointclick setup for Win98. When I do the pointclick install, Only the ADOBEPS4.DRV file is transferred. If I manually copy the driver files from \\server\print$\WIN40[\0] into the Win98 System area, it all works fine. If I then delete the queue on Win98, only the ADOBEPS4.DRV file is removed; the files copied in manually stay in the SYSTEM dir. If I then reinstall the queue via pointclick, it all works. If I then delete the queue and remove the manually-installed files and reinstall, I am back at the beginning with only ADOBEPS4.DRV and a non-working queue. Samba log for setup is appended at bottom. As suggested by Jerry, I updated so 3.0.1.rc2. The lib/util_str.c:safe_strcpy_fn(577) ERROR: NULL error message went away, but the setup still did not work. Moved the files in drivers/WIN40 to drivers/WIN40/0. Still the same problem. Further suggestions greatly appreciated. --Grant On Thu, 11 Dec 2003, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 grant basham wrote: | Errors shown below in the gim98 samba log on | the samba server as | lib/util_str.c:safe_strcpy_fn(577) ERROR: NULL | dest in safe_strcpy This is fixed in 3.0.1rc2. | /etc/samba/drivers/WIN40: | total 768 | 4 0/ 16 DEFPRTR2.PPD*60 PSMON.DLL* | 568 ADFONTS.MFM* 120 ICONLIB.DLL* There shouldn't bee any files left in WIN40. Perhaps a bad driver install. | /etc/samba/drivers/WIN40/0: | total 1584 | 1272 ADOBEPS4.DRV* 196 ADOBEPS4.HLP*60 mpocol.PPD* |56 rcfhp.PPD* - -- ciao, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2KrzIR7qMdg1EfYRAoCOAJ9VsGvkkfHkfoXEc4EZbZnulL5dWgCeLMCm NQKhKYy/fHyZCQRfij7ZNSo= =8xhv -END PGP SIGNATURE- ==current smaba setup log [2003/12/11 14:39:13, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resour ces. [2003/12/11 14:39:13, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [TEST1210] - [TEST1210] FAILED with e rror NT_STATUS_NO_SUCH_USER [2003/12/11 14:39:13, 2] lib/access.c:check_access(324) Allowed connection from (129.171.97.21) [2003/12/11 14:39:16, 2] smbd/server.c:exit_server(558) Closing connections [2003/12/11 14:39:18, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resour ces. [2003/12/11 14:39:18, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [TEST1210] - [TEST1210] FAILED with e rror NT_STATUS_NO_SUCH_USER [2003/12/11 14:39:18, 2] lib/access.c:check_access(324) Allowed connection from (129.171.97.21) [2003/12/11 14:39:21, 2] smbd/server.c:exit_server(558) Closing connections [2003/12/11 14:39:24, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resour ces. [2003/12/11 14:39:24, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [TEST1210] - [TEST1210] FAILED with e rror NT_STATUS_NO_SUCH_USER [2003/12/11 14:39:24, 2] lib/access.c:check_access(324) Allowed connection from (129.171.97.21) [2003/12/11 14:39:24, 1] smbd/service.c:make_connection_snum(705) gim98 (129.171.97.21) connect to service print$ initially as user samba (uid=1710, g id=1710) (pid 23567) [2003/12/11 14:39:24, 2] smbd/open.c:open_file(240) TEST1210 opened file WIN40/0/ADOBEPS4.DRV read=Yes write=No (numopen=1) [2003/12/11 14:39:24, 2] smbd/close.c:close_normal_file(228) samba closed file WIN40/0/ADOBEPS4.DRV (numopen=0) [2003/12/11 14:39:24, 2] smbd/open.c:open_file(240) TEST1210 opened file WIN40/0/ADOBEPS4.DRV read=Yes write=No (numopen=1) [2003/12/11 14:39:24, 2] smbd/close.c:close_normal_file(228) samba closed file WIN40/0/ADOBEPS4.DRV (numopen=0) [2003/12/11 14:39:24, 2] smbd/open.c:open_file(240) TEST1210 opened file WIN40/0/ADOBEPS4.DRV read=Yes
Re: [Samba] DNS and DHCP setup
What I would recommend instead, is to ditch Bind. Use djbdns from http://cr.yp.to/djbdns/ for name resolution. It is (relatively) simple to migrate to and it is much better than Bind. Then use this script: http://www.thismetalsky.org/magic/projects/dhcp_dns.html to update DNS when the workstations obtain their addresses via DHCP. -- = Ben Tullis Tarjei Huse wrote: Hi, Does anyone know of a document that gives details on how to set up Bind 9 and DHCPD 3.x so that dns is updated when clients log on? I saw this is not in the howto collection (http://www.bibsyst.no/samba/docs/man/DNSDHCP.html#id2981727) so I was kind of hoping someone else has some notes. I would be greatfull for any tips and links. Tarjei -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tall tale of woe....
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ross McInnes (Systems) wrote: | not trying to aportion blame here. Just trying to get | the good old stable server back :/ was wondering if anyone | else has had anything like this before? I wasn't on the defensive. Just stating that it would have to a kernel bug in this case (one that I've not see come up before). It is possilbe that a hardware component is failing (e.g. RAM). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3xFVIR7qMdg1EfYRAokOAJ0VWHOo42PAOM/hGmzZdv6jpjPjcACeJHQj Cgs6zc0YctQb2pv1o+jIUuI= =eQAw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tall tale of woe....
On Tue, 16 Dec 2003, Gerald (Jerry) Carter wrote: I wasn't on the defensive. Just stating that it would have to a kernel bug in this case (one that I've not see come up before). It is possilbe that a hardware component is failing (e.g. RAM). sorry i didnt mean it to come across like that. If its something thats not been seen before then it must be a hardware/kernal issue. Many Thanks Ross McInnes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem Using Windows XP Pro w/Samba
Have you done the reg editing bit? i noticed the same thing, drove me nuts until i realised i edited the wrong one. http://www.ccs.uky.edu/docs/samba.htm - nice doc for getting pro onto samba. Ross McInnes On Tue, 16 Dec 2003, Patrick Shoaf wrote: I tried today to setup WinXP Pro to logon to my Linux Domain Server running RedHat Enterprise 2.1 with samba version 2.2.8a. WinXP is complaining it can not locate the domain server or is unable to authenticate with the server. Everything is working fine for Win9x, Win2k, and WinNT systems. When setting up the XP system it was able to connect and create a system account (jeff-system). Can anyone point me to where/how to identify and solve the problem? Obviously, the best answer is not use MS junk, but I have no choice, some apps still are only available as MS FoxPro apps, which will never be available on Linux. Would it help me to upgrade to Samba 3.0? Patrick J. Shoaf, IT Manager [EMAIL PROTECTED] Model Cleaners, Uniforms, Apparel 100 Third Street Charleroi, PA 15022 http://www.model-uniforms.com/http://www.model-uniforms.com Phone: 724-489-9553 ext. 105 or800-99 MODEL Fax: 724-489-4386 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows2000 + Winbind
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theewara Vorakosit wrote: | 18 samr_io_r_connect | 18 smb_io_pol_hnd connect_pol | 0018 data1: | 001c data2: | 0020 data3: | 0022 data4: | 0024 data5: 00 00 00 00 00 00 00 00 | 002c status: NT_STATUS_ACCESS_DENIED The RestrictAnonymous setting has been enabled on your DC (or it is a native mode AD domain). See 'wbinfo --set-auth-user'. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3xYUIR7qMdg1EfYRAnTZAJ9Peen1UyIQ3Hi3mXHYAtAqoi8CdQCdH7vM 49Uy5aGpVtjUlv5UN7WoFS0= =tKA5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Fw: [Samba] Samba 3 Printing Problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | | | | Anyone have any suggestions for this? | | - | | Repeatedly getting the following error, any help out there for this? I've | dug around the internet for several hours with no luck. | | [2003/12/11 19:51:34, 2] | rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(268) | find_printer_index_by_hnd: Printer handle not found:_spoolss_writeprinter: | Invalid handle (OTHER:1583:10554) | | Running Debian 3.0r1 | Samba 3.0 Can you send me a full level 10 debug log of the client connecting to the printer and sending a job that fails? Thanks. Also try testing 3.0.1 cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3x3YIR7qMdg1EfYRAmQZAJ4jc2jc7wpEp9jK9efWaF8CJPxarQCcDl9O wDGjvB53XlBUVFalfSUfUfA= =wTkz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind pdc bdc problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kent L. Nasveschuk wrote: | Do I need to use winbind between pdc and bdc if I'm | using LDAP backend? On a Samba DC, Winbindd is only needed when the DC's have established trusts with other domains (and you need winbindd to generate accounts for the trusted users and groups). - -- ciao, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3x5NIR7qMdg1EfYRAu0aAJ0bf1xldkSU72onr/iL1l9wl70n1QCfTi+f pj/6UNQJrMakJb0dUhTVO1E= =nmX/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Patch to Samba 3.0.1?
Ah! I've made a discovery, if I put the NT user I am trying to log in as into /etc/passwd then it will allow me to log in with the user's NT password. This isn't supposed to be the way it works right? I shouldn't have to have the users in /etc/passwd, that's the whole point of winbind, right? You have to have the users in NSS. Do you have winbind configured as a NSS provider? It still won't create the home drives on the fly though. Can anyone help me now? I don't seem to get any logs like I do on Redhat. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fedora binaries in multiple RPMS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan wrote: | The RedHat RPMS were always available as single RPMS | why aren't the Fedora binaries the same? We are attempting to working more closely with the current Fedora Package maintainers. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3ytSIR7qMdg1EfYRAowlAKCocIU0BlQIB6LajG9XyVUL0UUu8wCg8kuH weIS5vVIhIT701qSxFbQMt0= =AYaI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 3.0.1 : Failed to verify incoming ticket!
Hello, This morning I upgraded two machines to samba 3.0.1 (from version 3.0.0). One machine is a member of our production Windows 2000 Active Directory. The other is a member of our test Windows 2003 Active Directory. I made no changes to the smb.conf file after doing the upgrade. However, after doing the upgrade clients are asked for a username/password when connecting and I am seeing this in my logs: [2003/12/16 09:50:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! This happens on both machines. The test network machine has SAMBA compiled against MIT-kerberos 1.3.1 . The production machine uses SAMBA compiled against MIT-Kerbeors 1.2.7 . Any help would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password - ldap questions
Dear List i have setup a samba server with a openldap backend (using the great guide from hilinsk and Gerald's ldap system adminstration book) I also have the unix account information stored in the ldap. Current setup samba 3.01 rc1 latest stable openldap on the same box unix/samba accounts are stored in the ldap. (using nsswitch) question 1 We have a corporate wide iplanet ldap server (which i can only read from) used for email. I tried to sync the passwords from this ldap-server with the samba-openldap one so my samba users only would have to remember one password. I used a script that fetches the (encrypted, sha1) passwords in a ldif file and ldapmodify this password to the samba-openldap. This part works. The problem is that samba want the sambaNTpassword and doesn't even look at the userpassword. Is there a way that i can make samba use the sha1 userpassword or do i have a no go, bad luck here. Another solution would be to go the other way around so to update the corporate ldap server when someone changes his windows/samba password and that brings me to question number 2. question 2 If i change the password from my windows workstation using the native windows change password mechanism the sambaNTpassword gets changed but the userpassword doesn't. I'm using the smbldap-passwd.pl tool. If i use this tool directly from the command line it does update the userpassword just fine. (using the same syntax as in the smb.conf. When i turn sync unix passwords then the domain stops working (domain not found) Below my smb.conf Thanx for your help Regards [global] workgroup = TIS-AG netbios name = TISPDC null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log level = 1 passdb:2 auth:2 log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-userdel.pl %u add group script = /usr/local/sbin/smbldap-groupadd.pl %g delete group script = /usr/local/sbin/smbldap-groupdel.pl %g add user to group script = /usr/local/sbin/smbldap-groupmod.pl delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m logon script = logon.bat logon path = domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins support = Yes ldap suffix = dc=Test,dc=com ldap machine suffix = ou=Machines ldap user suffix = ou=People ldap group suffix = ou=Group ldap admin dn = uid=root,ou=People,dc=Test,dc=com ldap ssl = no idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + comment = Samba-PDC Server [netlogon] path = /data/netlogon write list = ntadmin locking = No -- Otto Schakenbos PC-Support TFX IT-Service AG Fronackerstrasse 33-35 71332 Waiblingen GERMANY -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Secondary Groups and Group Mapping
Okay, we have the net groupmap command running without errors. We had to add the unixgroup/gid to both the /etc/group file and samba's openldap before groupmap would work without errors. I suspect that we could remove the dependence on /etc/group by modifying nsswitch.conf to add ldap for group resolution [currently just files winbind for passwd and group]. We'll be looking at that today. However, after I established the groupmap, it still doesn't work as I expected. Using the example from my earlier post, if I log into Solaris with user1 that has LOTR+fairfolk as his primary group in AD, I thought Samba would translate that to the unix group elves. What we are seeing is that if I log into Unix as this user and create a file, the group for that file is LOTR+fairfolk. An id -a lists LOTR+fairfolk in his groups, but not elves. Furthermore, if I create another file owned by user2:elves, I expected user1 to be able to access this due to the mapping. He can't; again it appears that Unix only sees him as belonging to LOTR+fairfolk. I've reread the documentation, and it appears my understanding of groupmap is correct. What am I missing here? What is groupmap supposed to do? We've downloaded 3.0.1 with hopes it helps resolve these issues. We still have the above groupmap issues. We haven't tried the secondary group access yet. john -Original Message- From: Klinger, John (N-CSC) Sent: Monday, December 15, 2003 4:59 PM To: '[EMAIL PROTECTED]' Subject:Secondary Groups and Group Mapping We are having what appears to be two main issues in our attempt to setup Samba 3.0.0 compiled from src on Solaris 8. We are using Samba to provide Unix shares on W2K clients, and to authenticate against a W2K Active Directory server. OpenLDAP is used on the Samba side for the UID/GID to SID mappings. The first issue deals with the file sharing. Even if a file gives full permission to one of a user's secondary groups, that user cannot access the file. The user can only access the file (or directory) if the file's group is the user's primary group. I've found several references on the web and in https://bugzilla.samba.org, which seem to indicate that the bug is fixed. However, we also tried this with 3.0.1rc2 and have the same problem; which makes us think it is a configuration error or something we haven't found related to nsswitch. The second issue deals with groupmap. Again, searches haven't turned up anything fruitful. When we execute commands similar to the following: groupadd elves net groupmap add ntuser=LOTR+fairfolk username=elves We always get the following error: No rid or sid specified, choosing algorithmic mapping adding entry for group LOTR+fairfolk failed! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] A domain controller for the domain could not by contacted (2.2.3a-12.3 for Debian)
Hello, I'm having problems using Samba as an primary domain controller. I am using debian woody as our platform. The version of samba is 2.2.3a-12.3 for Debian and i followed the instructions which can be found on the following url: http://www-106.ibm.com/developerworks/eserver/tutorials/samba/. In short this covers: - creating the config file - creating the users / groups - creating directory structure - configuring the windows client I attached my config file's /logging from my debian woody system. I did the following things on the windows client (Windows XP Professional 2002 Service Pack 1) - Open the Local Security Policy editor (Start - All Programs - Administrative Tools - Local Security Policy). - Locate the entry Domain member: Digitally encrypt or sign secure channel (always). Disable it. - Locate the entry Domain member: Disable machine account password changes. Make sure it's disabled as well. - Locate the entry Domain member: Require strong (Windows 2000 or later) session key. Disable it. - Next, download the WinXP_SignOrSeal registry patch from www.samba.org http://www.samba.org or collect it from the Further resources: Downloads and developerWorks http://www-106.ibm.com/developerworks/eserver/tutorials/samba/samba-6-2.html section at the end of this tutorial. Apply it by double-clicking and answering Yes to the dialog prompt. - Now join the domain the same as you would for Windows NT or 2000. Right-click My Computer, select Properties, Computer Name, and Change. Or click the Network ID button and run the Network Wizard. I put some screenshots of windows on the following locations: http://www.nergens.org/samba/ComputerNameChanges.PNG and http://www.nergens.org/samba/ComputerProperties.PNG ( i searched on the mailarchive, but i couldnt find any pointers / im kinda new to smb so i dont know how to debug) Could someone please help me here? Eduard Witteveen [global] ;basic server settings workgroup = HAWAR3 netbios name = nemo server string = Samba %h PDC running %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 ;PDC and master browser settings os level = 64 preferred master = yes local master = yes domain master = yes ;security and logging settings security = user # encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 # max log size = 50 # hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0 ;user profiles and home directory logon home = \\%L\%U\ logon drive = H: logon path = \\%L\profiles\%U logon script = netlogon.bat ;sync passwords unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: *all*authentication*tokens*updated*successfully* ; new machines add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u # shares [homes] comment = Home Directories browseable = no writeable = yes [profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600[2003/12/16 17:18:37, 0] smbd/server.c:main(698) smbd version 2.2.3a-12.3 for Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250) INFO: Debug class all level = 2 (pid 232 from pid 232) [2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973) Processing section [homes] [2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973) Processing section [profiles] [2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973) Processing section [netlogon] [2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81) added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0 [2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198) waiting for a connection nemo:/var/log/samba# cat log.nmbd [2003/12/16 17:18:37, 0] nmbd/nmbd.c:main(783) Netbios nameserver version 2.2.3a-12.3 for Debian started. Copyright Andrew Tridgell and the Samba Team 1994-2002 [2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250) INFO: Debug class all level = 2 (pid 230 from pid 230) [2003/12/16 17:18:37, 2] nmbd/nmbd.c:main(821) Becoming a daemon. [2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81) added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0 [2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193) making subnet name:10.0.0.152 Broadcast address:10.0.0.255 Subnet mask:255.255.255.0 [2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193) making subnet name:UNICAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2003/12/16 17:18:37, 2] nmbd/nmbd_subnetdb.c:make_subnet(193) making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2003/12/16 17:18:37, 2] nmbd/nmbd_lmhosts.c:load_lmhosts_file(41) load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
RE: [Samba] Problem Using Windows XP Pro w/Samba
From: Patrick Shoaf [EMAIL PROTECTED] I tried today to setup WinXP Pro to logon to my Linux Domain Server running RedHat Enterprise 2.1 with samba version 2.2.8a. WinXP is complaining it can not locate the domain server or is unable to authenticate with the server. Everything is working fine for Win9x, Win2k, and WinNT systems. When setting up the XP system it was able to connect and create a system account (jeff-system). Can anyone point me to where/how to identify and solve the problem? AFAIK the details are in the documentation, however... In the Local Security Policy, under Security Options ensure you set the Domain Member: Digitally sign... (always) options to disabled. You can find details by trawling for sign or seal xp on google. Please DO NOT send me ANY email directly unless it's a privacy issue. Reply-to mangled to assist those who don't read the above. -- Rob | What part of no was it you didn't understand? _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba freezing network
My server is a pdc on debian linux and is running with a windows 2000 member server that is hosting software for a flower shop. The windows servers and all the workstations are freezing about twice an hour and stay froze for about 2-5 minutes. They do not lock up at the same time but usually after the windows server locks they lock because they are trying to gather data from this flower software. If I remove the network cable from the debian pdc it does not lock up any more. The windows server and workstations have been there for at least a year and the debian box was just introduced then they started having the problems. I replaced the network card after letting the two servers ping back and forth and there were errors, after I replaced the network card in the debian machine there were no more errors but the windows box still locks up. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password - ldap questions
question 1 We have a corporate wide iplanet ldap server (which i can only read from) used for email. I tried to sync the passwords from this ldap-server with the samba-openldap one so my samba users only would have to remember one password. I used a script that fetches the (encrypted, sha1) passwords in a ldif file and ldapmodify this password to the samba-openldap. This part works. The problem is that samba want the sambaNTpassword and doesn't even look at the userpassword. Is there a way that i can make samba use the sha1 userpassword or do i have a no go, bad luck here. no go, bad luck Another solution would be to go the other way around so to update the corporate ldap server when someone changes his windows/samba password and that brings me to question number 2. question 2 If i change the password from my windows workstation using the native windows change password mechanism the sambaNTpassword gets changed but the userpassword doesn't. Right. I'm using the smbldap-passwd.pl tool. If i use this tool directly from the command line it does update the userpassword just fine. (using the same syntax as in the smb.conf. When i turn sync unix passwords then the domain stops working (domain not foud) That shouldn't happen. Don't you mean unix password sync -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not by contacted (2.2.3a-12.3 for Debian)
Le Tuesday 16 December 2003 17:12, Eduard Witteveen a écrit : Hello, I'm having problems using Samba as an primary domain controller. I am using debian woody as our platform. The version of samba is 2.2.3a-12.3 for Debian and i followed the instructions which can be found on the following url: http://www-106.ibm.com/developerworks/eserver/tutorials/samba/ Could someone please help me here? Sure we can. :-) For now you just missed something. Relevant information is generally in /var/log/samba/log.NETBIOSNAME. Have a look at it, and if you still cannot find, send relevant part back to the list. Good luck, Fabien Chevalier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not by contacted (2.2.3a-12.3 for Debian)
Fabien Chevalier wrote: Relevant information is generally in /var/log/samba/log.NETBIOSNAME. I cannot find this file. I did the following steps: - Stopped the samba deamon - Removed all the logging from the /var/log/samba directory - Started the samba deamon - Tried to join the domain again nemo:/var/log/samba# ls -la total 16 drwxr-x---2 root adm 4096 Dec 16 18:42 . drwxr-xr-x6 root root 4096 Dec 16 06:25 .. -rw-r--r--1 root root 3548 Dec 16 18:43 log.nmbd -rw-r--r--1 root root 663 Dec 16 18:42 log.smbd But when i try to access the server itselve by entering \\ipnumber-samba-machine in start run this file is created. nemo:/var/log/samba# cat log.shared-pc [2003/12/16 18:48:41, 2] smbd/server.c:exit_server(458) Closing connections [2003/12/16 18:48:41, 2] smbd/server.c:exit_server(458) Closing connections [2003/12/16 18:48:41, 2] smbd/server.c:exit_server(458) Closing connections I tried to join the domain again at this point, but no changes are made to the logging while im doing this Are there things i have to test before i want to join the domain? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mapping Problem
All, The Windows 2000 client is on my side of the firewall (the error message is: remote computer is not available), the Windows XP client is on the other side of the firewall, (the error message is: The specified network name is no longer available). I am able to ping both the IP address and server name of the CIFS/Samba server. I cannot perform the mapping, via Map Drive, then I connect as different user name and I enter a user id that I setup with smbpasswd (testcifs). Then I receive both these messages, I have searched message lists and the web for documentation on these errors, and I am unable to find anything that works. I seen a document that said if you could ping, then the next thing was to setup lmhosts on the client, which I did, that still does not work, so there may be some configuration problem of some sort. I appreciate your help very much. -Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password - ldap questions
Adam Williams wrote: question 1 We have a corporate wide iplanet ldap server (which i can only read from) used for email. I tried to sync the passwords from this ldap-server with the samba-openldap one so my samba users only would have to remember one password. I used a script that fetches the (encrypted, sha1) passwords in a ldif file and ldapmodify this password to the samba-openldap. This part works. The problem is that samba want the sambaNTpassword and doesn't even look at the userpassword. Is there a way that i can make samba use the sha1 userpassword or do i have a no go, bad luck here. no go, bad luck Ok Another solution would be to go the other way around so to update the corporate ldap server when someone changes his windows/samba password and that brings me to question number 2. question 2 If i change the password from my windows workstation using the native windows change password mechanism the sambaNTpassword gets changed but the userpassword doesn't. Right. ok I'm using the smbldap-passwd.pl tool. If i use this tool directly from the command line it does update the userpassword just fine. (using the same syntax as in the smb.conf. When i turn sync unix passwords then the domain stops working (domain not foud) That shouldn't happen. Don't you mean unix password sync Yes that is what i meant, it is the right syntax in my smb.conf (just checked to be sure) So i have to make the unix password sync work and the my userpassword will get updated as well? Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] user name with a dot not working
Hello, I'm having problems with user names containing a dot. For example j.smith. In our network we have Win2K PDC and a Samba server. smb.conf contains this: [global] security = domain password server = MYSERVER username map = /etc/samba/smbusers [myshare] valid users = j.smith write list = j.smith etc... /etc/samba/smbusers file contains this: jsmith = j.smith And Linux box with Samba server has an account for user 'jsmith' (/home/jsmith). So I'm trying to map 'j.smith' (windows user name) to 'jsmith' (linux user name). But the problem is that when I try to access shares on samba server I get NT_STATUS_WRONG_PASSWORD. I'm sure the password is entered correctly. [EMAIL PROTECTED] me]$ smbclient //SAMBASRV/webpages -U 'j.smith' added interface ip=10.92.32.33 bcast=10.92.255.255 nmask=255.255.0.0 Password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix] tree connect failed: NT_STATUS_WRONG_PASSWORD and in a log file on samba server I see: [2003/12/16 17:53:39, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user nobody ^ -- this is strange! (why nobody?) The same error I get from windows clients. When I intentionally enter wrong password, I get in log file this: [2003/12/16 17:11:50, 0] smbd/password.c:domain_client_validate(1619) domain_client_validate: unable to validate password for user J.SMITH in domain MYDOMAIN to Domain controller MYSERVER. Error was NT_STATUS_WRONG_PASSWORD. When I inetntionally enter wrong user name, I get in log file this: [2003/12/16 17:12:02, 0] smbd/password.c:domain_client_validate(1619) domain_client_validate: unable to validate password for user X.SMITH in domain MYDOMAIN to Domain controller MYSERVER. Error was NT_STATUS_NO_SUCH_USER. When I remove 'jsmith = j.smith' from /etc/samba/smbusers and change unix user to 'j.smith', everythig starts working. But I would like to use on Linux usernames without a dot. Thanks for your help, any ideas? Best regards, Robert -- Robert Nedbal - Czech Technical University in Prague, Czech Republic email: [EMAIL PROTECTED] http://www.sh.cvut.cz/~robik/ /* Debuggers are evil. Never ever trust them. */ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: password - ldap questions
Adam Williams wrote: [snip] I'm using the smbldap-passwd.pl tool. If i use this tool directly from the command line it does update the userpassword just fine. (using the same syntax as in the smb.conf. When i turn sync unix passwords then the domain stops working (domain not foud) That shouldn't happen. Don't you mean unix password sync Also have a look at « ldap passwd sync = » : http://www.samba.org/samba/docs/man/smb.conf.5.html#LDAPPASSWDSYNC Regards, Jérôme -- Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre Groupe Expert Managed Services - LogicaCMG France http://www.logicacmg.com/fr/ - mailto:jerome.fenal AT logicacmg.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Patch to Samba 3.0.1?
Uhm, if you mean have I configured /etc/nsswitch.conf, yes the important lines look like this - Passwd: files winbind Group: files winbind Hosts: files dns -Original Message- From: Adam Williams [mailto:[EMAIL PROTECTED] Sent: 16 December 2003 13:58 To: Ganguly, Sapan Cc: '[EMAIL PROTECTED]' Subject: RE: [Samba] Patch to Samba 3.0.1? Ah! I've made a discovery, if I put the NT user I am trying to log in as into /etc/passwd then it will allow me to log in with the user's NT password. This isn't supposed to be the way it works right? I shouldn't have to have the users in /etc/passwd, that's the whole point of winbind, right? You have to have the users in NSS. Do you have winbind configured as a NSS provider? It still won't create the home drives on the fly though. Can anyone help me now? I don't seem to get any logs like I do on Redhat. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Ver 3 for SCO Openserver
Am Dienstag, 16. Dezember 2003 11:10 schrieb John Milner: I am trying to find out if there is a port of Samba ver3 for SCO Openserver, as I desperately need to use the ADS features. Use the SOURCE, Luke...:-) Suppose what you need is gcc hth dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Hot-failover between a Samba 3.x.x PDC and BDC with LDAP backend
I would like to know how to achieve a hot-failover setup between a Samba 3.x.x primary domain controller and backup domain controller with a LDAP backend. I was under the impression that all I need to specify is something like the following in my smb.conf: passdb backend = ldapsam:ldap://pdc-srv.domain.org ldap://bdc-srv.domain.org; I have set this passdb backend reference in both my PDC's and BDC's smb.conf. I have used net rpc getsid on the BDC to obtain the domain SID from the PDC. If I create a testuser on the PDC, I am able to login with this user on the BDC (ssh [EMAIL PROTECTED]), so I know my LDAP master/slave replication is working correctly. I have rsynced my /home directory and user's profile information on the PDC to the BDC (After I get this hot-failover working I am going to have these two servers setup with real-time mirroring using fam, dnotify, and rsync). I was under the impression that if I configured my domain controllers in this fashion that I would be able to login to the PDC (let's say with testuser) and if the PDC fails for any reason then the BDC would be notified of the failure and take over at that point. Then testuser (who is still logged in) would be able to continue to access their home directory, but they would now be accessing the mirrored /home directory on the BDC, and this hot-failover would happen seamlessly without the user having to logoff and log back in. Is this a possible scenario and if so, how do I make this happen? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] mounting samba shares on linux with non-ascii dirs
Hi! I've just searching the list archives but cannot solve my problem with mounting samba (v3.0) shares back on linux (RH 8.0 and 9). Mounting on Win clients works fine and any filenames (including long names with non-ascii chars and spaces) are perfictly supported and accessed. Mounting the share back on (even the same) linux box is a complex task. I use: mount -t smbfs -o guest //samba/share /path or adding additional options iocharset=utf8,codepage=utf8 or other. 1. mount command: do it's job, but hangs sometimes (do not return to shell prompt)... 2. trying to access cirillic directories names: fails, but top-level are looks normal (not content, but themselfs), subdirs cannot be accessed 3. tying to create cirillic dirs and subdirs: works fine, but only within mounted share on linux and looks different in linux filesystem or through Win and cannot be accessed. I guess some problems with charset handling, but i'm trying to use unicode anywere. Any suggestions/help/tips? -- Dmitry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA 3.0.1 : Failed to verify incoming ticket!
You may want to search for a recent thread on the list that can guide you in resolving the kerberos failure. I think the subject line was Windows 2000 and kerberos... Tim - Original Message - From: James R. Trater [EMAIL PROTECTED] Date: Tuesday, December 16, 2003 4:05 pm Subject: [Samba] SAMBA 3.0.1 : Failed to verify incoming ticket! Hello, This morning I upgraded two machines to samba 3.0.1 (from version3.0.0). One machine is a member of our production Windows 2000 Active Directory. The other is a member of our test Windows 2003 Active Directory. I made no changes to the smb.conf file after doing the upgrade. However, after doing the upgrade clients are asked for a username/password when connecting and I am seeing this in my logs: [2003/12/16 09:50:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! This happens on both machines. The test network machine has SAMBA compiled against MIT-kerberos 1.3.1 . The production machine uses SAMBAcompiled against MIT-Kerbeors 1.2.7 . Any help would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Profile privelege problem **Solved**
... I used the latest and greatest SuSE 9.0 Professional... I then installed all the latest patches via YaST. That gives me a kernel of 2.4.21 (-144 in SuSE speak) and Samba 2.2.8a I had the configuration backed up on another box, so I used that as the base for Samba 2.2.8a. I have tried chmod, chown of various directories, making profile world readable, writeable, executeable, all to no avail. have tried commenting out various lines as suggested by other posts...also to no avail. W2K reports it can not find roaming profile, and then also reports it can not find a local profile, and signs the user (any user) on with a temp profile. All drive mappings are available, just no profiles, recent lists, etc... Samba log is showing: api_samr_set_userinfo: Unable to unmarshall SAMR_SET_Q_USERINFO bumping the samba log level, verifies that I am going after the user profile and I am dying because of lack of privelegesyet I can ssh into the box as a user and read or touch or execute anything I want !? Must be something trivial, but whoever wants to help you will need your smb.conf to see how you set it up. I can suggest relevant options how I handle the profiles: [global] ... logon path = \\p90.p1.n.d.d\profiles\%U domain logons = Yes create mask = 0664 directory mask = 0775 ... [profiles] path = /local/profiles valid users = %U read only = No inherit permissions = No security mask = 0777 directory security mask = 0777 browseable = No csc policy = disable My Samba server is a PDC for the domain with wins and all. It runs SuSE 8.2 (kernel 2.4.20-86) but that shouldn't matter. The permissions on user profile directories are all drwx--S--. All directories belong to individual users, group users. If you can't recognize what your problem is, enclose smb.conf next time. == Thanks Dragan ! It got me looking again...if I deleted the profile, and re-declared it, the user works OK. After declaring a new user, logging off and then back on again - it works great ?! After digging again, I found that in the samba/profiles directory are two files, ntuser.dat and ntuser.dat.log that must contain some sort of SID for the machine. I guess the key was, the fact that I had an existing installation and had copied too much stuff from the backups. So, the remedy ended up being just deleting those two ntuser files for each user. They lose their precious desktop for W2K, but everthing else is intact. Thanks again ! - Bill -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem Using Windows XP Pro w/Samba
Thank you all. I figured there was some tweaking that had to be done. The info you provided and the link to http://www.ccs.uky.edu/docs/samba.htm proved to be just what the doctor ordered. Thanks again for all the help. Patrick Shoaf At 11:12 AM 12/16/2003, Rob MacGregor wrote: From: Patrick Shoaf [EMAIL PROTECTED] I tried today to setup WinXP Pro to logon to my Linux Domain Server running RedHat Enterprise 2.1 with samba version 2.2.8a. WinXP is complaining it can not locate the domain server or is unable to authenticate with the server. Everything is working fine for Win9x, Win2k, and WinNT systems. When setting up the XP system it was able to connect and create a system account (jeff-system). Can anyone point me to where/how to identify and solve the problem? AFAIK the details are in the documentation, however... In the Local Security Policy, under Security Options ensure you set the Domain Member: Digitally sign... (always) options to disabled. You can find details by trawling for sign or seal xp on google. Please DO NOT send me ANY email directly unless it's a privacy issue. Reply-to mangled to assist those who don't read the above. -- Rob | What part of no was it you didn't understand? _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger Patrick J. Shoaf, IT Manager [EMAIL PROTECTED] Model Cleaners, Uniforms, Apparel 100 Third Street Charleroi, PA 15022 http://www.model-uniforms.com/http://www.model-uniforms.com Phone: 724-489-9553 ext. 105 or800-99 MODEL Fax: 724-489-4386 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not by contacted (2.2.3a-12.3 for Debian)
I am running on RedHat, but everything should be same on server side. Try adding the following lines into the smb.conf file: password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = yes pam password change = yes obey pam restrictions = yes I have these lines in my conf and everything is working for me, even WinXP now. The first two lines are for the case differences between Win linux. All version of win beyond Win95 defaults to encrypted passwords, hence line 3. I have two password files, /etc/passwd for Linux smbpasswd for Samba, users must be in both to authenticate, hence lines 4-5. Lines 6-7 were in my default config and things work, so I did not question them. If this does not work, please email me complete smb.conf file, and I will do a more thorough comparison. Good Luck. Patrick Shoaf At 11:12 AM 12/16/2003, Eduard Witteveen wrote: Hello, I'm having problems using Samba as an primary domain controller. I am using debian woody as our platform. The version of samba is 2.2.3a-12.3 for Debian and i followed the instructions which can be found on the following url: http://www-106.ibm.com/developerworks/eserver/tutorials/samba/. In short this covers: - creating the config file - creating the users / groups - creating directory structure - configuring the windows client I attached my config file's /logging from my debian woody system. I did the following things on the windows client (Windows XP Professional 2002 Service Pack 1) - Open the Local Security Policy editor (Start - All Programs - Administrative Tools - Local Security Policy). - Locate the entry Domain member: Digitally encrypt or sign secure channel (always). Disable it. - Locate the entry Domain member: Disable machine account password changes. Make sure it's disabled as well. - Locate the entry Domain member: Require strong (Windows 2000 or later) session key. Disable it. - Next, download the WinXP_SignOrSeal registry patch from www.samba.org http://www.samba.org or collect it from the Further resources: Downloads and developerWorks http://www-106.ibm.com/developerworks/eserver/tutorials/samba/samba-6-2.html section at the end of this tutorial. Apply it by double-clicking and answering Yes to the dialog prompt. - Now join the domain the same as you would for Windows NT or 2000. Right-click My Computer, select Properties, Computer Name, and Change. Or click the Network ID button and run the Network Wizard. I put some screenshots of windows on the following locations: http://www.nergens.org/samba/ComputerNameChanges.PNG and http://www.nergens.org/samba/ComputerProperties.PNG ( i searched on the mailarchive, but i couldnt find any pointers / im kinda new to smb so i dont know how to debug) Could someone please help me here? Eduard Witteveen [global] ;basic server settings workgroup = HAWAR3 netbios name = nemo server string = Samba %h PDC running %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 ;PDC and master browser settings os level = 64 preferred master = yes local master = yes domain master = yes ;security and logging settings security = user # encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 # max log size = 50 # hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0 ;user profiles and home directory logon home = \\%L\%U\ logon drive = H: logon path = \\%L\profiles\%U logon script = netlogon.bat ;sync passwords unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: *all*authentication*tokens*updated*successfully* ; new machines add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u # shares [homes] comment = Home Directories browseable = no writeable = yes [profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600[2003/12/16 17:18:37, 0] smbd/server.c:main(698) smbd version 2.2.3a-12.3 for Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2003/12/16 17:18:37, 1] lib/debug.c:debug_message(250) INFO: Debug class all level = 2 (pid 232 from pid 232) [2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973) Processing section [homes] [2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973) Processing section [profiles] [2003/12/16 17:18:37, 2] param/loadparm.c:do_section(2973) Processing section [netlogon] [2003/12/16 17:18:37, 2] lib/interface.c:add_interface(81) added interface ip=10.0.0.152 bcast=10.0.0.255 nmask=255.255.255.0 [2003/12/16 17:18:37, 2] smbd/server.c:open_sockets(198) waiting for a connection nemo:/var/log/samba# cat log.nmbd [2003/12/16 17:18:37, 0] nmbd/nmbd.c:main(783) Netbios nameserver version 2.2.3a-12.3 for Debian started. Copyright Andrew Tridgell and the Samba
[Samba] Re: Samba-3.0 groupmapping problem
Hi, first thank for this answer :o) What do you meen by : You must have the posixAccount LDAP definition in the LDAP directory. Having it /etc/group won't help at all... That's why you have a «No such object» error in Samba logs. I've just used your example : dn: cn=domusers, ou=Group, dc=bpinet,dc=com cn: domusers gidNumber: 513 displayName: Domain Users memberUid: firstmember memberUid: secondmember description: Utilisateurs du domaine objectClass: posixGroup by replacing variables with mind and the result is still the same :o( when entering command : net groupmap add ntgroup=Domain Users unixgroup=users even if i'm using Domain Users or domusers argh don't know where looking for Vtux -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 and WinXP (again)
Hello everyone, I have a redhat 9 server running with Samba 3.0. It's a bit different than the previous version, but I'm finally getting used to it. Here's my biggest issue: This is a server for approx. 15 clients, all but one running WinXP. Previously, we were running 2.2.8 w/ Win2K clients. In the past, we were able to log into the local computers, even when we didn't have a network connection. We were running all stations with local profiles (even thought the server is no longer running, I have a copy of the conf file). Now, we're running XP with version 3 of Samba. Now, even though we are all running local profiles, no one can log in without a network connection. I've read the smb.conf.5 many, many times. I've re-written the conf file a number of times, but nothing I do fixes the problem. This is becoming a bigger issue now that I've moved the owner and programmers over to this new box. Below you will find my current conf file. Any help would be greatly appreciated! Darin Bawden [global] workgroup = workgroup server string = workgroup File Server interfaces = eth0, 127.0.0.1/255.0.0.0 bind interfaces only = Yes password server = passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log level = 2 log file = /var/log/samba/log.%m max log size = 500 smb ports = 445 139 137 name resolve order = wins lmhosts bcast host time server = Yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 printcap name = cups add user script = /usr/sbin/useradd -d /home/%u -g 100 -s /bin/false -M %u add machine script = /usr/sbin/adduser -d /dev/null -g 100 -s /bin/false -M %m$ logon script = logon.cmd logon path = \\%L\profiles\%U logon drive = z: domain logons = Yes os level = 99 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no wtmp directory = /var/log/wtmp utmp = Yes profile acls = Yes printing = cups dont descend = /dev [homes] comment = %U's Home Directory read only = No browseable = No [netlogon] path = /usr/local/samba/logon browseable = No [profiles] path = /usr/local/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba printer admin = @domadm guest ok = Yes printable = Yes browseable = No [teamdme] comment = # Directory path = /usr/## force group = users read only = No create mask = 0775 directory mask = 0775 guest ok = Yes [print$] comment = Printer Drivers Area path = /usr/local/samba/drivers write list = @domadm guest ok = Yes browseable = No [root] comment = Admin Purposes Only path = / valid users = myname admin users = myname write list = myname browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problems with file date/time creation and modification
Changing from Yes to No these options ( dos filetime dos filetime resolution) don't change anything. As none of possible combinations... At 20:47 13/12/2003, you wrote: What happens when you set both of those options to No? - Original Message - DATE: Sat, 13 Dec 2003 09:05:21 From: Raphael TAVERNIER [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] So no solution?... It is not possible to syncronize real M$ files with samba share files At 12:52 12/12/2003, you wrote: I have Time precision problem between linux samba shares and M$ files I want to use my tux to save files from my M$ PC's. Of course I want to do incrementals copy based on modification date... I mount my samba shares from my Windows Boxs and use tools on the micro$oft boxs. (Xcopy /D or SyncroniX ) The problem is that the modification date on the samba share and on de source file on the M$ local disk is sometimes different by 1s (newer or older). For example I create a file c:\mytest.txt the file properties says Created modified at 18:30:01 I xcopy it to my samba share window$ properties says Created modified at 18:30:00 which is older! so when I xcopy /D the file is copied again and again. I'm Running samba-2.2.7a-8.9.0 on Redhat 9.0 My M$ boxs are both W2K and XP (on NTFS). gt; I've searched a little around and set : dos filetime resolution = yes 'for the dos 2s resolution time... and : dos filetimes = yes '...for Visual C++... But it didn't change anything. Is it possible to syncronize these filetimes...? Probably not. I believe DOS/Windows packs the time in such a way that they have no notion of odd seconds times. All seconds are even. But that is normally no problem. _ Envie de discuter en live avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France oo Raphaël TAVERNIER Portable: 06 09 21 36 96 Home: 04 50 52 52 73 [EMAIL PROTECTED] oo oo Raphaël TAVERNIER Portable: 06 09 21 36 96 Home: 04 50 52 52 73 [EMAIL PROTECTED] oo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Very Large Offsite Backup
I put a Samba server in small office (6 users) that has 1.5 Terabytes of storage space. They are unique in that they need the space because they do a lot with video, but with the limited amount users I went with an IDE solution. I am a little worried about physical damage to the equipment and trying to come up with some way of doing an offsite backup. Their office is in a very industrial area. I was thinking about clustering, but I was wondering how effective that would be over the Internet. Thanks for you help! Joe Wojnas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind pdc bdc problem
Thanks, guess I don't need it then. I wasn't quite sure what the full function was for winbindd. On Tue, 2003-12-16 at 10:01, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kent L. Nasveschuk wrote: | Do I need to use winbind between pdc and bdc if I'm | using LDAP backend? On a Samba DC, Winbindd is only needed when the DC's have established trusts with other domains (and you need winbindd to generate accounts for the trusted users and groups). - -- ciao, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3x5NIR7qMdg1EfYRAu0aAJ0bf1xldkSU72onr/iL1l9wl70n1QCfTi+f pj/6UNQJrMakJb0dUhTVO1E= =nmX/ -END PGP SIGNATURE- -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba locking database errors : V 2.2.8 a on HP-UX 11i
HP-UX defaults nflocks at 200. At the default, you will run out of locks at about 20 client connections. You will need to bump nflocks and nfiles before trying to run at average usage levels. Eric Roseme Hewlett-Packard Jérôme Fenal wrote: Foster, Ian (LogicaCMG) wrote: We are in the process of commissioning a new HP server (on HP-UX 11i) and have installed Samba which we have configured and used extensively before without major problems (though not this version - 2.2.8.a). Samba ran OK initially, but now we are getting failures with messages of 'smbd[pid] Cannot initialize locking database' and 'no locks available' logged to the syslog and no new connections can be established (can not even browse - get message 'Network name could not be found'). This can only be cleared by restarting the daemons. I have checked our smb.conf file with the testparm utility and this looks ok, and checked the parameters (including the defaults) against the smb.conf man page at samba.org in an attempt to identify any bad config. I have also verified the obvious - that the lock directory exists and the permissions are correct (if they didn't I guess it would fall over straight away). I have attached a dump of our global definitions for inspection. Has anybody any ideas what may be causing this ? I have checked the Samba web pages without success. Is there a bad locking option here - or some other samba / kernel threshold we are hitting ? If I can't resolve this the filestore is going to NT ! Any help very gratefully recieved. Hi, could you send the real smb.conf, since RTF encoded testparm output is bit clumsy to read...? I read in the testparm dump that you are in 'security=server' mode. Do you really need it? Does your server participate in a domain? 2.2.8a can happily participate in a NT4 or an NT4 compat on ADS domain. And could you check with Sam the limits of the HP-UX kernel (number of processes for the system, by user, max number of open files, etc.)? I'll check tomorrow on HP-UX server at work what kernel parameters could hit Samba. Could you also set 'log level=' to a bit more than 1 to see more output in the logs? That would help. Regards, J. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Results of nessus scan
I run samba 2.2.8a on my openbsd 3.4 box, installed from a package. All i need is the ability to mount disks form winxp boxes so i only run smbd, at 139/tcp. I tried scanning the box with nessus, and it came up with some results that got me curious. Since i dont know very much about the smb protocol I thought i should ask here. Have searched the archives but found only old posts, concering older versions. Whats a NULL session? what are domain and host SID? Nessus also suggests i'd limit the access to the $IPC share. How can i limit this info disclosure? 127.0.0.1|netbios-ssn (139/tcp)|10397|INFO|Here is the browse list of the remote host : HOSTNAME - This is potentially dangerous as this may help the attack of a potential hacker by giving him extra targets to check for Solution : filter incoming traffic to this port Risk factor : Low 127.0.0.1|netbios-ssn (139/tcp)|10395|INFO|Here is the list of the SMB shares of this host : myshare - IPC$ - ADMIN$ - This is potentially dangerous as this may help the attack of a potential hacker. Solution : filter incoming traffic to this port Risk factor : Medium 127.0.0.1|netbios-ssn (139/tcp)|10400|INFO| The remote registry can be accessed remotely using the login / password combination used for the SMB tests. Having the registry accessible to the world is not a good thing as it gives extra knowledge to a hacker. Solution : Apply service pack 3 if not done already, and set the key HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg to restrict what can be browsed by non administrators. In addition to this, you should consider filtering incoming packets to this port. Risk factor : Low 127.0.0.1|netbios-ssn (139/tcp)|10859|INFO|The host SID can be obtained remotely. Its value is : HOSTNAME : 4-55-654367899-87557843444-56789446 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 and 445 Risk factor : Low 127.0.0.1|netbios-ssn (139/tcp)|10398|INFO|The domain SID can be obtained remotely. Its value is : WORKGROUP : 45-0-0-0-0 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 and 445 Risk factor : Low 127.0.0.1|netbios-ssn (139/tcp)|10394|REPORT| . It was possible to log into the remote host using a NULL session. The concept of a NULL session is to provide a null username and a null password, which grants the user the 'guest' access To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and Q246261 (Windows 2000). Note that this won't completely disable null sessions, but will prevent them from connecting to IPC$. Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html. All the smb tests will be done as ''/'whatever' in domain -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.8a admin log parameter
Hi, I can't find any documentation for this paramter, other than knowing it has been removed in 3. I can't install 3 yet, so for now I want to know what this parameter does. Thanks Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Logging Print Jobs
I am a technology coordinator for a school in Western Ohio, and I am wanting to log print jobs to a file for review (ensuring students and staff) are utilizing our equipment properly (At the request of my boss). I found this in a thread..but I need some more information...or clearer instructions. I just want to output this same informaton to a file for each printer. Thanks in Advance. -Bodhi -- I have been given the task of logging everything which is printed on my samba server. I thought I would test this out on a pdf printer I'm using with samba. I enter the following line for the print command. %u has printed %s from %m to %p at %T /tmp/smbprintlog /usr/bin/printpdf %s The result is similar to the following. joe has printed smbprn.004603.Zqq9tZ from wilmsn44 to pdftech at 2003/11/09 12:26:03 The resulting log entry is very good with the exception of %s which gives the spool file name and not the name of the actual file. Is there a method to place the actual filename of the printjob into this type of log? -- -Bodhi It is fate to be born free, It is a privilege to live free, It is a responsibility to die free. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Logging Print Jobs
I am using lpd I think. My smb.conf file reads printing=lprng. /shrug. I hope that helps. -Bodhi It is fate to be born free, It is a privilege to live free, It is a responsibility to die free. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticating to BDC with LDAP backend
Hello, I'm still trying to get this straightened out. I have the following system: System description RedHat 8.0 LDAP 2.1.23 Samba 3.0 I have basically 2 BDC that I want users to have home directories on. These also run LDAP backend as slave servers. Do all machines using the domain need to have machine accounts on the PDC or do some that use the BDC for home directories need to have machine accounts on the BDC? Any help or suggestions would be appreciated. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Perhaps a few too many questions
Red Hat AS 3.0 - samba 3.0.0 Existing NT Domain - joined domain with net join command and have SID have set up LDAP and imported Unix users / passwords and seems to work fine. Now - want to set up with samba.schema - my intentions are to make the samba machine the domain controller and handle logins / users - etc. 1 - Should I be using the migration scripts that came with samba? I actually will probably just ultimately delete most of the Users in the existing domain but a few, such as Administrator, I will want to keep. 2 - Should I 'promote' the Samba machine to be PDC 'before' I run the scripts or after? 3 - Can I expect the now PDC (WinNT) eventually to become the BDC to work with the Samba server and synchronize the User/Group/Policies? 4 - Is there any reason to use Kerberos if I don't try to emulate AD and just keep it a WinNT type domain? 5 - Will I still have to change the signorseal items in the WindowsXP machines before I can join them to the domain? Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Results of nessus scan
Try setting: guestaccount = NULL and restrict anonymous = yes in you smb.conf I had the same problem, and this solved it for me. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Individual directory permissions within a share
Is it possible to restrict access to a directory within a share for certain users if the samba server type is domain member. If so, how? TIA, Joel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Mapping problems
When I enable logging level 5 (or even 10)), I don't see any more useful information. I just see (over and over again): ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax) But every one in a while (apparantly not related to my net groupmap attempts), I see this: passdb/pdb_ldap.c:ldapsam_search_one_group(1612) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax)ldapsam_search_one_group: Query was: ou=Groups,dc=domain, ((objectClass=sambaGroupMapping)(gidNumber=65534)) I'm assuming a machine on my domain is making this query (but I don't know why), but why is gidNumber=65534 being used for this query? Can anyone shed some light as to what is going on? I'm executing this command: net groupmap add sid=SID-512 ntgroup=Domain Admins unixgroup=dom_admin type=domain Rob Greg Dickie wrote: I think a debug level 5 will show you exactly what its looking for. You can do smbcontrol smbd debug 5 to set that. hth, Greg On Monday 15 December 2003 17:27, Robert Rati wrote: I'm trying to map my LDAP groups to Windows Groups, but I'm not having any luck. Here is a group I'm trying to map: dn: cn=dom_admin,ou=Groups,dc=domain objectClass: sambaGroupMapping objectClass: posixGroup gidNumber: 1000 cn: dom_admin memberUid: dom_admin description: Domain Admininistrators Group sambaSID: S-1-5-21-835892245-73647866-3919785651-512 sambaGroupType: 2 but when I do a net groupmap command, I get this error over and over again: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax) What DN syntax is being used for this search? How do I modify it/fix this problem? Rob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb_proc_readdir Problem
When I mount a smb share that is located on a Win2k machine I get the following error when I try to browse the directory. smb_proc_readdir_long: name=, result=-2, rcls=1, err=123 I assume this is talking about the long filenames that are in the directory I am trying to browse. I have to type ls or ll multiple times before I get a listing and then the listing isn't all there either. I am running Red Hat 8.0 Kernel 2.4.18, samba 2.2.5 I have read about patches to fix this, but I cannot locate the patches. Can I get some help? Thanks Russ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Read-only folders and WinXP
Hi, I posted this some time ago but it remained unanswered; sorry for the repost, but I hope to receive at least some confirmations or otherwise by other people using WinXP Pro. Using Samba 2.2.8a, I have a problem on a WinXP Pro client regarding the read-only attribute on folders; the problem does not appear on Win2000 Pro clients. Here it is: setting and unsetting the read-only attribute on files works fine, both on Win2000 and WinXP. And setting it on _directories_ does not work, if I recall correctly, neither on Win2000 nor on WinXP (but this is not a problem). Instead, UNSETTING it on directories works fine on Win2000, while it doesn't work on WinXP: it doesn't return any error, but when you open the folder properties again you notice that the attribute has not changed. I need this feature for some directories which are periodically set to read-only from the Linux side and need to be changed to writeable by users using the clients. It works fine on Win2000, but WinXP is driving me mad. Any clues? Can anyone confirm that their WinXP behaves the same? Thanks. -- Ciao, Marco. ...Skylarking, XTC 1986 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc vampire problems
[EMAIL PROTECTED] wrote: But if I user lowercase, it works. I wasn't aware of a restriction on creating uppercase usernames. Is this supposed to happen? Anyone else know why my machine accounts aren't getting migrated? Pretty please? Dan, What flavor of Linux are you using. I'm running Gentoo ( current ). I just did a migration using Samba 3.0 and RedHat ES 3.0. I ran into the same problem. That is because RedHat does not allow you to create user names with uppercase letters. I tried the script below. I had to edit out an extra '_' at the end of the sed bit. The command works great if I run it myself from a console, but when I point the add user script at it, I still get the same problem, but only about 50% of the time ... some accounts are getting created. However NONE of the machine accounts created let me log into the new domain from a PC that was already on the old network - I still get the 'this machine's account is missing or the password is wrong' error. Maybe someone can satisfy my curiosity here... WTF is supposed to be going on in the machine account creation? The adduser script is called ( which in my case doesn't work ). So say I have created these machine accounts by hand already. What's next? The password bit, right? Can I do this myself too? Where does the machine account's password go ... in /etc/shadow? Can I get it from somewhere and add it myself? On a side note, the not-being-able-to-create-uppercase-usernames issues needs to be fixed... Anyway, thanks to those that have helped so far. The other problem I had was with group names. The way I got around it was to write my own scripts that change the machine name from upper to lower case. I put the reference in the smb.conf: add machine script = xx.sh This is the script:** #!/bin/sh # Script to add machines # Checks to see if a command line argument was passwd if [ $# -eq 0 ] then echo . echo Did not pass an argument on the command line echo usage: conv.sh \THIS is a TEST\ echo . exit 0 fi # Passes the command line argument. Reduces the string length and converts to lower case lower=`echo $1 | sed y/[ABCDEFGHIJKLMNOPQRSTUVWXYZ\ ]/[abcdefghijklmnopqrstuvwxyz\_]/` #This is the section in which you call the useradd and pass the Unix compliant name /usr/sbin/useradd -g machines -s /sbin/nologin -d /dev/null $lower exit 0 It doesn't make any difference if I run the above script or not. The creation of the machine trust account still fails. Interestingly, if I run manually: useradd DKASAK$ I get the error: useradd: invalid user name 'DKASAK$' But if I user lowercase, it works. I wasn't aware of a restriction on creating uppercase usernames. Is this supposed to happen? Anyone else know why my machine accounts aren't getting migrated? Pretty please? Dan -- Daniel Kasak IT Developer NUS Consulting Group Level 5, 77 Pacific Highway North Sydney, NSW, Australia 2060 T: (+61) 2 9922-7676 / F: (+61) 2 9922 7989 email: [EMAIL PROTECTED] website: http://www.nusconsulting.com.au -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Daniel Kasak IT Developer NUS Consulting Group Level 5, 77 Pacific Highway North Sydney, NSW, Australia 2060 T: (+61) 2 9922-7676 / F: (+61) 2 9922 7989 email: [EMAIL PROTECTED] website: http://www.nusconsulting.com.au -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] change_trust_account_password errors with winbind on 2.2.8a
Hi, We are seeing errors like change_trust_account_password: Failed to change password for domain on a server configured with winbind. wbinfo -t reports a good secret and we can see groups and users. Any idea where this is coming from? Thanks, Greg -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems joining Win XP to PDC.
Hi, I'm having problems joining a W-XP client to my PCD. This is on Samba 3.0.1 w/ LDAP passdb, Suse 8.2. When I join the client to the server, I cannot add the Administrator to any of the local accounts. Instead I get an error stating that there is a broken trust relationship between the client and the server. Has anyone experienced this before, and know why it happens? I am greatfull for any help, and hints you might provide me with. Yours, Tarjei Huse -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Failing to store a SAM_ACCOUNT for [root] without a primary group RID
OK. I've given up on using the 'net vampire' feature to suck our NT4 info. Now I want to start afresh. I've set the smb.conf file up, and run the script I found in the HTML docs to map common Windows Domain groups to unix groups. This worked OK. Now I want to create a root account so I can actually join the domain from a Windows 2000 client. When I run: /usr/local/samba/bin/smbpasswd -a root and enter the password I get: tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a primary group RID I never used to get this under older ( 3.0+ ) versions. Something changed? Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] I'm confused. What is winbindd supposed to get me?
I've got a Samba member server as part of a Windows NT domain. User accounts have the same name in both domain. I was having all sorts of trouble when winbindd was running with wierd groups showing up. I happened to screw up the winbindd configuration without noticing causing it to crash, but I ran snmd and nmbd anyway and suddenly everything started working perfectly. The docs say you MUST run winbindd. I'm confused. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I'm confused. What is winbindd supposed to get me?
Hi, winbind is used to import accounts from a windows machine. If all your accounts already exist on the samba machine then you don't need winbind. If you had a disjoint set of users on the samba machine and the windows machine then you would be able to see the union set by using winbind. Does that help at all? Greg On Tuesday 16 December 2003 20:09, [EMAIL PROTECTED] wrote: I've got a Samba member server as part of a Windows NT domain. User accounts have the same name in both domain. I was having all sorts of trouble when winbindd was running with wierd groups showing up. I happened to screw up the winbindd configuration without noticing causing it to crash, but I ran snmd and nmbd anyway and suddenly everything started working perfectly. The docs say you MUST run winbindd. I'm confused. -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pam_modules.h present but cannot be compiled
Shouldn't I be worried about this? As far as I know I'm using PAM for authentication, but it seems to be working. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Results of nessus scan
James R. Trater wrote: Try setting: guestaccount = NULL and restrict anonymous = yes in you smb.conf I had the same problem, and this solved it for me. Just for the records; it really did the trick. Nessus reports nothing now! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Domains and Network Browsing
Hi all,
I have been working on a multi-domain network (2 of them) with one domain
being controlled by Samba/Openldap config and the other a standard Win2k AD.
I have had success getting all computers on the Samba domain to see the
Win2k controller via the Network browser but it does not seem to be working
the other way around.
My network config is split up into two separate VLANs using an extreme
switch (192.168.1.0 and 192.168.1.0). They talk to each other through a
router, have gateways out to a firewall and then pass into the internet.
Both domains have WINS/DNS/DHCP running. Each domain has each others
WINS/DNS in their config files. Both DHCP servers have propagated each
others DNS/WINS to the various workstations (Each DHCP services only one
sub-net).
On workstations within the Win2k domain I can type in the desired
workstation and it does appear or I can search for it. However, the Domain
container for the SAMBA group is missing on workstations within the Win2k
domain (hope that makes sense).
Below is a version of my smb.conf file:
server string =
workgroup = BOGUSGROUP
netbios name = BOGUSNAME
null passwords = yes
passdb backend = ldapsam:ldap://localhost
log level =1
add user script = /usr/local/sbin/smbldap-useradd.pl -a -m %u
add group script = /usr/local/sbin/smbldap-groupadd.pl -g %g
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u
logon path = \{}\{}%L\{}profiles\{}$user
logon drive = H:
logon home = \{}\{}%L\{}$user\{}.profiles
domain logons = yes
os level = 64
preferred master =yes
domain master = yes
ldap suffix = dc=group,dc=ca
ldap machine suffix =
cn=Computers,ou=Systems,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
ldap user suffix =
cn=Users,ou=People,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
#ldap group suffix =
cn=Group,ou=Groups,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=Manager,dc=group,dc=ca
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
template homedir = /home/%D/%U
template shell = /bin/bash
winbind separator = +
wins support = yes
wins server = 192.168.2.17, 192.168.1.9
wins proxy = yes
dns proxy = yes
admin users = administrator, root
remote announce = 192.168.1.9/SAMBADOMAIN
interfaces = 192.168.2.16/24 192.168.2.17/24
I thought that maybe the remote announce would work but it hasn't seemed to.
The problem is it is hard to tell which domain controller is at fault. I
don't think that the Samba is the problem. The WINS on the win2k box was
mangled until recently and the DNS is also flaky (hence the move over to
Samba). But I have to keep both domains up for the next little while
(production environment) and then we will slowly migrate everyone over.
Any thoughts would be appreciated.
Jason
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains and Network Browsing
I'm sure you can make this work better if you only use one wins server. If you
are migrating to samba anyway is it an option to at least point everyone to
samba as WINS?
I've never had any luck with remote announce and in any case it will only
announce the server and not any of the other workstations. You might try
using the broadcast address of that subnet instead though in case the server
is not the browse master.
Could you add an interface on the samba machine that was on the other VLAN
(ie: multihomed). This way it would announce itself on both broadcast
domains.
WINS and broadcast seems to be the only way to make network neighborhoods
work.
hope this helps,
Greg
On Tuesday 16 December 2003 21:42, Jason Gray wrote:
Hi all,
I have been working on a multi-domain network (2 of them) with one domain
being controlled by Samba/Openldap config and the other a standard Win2k
AD. I have had success getting all computers on the Samba domain to see the
Win2k controller via the Network browser but it does not seem to be working
the other way around.
My network config is split up into two separate VLANs using an extreme
switch (192.168.1.0 and 192.168.1.0). They talk to each other through a
router, have gateways out to a firewall and then pass into the internet.
Both domains have WINS/DNS/DHCP running. Each domain has each others
WINS/DNS in their config files. Both DHCP servers have propagated each
others DNS/WINS to the various workstations (Each DHCP services only one
sub-net).
On workstations within the Win2k domain I can type in the desired
workstation and it does appear or I can search for it. However, the Domain
container for the SAMBA group is missing on workstations within the Win2k
domain (hope that makes sense).
Below is a version of my smb.conf file:
server string =
workgroup = BOGUSGROUP
netbios name = BOGUSNAME
null passwords = yes
passdb backend = ldapsam:ldap://localhost
log level =1
add user script = /usr/local/sbin/smbldap-useradd.pl -a -m %u
add group script = /usr/local/sbin/smbldap-groupadd.pl -g %g
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u
logon path = \{}\{}%L\{}profiles\{}$user
logon drive = H:
logon home = \{}\{}%L\{}$user\{}.profiles
domain logons = yes
os level = 64
preferred master =yes
domain master = yes
ldap suffix = dc=group,dc=ca
ldap machine suffix =
cn=Computers,ou=Systems,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
ldap user suffix =
cn=Users,ou=People,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
#ldap group suffix =
cn=Group,ou=Groups,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=Manager,dc=group,dc=ca
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
template homedir = /home/%D/%U
template shell = /bin/bash
winbind separator = +
wins support = yes
wins server = 192.168.2.17, 192.168.1.9
wins proxy = yes
dns proxy = yes
admin users = administrator, root
remote announce = 192.168.1.9/SAMBADOMAIN
interfaces = 192.168.2.16/24 192.168.2.17/24
I thought that maybe the remote announce would work but it hasn't seemed
to. The problem is it is hard to tell which domain controller is at fault.
I don't think that the Samba is the problem. The WINS on the win2k box was
mangled until recently and the DNS is also flaky (hence the move over to
Samba). But I have to keep both domains up for the next little while
(production environment) and then we will slowly migrate everyone over.
Any thoughts would be appreciated.
Jason
--
Greg Dickie
just a guy
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT won't work.
Ok, here is the problem. Samba is working, I can access it from a account I created from a windows XP machine. So that is good. But I cant get swat to work when I go to my browser windows explorer and go to http://192.168.1.125 http://192.168.1.125/ :901 (which is my static IP address for the machine). Of course with out port 901. But nothing happens when I try to open it. I do have my web server up and going, infact I have a squirl mail up and running. So I know the httpd is up. Im running Red Hat 7.3 and running samba 3.1. I tried to telnet from the actual machine with samba on it to telnet 192.168.1.125:901 and it says telnet: 127.0.0.1:901: Name or service not known so its not working. I think that is the problem. How do I get it so httpd service will interact with port 901 and make samba work? Help is appreciated, Im trying to get samba up and running for a non-profit org. that can not afford to buy windows 2000 server and pay for it, and pay for the 5 licenses we will have to buy. HELP is much appreciated. THANKS Phillip -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT4 DOS Users rejected by PAM through winbind.
Hi All, I have a member server on debian unstable using 3.0.0.final, member of 2000 AD, in ADS security mode authenticating through winbind. XP/2000/2003 clients connect to shares OK, NT4 DOS fail (suspect 9x the same not tested). NOT using NTLM v2. The logged error is auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User DOMAIN+user. winbind log generates No rid for Pre-Windows 2000 Compatible Access !? I can't find any info on this error out there. Any ideas where to start? Xmas Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] INTERNAL ERROR: Signal 11
Hello everybody, I just installed a samba-3.0.1 from sources, and I have an INTERNAL ERROR when I launch smbd, nmbd or even swat (from inetd) to try to configure something. I use a slackware 9.1 with glibc-2.3.2 The glibc seems to be the problem, because when I jump back on a 2.3.1, I can launch swat without this bug. Can someone help me to fix that ? Thanks. Here is a screeshot of /var/samba/log.swat, I know, 4:14 am is not a good time to make samba works correctly ;) === [2003/12/17 04:14:51, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 4626 (3.0.1) Please read the appendix Bugs of the Samba HOWTO collection [2003/12/17 04:14:51, 0] lib/fault.c:fault_report(39) === [2003/12/17 04:14:51, 0] lib/util.c:smb_panic(1400) PANIC: internal error [2003/12/17 04:14:51, 0] lib/util.c:smb_panic(1408) BACKTRACE: 25 stack frames: #0 swat(smb_panic+0x181) [0x80b962d] #1 swat [0x80a9f4e] #2 swat [0x80a9f97] #3 /lib/libc.so.6 [0x400a4988] #4 /lib/libc.so.6 [0x40091f24] #5 /lib/libc.so.6(iconv+0x132) [0x40091602] #6 swat [0x80c3b8a] #7 swat(smb_iconv+0x36) [0x80c3bcc] #8 swat [0x80a7d01] #9 swat(convert_string+0x14b) [0x80a8011] #10 swat [0x80b5605] #11 swat(init_doschar_table+0x29) [0x80b5653] #12 swat(init_iconv+0x1a2) [0x80a7c07] #13 swat(lazy_initialize_conv+0x23) [0x80a7a61] #14 swat(convert_string_allocate+0x5e) [0x80a809d] #15 swat(push_ucs2_allocate+0x30) [0x80a8ab5] #16 swat(unix_strupper+0x19) [0x80a8533] #17 swat(strupper_m+0x60) [0x80b3738] #18 swat(set_global_myname+0x56) [0x80b7646] #19 swat [0x806405c] #20 swat(lp_load+0xa5) [0x806a00e] #21 swat [0x8061818] #22 swat(main+0xf1) [0x8063887] #23 /lib/libc.so.6(__libc_start_main+0xc6) [0x40090d06] #24 swat(chroot+0x31) [0x805ee11] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT won't work.
Swat runs as a separate service, not under the webserver. You need to have it configured in inetd or xinetd. Greg On Tuesday 16 December 2003 22:06, Phillip Tilleman wrote: Ok, here is the problem. Samba is working, I can access it from a account I created from a windows XP machine. So that is good. But I cant get swat to work when I go to my browser windows explorer and go to http://192.168.1.125 http://192.168.1.125/ :901 (which is my static IP address for the machine). Of course with out port 901. But nothing happens when I try to open it. I do have my web server up and going, infact I have a squirl mail up and running. So I know the httpd is up. Im running Red Hat 7.3 and running samba 3.1. I tried to telnet from the actual machine with samba on it to telnet 192.168.1.125:901 and it says telnet: 127.0.0.1:901: Name or service not known so its not working. I think that is the problem. How do I get it so httpd service will interact with port 901 and make samba work? Help is appreciated, Im trying to get samba up and running for a non-profit org. that can not afford to buy windows 2000 server and pay for it, and pay for the 5 licenses we will have to buy. HELP is much appreciated. THANKS Phillip -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain account
Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain account
Hi Dede, Just to confirm. You are logged onto the workstation as local administrator (or a local account with admin privileges) correct? Then you try to join the domain and when it asks you for the username password you use root and the root password yes? Have you added the root user in your samba password database with smbpasswd? This usually works pretty easily and I don't understand why you would get that error. Greg On Tuesday 16 December 2003 23:35, Dede NURMANSYAH wrote: Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2 and WinXP
I have Samba PDC and XP client and i have no problem joining and logging in to the PDC. After a few tests, i come to notice that each user that logs in to the XP box, will create his own profile on XP at 'Documents and Settings' folder and those profiles are copied to the PDC. when i try to use another username to log on to the same XP box, it will also create his/her own profiles at 'Documents and Settings' folder on the XP. I think there will be a problem, because any samba users who logs in to the same XP box, can access anyone else profiles that were created on the XP box. And maybe this is not samba's problem, its XP. but anyone knows how to deal with the security issues on the XP box? thanks. julius. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain account
Hi Greg, Thanks for your response :) Yes, I'm logged onto workstation as local administrator and when the system asked username and password, I put root username and root password. I've also added root account into samba password database using smbpasswd -a root I don't have any idea about this problem, because I'm sure enough that all steps I made is correct and it has been my problem since 3 month ago. And now I'm really give up and little stress. Perhaps anybody could give me advise. Regards, Dede Nurmansyah -Original Message- From: Greg Dickie [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 10:49 AM To: Dede NURMANSYAH; [EMAIL PROTECTED] Subject:Re: [Samba] Domain account Hi Dede, Just to confirm. You are logged onto the workstation as local administrator (or a local account with admin privileges) correct? Then you try to join the domain and when it asks you for the username password you use root and the root password yes? Have you added the root user in your samba password database with smbpasswd? This usually works pretty easily and I don't understand why you would get that error. Greg On Tuesday 16 December 2003 23:35, Dede NURMANSYAH wrote: Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Not seeing Samba Server from My Network Places
Using RedHAT 9.0 and Samba that came with it.. Samba states it is up and running..Here is the current samba.conf file.. I can browse from the linux box and get into the window shares. Can ping the address of the linux server.. See the workgroup from windows, but no machine or folders available.. Please Help.. Thanks, Mike #samba conf-12-12-03 # Global parameters [global] workgroup = rharch server string = rh-server netbios name = rhserver interfaces = 192.168.254.0/24 127.0.0.0/24 bind interfaces only = Yes security = SHARE encrypt passwords = yes log file = /var/log/samba/log.%m max log size = 500 socket options = TCP_NODELAY os level = 33 preferred master = yes dns proxy = No wins support = no guest ok = yes guest account = smbuser [public] comment = Public Storage path = /home/public writeable = yes map archive = yes map hidden = yes map system = No create mask = 744 directory mask = 755 [data] comment = Data path = /home/samba/data writeable = yes map archive = Yes map hidden = Yes map system = No create mask = 744 directory mask = 770 force group = smb --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.551 / Virus Database: 343 - Release Date: 12/11/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Not seeing Samba Server from My Network Places
On Tue, 2003-12-16 at 21:38, Mike Tutaj wrote: Using RedHAT 9.0 and Samba that came with it.. Samba states it is up and running..Here is the current samba.conf file.. I can browse from the linux box and get into the window shares. Can ping the address of the linux server.. See the workgroup from windows, but no machine or folders available.. --- from Linux box... service iptables off then try to connect from Winbox to Linux Box if it works - adjust your firewall Also - I don't think that your 'interfaces' is correct - you have the network address and not the actual ip address... interfaces - 192.168.254.1/24 127.0.0.1/32 Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain account
On Tue, 2003-12-16 at 22:10, Dede NURMANSYAH wrote: Hi Greg, Thanks for your response :) Yes, I'm logged onto workstation as local administrator and when the system asked username and password, I put root username and root password. I've also added root account into samba password database using smbpasswd -a root I don't have any idea about this problem, because I'm sure enough that all steps I made is correct and it has been my problem since 3 month ago. And now I'm really give up and little stress. Perhaps anybody could give me advise. Never works right if you log in to server with one account and then you try to join machine to network using different account - once you have made connection to Samba as another user, you cannot then connect again using root or Administrator. Try logging out of Windows computer - logging back in and then joining machine to domain user: root password: root-password-in-smbpasswd domain: domain name Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] combining local users or smbpasswd users and NTDOMAIN users in LDAP
My last question went unanswered - probably because of the confused way that I asked it. I have a new samba server - joined to domain - running LDAP - imported the local users with the migration script into LDAP - life is good. Now I want to import the Users and Groups from my domain on WinNT - I found the migration scripts (RH 9 AS 3 - SMB 3.0.0) I import them and they will undoubtedly number from 1000+ and my local users uid start at 500. Local users don't have Samba designations - Samba Users don't have local accounts - I want accounts to be both local (local home directory, mail accounts etc.) and to be Samba enabled too (Domain - profilePath - homePath - logonScript) - Do then use migration samba supplied script to import local users instead of the script supplied with openldap which made them local accounts? Do users created using the samba supplied migration scripts get the local account information too? Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SWAT won't work.
It is configured under xinetd. It looks like this.
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
disable = no
port= 901
socket_type = stream
wait= no
only_from = localhost
user= root
server = /usr/local/samba/bin/swat
log_on_failure += USERID
}
What else would you suggest? Remember I'm using Red Hat 7.3. That might
help.
Phillip
-Original Message-
From: Greg Dickie [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 8:33 PM
To: Phillip Tilleman; [EMAIL PROTECTED]
Subject: Re: [Samba] SWAT won't work.
Swat runs as a separate service, not under the webserver. You need to have
it
configured in inetd or xinetd.
Greg
On Tuesday 16 December 2003 22:06, Phillip Tilleman wrote:
Ok, here is the problem. Samba is working, I can access it
from
a account I created from a windows XP machine. So that is good. But I
can't
get swat to work when I go to my browser windows explorer and go to
http://192.168.1.125 http://192.168.1.125/ :901 (which is my static IP
address for the machine). Of course with out port 901. But nothing happens
when I try to open it. I do have my web server up and going, infact I have
a squirl mail up and running. So I know the httpd is up. I'm running Red
Hat 7.3 and running samba 3.1. I tried to telnet from the actual machine
with samba on it to telnet 192.168.1.125:901 and it says telnet:
127.0.0.1:901: Name or service not known so it's not working. I think
that
is the problem. How do I get it so httpd service will interact with port
901 and make samba work? Help is appreciated, I'm trying to get samba up
and running for a non-profit org. that can not afford to buy windows 2000
server and pay for it, and pay for the 5 licenses we will have to buy.
HELP
is much
appreciated.
THANKS
Phillip
--
Greg Dickie
just a guy
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Not seeing Samba Server from My Network Places
Mike Tutaj wrote: Using RedHAT 9.0 and Samba that came with it.. Samba states it is up and running..Here is the current samba.conf file.. I can browse from the linux box and get into the window shares. Can ping the address of the linux server.. See the workgroup from windows, but no machine or folders available.. Is your config file actually named samba.conf? If so, this is where your problem probably lies. The config file that samba will look for is called smb.conf. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] migrating local user profiles to roaming domain profiles
I have a network of 2K and XP clients that I am migrating to a domain using Samba 3 as a PDC. I have the domain working quite well after quite a bit of tweaking. My problem is that I want people to logon to the domain, but I also want them to keep their profiles from their local users. How can I go about this? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT4 DOS Users rejected by PAM through winbind.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lewis Shobbrook wrote: | Hi All, | | I have a member server on debian unstable using 3.0.0.final, member of | 2000 AD, in ADS security mode authenticating through winbind. | XP/2000/2003 clients connect to shares OK, NT4 DOS fail (suspect 9x | the same not tested). NOT using NTLM v2. | The logged error is auth/pampass.c:smb_pam_accountcheck(781) | smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User | DOMAIN+user. | | winbind log generates No rid for Pre-Windows 2000 Compatible Access !? | | I can't find any info on this error out there. Log a bug for me please. And I'll nee a full level 10 debug log from winbindd. I think I know what's breaking here but I'll have to see the logs to be sure. Should be easy to fix. ciao, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3/jiIR7qMdg1EfYRAo4pAKCrmCyT0/X/SWcdswzHzHoKiGEj1ACguMqV usp2eGc64nNcftIO6oP9x+0= =n7WT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 Available for Download
Tuesday, December 16, 2003, 7:16:35 AM, Gerald wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In an attempt to avoid the holiday rush common to software releases, the Samba Team is proud to announce the availability of the first patch release of the Samba 3.0 code base. Anyone having success story using this version? I'm having weird problem. I can not joint Win-2k/WinXP-Pro with ldapsam (open ldap 2.2.22). With W2000 error says bad username or password, with WXP access denied. I'm trying to create clean ldif entry with only having 2 account, but still no luck, both cretae machine trust 'on the fly' or manual create machine account. Admin user has given SID-500/sambaPrimaryGroupSID=512 and uid/gid=0 [EMAIL PROTECTED] samba]# net groupmap list Domain Admins (S-1-5-21-3005840292-418818142-688599051-512) - root Domain Users (S-1-5-21-3005840292-418818142-688599051-513) - domuser Domain Guests (S-1-5-21-3005840292-418818142-688599051-514) - domguest log from ldap and samba did not give anything usefull (for me at least :) .. [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0048 uni_str_len: 0006 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 004c buffer : T.R.G.2.0... [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 0058 data: b5 59 ba 7f a7 fc dc 08 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 net_io_r_auth [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint8s(721) data: b8 f5 ff bf 45 c3 1b 08 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0008 status: NT_STATUS_ACCESS_DENIED [2003/12/16 18:53:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called NETLOGON successfully [2003/12/16 18:53:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 46 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 smb_io_rpc_hdr hdr ... If anyone got working setup, please share smb.config and ldif entry if possible :-) Big thanks. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating local user profiles to roaming domain profiles
Craig Jackson wrote: On Tue, 2003-12-16 at 22:17, Andrew Gaffney wrote: I have a network of 2K and XP clients that I am migrating to a domain using Samba 3 as a PDC. I have the domain working quite well after quite a bit of tweaking. My problem is that I want people to logon to the domain, but I also want them to keep their profiles from their local users. How can I go about this? -- Andrew Gaffney Here's a nice howto http://www.badmagicnumber.com/linotes/samba.html Its entirely possible that I just missed it, but I didn't see any information relevant to my question. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating local user profiles to roaming domain profiles
On Tue, 16 Dec 2003, Andrew Gaffney wrote: I have a network of 2K and XP clients that I am migrating to a domain using Samba 3 as a PDC. I have the domain working quite well after quite a bit of tweaking. My problem is that I want people to logon to the domain, but I also want them to keep their profiles from their local users. How can I go about this? You will need to convert each profile from a local profile to a roaming profile, then copy it from the local workstation to the profile share on the samba server. To convert the profile on XP, Right click the My Computer Icon, Select Properties, then select the Advanced Tab, locate the tool to manage Users (roughly in the middle of the panel). Click on the profile you wish to convert, then click Copy, the rest you will need to figure out. You can use tis tool to copy the profile directly to the user's profile directory. Oh, do not forget to set on this profile permission for the domain user to access the profile. You can do this with the profile conversion tool, or else using the Samba profiles tool. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
CVS update: samba4/source/build/pidl
Date: Tue Dec 16 09:01:34 2003 Author: tridge Update of /home/cvs/samba4/source/build/pidl In directory dp.samba.org:/tmp/cvs-serv30537 Modified Files: header.pm Log Message: a fairly large commit! This adds support for bigendian rpc in the client. I have installed SUN pcnetlink locally and am using it to test the samba4 rpc code. This allows us to easily find places where we have stuffed up the types (such as 2 uint16 versus a uint32), as testing both big-endian and little-endian easily shows which is correct. I have now used this to fix several bugs like that in the samba4 IDL. In order to make this work I also had to redefine a GUID as a true structure, not a blob. From the pcnetlink wire it is clear that it is indeed defined as a structure (the byte order changes). This required changing lots of Samba code to use a GUID as a structure. I also had to fix the if_version code in dcerpc syntax IDs, as it turns out they are a single uint32 not two uint16s. The big-endian support is a bit ugly at the moment, and breaks the layering in some places. More work is needed, especially on the server side. Revisions: header.pm 1.28 = 1.29 http://www.samba.org/cgi-bin/cvsweb/samba4/source/build/pidl/header.pm.diff?r1=1.28r2=1.29
CVS update: samba4/source/include
Date: Tue Dec 16 09:01:43 2003 Author: tridge Update of /home/cvs/samba4/source/include In directory dp.samba.org:/tmp/cvs-serv30558 Modified Files: includes.h rpc_secdes.h smb.h smb_interfaces.h Log Message: a fairly large commit! This adds support for bigendian rpc in the client. I have installed SUN pcnetlink locally and am using it to test the samba4 rpc code. This allows us to easily find places where we have stuffed up the types (such as 2 uint16 versus a uint32), as testing both big-endian and little-endian easily shows which is correct. I have now used this to fix several bugs like that in the samba4 IDL. In order to make this work I also had to redefine a GUID as a true structure, not a blob. From the pcnetlink wire it is clear that it is indeed defined as a structure (the byte order changes). This required changing lots of Samba code to use a GUID as a structure. I also had to fix the if_version code in dcerpc syntax IDs, as it turns out they are a single uint32 not two uint16s. The big-endian support is a bit ugly at the moment, and breaks the layering in some places. More work is needed, especially on the server side. Revisions: includes.h 1.14 = 1.15 http://www.samba.org/cgi-bin/cvsweb/samba4/source/include/includes.h.diff?r1=1.14r2=1.15 rpc_secdes.h1.1.1.1 = 1.2 http://www.samba.org/cgi-bin/cvsweb/samba4/source/include/rpc_secdes.h.diff?r1=1.1.1.1r2=1.2 smb.h 1.12 = 1.13 http://www.samba.org/cgi-bin/cvsweb/samba4/source/include/smb.h.diff?r1=1.12r2=1.13 smb_interfaces.h1.13 = 1.14 http://www.samba.org/cgi-bin/cvsweb/samba4/source/include/smb_interfaces.h.diff?r1=1.13r2=1.14
