Re: [Samba] Samba NSS_LDAP
Diego Rivera wrote: Hi all! A while ago I caught a discussion re Samba and LDAP SAM backend, with OpenLDAP and nss_ldap. It seems that the reason the smbd process keeps crashing (and thus losing connections) has something to do with the fact that the LDAP standard allows connections to be unilaterally closed by the directory server, and this was causing Samba to crash. Again - this is my hazy recollection of the thread. I'm seeing this behavior in my setup (Samba LDAP-based PDC). Is my summary above (mostly) correct? Is there a fix for this? Is it included as part of 2.2.6 or is it a problem with OpenLDAP/nss_ldap? We plan to do a rather large Samba install soon, and I'd like to know in advance if I'm going to have to handle the Samba PDC account storage differently. nss_ldap = 200 has the fix for this. Any earlier release may well randomly crash smbd. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: who's on
[EMAIL PROTECTED] wrote: Will compiling with --with-utmp allow you to see users on your network through 'w' and finger? I am not especially new to samba, been running it for a good 3 years of solid performance, but I never played with much else in besides LDAP and Cups support. what does --with-utmp actually do? It will show users connected via Samba to 'w' and 'finger', by writing an entry into the utmp and wtmp database in exactly the same way as /sbin/login and SSH do. -Peter While smbstatus is the 'quick' answer, the --with-utmp code (also needs 'utmp =yes' in smb.conf makes the actual 'finger' and 'w' programs work, rather than scripted replacements. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.020 and Win2K with Kerberos 5
Hi, I've posted this one also to comp.protocols.smb, but the list seems to be more hacky :-) I have M$ Win2K PDC with Kerberos authentication system. PDC Win2K--SAMBA-3.020-LINUX Kerberos5 It was somewhere told (Samba 3.0 prealpha guide to Kerberos authentication)that this should work. I'm using RedHat 7.2 with latest patches (obtained via net from redhat site). Kerberos is 1.2.2-14 klist showes after kinit: --- [root@pan log]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/16/02 17:58:48 10/17/02 03:58:48 [EMAIL PROTECTED] CROTEC.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached So I assume that kerberos client is running fine. I've tryed with wrong passwd, and it complains, so this should be fine. I did change execution path so that the Samba 3.0.20 is started and log files said that everything is fine. When I did net ads join, then I've got Segmentation fault Any hint ? (oh, yes, gcc is 2.96) If someone has succeeded with such a connection, please let me know. Yes, there is an additional info... instead of net ads join, I've used should use net ads join -Uadministrator because, default is a logged user, which is allmost never administrator on UNIXes, but can be root or some local user... (I've discovered that with kdbg and 1 hour session :-)). And when I execute: [root@pan root]# net ads status -Uadministrator I've got the following: administrator password: accountExpires: 9223372036854775807 badPasswordTime: 0 badPwdCount: 0 codePage: 0 cn: pan countryCode: 0 dNSHostName: pan instanceType: 4 isCriticalSystemObject: FALSE lastLogoff: 0 lastLogon: 0 logonCount: 0 -- Security Descriptor (revision: 1, type: 0x8c14) owner SID: S-1-5-21-353111985-644491385-32730383-512 group SID: S-1-5-21-353111985-644491385-32730383-513 --- (system) ACL (revision: 2, size: 28, number of ACEs: 1) --- ACE (type: 0x02, flags: 0xd2, size: 0x14, mask: 0xd016b) access SID: S-1-1-0 access type: SYSTEM AUDIT Permissions: [Create All Child Objects] [Delete All Child Objects] [All validate writes] [Write All Properties] [Delete Subtree] [Change Password] [Reset Password] [Delete] [Modify Permissions] [Modify Owner] --- (user) ACL (revision: 4, size: 1284, number of ACEs: 30) --- ACE (type: 0x00, flags: 0x00, size: 0x24, mask: 0xf01ff) access SID: S-1-5-21-353111985-644491385-32730383-512 access type: ALLOWED Permissions: [Full Control] --- ACE (type: 0x00, flags: 0x00, size: 0x18, mask: 0xf01ff) access SID: S-1-5-32-548 access type: ALLOWED Permissions: [Full Control] --- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0xf01ff) access SID: S-1-5-18 access type: ALLOWED Permissions: [Full Control] --- ACE (type: 0x00, flags: 0x00, size: 0x24, mask: 0x301d4) access SID: S-1-5-21-353111985-644491385-32730383-512 access type: ALLOWED Permissions: [List Contents] [Read All Properties] [Delete Subtree] [List Object] [Change Password] [Reset Password] [Delete] [Read Permissions] --- ACE (type: 0x05, flags: 0x00, size: 0x38, mask: 0x20, object flags: 0x1) access SID: S-1-5-21-353111985-644491385-32730383-512 access type: ALLOWED OBJECT Permissions: [Write All Properties] --- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0x20094) access SID: S-1-5-11 access type: ALLOWED Permissions: [List Contents] [Read All Properties] [List Object] [Read Permissions] --- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x100, object flags: 0x1) access SID: S-1-1-0 access type: ALLOWED OBJECT Permissions: [Change Password] [Reset Password] --- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0x3) access SID: S-1-5-10 access type: ALLOWED Permissions: [Create All Child Objects] [Delete All Child Objects] --- ACE (type: 0x05, flags: 0x00, size: 0x2c, mask: 0x3, object flags: 0x1) access SID: S-1-5-32-550 access type: ALLOWED OBJPermissions: [Create All Child Objects] [Delete All Child Objects] --- ACE (type: 0x05, flags: 0x00, size: 0x38, mask: 0x30, object flags: 0x1) access SID: S-1-5-21-353111985-644491385-32730383-517 access type: ALLOWED OBJECT Permissions: [Read All Properties] [Write All Properties] --- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x8, object flags: 0x1) access SID: S-1-5-10 access type: ALLOWED OBJECT Permissions: [All validate writes] --- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x30, object flags: 0x1) access SID: S-1-5-10 access type: ALLOWED OBJECT Permissions: [Read All Properties] [Write All Properties] --- ACE (type: 0x05, flags: 0x00, size: 0x28,
[Samba] ×ð¾´µÄÐÂÀÏ¿Í»§£ºÄúºÃ!
×ð¾´µÄÐÂÀÏ¿Í»§£ºÄúºÃ! ¸ÐлÄúµÄ´óÁ¦Ö§³Ö£¬±¾¹«Ë¾ÊµÐÐÓŻݴó³ê±ö£¬»¶Ó´ó¼ÒÇÀ¹º¡£ ¸£½¨Ê¡Ó¯Í¨Ô¶º½ÌṩÓòÃû×¢²á£¬Ö÷»ú×âÓã¬Ö÷»úÍйܵȷþÎñ¡£½üÆÚÄÚ¹«Ë¾²úÆ·´ó´ÙÏú»ù±¾ÐÍ(200M HTML¿Õ¼ä + 1¸ö ¹ú¼ÊÓòÃûÒ»ÄêÖ»Ðè150Ôª)¡£²É¹º¶à¶àÓŻݶà¶à¡£»¶Ó´ó¼Ò¶©¹º»òÀ´µç0592-5557492»òQQ£º755139×Éѯ¡£ ÒÔÉÏÖ»ÊÇÁãÊÛ¼Û¸ñ¡£»¶ÓÑ¡¹º£¬Ò²»¶ÓÄú³ÉΪÎÒÃǵĴúÀíÉÌ! ÍøÂçʵÃû×¢²áÖ»Ðè500¸ö/Äê ÎÒÃÇ»¹Óиü¶àµÄÀñ°üºÍÓŻݼ۸ñ£¬ÏêÇéÇë½ø http://www.comdns.com ¸£½¨Ê¡EÉÌÎñÍø mailto:[EMAIL PROTECTED] = ¹ã¸æÓʼþ¶ÔÓÐÓõÄÈËÀ´ËµÊÇÐÅÏ¢£¬¶ÔÎÞÓÃÈË˵µÄÊÇÀ¬»ø¡£Èç¹û¶ÔÄúûÓã¬ÎÒÃÇÍò·Ö±§Ç¸£¡±¾Óʼþ¾ø ¶Ô³Ðŵֻ·¢ËÍÒ»´Î¡£Èç¹ûÄúÏ£ÍûÎÒÃÇ´ÓÁбíÖÐɾ³ýÄúµÄµØÖ·£¬ÇëÀ´ÐŸæËßÎÒÃÇÄúµÄµØÖ·¡£Ð»Ð»£¡ == --- ·ÐµãȺ·¢Óʼþ,À´×ÔÈí¼þ¹¤³Ìר¼ÒÍø(http://www.21cmm.com) ½øCMMÍøУ(http://www.21cmm.com)£¬³ÉÏîÄ¿¹ÜÀíר¼Ò -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Mounting a windows share
I think smbmount is a separate downloadable package (At least it was with Debian). If I recall correctly the command to smbmount is smbmount //HOME/myshare /mnt/home -Uuser1%mypassword Refer to man smbmount if this is not correct. Hope this helps! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Vikas Gandhi Sent: Thursday, October 17, 2002 9:06 AM To: [EMAIL PROTECTED] Subject: [Samba] Mounting a windows share How can I mount a windows share on a sun machine. I am also not able to find out the smbmount on that machine. Thanks Vikas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Documentation help
If I understand your question correctly... you would like to switch your network from a workgroup to a domain. If so, use the link below to get you started. http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.html#SAMBA-PDC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rapazito PT Sent: Thursday, October 17, 2002 3:14 AM To: Samba List Subject: [Samba] Documentation help Hello Samber's, Sorry my question, but I'm a newbie on the list. I have a network with about 57 Win2K workstations, and 2 Linux(RH7.3) Servers. Samba is in one Linux box, controlling the workgroup, but now my boss wants to put the network as a domain (internal domain, e.g. wpc.wpc). All Win2K boxes make a domain login, and bla bla bla... Can anyone help me where I can find a good HOW-TO to configure this on my network? Thanks in advance, Rapazito PT A Linux Newbie from Portugal [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] upgrade samba
I don't use Redhat, but with Debian samba-client and samba-common are different packages so you'll have to rpm -e samba-client and rpm -e samba-common If this doesn't work, try contacting the package manager and asking him/her what to do. Hope this helps! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Schmeits Sent: Thursday, October 17, 2002 9:31 AM To: [EMAIL PROTECTED] Subject: [Samba] upgrade samba How does one move from a rpm based samba to tar.gz? In other words how do I upgrade from samba-2.2.1a-4 to samba-2.2.6.tar.gz. Do I remove samba : rpm -e samba? And what do I do with the other samba rpm packages: samba-client-2.2.1a-4 samba-common-2.2.1a-4? Are they included with the tar package? Using RH7.2. Roger -- ** Roger Schmeits System Analyst Clarkson College http://www.clarksoncollege.edu Omaha, NE USA 1-800-647-5500 x22542 * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] two sambas on one machine?
Hi, I want to run two Samba servers on a single machine during a transition from NT domain to W2k AD server setup. And samba 2.0.7 to 2.2.5. And NT wkstation to XP. To do this I'd like to run the two versions of Samba simultaneously on the one machine. I figure this would be easy enough if I have them bind to different listing addresses. However, since the two servers will sharing the same shares, will there be a problem with locking? Or will it be ok, since they both just use the underlying Unix locks? Has anyone done this? Regards, Matt PS. Another possibility that occurred to me is the have the second server on a second machine NFS mounting the first. But I think this would be even hairier. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] i can't print directly to my samba printer server...
Hi there Brian! I've seen your email on one of the samba mailing list. This has been my problem for a long time. I just want to share this problem directly to you and i hope you can lend me your help. I'm trying to setup windows printer sharing using SAMBA installed on my Linux box (Redhat 7.3 as printer server) and windows 2000 pro as my client. My win2k clients are connected to a Primary Domain Controller (PDC) running windows 2000 server. Domain name is WWW. When trying to connect to the printer in WIn2k, I get a message saying: The server for the printer does not have the correct printer driver installed., giving me the choice of selecting a printer driver, or canceling the operation. I installed the HP Deskjet 710c printer driver on the win2k machine. After installation of the driver, Access denied, unable to connect appears next to the icon int the Printers and Faxes window. When I try to print to the network printer, I get a very general error message. However when i examine the samba logs, it says something like: [2002/10/17 15:05:58, 0] printing/printing.c:print_job_start(951) print_job_start: insufficient permissions to open spool file /var/spool/lpd/hp710c/smbprn.18.32uUQe. I've already changed the mode of /var/spool/lpd/hp710c/ to 0777 and change file ownership to root instead of lp but it still didn't worked at all! By the way, here's my samba config: [global] workgroup = WWW netbios name = PRINTER SERVER security = SHARE encrypt passwords = Yes printing = bsd printcap name = /etc/printcap load printers = yes log file = /var/log/samba-log.%m lock directory = /var/lock/samba [printers] comment = All Printers security = server path = /var/spool/lpd/hp710c browseable = no printable = yes public = yes writable = no create mode = 0700 [HP710C] security = server path = /var/spool/lpd/hp710c printer name = hp710c writable = yes public = yes printable = yes print command = lpr -r -h -P %p %s user client drivers = yes and also my /etc/printcap file: hp710c:\ :ml=0:\ :mx=0:\ :sd=/var/spool/lpd/hp710c:\ :af=/var/spool/lpd/hp710c/hp710c.acct:\ :sh:\ :lp=/dev/lp0:\ :lpd_bounce=true:\ :if=/usr/share/printconf/util/mf_wrapper: Any help here would be greatly appreciated! Thanks! Oliver -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] i can't print directly to my samba printer server...
Please Help! I'm trying to setup windows printer sharing using SAMBA installed on my Linux box (Redhat 7.3 as printer server) and windows 2000 pro as my client. My win2k clients are connected to a Primary Domain Controller (PDC) running windows 2000 server. Domain name is WWW. When trying to connect to the printer in WIn2k, I get a message saying: The server for the printer does not have the correct printer driver installed., giving me the choice of selecting a printer driver, or canceling the operation. I installed the HP Deskjet 710c printer driver on the win2k machine. After installation of the driver, Access denied, unable to connect appears next to the icon int the Printers and Faxes window. When I try to print to the network printer, I get a very general error message. However when i examine the samba logs, it says something like: [2002/10/17 15:05:58, 0] printing/printing.c:print_job_start(951) print_job_start: insufficient permissions to open spool file /var/spool/lpd/hp710c/smbprn.18.32uUQe. I've already changed the mode of /var/spool/lpd/hp710c/ to 0777 and change file ownership to root instead of lp but it still didn't worked at all! By the way, here's my samba config: [global] workgroup = WWW netbios name = PRINTER SERVER security = SHARE encrypt passwords = Yes printing = bsd printcap name = /etc/printcap load printers = yes log file = /var/log/samba-log.%m lock directory = /var/lock/samba [printers] comment = All Printers security = server path = /var/spool/lpd/hp710c browseable = no printable = yes public = yes writable = no create mode = 0700 [HP710C] security = server path = /var/spool/lpd/hp710c printer name = hp710c writable = yes public = yes printable = yes print command = lpr -r -h -P %p %s user client drivers = yes and also my /etc/printcap file: hp710c:\ :ml=0:\ :mx=0:\ :sd=/var/spool/lpd/hp710c:\ :af=/var/spool/lpd/hp710c/hp710c.acct:\ :sh:\ :lp=/dev/lp0:\ :lpd_bounce=true:\ :if=/usr/share/printconf/util/mf_wrapper: Any help here would be greatly appreciated! Thanks! Oliver -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] trailing $
David Krovich wrote: Here is the situation. I have NT 4.0 acting as a PDC on machine A. On machine B, I have Sun PC Netlink running on a solaris machine. In the PDC all home dirs are mapped to \\pcnetlinkserver\username$ I'm trying to replace PC Netlink with Samba on Machine B. The problem is I can't figure out how to make samba do the right thing when presented with username$. Mounting a username without the trailing $ works, but I would like Samba to share the user's homedir when it receives a request for either \\pcnetlinkserver\username or \\pcnetlinkserver\username$. Any help would be appreciated. I tried searching, but it's tough for me to figure out how to correctly phrase my question to a search engine. Not currently supported, but would not be *too* hard to support if you really wanted to add it... Possibly you could use %u macros for it, but that stuff gets werid fast. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] follow up to novell file issue and a question about fstype
Ben Calvert wrote: Ok, I've done some further research into this one: It appears that installing the Novell client on a Win machine has the effect of replacing the file copy command with one from Novell. It also seems that the NTFS filesystem has spaces for extra metadata, and the the new Novell command is using those to store it's ACL. Im guessing that this metadata is not storable via Samba, which would cause the errors i'm seeing. So my proposed solution is for Samba to emulate a non-NTFS filesystem. I've found the fstype directive in the man page for smb.conf, but cannot find a list of alternate settings for it. (the man page lists NTFS and Samba). Is there a setting available for fat32? This paramater is a literal string, copied to the wire as-is (I think). But I'm interested as to what it's trying to store - the real NT ACL, or some 'novell ACL' in case you copy it back? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems w/long file access times (samba2.2.5 WinXPpro) (fwd)
Hello all, On Wed, 16 Oct 2002, Ben Griffith wrote: [...] -[ on 10/16/02 02:21:12 PM +0200 [EMAIL PROTECTED] wrote ]- This only happens with our WinXP clients; the two legacy Win98 machines still in use don't ever complain about anything. I read something about oplock problems in an older mail on one of the samba mailing lists and tried tinkering with the parameters to no avail. I saw delayed access to Samba shares with WinXP until I turned off the WebClient service that runs on WinXP. It was trying to access the Samba server over port 80 and waiting for timeouts until then using the expected NetBIOS ports. After disabling the WebClient service on my XP machines, they accessed the Samba shares normally. As an administrator on the XP machine type services.msc into the run dialog. Then look for WebClient and stop or disable the service. See if this makes any difference. I disabled the WebClient service on all machines - sadly, it didn't help much. I can't say whether the really long delays are still there, but users have reported to me that they still have to wait seven to 15 seconds to open a file in Freehand, Excel or Word. This still happens on the XP clients only - the Win98SE machines run fine. Greetings Kasi Mir -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] join a win2000 kdc
smime.p7m Description: application/pkcs7-mime
[Samba] Samba server and WinME connection problem
Hi all folks I encountered Samba and WinME connection problem both boxes are connected with a crossover cable. Ping both boxes showed connected/connecting Name of WinME = IWILL share folder = Shared IP address = 192.168.0.1 2 NICs eth0 IP add = 192.168.0.1 connected to Samba server eth1 dynamic IP for broadband connection Name of Samba server = M40G OS = RH8.0 IP address = 192.168.0.2 share folder = /test 2 NICs -connected to WinME -connected to broadbanddynamic IP Workgroup = SEC /etc/Samba/smb.conf (BASIC) [global] workgroup = SEC guest account = IWILL encrypt passwords = Yes hosts allow = yes security = share [test] comment = test share path = /test browseable = yes read only = no guest only = no guest ok = yes /test ls -l drwxrwxrwx 2 root root 4096 Oct 17 15:56 test ipchains and iptables stop WinME box = Both IWILL and M40G found under the group SEC on Windows Exploror - clicking M40G said shared folder not found - search for computer could not find Samba server (tested with 192.168.0.2 and M40G) Samba Server # mount /dev/hda2 on / type ext3 (rw) none on /proc type proc (rw) usbdevfs on /proc/bus/usb type usbdevfs (rw) /dev/hda1 on /boot type ext3 (rw) none on /dev/pts type devpts (rw,gid=5,mode=620) none on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) /dev/cdrom on /mnt/cdrom type udf (ro,nosuid,nodev) /dev/fd0 on /mnt/floppy type vfat (rw,nosuid,nodev) # smbclient -L IWILL added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=218.188.76.21 bcast=218.188.79.255 nmask=255.255.252.0 Password: Sharename Type Comment - --- PRINTER$ Disk HP DESKJET 6 Printer SHARED Disk IPC$ IPC Remote Inter Process Communication Server Comment ---- IWILLS.LIU M40G Samba 2.2.5 WorkgroupMaster ---- SEC IWILL # smbclient -L 192.168.0.1 added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=218.188.76.21 bcast=218.188.79.255 nmask=255.255.252.0 session request to 192.168.0.1 failed (Called name not present) session request to 192 failed (Called name not present) session request to *SMBSERVER failed (Called name not present) # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 00 eth0 218.188.76.00.0.0.0 255.255.252.0 U 0 00 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 218.188.76.10.0.0.0 UG0 00 eth1 /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.0.1 IWILL 192.168.0.2 M40G /etc/resolv.conf search localdomain nameserver 210.0.144.66 nameserver 210.0.144.26 Kindly help Thanks in advance Stephen Liu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.6 (final) RPMS released for Mandrake Linux 8.0, 8.1, 8.2 and 9.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all: Buchan Milne [EMAIL PROTECTED] and myself [EMAIL PROTECTED] are proud to present to you the latest RPMs for samba-2.2.6, compiled for Mandrake Linux 8.0, 8.1, 8.2 and 9.0 platforms, with or without LDAP. We would like to thank the samba team for their great work on the 2.2.X versions of samba, and salute the upcoming 3.0.X. These RPMs are provided as is (unofficial), and will be later released as an official update as soon as they undergo our usual validation process, so don't hesitate to download and test them as much as you like. get them here: http://people.mandrakesoft.com/~staburet/freshsamba or there: http://ranger.dnsalias.com/mandrake/samba Get the SRPM at: http://people.mandrakesoft.com/~staburet/SRPMS Cheers, Sly and Buchan - -- Sylvestre Taburet - Project Manager - 1024D/030E1B7E Mandrakesoft S.A. - 43, rue d'Aboukir, 75002 Paris - FRANCE +33 (0) 1 40 41 00 41 - http://www.mandrakelinux.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9rrEIBot2zwMOG34RAr+UAKCOVVygq/z0fAKCcqz/0ZWLnaDc5QCeLCQ2 y4lnfkO/NkXXBQqYEHajjkY= =YcQh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] join a win2000 kdc
pascal gachet wrote: Hi I'm trying to join a linux server to active directory with samba 3.0 I use the last samba release of samba samba-3.0alpha20 on a debian. I follow the guide ADS-Howt.txt. My problem is I can get a ticket from my w2000 kdc with kinit without trouble, but the trouble arrive when i want to join the realm with the command net ads join, the result is a Segmentation fault. Try again with current HEAD. I fixed up a number of segfaults in there recently - or use it like this: net ads join -Uusername%password Most of the segfaults were due to the username or password being NULL. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] multiple samba servers in a single workgroup
Hi All, I can set up samba 2.2.1aon a linux box in a workgroup (interfacing between windows 2000 red hat 7.2). The problem arises when I try and setup 2 or more samba servers each on a distinct linux box within a single workgroup. Can anyone help ? I have tried giving them different netbios names and specifying one as the preferred master. Any ideas ? Thanks in advance, Steve
[Samba] Documentation help
Hello Samber's, Sorry my question, but I'm a newbie on the list. I have a network with about 57 Win2K workstations, and 2 Linux(RH7.3) Servers. Samba is in one Linux box, controlling the workgroup, but now my boss wants to put the network as a domain (internal domain, e.g. wpc.wpc). All Win2K boxes make a domain login, and bla bla bla... Can anyone help me where I can find a good HOW-TO to configure this on my network? Thanks in advance, Rapazito PT A Linux Newbie from Portugal [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compile failure samba3.0alpha20
Hello, I've the following problem. I tried to compile samba3.0alpha20 with the ads support option. Before that I have installed kerberos5v1.2.6! What is wrong! Have anyone an answer, thanks! Compiling libsmb/trust_passwd.c Compiling libads/ldap.c Compiling libads/ldap_printer.c Compiling libads/sasl.c Compiling libads/krb5_setpw.c Compiling libads/kerberos.c libads/kerberos.c: In function `kerberos_kinit_password': libads/kerberos.c:80: warning: passing arg 6 of `krb5_get_init_creds_password' discards qualifiers from pointer target type Compiling libads/ldap_user.c Compiling libads/ads_struct.c Compiling libads/ads_status.c Compiling libads/disp_sec.c Compiling libads/ads_utils.c Compiling libads/ldap_utils.c Compiling libads/ads_ldap.c Compiling libads/util.c Compiling libads/kerberos_verify.c Compiling lib/system_smbd.c Compiling lib/util_smbd.c Compiling registry/reg_frontend.c Compiling registry/reg_cachehook.c Compiling registry/reg_printing.c Compiling registry/reg_db.c Linking bin/smbd /usr/local/lib/libkrb5.a(fcc_gennew.o): In function `krb5_fcc_generate_new': fcc_gennew.o(.text+0x6a): the use of `mktemp' is dangerous, better use `mkstemp' /usr/local/lib/libgssapi_krb5.a(accept_sec_context.o): In function `rd_and_store_for_creds': accept_sec_context.o(.text+0x6b): undefined reference to `krb5_rd_cred' /usr/local/lib/libgssapi_krb5.a(accept_sec_context.o): In function `krb5_gss_accept_sec_context': accept_sec_context.o(.text+0x108e): undefined reference to `krb5_c_keyed_checksum_types' accept_sec_context.o(.text+0x16be): undefined reference to `krb5_mk_rep' accept_sec_context.o(.text+0x1c45): undefined reference to `krb5_mk_error' /usr/local/lib/libgssapi_krb5.a(acquire_cred.o): In function `acquire_accept_cred': acquire_cred.o(.text+0x68): undefined reference to `krb5_sname_to_principal' /usr/local/lib/libgssapi_krb5.a(gssapi_krb5.o): In function `kg_get_context': gssapi_krb5.o(.text+0x10d): undefined reference to `krb5_ser_context_init' gssapi_krb5.o(.text+0x12e): undefined reference to `krb5_ser_auth_context_init' gssapi_krb5.o(.text+0x14f): undefined reference to `krb5_ser_ccache_init' gssapi_krb5.o(.text+0x16d): undefined reference to `krb5_ser_rcache_init' gssapi_krb5.o(.text+0x1aa): undefined reference to `krb5_ser_auth_context_init' /usr/local/lib/libgssapi_krb5.a(import_name.o): In function `krb5_gss_import_name': import_name.o(.text+0x162): undefined reference to `krb5_sname_to_principal' /usr/local/lib/libgssapi_krb5.a(init_sec_context.o): In function `make_ap_req_v1': init_sec_context.o(.text+0x23b): undefined reference to `krb5_fwd_tgt_creds' /usr/local/lib/libgssapi_krb5.a(init_sec_context.o): In function `krb5_gss_init_sec_context': init_sec_context.o(.text+0x147f): undefined reference to `krb5_free_cksumtypes' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 head:/install/samba/source # Bye + Thanks, Thomas -- Thomas Nicolai IT Systemadministrator Institute of Electronic Business e.V. Institute of University of the Arts Berlin Chausseestrasse 8 - Aufgang E D-10115 Berlin Tel: +49 30 726298320 Mobil: +49 160 7143427 Fax: +49 30 72629839 http://www.ieb.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Problem Logging in to Samba PDC
I have already applied the sign or seal patch (TWICE). Chris, have you applied this patch yet? -Original Message- From: [EMAIL PROTECTED] [mailto:samba-admin;lists.samba.org] On Behalf Of Bradley W. Langhorst Sent: Wednesday, October 16, 2002 6:31 PM To: Chris Tepaske Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: Problem Logging in to Samba PDC you probably need to apply the signorseal reg fix to your clients. brad On Wed, 2002-10-16 at 18:17, Chris Tepaske wrote: I'm having the same problem, everything was working fine, my Win 2k machines were logging on to the Samba domain, when I upgraded to SP3 the newly upgrade machines failed to log on. The error I was getting was access denied. Machine account does not exist etc. I removed each machine from the domain cleaned up the machine accounts within Samba and tried re-joining the domain with no luck. The Win2K machines that I didn't upgrade have no issues neither do the two Win 98 machines. I have the same problem when I try to join an XP machine to domain, is it possible that Microsoft has done something in XP and SP3 to stop these machines joining a Samba domain? Cheers Chris Tepaske -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as a NT PDC
Hello, I have had Samba running for a long time now as a domain controller to win98 computers with no issues. I have started to modify to allow for the new XP machines we are having. I added CARTER$ (machine name) to the unix account. I added it with smbpasswd. I go to add itself to the domain (smbpasswd -j CHERRY_HILL) and I get this error: No password server list given in smb.conf - unable to join domain. Now it says password server should not point to itself in TFM. I tried lookign through the archives and didn't find anything. I am not sure what direction to go from here. Adam Lang Systems Engineer Rutgers Casualty Insurance Company http://www.rutgersinsurance.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] information about XP - samba ?
Hello, my experience so far: dont do it - dont use XP - use Win2K WinNT Win2K all is woorking fine, but XP ist might work and it might not. We habe a single XP computer in out environment and ist makes a lot of trouble. At first after applying all registry pathces to XP it worked, but suddenly after a non reproducable accident XP is ignoring the Samba Server. My personal experience with XP was the same. After installation it worked, but after an hour playing with XP and also an nonreproducable accident XP was ignoring Samba. We still cant figure out what the problem is. So if u use XP and Samba and if it works over a long time (i.e. 4 weeks ore more) please write a FAQ ;-) MY recommendation: dont use XP - Use Win2K Regards, Bernd [EMAIL PROTECTED] wrote: I'm thinking about upgrading our NT4-clients to XP in the near future and I want to know how well XP is supported by SAMBA in the recent samba-versions. I found many single statements in usenet, but I wonder if there is a kind of XP-FAQ out there. (The one at samba-page is very outdated) Especially I need to know how well XP integrates in a existing NT4-domain (samba as PDC). Then I need to know if there are any problems with fileservers (I remember rumours about reghacks one has to apply on XP to make things work) And finally - if a machine is not part of the domain (guest-laptop): if a local XP-user with user/pass similar than on samba-server is sufficient for auth on the sambaserver ? thnx, peter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Password aging ...
Greetings ... A quick question more to confirm a few things reguarding SMB passwords, which I hope might be able to look at for password aging. I saw some discussion on samba-tech list, but nothing conclusive. LM and NT hashs don't have a salt? Do they? ... In other words, a password password LM hashed, always comes out as E52CAC67419A9A224A3B108F3FA6CB6D not matter the case? Just checks, but I take it a password password NT hashed is case sencetive, but still no salt, which means one could search a DB of a large number of LM or NT hashed to crack a LM/NT hash? I understand that we can't use PAM cracklib to do password sanity, but we could use all known hashs in a smb passwd DB, ie ... search ones local LDAP DB for matching LM/NT hashs and not accept password. But I think that the rpc's to look after password expire and sanity have not been finished, am I correct in this thinking? Thanks. Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as a NT PDC
--On Thursday, October 17, 2002 10:51 AM -0400 Adam Lang [EMAIL PROTECTED] wrote: CARTER is the name of the linux Samba server that is the PDC. According to my documentation, I am suppsoed to do the following. 1) Create the Unix account: /usr/sbin/useradd -c 'Samba PDC for CHERRY_HILL' -M -s /dev/null CARTER$ 2) Add a machine account smbpasswd -a -m CARTER 3) Add it to the domain (which it is the PDC of) smbpasswd -j CHERRY_HILL I am NOT adding an XP machine in at this time. I am setting up the PDC. So yes, I DO know what the -j option is for. Well, I don't think you DO know what that -J is for... Look, if the Samba machine is the PDC for your domain, you DON'T USE the -J option; that is only if the Samba machine is going to be a MEMBER SERVER into an existing WINDOWS-RUN domain (a domain with a 'real' Windows PDC). You say that Samba is the PDC, right? And, if the Samba machine is the PDC of it's own domain, it doesn't appear in it's own smbpasswd file (at least mine doesn't). Perhaps it might help us to help you if you posted your smb.conf file (because we are definitely missing some vital piece somewhere of what you are trying to do). - john --On Thursday, October 17, 2002 10:21 AM -0400 Adam Lang [EMAIL PROTECTED] wrote: I have started to modify to allow for the new XP machines we are having. I added CARTER$ (machine name) to the unix account. I added it with smbpasswd. I go to add itself to the domain (smbpasswd -j CHERRY_HILL) and I get this error: No password server list given in smb.conf - unable to join domain. Now it says password server should not point to itself in TFM. I tried lookign through the archives and didn't find anything. I am not sure what direction to go from here. Adam Lang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as a NT PDC
On Thu, 17 Oct 2002, Adam Lang wrote: CARTER is the name of the linux Samba server that is the PDC. According to my documentation, I am suppsoed to do the following. 1) Create the Unix account: /usr/sbin/useradd -c 'Samba PDC for CHERRY_HILL' -M -s /dev/null CARTER$ You do NOT need to do this for the domain controller. You need to configure the correct settings in your smb.conf file. Please check out the new configuration Wizard in SWAT that is in Samba-2.2.6 (released yesterday). You can find samba-2.2.6 on the samba FTP sites. To access SWAT point your web browser at http://lcoalhost:901, log in as root. PS: When you add your workstations suggest you use: useradd -s /bin/false -d /dev/null carter\$ Note: Windows machine name is lower case. 2) Add a machine account smbpasswd -a -m CARTER You do not need to add a machine account for the server that samba is running on as the domain controller. If the samba server is a domain member then you do require a machine account. Again, keep the machine name in lower case for: smbpasswd -a -m carter 3) Add it to the domain (which it is the PDC of) smbpasswd -j CHERRY_HILL If your samba server is the domain controller then you do NOT need to (should not do) this. You only need to do this for all machines that will be domain members. smbpasswd -r pdc_name -j domain_name I am NOT adding an XP machine in at this time. I am setting up the PDC. So yes, I DO know what the -j option is for. Hope this helps you. - John T. Adam Lang Systems Engineer Rutgers Casualty Insurance Company http://www.rutgersinsurance.com - Original Message - From: John Benedetto [EMAIL PROTECTED] To: Adam Lang [EMAIL PROTECTED] Sent: Thursday, October 17, 2002 10:51 AM Subject: Re: [Samba] Samba as a NT PDC --On Thursday, October 17, 2002 10:21 AM -0400 Adam Lang [EMAIL PROTECTED] wrote: I have started to modify to allow for the new XP machines we are having. I added CARTER$ (machine name) to the unix account. I added it with smbpasswd. I go to add itself to the domain (smbpasswd -j CHERRY_HILL) and I get this error: No password server list given in smb.conf - unable to join domain. Now it says password server should not point to itself in TFM. I tried lookign through the archives and didn't find anything. I am not sure what direction to go from here. Adam Lang Uh *why* are you executing the -j option in smbpasswd? Here is the first paragraph from that section of 'man smbpasswd': -j DOMAIN This option is used to add a Samba server into a Windows NT Domain, as a Domain member capable of authenticating user accounts to any Domain Controller in the same way as a Windows NT Server. See the security=domain option in the smb.conf (5) man page. According to your message, you are not trying to add your Samba server to an existing Windows domain, you are trying to add a Windows XP machine to your existing Samba domain. And, when you say: I added it with smbpasswd. *HOW* did you add it? You would need to add the machine account, right? That would be with smbpasswd -a -m CARTER. Is that how you did it? If so, at this point, you now go the XP machine, and change the network config there to have it join your Samba domain. From traffic on the list, it also appears that you would need to run the SIGNORSEAL registry key/setting/whatever (I am not yet running XP that I have had to add to my Samba domain). - john -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] tdb Format
Hello All, I think I touched on this subject on another thread when I was having problems joining a WIN2k SP3 machine to the domain. Anyway, does anyone know of a way to modify machine accounts in the new format .tdb. The old way was pretty simple as it only required one to modify a text file like smbpasswd. I'd like to know what machine accounts I have listed in this file and simply clean out what I don't want. I may be able to track down my problem if I could edit this file. Anyone have a good solution? Thanks! IRV -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP + SuSE eMail Server questions/problems
Hi all, I have some questions, some not accurately about samba, but all are related... This is my environment: - I have a SuSE eMail Server 3.1, and I want to use the ldap database to store my samba accounts (this is OK) and have a Samba PDC (this is OK too); That are my questions/problems: - I need a master (this is ok) and a slave ldap servers. The master to slave replication is OK. According the openldap documentation, when a client send a data modification to a slave, the server returns to the application a updateref with the master address, so that the change is made. According the Using Samba Special Edition, the Samba has this functionality, but I configured the LDAP and dont have success (I used the configuration of the OpenLDAP according the official documentation). - I'm not obtaining success to add the clients to the domain. I receive the following message (using the root user): User unknow. I read in some doc that is necessary a user with uid=0 in LDAP database. It is correct? If I use the domain admin group, I receive the message user must have uid 0. This parameter is not allowed or is not more supported? - I want to use the add user script to add the machine accounts automatically in to the LDAP. For this, I believe that is necessary to configure the PAM module with LDAP for useradd application. If this is correct, someone can send me a example? Thanks for your help... With best regards, Fabiano -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] information about XP - samba ?
I've been using Samba 2.2.5 on RedHat 7.2 with 7 XP clients for almost a year with no problems. It actually was pretty smooth after I figured out how to get samba running (this was my first install). The reg hacks are necessary but if you set them before you get into it all it creates a whole lot less headaches. Also remember to create machine trust accounts on the server. Google has a wealth of information on the subject. As far as everything working, everything works fine between the two (Print server hasn't been tested). Roaming profiles, personal folders, everything you should expect from a file server. I would say setup up a dummy client with xp and test it out before you do a full upgrade. This will allow you to stream line the rest of the installs. Good luck. -Original Message- From: [EMAIL PROTECTED] [mailto:samba-admin;lists.samba.org] On Behalf Of Dr. Bernd Zimmermann Sent: Thursday, October 17, 2002 7:12 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] information about XP - samba ? Hello, my experience so far: dont do it - dont use XP - use Win2K WinNT Win2K all is woorking fine, but XP ist might work and it might not. We habe a single XP computer in out environment and ist makes a lot of trouble. At first after applying all registry pathces to XP it worked, but suddenly after a non reproducable accident XP is ignoring the Samba Server. My personal experience with XP was the same. After installation it worked, but after an hour playing with XP and also an nonreproducable accident XP was ignoring Samba. We still cant figure out what the problem is. So if u use XP and Samba and if it works over a long time (i.e. 4 weeks ore more) please write a FAQ ;-) MY recommendation: dont use XP - Use Win2K Regards, Bernd [EMAIL PROTECTED] wrote: I'm thinking about upgrading our NT4-clients to XP in the near future and I want to know how well XP is supported by SAMBA in the recent samba-versions. I found many single statements in usenet, but I wonder if there is a kind of XP-FAQ out there. (The one at samba-page is very outdated) Especially I need to know how well XP integrates in a existing NT4-domain (samba as PDC). Then I need to know if there are any problems with fileservers (I remember rumours about reghacks one has to apply on XP to make things work) And finally - if a machine is not part of the domain (guest-laptop): if a local XP-user with user/pass similar than on samba-server is sufficient for auth on the sambaserver ? thnx, peter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] newbie problem: can't mount win xp disk into linux (regkey is set)
Got two machines connected via a 10MBit Hub: One Slackware Linux 8.1 with eth0 = Realtek8139 (working fine), one WindowsXP Pro, same NIC, registry key for proper auth is set. The Windows machine is called xerxes on which the C dir is shared, and there is /mnt/xerxes/ on the Linux box. The command: # mount -t smbfs -o username=(username on win machine),password=(passwd on win # machine) //XERXES/C /mnt/xerxes/ gives me the following errors: 2251: session request to XERXES failed (Not listening on called name) 2251: session request to *SMBSERVER failed (Not listening on called name) Am clueless. Should mention I'm familiar with Linux but a network newbie. Dex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdb Format
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Oct 2002, Irving Carrion wrote: Hello All, I think I touched on this subject on another thread when I was having problems joining a WIN2k SP3 machine to the domain. Anyway, does anyone know of a way to modify machine accounts in the new format .tdb. The old way was pretty simple as it only required one to modify a text file like smbpasswd. I'd like to know what machine accounts I have listed in this file and simply clean out what I don't want. I may be able to track down my problem if I could edit this file. Use pdbedit. I'm assuming you are using HEAD/3.0. jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9ruNPIR7qMdg1EfYRArjtAJ0UH9piAXqVXrmhTHVnXGgr6/wdIACfQQ+6 uU+/CtiSI02dmZydpV4nufI= =F7py -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] tdb Format
Hey great! I didn't see this option in man samba. Thanks! -Original Message- From: Gerald (Jerry) Carter [mailto:jerry;samba.org] Sent: Thursday, October 17, 2002 12:21 PM To: Irving Carrion Cc: [EMAIL PROTECTED] Subject: Re: [Samba] tdb Format -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Oct 2002, Irving Carrion wrote: Hello All, I think I touched on this subject on another thread when I was having problems joining a WIN2k SP3 machine to the domain. Anyway, does anyone know of a way to modify machine accounts in the new format .tdb. The old way was pretty simple as it only required one to modify a text file like smbpasswd. I'd like to know what machine accounts I have listed in this file and simply clean out what I don't want. I may be able to track down my problem if I could edit this file. Use pdbedit. I'm assuming you are using HEAD/3.0. jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9ruNPIR7qMdg1EfYRArjtAJ0UH9piAXqVXrmhTHVnXGgr6/wdIACfQQ+6 uU+/CtiSI02dmZydpV4nufI= =F7py -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Roaming Profiles
Hi,This is my first messegge to the list.I need to migrate a Windows 2000 Server PDC to a Linux/Samba, and I readed alot searching for an answer.My problem is with Roaming Profiles. The user can log on but theconfiguration isn't the correctly one. The wallpaper, the mail storge, theshortcuts, etc. are wrong.May be is the ntuser.dat file that don´t work well.What can I do?
[Samba] Username map and UNIX UID assignments
I'm testing Samba 2.2.5 with winbind. I can successfully authenticate
domain users who do and don't have corresponding UNIX accounts as well as
domain users who do have a UNIX account. Files created from PC side by
usera show up in UNIX ls -l as owned by usera so I thought the automatic
username mapping was working correctly, but I found out that usera isn't
being assigned his UNIX User ID correctly. I found this because UserA
doesn't have write access in the areas he should when he comes in through
samba. I had usera write a file in a public space, and from the UNIX side
did
ls -n
to show the UID assigned, and it is one of the Ids in the winbind range,
not the user's UNIX UID ...
I tried adding a username map to force the UID mapping explicitly, but even
after doing that, the UID is still the winbind one, not the correct UNIX
one. I'd like to get this working. Any tips would be most appreciated.
Karen Wieprecht
[EMAIL PROTECTED]
P.S. This is the configuration I was using, I tried adding a username map,
and then tried changing winbind use default domain = No at one user's
suggestion, but no luck.
# Global parameters
[global]
workgroup = WALNETNT
netbios name = ROSEHORSE
server string = rosehorse
security = DOMAIN
encrypt passwords = Yes
password server = *
passwd program = /usr/bin/yppasswd
log level = 2
log file = /usr/samba/log.%m
max log size = 500
name resolve order = host wins bcast
keepalive = 30
os level = 0
preferred master = False
local master = No
domain master = False
dns proxy = No
wins server = x.x.x.x
lock dir = /usr/samba/locks
valid chars = - _
winbind uid = 1-2
winbind gid = 1-2
template homedir = /netshare/users/samba/%U
winbind separator = _
winbind cache time = 60
winbind use default domain = Yes
guest account = user1
guest ok = No
map to guest = Never
hosts allow = x.x.x.
veto files = /*.eml/*.nws/riche20.dll/*.{*}/
strict locking = Yes
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing issue
I'm trying to setup a print server for Samba clients to use. I have a HP LaserJet 4 connected to /dev/lp0 and I'm using the LPRng spooling package. Documents printed from Windows clients make it to the printer. However the printed documents, mostly Excel/Word documents, have various abberations on them. Graphical flaws, the text seems fine. In addition I seem to get 2 copies for some reason. Also when I look at the print queue via Windows I get, Access denied, unable to connect. I have no filters in place, using -l with the lpr print command, as I do not wish to print directly from the Samba box. Any suggestions? Thanks, Jason Valenzuela -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_ACCESS_DENIED - Samba on Mandrake 8.2
I am attempting to integrate a Linux Samba Server with an NT 4.0 PDC. Ideally I am looking to authenticate the users on the PDC, and then permit access to the Samba Shares on the Linux Box. I have several issues, but the one which is presenting itself currently is when I attempt to Browse the PDC using smbclient. I get the following: smbclient -L dumbo added interface ip=192.168.0.11 bcast=192.168.15.255 nmask=255.255.240.0 session request to DUMBO failed (Called name not present) Password: Anonymous login successful Domain=[FCCA.COM] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] Sharename Type Comment - --- Error returning browse list: NT_STATUS_ACCESS_DENIED Server Comment ---- ACCMAN-JAIME ACCMAN-ROUSCHKA Dumbo is the DNS Name of the PDC. Why Do I get the NT_STATUS_ACCESS_DENIED message? I get this same message when I attempt to use the Samba Share as an NT PDC User (using the Username and password as well). Your assistance is appreciated. -- Albert E. Whale - CISSP http://www.abs-comptech.com -- ABS Computer Technology, Inc. - ESM, Computer Networking Specialists Sr. Security, Network, and Systems Consultant Board of Directors - InfraGard - Pittsburgh, PA -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing issue
I would check with HP for a more recent driver to load on the workstation. Also,if you are printing heavy graphics, you need to make certain you have plenty of memory in the printer. Unix/Linux just passes the job to the printer. The printer will sometimes generate errors if it cannot render the complete image in its memory before printing. If I plug the printer directly into the workstations it works fine. Jason Valenzuela -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] quick pam_winbind.so question
2.2.6 installed from rpm on rh 7.2 system... I'm trying to use pam_winbind and apache's basic authentication to restrict access to certain directories served by apache. It does work, but when I enter a wrong password I get this error in log.winbindd: Plain-text authentication for user jarboed returned NT_STATUS_WRONG_PASSWORD Is there a way that pam_winbind.so can encrypt the passwords rather than send them plaintext? Thanks, ~ Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing issue
What version of Unix/Linux are you running? I'm running Linux 2.4.19, Samba 2.2.5, and LPRng 3.8.15. Everything compiled from source. In your smb.conf file, do you specify the appropriate printing system via: printing = lprng (or bsd, aix, etc.) The command I use for printing is: print command = /usr/sbin/lpr -h -r -P %p %s Incidentally, if you are using postscript (or PCL) to print, the data is sent as text for the most part. So, maybe your -l option is not translating the character set appropriately. I have printing = lprng print command = /usr/bin/lpr -P%p -l -r %s I just added the -l to see if it would fix my problem, it made no difference at all. Jason Valenzuela -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind question
2.2.6 installed from rpm's on rh 7.2 system. every time a cron job runs I get this in my log.winbindd [2002/10/17 13:45:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(815) user 'root' does not exist the three important lines in my /etc/nsswitch.conf is: passwd: files winbind nisplus shadow: files nisplus group: files winbind nisplus I thought with the files first it hits /etc/passwd and shadow and doesn't mess with winbind unless it can't find the entries there. Any idea what I'm missing? What info would be more useful? smbd and nmbd are currently not running, just winbindd. Thanks, Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Fw: [Samba] Samba as a NT PDC
Ok. To let you know, my source was Samba Unleashed (copyright 2000). Page 343 and 344 is what told me that I needed to add itself to the entries and to its own domain it is running. I'll remove the entries and see how things work. Thanks for the help. Apparently it is because the book I am using is wrong. Adam Lang Systems Engineer Rutgers Casualty Insurance Company http://www.rutgersinsurance.com - Original Message - From: John Benedetto [EMAIL PROTECTED] To: Adam Lang [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, October 17, 2002 11:54 AM Subject: Re: [Samba] Samba as a NT PDC --On Thursday, October 17, 2002 10:51 AM -0400 Adam Lang [EMAIL PROTECTED] wrote: CARTER is the name of the linux Samba server that is the PDC. According to my documentation, I am suppsoed to do the following. 1) Create the Unix account: /usr/sbin/useradd -c 'Samba PDC for CHERRY_HILL' -M -s /dev/null CARTER$ 2) Add a machine account smbpasswd -a -m CARTER 3) Add it to the domain (which it is the PDC of) smbpasswd -j CHERRY_HILL I am NOT adding an XP machine in at this time. I am setting up the PDC. So yes, I DO know what the -j option is for. Well, I don't think you DO know what that -J is for... Look, if the Samba machine is the PDC for your domain, you DON'T USE the -J option; that is only if the Samba machine is going to be a MEMBER SERVER into an existing WINDOWS-RUN domain (a domain with a 'real' Windows PDC). You say that Samba is the PDC, right? And, if the Samba machine is the PDC of it's own domain, it doesn't appear in it's own smbpasswd file (at least mine doesn't). Perhaps it might help us to help you if you posted your smb.conf file (because we are definitely missing some vital piece somewhere of what you are trying to do). - john -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 alpha20-2 and Win2k SP3
Is there anyone on the list that has been able to get Win2k SP3 working with the 3.0 alpha version? I'm able to join but I can NOT log in. I can see the machine account listed in pass.tdb (using pdbedit -l) and it is also in passwd shadow. I HAVE ALSO APPLIED THE SIGN OR SEAL PATCH. The message I get is: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I've looked through the docs but see nothing about using SP3 and Samba. Also, the log level 3 looks cryptic to me. I think I've exhausted my resources. I really don't know what else to try. Anyone have any ideas? IRV -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Roaming Profiles
mi smb.conf es: START- [global] workgroup = FUNDES netbios name = SERVER_NT server string = %h server (Samba %v) interfaces = eth0 bind interfaces only = Yes encrypt passwords = Yes update encrypted = Yes min passwd length = 3 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . username map = /etc/samba/user.map unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 printcap name = cups character set = ISO8859-1 domain admin group = root add user script = /etc/samba/maquina %m logon script = \\%L\home\netlogon\logon.bat logon path = \\%L\%U\perfil logon drive = Z: domain logons = Yes os level = 64 preferred master = True domain master = True dns proxy = No admin users = root printing = cups nt acl support = yes printer admin = root follow symlinks = yes wide links = yes WINS support = yes [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No [F] comment = Compartido path = /home/f read only = No directory mask = 0777 fstype = FAT [profiles] comment = Profiles Store path = /home/%U valid users = all read only = No create mask = 0755 force create mode = 020 directory mask = 02755 force directory mode = 02070 inherit permissions = Yes map system = Yes map hidden = Yes END- Thanks - Original Message - From: Frank Küster geb. Fürst [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 17, 2002 2:17 PM Subject: Re: [Samba] Samba Roaming Profiles Luciano Bello [EMAIL PROTECTED] schrieb: Hi, This is my first messegge to the list. I need to migrate a Windows 2000 Server PDC to a Linux/Samba, and I readed a lot searching for an answer. My problem is with Roaming Profiles. The user can log on but the configuration isn't the correctly one. The wallpaper, the mail storge, the shortcuts, etc. are wrong. May be is the ntuser.dat file that don´t work well. How does the [global]-section of your smb.conf look like? Bye, Frank -- Ich habe z.Z. nur einmal pro Tag Netzzugang. Daher kommen meine Antworten langsamer als üblich Frank Küster geb. Fürst -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Cobertura especial de la Copa Mundial de la FIFA Corea-Japón 2002, sólo en Yahoo! Deportes: http://ar.sports.yahoo.com/fifaworldcup/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] does smbmount use keepalive and/or smb.conf?
Thank you for the URL. That will be a good reference in the future, but for now, I feel that some questions remain unanswered. 1. Does smbmount use a keep alive time setting? 2. Does smbmount use the smb.conf file? Regards, -Richard Duran --- Giulio Orsero [EMAIL PROTECTED] wrote: On Wed, 16 Oct 2002 11:43:30 -0700 (PDT), Richard Duran [EMAIL PROTECTED] wrote: There seems to be an issue with smbfs mounts at times where connectivity may be lost (e.g. Win share becomes unavailable) causing local processes such as lsof or ps, among others, to hang. http://www.hojdpunkten.ac.se/054/samba/ -- [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 alphaX running ok
After i had some problems with the stable release(nmbd kept on crashing after a couple of hours) i decided to try the alpha version. Maybe it was related with the fact that squid is running on the main samba server ? All seem to be stable for now ! System : compaq proliant with disk array Raid 1 If u want to have more data please ask me. Mvgr, Kind Regards, Bien à vous, --- NetwerkAdministrator MASSPE Tel. IT : +32 2 2104651 Dominique De Jaegere -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 alphaX running ok
De Jaegere Dominique wrote: After i had some problems with the stable release(nmbd kept on crashing after a couple of hours) i decided to try the alpha version. Maybe it was related with the fact that squid is running on the main samba server ? All seem to be stable for now ! System : compaq proliant with disk array Raid 1 If u want to have more data please ask me. Always nice to get good news - but the nmbd crash worries me: what version was that? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as a Member of the Domain
I am attempting to install a Samba server (v.2.2.3a) in a Windows NT Domain. I have created individual Users in Unix w/o passwords. I have also created smbpasswd accounts (with and without passwords). My problem is that when the User Authenticates ( to the NT Server) they do not have access to their (/home Directory Share). What am I doing wrong? -- Albert E. Whale - CISSP http://www.abs-comptech.com -- ABS Computer Technology, Inc. - ESM, Computer Networking Specialists Sr. Security, Network, and Systems Consultant Board of Directors - InfraGard - Pittsburgh, PA -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Printing issue
-Original Message- From: Jason Valenzuela [mailto:jvalenzuela;dspfl.com] Sent: Thursday, October 17, 2002 9:27 AM To: [EMAIL PROTECTED] Subject: [Samba] Printing issue I'm trying to setup a print server for Samba clients to use. I have a HP LaserJet 4 connected to /dev/lp0 and I'm using the LPRng spooling package. Documents printed from Windows clients make it to the printer. However the printed documents, mostly Excel/Word documents, have various abberations on them. Graphical flaws, the text seems fine. In addition I seem to get 2 copies for some reason. Also when I look at the print queue via Windows I get, Access denied, unable to connect. I have no filters in place, using -l with the lpr print command, as I do not wish to print directly from the Samba box. Any suggestions? Thanks, Jason Valenzuela -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Jason, 1. Are you using the Windows native drivers? If so, update them to more current drivers from HP. I'm using either NT/Win2k v4.3.2.38 or Win2k/XP v02.12.02 of the PCL 5E drivers. The MS-Supplied HP LJ4 drivers (and Lexmark Optra S and more...) have a host of problems. Including missing characters, graphics, etc. 2. Run testparm on your Samba box to see/fix problems in your setup. Directory rights on the lprng or samba spool dirs may cause the Access Denied errors. Look at the LPRng How-To for the correct syntax for the smb.conf entries. Run checkpc -V -f to see/fix problems in the lprng setup. 3. If you're using the print$ share to distribute your drivers, adding guest ok=yes may clear up the Access Denied errors. Be sure that you have guest account and Map to Guest configured in smb.conf. Use SWAT to get to the smb.conf readme for more info. Jim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Performance Problem on GUI-Session
Hello, I´ve tried to install samba 2.2.3a on our AIX 4.3. So long I had not any problems. I can map a drive on my W2K PC and do anything I want to on this drive. The problem I have is, that when I´m doing a file transfer from the samba share onto my local computer I have a big difference in the performance. If I´m using the explorer the time it needs is about tenth longer than a file-copy over a dosbox. Even when I´m opening a file with winword or excel it tooks a very long time to open, save and close this file. When I´m opening the same file with the editor the opening time is as it should be. Can anybody help me to fix this problem. Best regards Michael Müller -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] information about XP - samba ?
I'm thinking about upgrading our NT4-clients to XP in the near future and I want to know how well XP is supported by SAMBA in the recent samba-versions. I found many single statements in usenet, but I wonder if there is a kind of XP-FAQ out there. (The one at samba-page is very outdated) Especially I need to know how well XP integrates in a existing NT4-domain (samba as PDC). Then I need to know if there are any problems with fileservers (I remember rumours about reghacks one has to apply on XP to make things work) And finally - if a machine is not part of the domain (guest-laptop): if a local XP-user with user/pass similar than on samba-server is sufficient for auth on the sambaserver ? thnx, peter -- mag. peter pilsl IT-Consulting tel: +43-699-1-3574035 fax: +43-699-4-3574035 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mounting a windows share
How can I mount a windows share on a sun machine. I am also not able to find out the smbmount on that machine. Thanks Vikas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help with samba/winbindd issues
i am having an issue with samba and winbindd copy of my smb.conf # Samba config file created using SWAT # from ws09573.rb.net (10.27.52.177) # Date: 2002/10/17 16:41:29 # Global parameters [global] workgroup = domain1 netbios name = server1 server string = SERVER1_SAMBA interfaces = lan4 127.0.0.1 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes password server = DC1 wins server = 1.1.1.1 winbind uid = 4-4 winbind gid = 5-5 template shell = /usr/bin/ksh winbind use default domain = Yes [Finance] path = /tmp/finance valid users = finance [jf] path = /tmp/jfountain username = jfountain valid users=jfountain read only = No i can access my JF directory if I do not have valid users. if i do have valid users, i get the following: # tail log.smbd Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/17 16:36:26, 0] lib/util_unistr.c:(614) load_unicode_map: filename /usr/local/samba/lib/codepages/unicode_map.850 does not exist. [2002/10/17 16:36:26, 0] lib/util_unistr.c:(614) load_unicode_map: filename /usr/local/samba/lib/codepages/unicode_map.ISO8859- 1 does not exist. [2002/10/17 16:36:31, 0] lib/util_sec.c:(111) Failed to set gid privileges to (-1,-2) now set to (0,0) uid=(0,0) [2002/10/17 16:36:31, 0] lib/util.c:(1092) PANIC: failed to set gid i can connect to the unix box ok via telnet using my nt userid/password any hints or clues? thanks!!! Jenn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mounting a windows share
- Original Message - From: Vikas Gandhi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 17, 2002 3:06 PM Subject: [Samba] Mounting a windows share How can I mount a windows share on a sun machine. I am also not able to find out the smbmount on that machine. Maybe you have to install some binaries from samba packages? or, try to use mount -t smbfs -o username=username,password=password file://nameofserver/share /mnt/yourmountpoint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Resolving NetBIOS names within linux
I want to be able to resolve windows machine names to their IP addresses while using Linux. What I'd like to be able to do, from my linux box at the command line is this, ping windows_machine_name Is there any way I can do this? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Resolving NetBIOS names within linux
On 10/17 17:07, Bert Rapp wrote: I want to be able to resolve windows machine names to their IP addresses while using Linux. What I'd like to be able to do, from my linux box at the command line is this, -- edit /etc/hosts: 192.168.x.x lame_windows_machine -- # ping lame_windows_machine -- Eric -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
Hi, Downloading the latest now. Okay, now for the scary part. This machine is live, and in use all day every day. Anything I should know about upgrading from 2.0.7 to 2.2.5? Wait until later tonight for 2.2.6 :-) :) Have now downloaded 2.2.6, thanx. Seriously, an upgrade from 2.0.7 to 2.2.6 should not be taken lightly. How big of a server and number of clietns are we talking about? It's the fileserver for a school, lab has 24 machines, and there's another dozen scattered around the school. There's only a couple hundred users all told. I'm not really doing anything special, I have a printer hung off the server, each user has their own file share, and there are two public shares. I run a connect.bat script, and that's it. If they had the budget, I'd be completely building a new server then swap them into place, but I'm stuck with what I've got :( Does SAMBA rely on anything outside it's own directory? I want to make a couple of tarballs so I can go back if needed. tar up /usr/local/samba and you should be ok. Thanx. Wish me luck. Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] upgrade samba
On Thursday 17 October 2002 06:30, Roger Schmeits wrote: How does one move from a rpm based samba to tar.gz? In other words how do I upgrade from samba-2.2.1a-4 to samba-2.2.6.tar.gz. Do I remove samba : rpm -e samba? And what do I do with the other samba rpm packages: samba-client-2.2.1a-4 samba-common-2.2.1a-4? Are they included with the tar package? Using RH7.2. The Samba team provides RPMs for RedHat. I'd recommend getting those instead of going to source. Yes, they're laid out differently - everything is in one RPM as opposed to RedHat's split of samba-client/common/server. So I recommend backing up /etc/samba, and then removing all RedHat Samba RPMs, and then installing the 2.2.6 one provided by Samba themselves. That's all there is to it! http://us4.samba.org/samba/ftp/Binary_Packages/redhat/ --Josh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] nmbd Errors
I receive the following error messages during bootup in the /var/adm/messages log file and in the /usr/local/samba/var/log.nmbd file. I am running Solaris 8 and Solaris 9 on all the Unix workstations that are receiving these type of errors. What is this error actually telling me and what can I do to resolve it? Attached is a copy of a log.nmbd file with the errors. Thanks. nmbdlog.doc Bob Jacobs Pima County Department of Transportation Technical Services Division (520) 740-6784 nmbdlog.doc Description: MS-Word document
Re: [Samba] Resolving NetBIOS names within linux
Bert Rapp wrote: I want to be able to resolve windows machine names to their IP addresses while using Linux. What I'd like to be able to do, from my linux box at the command line is this, ping windows_machine_name Is there any way I can do this? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba look at the libnss_wins.so file and add to your nsswitch.conf -- == Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 [EMAIL PROTECTED] Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba proposal document.
I have a project due at school and have chosen Samba servers to research. I am trying to find a source of information that discusses the corporate advantage to Samba. How much money can a company save in NT server licensing fees for example. Something that would help me write a fictitious business proposal. If anyone can quick point me in a direction here I would appreciate it. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] trailing $
Yeah, the approach I took was to use the %u macro, although I couldn't get it to work in the service definition, ie [%u$], so I used the include option and wrote a script to generate an include file for each user. With 2000 users, it's ugly and hackish, but it gets the job done. On Thu, 2002-10-17 at 06:26, Andrew Bartlett wrote: David Krovich wrote: Here is the situation. I have NT 4.0 acting as a PDC on machine A. On machine B, I have Sun PC Netlink running on a solaris machine. In the PDC all home dirs are mapped to \\pcnetlinkserver\username$ I'm trying to replace PC Netlink with Samba on Machine B. The problem is I can't figure out how to make samba do the right thing when presented with username$. Mounting a username without the trailing $ works, but I would like Samba to share the user's homedir when it receives a request for either \\pcnetlinkserver\username or \\pcnetlinkserver\username$. Any help would be appreciated. I tried searching, but it's tough for me to figure out how to correctly phrase my question to a search engine. Not currently supported, but would not be *too* hard to support if you really wanted to add it... Possibly you could use %u macros for it, but that stuff gets werid fast. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Username map and UNIX UID assignments
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Oct 2002, Wieprecht, Karen M. wrote: I'm testing Samba 2.2.5 with winbind. I can successfully authenticate domain users who do and don't have corresponding UNIX accounts as well as domain users who do have a UNIX account. Files created from PC side by usera show up in UNIX ls -l as owned by usera so I thought the automatic username mapping was working correctly, but I found out that usera isn't being assigned his UNIX User ID correctly. I found this because UserA doesn't have write access in the areas he should when he comes in through samba. I had usera write a file in a public space, and from the UNIX side did ls -n to show the UID assigned, and it is one of the Ids in the winbind range, not the user's UNIX UID ... I tried adding a username map to force the UID mapping explicitly, but even after doing that, the UID is still the winbind one, not the correct UNIX one. I'd like to get this working. Any tips would be most appreciated. Winbind is consulted first. Usernames that match in the Windows domain take priority. The has been a lot of discussion about this, but i'm just letting you know that this current behavior is by design. jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9rz2RIR7qMdg1EfYRAo50AJ9vJCH4NzbwSXpj8Y7DXL2d2JmRGACg3BM9 2+jUYwS7w5UjMy7ldAQB+EI= =ON4G -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] quick pam_winbind.so question
[EMAIL PROTECTED] wrote: 2.2.6 installed from rpm on rh 7.2 system... I'm trying to use pam_winbind and apache's basic authentication to restrict access to certain directories served by apache. It does work, but when I enter a wrong password I get this error in log.winbindd: Plain-text authentication for user jarboed returned NT_STATUS_WRONG_PASSWORD Is there a way that pam_winbind.so can encrypt the passwords rather than send them plaintext? All communications with the DC are encrypted - this message refers to the fact that your typed a plaintext password, rather than supplying an NTLM challange-response pair. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password aging ...
C.Lee Taylor wrote: Greetings ... A quick question more to confirm a few things reguarding SMB passwords, which I hope might be able to look at for password aging. I saw some discussion on samba-tech list, but nothing conclusive. LM and NT hashs don't have a salt? Do they? ... In other words, a password password LM hashed, always comes out as E52CAC67419A9A224A3B108F3FA6CB6D not matter the case? Just checks, but I take it a password password NT hashed is case sencetive, but still no salt, which means one could search a DB of a large number of LM or NT hashed to crack a LM/NT hash? Fun, isn't it :-) Anyway, the passwords are 'paintext equivilant', so you don't even need to crack them. I understand that we can't use PAM cracklib to do password sanity, but we could use all known hashs in a smb passwd DB, ie ... search ones local LDAP DB for matching LM/NT hashs and not accept password. But I think that the rpc's to look after password expire and sanity have not been finished, am I correct in this thinking? Password expiry is implemented in Samba 3.0, password sainity not yet implemented. (Patches welcome, see previous discussion). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba proposal document.
On Thu, 17 Oct 2002, Joe E. Fieck wrote: I have a project due at school and have chosen Samba servers to research. I am trying to find a source of information that discusses the corporate advantage to Samba. How much money can a company save in NT server licensing fees for example. Something that would help me write a fictitious business proposal. If anyone can quick point me in a direction here I would appreciate it. Joe, Suggest you contact a local PC reseller and ask for the price of MS Windows 2000 Advanced Server and the price of Windows 2000 Server Client Access Licenses (CALs). Assume you find that MS Windows 2000 Advanced Server will cost you $1000. Assume that MS Windows 2000 Server CALs (Client Access Licenses) will cost you $40 per PC. If you have a multi PC network, you would spend: No. of Servers X $1000 = Server license costs No. of PCs x $40 = Client Access Licensing costs Now, find out what will be the cost of Software Assurance and add that to the mix above. The result is what you pay for MS Windows at the back end. Now add to that the cost of IT staff to manage the server installation. To compare the cost of Samba: No. of Servers X cost of (Linux _or_ FreeBSD) = Server OS costs No. of PCs x Nothing for CALs = Nothing Add cost of staffing to keep systems alive, bingo - you are home! But what value are you going to place on: 1. Higher and more reliable uptime? 2. Ability to change code to do what you want? 3. Better ability to configure the servers - ie: Samba does great server consolidation - ie: Samba allows multiple personalities per server 4. Total control of feature creep. ie: With Samba you upgrade only if you want to. There are still servers running samba-1.9.15p8 (Dates to around NT3.5) 5. Samba gives you more performance out of your hardware - lower hardware costs Maybe some other budding list member can give you more factors to consider. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot mount with newer samba
At my nt-server, the c-drive was overfilled. After that I could not mount it from redhat7.3 samba 2.2.3. The following was said. tdb((null)): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory 1541: Connection to servername failed SMB connection failed I tried opgrading to samba 2.2.5, and I have also opgraded to redhat8.0. Now it just tell me: 1541: Connection to servername failed SMB connection failed I have an old mandrak8.0 at another partition, and it mounts the nt-server perfectly. I use exactly the same fstab line in both cases. The corresponding mount command does not mount in the redhat cases. mount -t smbfs //server/shared /mnt/g-drive -o user=user,password=pswd,uid=500,user,auto Is this a bug in the newer samba versions? Flemming -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Oct 2002 [EMAIL PROTECTED] wrote: 2.2.6 installed from rpm's on rh 7.2 system. every time a cron job runs I get this in my log.winbindd [2002/10/17 13:45:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(815) user 'root' does not exist the three important lines in my /etc/nsswitch.conf is: passwd: files winbind nisplus shadow: files nisplus group: files winbind nisplus I thought with the files first it hits /etc/passwd and shadow and doesn't mess with winbind unless it can't find the entries there. Any idea what I'm missing? What info would be more useful? smbd and nmbd are currently not running, just winbindd. This is probably due to looking up secondary groups (i.e. the group: line) not getpwnam() calls. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9rz7cIR7qMdg1EfYRAjbIAJ9So+flW6bp3b/KPl5OIstpJ+pQlACbBxC1 YhXQ2mlQBuL+IgQKe7NaP+Q= =JC0Q -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] quick pam_winbind.so question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Oct 2002 [EMAIL PROTECTED] wrote: 2.2.6 installed from rpm on rh 7.2 system... I'm trying to use pam_winbind and apache's basic authentication to restrict access to certain directories served by apache. It does work, but when I enter a wrong password I get this error in log.winbindd: Plain-text authentication for user jarboed returned NT_STATUS_WRONG_PASSWORD Is there a way that pam_winbind.so can encrypt the passwords rather than send them plaintext? pam_winbind.so does not authenticate users using plain text passwords. The messages you see (assuming you get this from 'wbinfo -a') has to do with wbinfo sending winbindd the clear text. Winbindd uses NTLMv1 for authentication. Look at a packet trace for further convincing. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9rz6KIR7qMdg1EfYRAgVEAKCIEua2twmZWGS+3jB1YN/2zFN2FgCg8nD+ iL15Hve/LuG7gmsgJi68pV4= =iOhE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.6 Compile error
Title: Samba 2.2.6 Compile error Hi , Appreciate your help I've downloaded, unzipped and untarred Samba2.2.6 on my Solaris 8 machine. Now when I do ./configure - I get the following error after a while: checking for test routines configure: error: cant find test code. Aborting config I am using gcc 2.95.3. Thanks in advance Shyama
[Samba] Samba for NCR MP-RAS Unix
Title: Samba for NCR MP-RAS Unix Hello, which of the Samba binaries will work with NCR MP-RAS UNIX? Thank you, Howard Stockdale [EMAIL PROTECTED] W - (904)634-6647 C - (904) 591-3048 F -(904) 634-6648
[Samba] Re: Unstable Samba PDC
Hi Andrew I am also experiencing these problems with 2.2.5, and would like to find a solution asap! Chris Andrew Gaffney [EMAIL PROTECTED] wrote in message news:3DAC9621.9060405;locutus2.yi.org... I set up Samba 2.2.6rc3 (also tried 2.2.4 and 2.2.5 with same effect) as a PDC. It works just fine most of the time. But once every few logons or logoffs I get errors about not being able to write files because a process is currently using them when its updating the roaming profile or a message about not being able to find the roaming profile when logging on. This happens a lot less often than the first error. Has anyone come across this before? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Another Shot At It
After receiving no response to yesterday's message, I tried some more web scouring and more tinkering and dinking around with Samba...and I discovered what may be a major key to my problem... I have 3 PC's...2 are Windoze and 1 is Linux. Windoze machines are likely to understand how to share files across subnets using the same workgroup name...but is Samba as adept? I have a feeling that is at the heart of my problem. I enabled wins support in my smb.conf and assigned the Samba box's IP address as the primary wins server on the WFW box. I also set Samba to be the domain master browser according to the instructions in BROWSING.txt. All of this, alas, was useless as I still couldn't browse the Win-duhs shares from Linux or the Linux shares from Winduhs. I feel that I'm getting much closer to my goal (file sharing without using Windows) and would really appreciate any help any of you can offer. Thanks in advance for any help you can provide. DJ Busch Here is my latest attempt at smb.conf: [global] workgroup = LEGEND netbios name = LUKE server string = Dave's Linux Experiment Gone Wrong interfaces = eth0 bind interfaces only = Yes security = SHARE encrypt passwords = Yes null passwords = Yes log file = /var/log/samba/log.%m debug level = 5 max log size = 50 ; socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 2 lm announce = yes preferred master = yes domain master = yes dns proxy = No wins support = yes guest account = doodles hosts allow = ALL hosts deny = [homes] comment = Home Directories path = /home read only = No guest ok = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [hp] path = /var/spool/samba read only = No guest ok = Yes printable = Yes printer name = hp -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT4 W2K homepath
I am using both NT4 W2k clients connecting to a Samba 2.2.3 PDC and they map homedrives differently smb.conf logon path = \\%L\profiles\%u logon drive = H: logon home = \\%L\%u\.profiles W2K ends up as HOMEDRIVE=H: HOMEPATH=\ HOMESHARE=\\fileserver\Phill\.profiles NT4 ends up as HOMEDRIVE=H: HOMEPATH=\.profiles HOMESHARE=\\fileserver\Phill I need to set logon home as abave as I also use Win98 clients. Is there any way to get W2k to behave the same as NT4? Cheers, Phill -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB.Conf when using security = domain
Jennifer Crusade wrote: well i have been trying to get my linux box to join my nt domain (not as a PDC just as a client) and it just wont join dang naggit! run smbpasswd -j mydomain -r PDC netbios name like it says to do in the book it gives me the following error: cli_net_auth2:Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds : auth2 challenge failed modify_trust_password:unable to setup the PDC credentials to machince myPDC Error was : NT_STATUS_ACCESS_DENIED 2001/01/25 20:28:46 : change_trust_account_password : failed to change password for domain mydomain unable to join domain mydomain When adding Samba to the domain, you need to specify the -U option to name the administrative account on the domain controller: smbpasswd -j DOMAIN -r PDC_NETBIOS_NAME -UAdministrator%ADMIN_PASSWORD Jay Ts -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] timeout?
Hello all, Not sure what the problem is here, running Samba 2.2.2 on Solaris 8 as an NT domain controller for NT4 workstations. When I leave NT workstations and Samba processes running for a while logins work fine, but if I restart nmbd/smbd or the workstation I start getting a Domain controller unavailable error when trying to log in. This seems to go away once I've left things up and running for a while. What is causing this? Is there a way to fix this problem? Thanks in advance! Beau -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Another Shot At It
Since you've probably enabled the firewall settings when you installed RedHat, you're probably going to need to modify the /etc/sysconfig/ipchains file. This line here is probably causing you the most problem. -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT In order to allow smb packets to be accepted you're going to need to open up the ports. The easiest way to do this (I believe) is to insert these 2 lines above the line listed above. -A input -p tcp -s 0/0 -d 0/0 137:139 -y -j ACCEPT -A input -p udp -s 0/0 -d 0/0 137:139 -y -j ACCEPT (Restart ipchains: /etc/rc.d/init.d/ipchains restart) I can't remember if you need the udp or not. This is also opens you up to anybody. You'll probably want to insert the acutal ip addresses of your two other machines in there. This could be a problem though. -A input -p tcp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT -A input -p udp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT ... One way to tell if you're got the smb ports locked down is to go to http://www.grc.com from your linux machine. Click Shields Up. It should tell you whether or not it can see your windows share. After you add the lines to open up the ports, go back to the site and try again. It should tell you the basic stuff like workgroup name. You really should invest in some type of firewalling hardware/software, preferrably something that filter packets before they get to your machines. James Hubbard DJ Busch wrote: After receiving no response to yesterday's message, I tried some more web scouring and more tinkering and dinking around with Samba...and I discovered what may be a major key to my problem... I have 3 PC's...2 are Windoze and 1 is Linux. Windoze machines are likely to understand how to share files across subnets using the same workgroup name...but is Samba as adept? I have a feeling that is at the heart of my problem. I enabled wins support in my smb.conf and assigned the Samba box's IP address as the primary wins server on the WFW box. I also set Samba to be the domain master browser according to the instructions in BROWSING.txt. All of this, alas, was useless as I still couldn't browse the Win-duhs shares from Linux or the Linux shares from Winduhs. I feel that I'm getting much closer to my goal (file sharing without using Windows) and would really appreciate any help any of you can offer. Thanks in advance for any help you can provide. DJ Busch Here is my latest attempt at smb.conf: [global] workgroup = LEGEND netbios name = LUKE server string = Dave's Linux Experiment Gone Wrong interfaces = eth0 bind interfaces only = Yes security = SHARE encrypt passwords = Yes null passwords = Yes log file = /var/log/samba/log.%m debug level = 5 max log size = 50 ; socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 2 lm announce = yes preferred master = yes domain master = yes dns proxy = No wins support = yes guest account = doodles hosts allow = ALL hosts deny = [homes] comment = Home Directories path = /home read only = No guest ok = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [hp] path = /var/spool/samba read only = No guest ok = Yes printable = Yes printer name = hp -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printer Management
Correct me if I'm wrong. With Samba 2.2.5, there is no way to get a group of users to manage printers so they be able to select/deselect duplex mode, tray, etc. Although I'm able to add a group with the Security tab and give them appropriate permissions, it doe not work from the user side - all the settings are still grayed out. P.S. I use LDAP backend if that matters. -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Need suggestions for choice of print services for Samba
I've installed Red Hat 7.3 (2.4.18-3) with Samba 2.2.3a as a standard install. I can access Samba (running as a workgroup server) from several Win clients. The Samba server is going to act as a very simple file and print server for about 10-20 users with no complex authentication or features. Can I get suggestions on which Linux print server I should run. The office has two HP Laser Jets (HP LJ 2100 and HP LJ 4000). The two printers both have jetdirect network cards connected to the local network. Which is the more stable print server which works well with Samba? Sincerely, Anders -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WIN2000 Reconnect at logon.
Samba, I'm a Unix Admin in ATT Labs and I have a request. Some of the users accessing my unix servers are running WIN2000. For the other flavors of Windows I have "mirrored" the main ATT domain passwd to the unix box passwd, therefore when rebooting they don't get promptedto key in the passwd.(To re-map the drive) This is becausemy unix boxes are in a different ATT domain. However, with WIN2000, I have no way of avoiding that window that pops up at the beginning of their logon , asking their passwd. Imirrored their passwd , butthat doesn't work. Is this a know problem? Can you help? Thanks You, Gus Della Corte 973-644-7591
Re: upgrade to 3.0alpha20: accented chars in filenames unreadable
On Wed, Oct 16, 2002 at 09:30:20AM -0500, Steve Langasek wrote: The current Debian Samba package uses the following shell snippet to convert between 2.2-style character set settings and 3.0-style settings, if the user has opted to let Debian manage the smb.conf file directly. If the user has chosen to not allow automatic management of smb.conf, any character set and client code page values in smb.conf will need to be converted by hand to the new unix charset and dos charset values. If the user previously had these settings in smb.conf, and they were converted but accents are still broken, please let me know. (Preferably, a bug would be filed with the Debian BTS.) But the problem occurs if smb.conf: - is not managed by debconf, - does not contain any character setting, Which is probably a very common situation among samba admins using debian. There should be a big warning during installation if these two condtions are met, suggesting that unix charset should be used if filenames contain accented chars. -- HIPPOLYTE: N'osez-vous confier ce secret à ma foi ? THESEE: Perfide, oses-tu bien te montrer devant moi ? (Phèdre, J-B Racine, acte 4, scène 2)
Re: [Samba] upgrade to 3.0alpha20: accented chars in filenames unreadable
On Wed, Oct 16, 2002 at 05:03:01PM +0200, Ignacio Coupeau wrote: the samba share; and the filename is impossible to modify from windows: samba log says file not found. From the shell the file looks like r?sum?.xls but the ? are actually 0x83. In a hurry I used unix charset = CP850 http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#internationalization this solved our problems (redhat 7.2; samba-3.0a20) for example in the profile load on the spanish xp (ie Star menu--menú Inicio). Thanks for sharing this. It certainly is an excellent stopgap measure, until proper filename conversion can be done. The best way, if possible, would be to retain backward compatibility for reading samba-2.2.x filenames (as with unix charset) while having new or modified files written in unicode (or whatever the default in samba-3.x). BTW: keep up the great job on your smb-ldap howto, it is a precious ressource. Cheers, -- PANOPE: Au Prince votre fils l'un donne son suffrage, Madame ; et de l'Etat l'autre oubliant les lois, Au fils de l'étrangère ose donner sa voix. (Phèdre, J-B Racine, acte 1, scène 4)
Re: [Samba] upgrade to 3.0alpha20: accented chars in filenamesunreadable
This is the proper way! If you have to maintain compatibility, you set the unix charset to be a code page instead of unicode. Or you mean you want a way to make samba recognize which kind of charset have been used previously and support both the former and utf-8 at the same time? Simo. On Thu, 2002-10-17 at 09:48, Louis-David Mitterrand wrote: On Wed, Oct 16, 2002 at 05:03:01PM +0200, Ignacio Coupeau wrote: the samba share; and the filename is impossible to modify from windows: samba log says file not found. From the shell the file looks like r?sum?.xls but the ? are actually 0x83. In a hurry I used unix charset = CP850 http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#internationalization this solved our problems (redhat 7.2; samba-3.0a20) for example in the profile load on the spanish xp (ie Star menu--menú Inicio). Thanks for sharing this. It certainly is an excellent stopgap measure, until proper filename conversion can be done. The best way, if possible, would be to retain backward compatibility for reading samba-2.2.x filenames (as with unix charset) while having new or modified files written in unicode (or whatever the default in samba-3.x). BTW: keep up the great job on your smb-ldap howto, it is a precious ressource. Cheers, -- PANOPE: Au Prince votre fils l'un donne son suffrage, Madame ; et de l'Etat l'autre oubliant les lois, Au fils de l'étrangère ose donner sa voix. (Phèdre, J-B Racine, acte 1, scène 4) -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: Hmmm. Special XP weirdness/brokenness. Windows 2K working on 2.2.2 and 2.2.5 and Windows XP Not (not the usual problems)
Alan Jones wrote: Hi, We have some special weirdness happening with Samba and windows XP here. Background: We are wanting to install a third party product passlogix, V-GO single sign on product on windows (http://www.passlogix.com), which authenticates against a windows server. Basically it uses the windows Authentication to allow the decryption of a credential database, to allow automatic signing on to many Applications. It allows a user only to have to remember a single password, and then sign on to multiple Applications. Great appplication. Useful for medicos, who otherwise have to remember 10 passwords that roll each month Etc. Anyway. To cut a long story short. We have tried this on 2.2.5 and 2.2.2 and the same thing happens. Anyway. We install the product on W2K and it works and on WINXP (against the same samba server and she broke). The product requires the user to re-authenticate prior to decrypting the credential database. This is after the domain logon? And how does it do that? When we use *DISCONNECT* the WINXP box from the network (using winXP) cached credentials, ie no samba Authentication it works like a treat. ONLY when Samba is queried she broke. Hmm - I'm assuming this is using a domain logon. It could be somthing to do with session keys, or other such fun. We can provide a copy of the passlogix product if people are keen to help. Seems like the WinXP is doing things differently. WinXP does a few things differently. :-( Now I should point out that WINXP, authenticates against the samba server as part of the windows login PERFECTLY. So as far as windows is concerned everything is nice with samba, only this third party product, which WE HAVE To RUN is broken. All help is gladly appreciated. I don't want to have to install active directory. This looks very interesting - I'll need a lot more detail before I can be much use unfortuntly. But given sufficnet traces, we should be able to track this down... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: [PATCH] Heimdal build fix
hi luke,
i have tried your patch with heimdal-0.5 and heimdal-0.4e
and added some rough configure.in-checks so that you can choose now
between your kerberbos implementation:
--with-krb5impl={heimdal,mit}Choose Kerberos 5 implementation
(default=mit)
--with-krb5libs=DIR Locate Kerberos 5 libs (default=/usr)
--with-krb5includes=DIR Locate Kerberos 5 includes (default=/usr/)
if you have choosen heimdal and configure finds your libs/includes,
HAVE_HEIMDAL is going to be set.
i also had to add $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) on several occasions
in the Makefile to link the missing krb5_set_real_time-function
(i think this should not be the long-term solution.)
everything compiles fine now (with heimdal-0.5, because 0.4e does not have
AP_OPTS_USE_SUBKEY), net ads and smbclient do work *correctly* towards
win2k advanced server, but smbd and winbindd do *not* correctly retrieve
their ticket in ads-mode. while smbd fails with:
libads/kerberos_verify.c:ads_verify_ticket(192)
krb5_rd_req with auth failed (Unknown error -1765328203)
winbind immediately panics.
i suspect that heimdal cannot correctly handle the des-cbc-md5-enctype
that ads uses when the machine is joined to the domain, but i am really
not a kerberos expert...
it would be great to finally have samba3 working with heimdal.
thanks a lot,
guenther
On Wed, Oct 09, 2002 at 05:56:17PM +1000, Luke Howard wrote:
We're using a custom version of Heimdal, so I may have left out
a few things that prevent it from building on a normal system.
Please let me know if I have and I'll fix the patch. It is also
untested right now, so you may wish to wait until I've had time
to test it before applying it. :-)
There is no auto-detection; you must configure with -DHEIMDAL.
You may also need to comment out the /usr/kerberos check in
configure.in if building on a RedHat system.
regards,
-- Luke
--
Guenther Deschner [EMAIL PROTECTED]
SuSE Linux AGGnuPG: 8EE11688
Berliner Str. 27 phone: +49 (0) 30 / 430944778
D-13507 Berlin fax: +49 (0) 30 / 43732804
--- source/include/includes.h 18 Sep 2002 19:06:58 - 1.280
+++ source/include/includes.h 9 Oct 2002 07:51:53 -
@@ -397,6 +397,9 @@
#endif
#if HAVE_KRB5_H
+#ifdef HAVE_HEIMDAL
+#define __MD5_H__
+#endif
#include krb5.h
#else
#undef HAVE_KRB5
@@ -410,6 +413,12 @@
#include ldap.h
#else
#undef HAVE_LDAP
+#endif
+
+#if HAVE_GSSAPI_H
+#include gssapi.h
+#else
+#undef HAVE_KRB5
#endif
#if HAVE_GSSAPI_GSSAPI_H
--- source/libads/kerberos_verify.c 4 Oct 2002 07:41:56 - 1.3
+++ source/libads/kerberos_verify.c 9 Oct 2002 07:51:54 -
@@ -24,6 +24,27 @@
#ifdef HAVE_KRB5
+#if defined(HAVE_HEIMDAL) !defined(XAD)
+/*
+ * This function is not in the Heimdal mainline.
+ */
+krb5_error_code krb5_set_real_time(krb5_context context,
+ int32_t seconds, int32_t microseconds)
+{
+ krb5_error_code ret;
+ int32_t sec, usec;
+
+ ret = krb5_us_timeofday(context, sec, usec);
+ if (ret)
+ return ret;
+
+ context-kdc_sec_offset = seconds - sec;
+ context-kdc_usec_offset = microseconds - usec;
+
+ return 0;
+}
+#endif /* HAVE_HEIMDAL !XAD */
+
/*
verify an incoming ticket and parse out the principal name and
authorization_data if available
@@ -36,10 +57,14 @@
krb5_keytab keytab = NULL;
krb5_data packet;
krb5_ticket *tkt = NULL;
+#ifdef HAVE_HEIMDAL
+ krb5_salt salt;
+#else
krb5_data salt;
krb5_encrypt_block eblock;
+#endif /* HAVE_HEIMDAL */
int ret, i;
- krb5_keyblock * key;
+ krb5_keyblock *key;
krb5_principal host_princ;
char *host_princ_s;
extern pstring global_myname;
@@ -48,6 +73,9 @@
krb5_data password;
krb5_enctype *enctypes = NULL;
+#ifdef XAD
+ /* We would rather use the keytab. */
+#else
if (!secrets_init()) {
DEBUG(1,(secrets_init failed\n));
return NT_STATUS_LOGON_FAILURE;
@@ -61,6 +89,7 @@
password.data = password_s;
password.length = strlen(password_s);
+#endif /* XAD */
ret = krb5_init_context(context);
if (ret) {
@@ -92,39 +121,68 @@
return NT_STATUS_LOGON_FAILURE;
}
+#ifdef HAVE_HEIMDAL
+ ret = krb5_get_pw_salt(context, host_princ, salt);
+ if (ret) {
+ DEBUG(1,(krb5_get_pw_salt failed (%s)\n, error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+#else
ret = krb5_principal2salt(context, host_princ, salt);
if (ret) {
DEBUG(1,(krb5_principal2salt failed (%s)\n, error_message(ret)));
return NT_STATUS_LOGON_FAILURE;
}
+#endif /* HAVE_HEIMDAL */
if (!(key = (krb5_keyblock *)malloc(sizeof(*key
'On the Fly' mappings and PDC/BDC interactions
I'm just wondering if anybody has considered the impact of creating 'on the fly' mappings for groups/users (uid-sid stuff) and how this plays with PDC/BDC relationships... If we have a BDC that is asked for a not-yet-mapped group, and gives it a SID, how do we get that information back to the PDC? In particular, I don't like the idea that the BDC must contact the PDC in real time here - that would seem to defeat the point of having a PDC/BDC. (In particular, I can imagine setups where the BDC simply cannot contact the PDC ever, and just assumes LDAP handles the replications). Also, it would of course need to play with 'net rpc vampire' correctly... Anyway, this area is messy. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
[PATCH] ldap connection caching (not ready!!!)
Hi Andrew,
here's the NOT READY version of my ldap connection chaching patch
metze
-
Stefan metze Metzmacher [EMAIL PROTECTED]
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#*
HEAD/source/passdb/pdb_ldap.c HEAD-pdb/source/passdb/pdb_ldap.c
--- HEAD/source/passdb/pdb_ldap.c Thu Oct 17 14:32:53 2002
+++ HEAD-pdb/source/passdb/pdb_ldap.c Thu Oct 17 14:29:57 2002
@@ -681,6 +681,11 @@ static BOOL init_sam_from_ldap (struct l
pstrcpy(nt_username, username);
pstrcpy(domain, lp_workgroup());
+
+ pdb_set_username(sampass, username, PDB_SET);
+
+ pdb_set_domain(sampass, domain, PDB_DEFAULT);
+ pdb_set_nt_username(sampass, nt_username, PDB_SET);
get_single_attribute(ldap_struct, entry, rid, temp);
user_rid = (uint32)atol(temp);
@@ -848,9 +853,10 @@ static BOOL init_sam_from_ldap (struct l
memset(hours, 0xff, hours_len);
if (!get_single_attribute (ldap_struct, entry, lmPassword, temp)) {
- /* leave as default */
+ DEBUG(2,(no lmPassword found for user:
+%s\n,pdb_get_username(sampass)));
} else {
pdb_gethexpwd(temp, smblmpwd);
+ DEBUG(2,(lmPassword found for user: %s
+%s\n,pdb_get_username(sampass),temp));
memset((char *)temp, '\0', strlen(temp)+1);
if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET))
return False;
@@ -858,9 +864,10 @@ static BOOL init_sam_from_ldap (struct l
}
if (!get_single_attribute (ldap_struct, entry, ntPassword, temp)) {
- /* leave as default */
+ DEBUG(2,(no ntPassword found for user:
+%s\n,pdb_get_username(sampass)));
} else {
pdb_gethexpwd(temp, smbntpwd);
+ DEBUG(2,(ntPassword found for user: %s
+%s\n,pdb_get_username(sampass),temp));
memset((char *)temp, '\0', strlen(temp)+1);
if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET))
return False;
@@ -881,11 +888,6 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_hours_len(sampass, hours_len, PDB_SET);
pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
- pdb_set_username(sampass, username, PDB_SET);
-
- pdb_set_domain(sampass, domain, PDB_DEFAULT);
- pdb_set_nt_username(sampass, nt_username, PDB_SET);
-
pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
/* pdb_set_unknown_3(sampass, unknown3, PDB_SET); */
@@ -1217,6 +1219,50 @@ static uint32 ldapsam_get_next_available
}
/**
+Connect to LDAP server
+*/
+static NTSTATUS ldapsam_open(struct pdb_methods *my_methods)
+{
+ struct ldapsam_privates *ldap_state = (struct ldapsam_privates
+*)my_methods-private_data;
+
+ if (ldap_state-ldap_struct != NULL) {
+ DEBUG(4,(The connection to the LDAP server is up\n));
+ /* maybe we should check if the connection is still up --metze*/
+ return NT_STATUS_OK;
+ }
+
+ if (!ldapsam_open_connection(ldap_state, ldap_state-ldap_struct)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ if (!ldapsam_connect_system(ldap_state, ldap_state-ldap_struct)) {
+ ldap_unbind(ldap_state-ldap_struct);
+ ldap_state-ldap_struct = NULL;
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ DEBUG(4,(The LDAP server is succesful connected\n));
+
+ return NT_STATUS_OK;
+}
+
+/**
+Disconnect from LDAP server
+*/
+static NTSTATUS ldapsam_close(struct pdb_methods *my_methods)
+{
+ struct ldapsam_privates *ldap_state = (struct ldapsam_privates
+*)my_methods-private_data;
+
+ if (ldap_state-ldap_struct != NULL) {
+ ldap_unbind(ldap_state-ldap_struct);
+ ldap_state-ldap_struct = NULL;
+ }
+
+ DEBUG(5,(The connection to the LDAP server was closed\n));
+ /* maybe free the results here --metze */
+
+ return NT_STATUS_OK;
+}
+
+/**
Connect to LDAP server for password enumeration
*/
static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
@@ -1226,11 +1272,8 @@ static NTSTATUS ldapsam_setsampwent(stru
int rc;
pstring filter;
- if (!ldapsam_open_connection(ldap_state, ldap_state-ldap_struct)) {
- return ret;
- }
- if (!ldapsam_connect_system(ldap_state,
Re: [PATCH] rid allocator in passdb backend
This patch does not yet handle the case where we already have a sambaDomainInfo entry, but no rid attribute. I do not know how you can make sure that you do not end up with to rid attributes. Does anybody know how to do this? Define the rid attribute to be SINGLE-VALUE in the schema. Matt Pavlovich
Re: Bug in samba 2.2 + kernel 2.4?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Oct 2002, Jon Monroe wrote: I'm seeing tons of leftover directory handles for any directories visited on a samba share (via a win2k/win9x workstation). For every directory access inside a samba share, 3 handles are initially opened -- 2 read handles, and a single CWD handle. The CWD handle goes away, but the read handles sit around forever, or until you kill the smbd process that opened them. These add up pretty quick. What's really weird is I only see this on kernel 2.4 (2.4.18). If I go back to my old kernel 2.2 box, the problem doesn't seem to exist. No idea, but disablign kernel oplocks comes to mind. This is all off the top of my head of course. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9rz+fIR7qMdg1EfYRAiMmAKCRj64jrHdIXuFur3u3FFLjCa+QJgCg3yyp Ytk5Ws633fl59RMaeTGL1WI= =6JCH -END PGP SIGNATURE-
Failed to open /usr/local/samba/private/secrets.tdb
All, TIA, I have a feeling this is a question everyone knows the answer to but me, why do I keep getting the message: Failed to open /usr/local/samba/private/secrets.tdb Solaris 8 02/02 release. private/secrets.tdb does not exist, and /usr/local/samba is root:other ownership. /etc/init.d/samba.server start will start smbd and nmbd, nbtstat shows the share, but I can't create any samba users. smb.conf and smb.log at bottom. When I run: #smbpasswd -a root Failed to open /usr/local/samba/private/secrets.tdb New SMB password: Retype new SMB password: unable to open passdb database. startsmbfilepwent_internal: too many race conditions creating file /usr/local/samba/private/smbpasswd add_smbfilepwd_entry: unable to open file. Failed to add entry for user root. Failed to modify password entry for user root # This is created: Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/16 11:41:56, 0] passdb/secrets.c:secrets_init(43) Failed to open /usr/local/samba/private/secrets.tdb [2002/10/16 11:41:57, 0] passdb/machine_sid.c:pdb_generate_sam_sid(163) pdb_generate_sam_sid: Failed to store generated machine SID. [2002/10/16 11:41:57, 0] smbd/server.c:main(793) ERROR: Samba cannot create a SAM SID. [2002/10/16 11:43:31, 0] smbd/server.c:main(707) smbd version 2.2.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/16 11:43:31, 0] passdb/secrets.c:secrets_init(43) Failed to open /usr/local/samba/private/secrets.tdb [2002/10/16 11:43:31, 0] passdb/machine_sid.c:pdb_generate_sam_sid(163) pdb_generate_sam_sid: Failed to store generated machine SID. [2002/10/16 11:43:31, 0] smbd/server.c:main(793) ERROR: Samba cannot create a SAM SID. - smb.conf - # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not many any basic syntactic errors. # #=== Global Settings = [global] ## ## Basic Server Settings ## # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = MYGROUP # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1 hosts allow = 10.53.210.32 10.53.210.31 127.0.0.1 # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /usr/local/samba/var/log.%m # How much information do you want to see in the logs? # default is only to log critical messages ; log level = 4 # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /usr/local/samba/lib/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 ; socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces and want to limit smbd will # use, list the ones desired here. Otherwise smbd nmbd will bind to all # active interfaces on the system. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 interfaces = 10.53.208.24/24 # Should smbd report that it has MS-DFS Capabilities? Only available # if --with-msdfs was passed to ./configure ; host msdfs = yes ## ## Network Browsing ## # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ;
Re: Bug in samba 2.2 + kernel 2.4?
Hi Jerry, I tried disabling kernel oplocks. I also tried disabling in different combinations: oplocks level2 oplocks posix locking locking All variations seem to produce similar results -- 2 extra directory locks for each directory for each visitation. I'm going to try kernel 2.4.19 when I get the chance. Thanks again! Jon At 05:54 PM 10/17/2002 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Oct 2002, Jon Monroe wrote: I'm seeing tons of leftover directory handles for any directories visited on a samba share (via a win2k/win9x workstation). For every directory access inside a samba share, 3 handles are initially opened -- 2 read handles, and a single CWD handle. The CWD handle goes away, but the read handles sit around forever, or until you kill the smbd process that opened them. These add up pretty quick. What's really weird is I only see this on kernel 2.4 (2.4.18). If I go back to my old kernel 2.2 box, the problem doesn't seem to exist. No idea, but disablign kernel oplocks comes to mind. This is all off the top of my head of course. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9rz+fIR7qMdg1EfYRAiMmAKCRj64jrHdIXuFur3u3FFLjCa+QJgCg3yyp Ytk5Ws633fl59RMaeTGL1WI= =6JCH -END PGP SIGNATURE-
[PATCH] rid allocator in passdb backend
Hi!
This patch puts a RID allocator into the passdb backend. The outside interface
are two calls.
pdb_max_used_rid is for net rpc vampire to set the maximum RID that the PDC
gave us.
pdb_allocate_rid_for_gid allocates a new RID for the given unix group id. The
passdb backend must allocate RIDs for users itself. The group mapping code
should be able to get a new RID. The unix gid is handed to the pdb backend for
smbpasswd an unixsam to be able to use the algorithmic mapping.
The interface is definitely not the last word, as the group mapping might one
day be moved into the passdb backend.
One interesting part here might be the LDAP schema change which is to be
discussed.
The LDAP routines themselves quite reliably do an atomic set and increment. I
tested it with my laptop and 100 (really) concurrent pdbedit processes beating
the OpenLDAP 2.0.12. The random function in the sleep should probably done
differently. On my machine 100 concurrent processes can quite reliably get
their RID with a modulo of 200, 200 processes need more. But this is a bit
extreme load. At least I never got corruption.
The tdb backend could handle a load of 500 with no problem at all.
Volker
Index: examples/LDAP/samba.schema
===
RCS file: /data/cvs/samba/examples/LDAP/samba.schema,v
retrieving revision 1.8
diff -u -r1.8 samba.schema
--- examples/LDAP/samba.schema 19 Jul 2002 16:03:52 - 1.8
+++ examples/LDAP/samba.schema 17 Oct 2002 18:19:28 -
-110,6 +110,11
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'domainSID'
+ DESC 'Domain SID'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
##
## The smbPasswordEntry objectclass has been depreciated in favor of the
## sambaAccount objectclass
-138,6 +143,11
logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
description $ userWorkstations $ primaryGroupID $ domain ))
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaDomainInfo' SUP top AUXILIARY
+ DESC 'Samba Domain Information'
+ MUST ( domain )
+ MAY ( rid $ domainSID ))
##
## Used for Winbind experimentation
Index: source/include/passdb.h
===
RCS file: /data/cvs/samba/source/include/passdb.h,v
retrieving revision 1.20
diff -u -r1.20 passdb.h
--- source/include/passdb.h 12 Oct 2002 03:38:07 - 1.20
+++ source/include/passdb.h 17 Oct 2002 18:19:29 -
-64,6 +64,10
NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT
*username);
+
+ NTSTATUS (*pdb_allocate_rid_for_gid)(struct pdb_context *, gid_t, uint32 *);
+
+ NTSTATUS (*pdb_max_used_rid)(struct pdb_context *, uint32);
void (*free_fn)(struct pdb_context **);
-95,6 +99,10
NTSTATUS (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass);
NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username);
+
+ NTSTATUS (*allocate_rid_for_gid)(struct pdb_methods *, gid_t, uint32 *);
+
+ NTSTATUS (*max_used_rid)(struct pdb_methods *, uint32);
void *private_data; /* Private data of some kind */
Index: source/passdb/pdb_interface.c
===
RCS file: /data/cvs/samba/source/passdb/pdb_interface.c,v
retrieving revision 1.25
diff -u -r1.25 pdb_interface.c
--- source/passdb/pdb_interface.c 26 Sep 2002 09:50:52 - 1.25
+++ source/passdb/pdb_interface.c 17 Oct 2002 18:19:29 -
-162,6 +162,34
return context-pdb_methods-add_sam_account(context-pdb_methods, sam_acct);
}
+static NTSTATUS context_allocate_rid_for_gid(struct pdb_context *context, gid_t gid,
+uint32 *rid)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ if ((!context) || (!context-pdb_methods)) {
+ DEBUG(0, (invalid pdb_context specified!\n));
+ return ret;
+ }
+
+ return context-pdb_methods-allocate_rid_for_gid(context-pdb_methods, gid,
+rid);
+}
+
+static NTSTATUS context_max_used_rid(struct pdb_context *context, uint32 rid)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ if ((!context) || (!context-pdb_methods)) {
+ DEBUG(0, (invalid pdb_context specified!\n));
+ return ret;
+ }
+
+ /** todo This is where a 're-read on add' should be done */
+ /* We now add a new account to the first database listed.
+* Should we? */
+
+ return context-pdb_methods-max_used_rid(context-pdb_methods, rid);
+}
+
static NTSTATUS
Re: [PATCH] rid allocator in passdb backend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi again! This patch puts a RID allocator into the passdb backend. The outside interface are two calls. I forgot one thing: This patch does not yet handle the case where we already have a sambaDomainInfo entry, but no rid attribute. I do not know how you can make sure that you do not end up with to rid attributes. Does anybody know how to do this? Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Key-ID ADE377D8, Fingerprint available: phone +49 551 370 iD8DBQE9rwPqZeeQha3jd9gRAgwUAJ0Xg4Ie7/lpmyzycQHOJX6RPRampACdHLcP AJ1J4CSR8OGLq2WAAa0AdDI= =7RSP -END PGP SIGNATURE-
Quick, outdated share-level question.
For my book... Do I understand correctly that Samba does not offer a per-share password, even when running under security=share? In the original, outdated design of SMB (COREP.TXT) passwords were assigned to shares. I don't see a mechanism in newer Samba docs that allows for a per-share password (though there are a lot of docs and I have been known to lose track of the nose on my face--folks who've met me face-to-face will find that hard to believe). It looks as though there's a fudge in place to make username/password pairs work instead. I'm curious, only for documentation purposes. If there is no share password support I think it makes sense. It's just that it's not what W/9x does. :) Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: [PATCH] ldap connection caching (not ready!!!)
Stefan (metze) Metzmacher wrote:
Hi Andrew,
here's the next NOT WORKING version of my ldap connection chaching patch
there's a problem with the LM and NT passwords.
I've got the following errors??? Can anybody test it I can't find the bug
:-( I'm sitting here for hours now...
btw the ldap server send's the password, I see them in ethereal. AND HEAD
WORKS!???
A 'make clean' can do wonders...
In any case, what do you mean by 'HEAD works'? Is your patch against
3.0 + your passdb patch or .. ?
On the patch - the 'wrapper' functions need to include a while loop.
do {
try again()
} while (error == LDAP_SERVER_DOWN)
With appropirate sleep/backoff - see the nss_ldap code for a good
example.
While doing a 'ping' to the server before we start catches most of the
dropout cases, it does add latency (may or may not be an issue), and we
really need to deal with it in the actual operation I think.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
CVS update: samba/source/utils
Date: Thu Oct 17 16:26:03 2002 Author: mbp Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv30095/utils Added Files: Tag: APPLIANCE_HEAD psec.c Log Message: Copy tim's psec utility across from the testsuite/ directory into here. By building it as part of the regular Samba source, we avoid difficulties in the HP makefiles. Revisions: psec.c NONE = 1.1.2.1 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/psec.c?rev=1.1.2.1
CVS update: samba/source
Date: Thu Oct 17 16:35:10 2002 Author: mbp Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv30885 Modified Files: Tag: APPLIANCE_HEAD Makefile.in Log Message: Add psec targets to samba/source Makefile. Not built by default; can get it with 'make psec'. Revisions: Makefile.in 1.223.2.34 = 1.223.2.35 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.223.2.34r2=1.223.2.35
CVS update: samba/source/rpc_parse
Date: Thu Oct 17 06:39:44 2002 Author: tpot Update of /data/cvs/samba/source/rpc_parse In directory dp.samba.org:/tmp/cvs-serv30936/rpc_parse Modified Files: parse_spoolss.c Log Message: When unmarshalling a relstr, don't unmarshall the string data if the offset is zero. Previously we were jumping to the start of the parse buffer (i.e offset zero) and reading string data until we hit a terminating NULL. Test case: in a PRINTER_INFO_0 structure, the servername field may be NULL when doing an enumprinters with flags = PRINTER_ENUM_LOCAL. Revisions: parse_spoolss.c 1.190 = 1.191 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_parse/parse_spoolss.c?r1=1.190r2=1.191
CVS update: samba/source/rpc_parse
Date: Thu Oct 17 06:44:33 2002 Author: tpot Update of /data/cvs/samba/source/rpc_parse In directory dp.samba.org:/tmp/cvs-serv31493 Modified Files: Tag: SAMBA_3_0 parse_spoolss.c Log Message: Merge NULL relstr fix from HEAD. Revisions: parse_spoolss.c 1.155.2.5 = 1.155.2.6 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_parse/parse_spoolss.c?r1=1.155.2.5r2=1.155.2.6
CVS update: samba/source/client
Date: Thu Oct 17 17:10:23 2002 Author: jra Update of /data/cvs/samba/source/client In directory dp.samba.org:/tmp/cvs-serv19403/client Modified Files: Tag: SAMBA_3_0 smbspool.c Log Message: Added new error codes. Fix up connection code to retry in the same way that app-head does. Jeremy. Revisions: smbspool.c 1.15.2.2 = 1.15.2.3 http://www.samba.org/cgi-bin/cvsweb/samba/source/client/smbspool.c?r1=1.15.2.2r2=1.15.2.3
