[Samba] RE: samba problem

[geralds]

Hi Alexander,

The kind of firewall i have uses the basic iptables which came with the 
installation CDs of linux-SuSE.

I installed SuSE 8.1 which has a firewall that has to be activated. But now, u 
know, i can't find the file containing the iptables so as to adjust the 
rules. When i try iptables -L in console mode i can see all the rules.

I think i need to add some new rules in the iptables so that samba works 
properly. What's yo opinion?

So, could u be knowing the configuration file and path for the firewall rules?
My kernel is 2.4.19.
'hope to hear from u any time. 
Thanks.
Rgds,
   Segie.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba manpages

[Karel Kulhav]

Hello

I discovered one can get Samba manpages either by make install
from samba sources (samba-3.0.2/sources: make install) or by downloading
for example samba-20040215.tar.bz and manually copying the contents
of manpages/ subdirectory into /usr/local/samba/man.

Are both these sources of manpages equivalent? Which one of them should
be used officially? Are the manpages in source tarball obsolete somehow?

Cl
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] OT: Re: samba problem (with firewalls)

[Alexander Goeres]

Hi!

If this firewall is iptables, then the problem with samba could be, that the 
iptables-rules allow the forwarding on ip-packet through the firewall-gateway 
but nothing is allowed to contact the gateway itself.
In normal iptables-rules, the default policy for everything should be set to 
drop. Then the necessary ports are opend. 
There are 3 directions: forward (to forward packets from one net o another), 
input and output. The last two apply to the firewall gateway itsself.

I don't know about the exact form of SuSEs rules, but to allow contact from 
the internal net to the gateway-samba-machine, there should be some rules 
like this:
iptables -A INPUT -s ip-address.of.internal.net -p tcp -i interface-to 
-internal-net -j ACCEPT
iptables -A INPUT -s ip-address.of.internal.net -p udp -i interface-to 
-internal-net -j ACCEPT
iptables -A OUTPUT -d ip-address.of.internal.net -p tcp -o interface-to 
-internal-net -j ACCEPT
iptables -A OUTPUT -d ip-address.of.internal.net -p udp -o interface-to 
-internal-net -j ACCEPT

These rules should allow for any contact from the internal net to the 
gatway-firewall-machine and the correspondig responses (for all ports). If 
this is too crude for your needs you could refine it with some restictions to 
the ports used by samba (137, 138, 139, 445, as far as I know). If this 
doesn't work, then perhaps you have to allow contact to the 
loopback-ip-addess.

There's an extensive and very goot HowTo about iptables-firewall-rules at
http://iptables-tutorial.frozentux.net/iptables-tutorial.html (by Oskar 
Andreasson)

Hope it helps,

Alexander
-- 
Netzwerk-  Systemadministrator
---
agoeres _at_ lieblinx.net
tel.: +49 (0)30 / 61 20 26 87
fax: +49 (0)30 / 61 20 26 89
---
lieblinxNET
 we do software
a Marwood  Thiele GbR
---
reichenberger straße 125
10999 Berlin

http://lieblinx.net
---
Am Donnerstag, 12. Februar 2004 18:05 schrieb geralds:
 Hi Alexander,

 The kind of firewall i have uses the basic iptables which came with the
 installation CDs of linux-SuSE.

 I installed SuSE 8.1 which has a firewall that has to be activated. But
 now, u know, i can't find the file containing the iptables so as to adjust
 the rules. When i try iptables -L in console mode i can see all the
 rules.

 I think i need to add some new rules in the iptables so that samba works
 properly. What's yo opinion?

 So, could u be knowing the configuration file and path for the firewall
 rules? My kernel is 2.4.19.
 'hope to hear from u any time.
 Thanks.
 Rgds,
Segie.


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] winbindd krb5_get_credentials errors

[ww m-pubsyssamba]

Hi All,

can someone elaborate on the cause of my problem mentioned below? Service 
records exist for DC's only on DNS servers in that domain (ie DNS server in domain X 
has service records only for all DC's in domain X and so on for each domain), should 
normal DNS forwarding not allow a client in one domain to read the service record data 
from another? Normal host records for all domains in the forest are resolveable via 
DNS forwarding. Otherwise I'll need to have service records for all our DC's in all 6 
domains in every DNS server in the forest which is not practical!?!

thanks in advance, Andy.


 can you explain the many instances (against different 
 server) of errors of the type from winbindd?,
 
 krb5_get_credentials failed for [EMAIL PROTECTED] 
 (Cannot find KDC for requested realm)

KDC's must either be able to be found in DNS (using the SRV records etc)
or be in /etc/krb5.conf.  

Andrew Bartlett
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Only browsing and net view \\smbserver fails with unassigned share names :(

[Edmond]

Dear Samba List,

I'm having a browsing problem with W2k on my 2.0.9 Samba
server and now you are my last hope to help me solving my problem.
Not working is access from Win2k Clients:

net view \\ixdp425 is the first test that fails, not meaning
to terminate with error, but to produce the following unexpected output:
Name Typ  LokalBeschreibung (Description)
---
  IPC
  Platte (Disk)
Der Befehl wurde erfolgreich ausgeführt. (Command terminated successfully!)
Searching for Computers in W2k will also not produce any results
When samba isn't running the Server
Browsing Entire Network will produce an Error:
Ixdp425 cannot be accessed, the network name was not found.
Explorer is showing up two shares but they don't have any
names assigned to.
What is working:
But I'm able to net use the shares from the W2k clients, or to direct
access the shares by name e.g. with win commander by cd \\ixdp425\temp
Access from Linux Client is fine and produces the following:
Domain=[HOME] OS=[Unix] Server=[Samba 2.0.9]
  Sharename  Type  Comment
  -    ---
  temp   Disk  temporary space
  IPC$   IPC   IPC Service (Samba 2.0.9)
  Server   Comment
  ----
  IXDP425  Samba 2.0.9
  MOBILE
  WorkgroupMaster
  ----
  HOME IXDP425
I also tried Samba 2.0.7 before, I tried from my W2k Notebook with almost no
included Service Packs
My server is an Intel Arm Xscale based on Snapgears uC-Linux with Glibc
2.2.5, I'm running the Intel Access Library Version 1.4 and Kernel Version 2.4.20
My smb.conf is as following simple
snip
[global]
  workgroup=OFFICE
  encrypt passwords=yes
  netbios name=ixdp425
  preferred master = yes
  local master = yes
  domain master = yes
  browseable = yes
[temp]
  comment = temporary space
  browse list = yes
snap
I tried almost every complex and simple configuration, with/without
lokal and/or domain masters for more then 4days now without success.
So I hope someone else has some better ideas to solve my problem than me.

Thanks in advance and best regards,

Edmond

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbindd krb5_get_credentials errors

[Carchereux Agnès]

Hi everybody
Could you explain me whay is the subject of this mailing list? 
 I subscribed it because I wanted to have some information about samba... And you talk 
about servers and electronic problems... Please tell me why! 
Best regards, Agnès

ww m-pubsyssamba [EMAIL PROTECTED] wrote:
Hi All,

can someone elaborate on the cause of my problem mentioned below? Service records 
exist for DC's only on DNS servers in that domain (ie DNS server in domain X has 
service records only for all DC's in domain X and so on for each domain), should 
normal DNS forwarding not allow a client in one domain to read the service record data 
from another? Normal host records for all domains in the forest are resolveable via 
DNS forwarding. Otherwise I'll need to have service records for all our DC's in all 6 
domains in every DNS server in the forest which is not practical!?!

thanks in advance, Andy.


 can you explain the many instances (against different 
 server) of errors of the type from winbindd?,
 
 krb5_get_credentials failed for [EMAIL PROTECTED] 
 (Cannot find KDC for requested realm)

KDC's must either be able to be found in DNS (using the SRV records etc)
or be in /etc/krb5.conf. 

Andrew Bartlett
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba

-
Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
Créez votre Yahoo! Mail
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA Problems

[Sarel Pretorius]

Hi,

I am setting up a small network with a Linux machine running SAMBA.

I have no problems connecting from a Windows 95 machine to the
SAMBA server.

However, I can't connect from a SuSE Linux 9.0 machine.

It does not seem to find any servers on the network from the Linux
machine.

Lisa is running.

What am I missing?

Thanks

Sarel.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Roman numerals in Samba HOWTO collection

[Karel Kulhavy]

Hello

What is the purpose of Roman numbering of pages in Samba HOWTO
Collection?

Cl
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA Problems

[Radu - Eosif Mihailescu]

lisa.conf ;)
(it worked for me)
Radu - Eosif Mihailescu

Sarel Pretorius wrote:

Hi,

I am setting up a small network with a Linux machine running SAMBA.

I have no problems connecting from a Windows 95 machine to the
SAMBA server.
However, I can't connect from a SuSE Linux 9.0 machine.

It does not seem to find any servers on the network from the Linux
machine.
Lisa is running.

What am I missing?

Thanks

Sarel.

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roman numerals in Samba HOWTO collection

[Andrew Bartlett]

On Mon, 2004-02-16 at 21:37, Karel Kulhavy wrote:
 Hello
 
 What is the purpose of Roman numbering of pages in Samba HOWTO
 Collection?

To increase proficiency in Roman numerals naturally!

(It's probably just a glitch in the XSLT stylesheet - getting that
monster to generate at all is quite an achievement).

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NT4 Migration - Samba 3.0.2a + LDAP

[Andrew Bartlett]

On Mon, 2004-02-16 at 16:35, Beast wrote:
 * Andrew Bartlett [EMAIL PROTECTED] nulis:
 
  On Sat, 2004-02-14 at 20:18, Pirkka Luukkonen wrote:
   Hi!
   
   How can I maintain users old NT RIDs while migrating to Samba PDC when they
   start from 1000. The RID to UID conversion algorithm is RID = 2 * UID + 1000
   so the user with RID of 1000 would be root (0 * 2 + 1000 = 1000) on Unix.
   Maintaining the old RIDs is essential for migrating on-the-fly, because
   re-adding hundreds of computers to domain and losing local user profiles is
   not an option.
 
 
 The only way to achieve these requirement is to use pwdump on NT PDC.

I don't see how this is relevant.  'net rpc vampire' gets the passwords
very nicely and migrates much more than pwdump.  As I said, in
particular it gets the SIDs right.

 From there you'll get old RID and hashes for machine+useraccount.
 Beware that pwdump sometimes can not retrive the hashes and hashes for machine is 
 not correct if machine is joined more than x months.
 
 x = unknown value, maybe 1 or 2.

The issue would no doubt be the same for 'net rpc vampire', as they read
the same password database.

 Thanks for asking, I have similar questions. Is there any (big)

  company migrate from NT4 to samba3 (with at least 500 clients)? 
 How they migrate? build fresh domain name or using existing domain 
 name? How they avoid re-join all clients?
 
 Any body here using samba 3 on production with  500 win clients?

They use 'net rpc vampire', as documented in the HOWTO.  This ensures
that the SIDs are accurate, as are the passwords.  The clients should
not be able to tell the difference (or wont care, once you get the
fundamentals right)

You need to use 'ldapsam' or 'tdbsam', you cannot use smbpasswd.  Both
backends can store arbitrary RIDs, to satisfy exactly this requirement.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NT4 Migration - Samba 3.0.2a + LDAP

[Beast]

* Andrew Bartlett [EMAIL PROTECTED] nulis:

 On Mon, 2004-02-16 at 16:35, Beast wrote:
  * Andrew Bartlett [EMAIL PROTECTED] nulis:
  
   On Sat, 2004-02-14 at 20:18, Pirkka Luukkonen wrote:
Hi!

How can I maintain users old NT RIDs while migrating to Samba PDC when they
start from 1000. The RID to UID conversion algorithm is RID = 2 * UID + 1000
so the user with RID of 1000 would be root (0 * 2 + 1000 = 1000) on Unix.
Maintaining the old RIDs is essential for migrating on-the-fly, because
re-adding hundreds of computers to domain and losing local user profiles is
not an option.
  
  
  The only way to achieve these requirement is to use pwdump on NT PDC.
 
 I don't see how this is relevant.  'net rpc vampire' gets the passwords
 very nicely and migrates much more than pwdump.  As I said, in
 particular it gets the SIDs right.
 

OK, Thanks. I'll try it again. Last time vampiring my NT (with samba 3.0.1), the samba 
password attribute was only filled with 'XXX' (it was from smb-ldaptools i guess)

With pwdump, you get the full control of account creation as well as any necessary 
attributes. Good if you already has account stored on ldap for another purpose.

  From there you'll get old RID and hashes for machine+useraccount.
  Beware that pwdump sometimes can not retrive the hashes and hashes for machine is 
  not correct if machine is joined more than x months.
  
  x = unknown value, maybe 1 or 2.
 
 The issue would no doubt be the same for 'net rpc vampire', as they read
 the same password database.
 

Last week migrating my smallest site with 60+ pc clients, only 1 (one) machine which 
is joined recently is able to login, other need to rejoin to NT domain and then obtain 
the new machine password with pwdump.
Random sample from other site which machine was joined more than 6 months old get same 
results.
It was strange, renaming machine name won't change the password also. So far I've 
found no problem with account password. 
Bugs or expected behaviour?

 You need to use 'ldapsam' or 'tdbsam', you cannot use smbpasswd.  Both
 backends can store arbitrary RIDs, to satisfy exactly this requirement.
 

I use ldapsam only.

 Andrew Bartlett

Tks.

--beast

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Wrong owner file for the admin group

[Gustavo Ceresoli]

Hi, when I use the parameter domain admin group = @admin in my smb.conf, 
anyone user for the group admin create a file (in your home, or profile, or any 
resource) and the owner for this file is root.

I would wish that the owner is the real user instead of root.

I tried using the parameter force user=%U but don work.

Somebody can help me?

Thank

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Documentation bug? domadm privileges

[Karel Kulhavy]

Hello

I have been solving a problem how to make a nonroot user able to administer
the domain (add users, groups, modify them etc.) from Windows workstation
using usrmgr.exe

It looks like what is stated in Samba HOWTO collection as prerequisites
is not enough.

First I found Chapter 12 cxl How to make Samba PDC users member of the Domain
Admins group - made the nonroot user member of domadm group, added domadm
unix group and groupmapped Domain Admins NT group to domadm UNIX group.

This didn't work. I suggest changing steps describe how to make Samba PDC
users members of the Domain Admins to steps describe how to make Samba
PDC users members of the Domain Admins (note that this won't assure same
functionality as being a Domain Admin on an NT4 PDC, for further details,
see 12.2.1 Important Administrative Information (page cxli) (why the heck
was the numbering changed from Arabic to Roman numerals?).

Then I searched further for the term 'Admins' in the Samba HOWTO Collection pdf
and found 12.2.1 Important Administrative Information. It states among others:
[...]adding users or groups, requires root level privilege.[...]Provision
of root privileges can be done [...] by permitting [...] users to use a UNIX
account that is a member of the UNIX group that has a GID=0 as the primary group in
the /etc/passwd database.

So I made the non-root user's primary group root (GID=0) and it still didn't
work. I tried to restart samba. Still didn't work. Logout user from Windows
and login back. Still didn't work. Restart samba again. Still didn't work.

- Is there a place in the HOWTO that describes how to determine what sequence
of reboots, logouts, domain removal and reattachments and Samba restarts
is necessary to assure integrity of any given operation when dealing with Samba?

Then I discovered another place in Samba HOWTO that contains example:
Section 31.2. Migration Options cdxv (why the heck were the Arabic numerals
replaced with Roman? Comparison of two Roman numeral takes about a minute
to me and decreases the speed of manual binary search for a given page by
several orders of magnitude)

5. Now assign each of the UNIX groups to NT groups:
[...]
# First assign well known domain global groups
net groupmap modify ntgroup=Domain Admins unixgroup=root rid=512

This didn't work:
oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root
rid=512
Bad option: rid=512
However I got the idea behind the command and tried:
net groupmap modify ntgroup=Domain Admins unixgroup=root
oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root   
Updated mapping entry for Domain Admins
oberon root # net groupmap list
[...]
Domain Admins (S-1-5-21-3784068046-1792391053-1311982112-512) - root

Suggestion: replace
net groupmap modify ntgroup=\Domain Admins\ unixgroup=root rid=512
in the Samba HOWTO Collection with
net groupmap modify ntgroup=\Domain Admins\ unixgroup=root

After that I reloaded Samba and tried the running usrmgr.exe: Invalid handle.
Exited the usrmgr.exe and restarted usrmgr.exe (without logout) and it --
MIRACULOUSLY WORKED!

Suggestion: replace Users of such accounts can use tools like the NT4 Domain
User Management with Users of such accounts cannot still use tools like the
NT4 Domain User Management because having root as primary group is not enough.
However, if the Domain Admins group is in addition mapped to root group, this
task becomes possible into chapter 12.2.1 Important Administrative Information
(page cxli) 

Cl
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with NT - Samba User Configuration: Probably very simple

[Sebuwufu Raymond (UK)]

Hi All,
my problem is I am unable to configure an NT user to access a UNIX Tru64
5.1b share from their PC. I am running Samba 2.0.7 and it runs as a domain
member.

Here are the steps I have completed without success:

Assuming ntuser is the NT username used to log into the NT workstation/PC.


1. Created UNIX user username
2. Created UNIX directory /usr/users/username/input
3. Appended following line to a user name mapping file defined in smb.conf
with the parameter username map = ...:
username = ntuser

Note: The user name mapping file already contained an entry for another user
and the one above was appended to the file.

4. Added the following to smb.conf:

[servicename] 
comment = 'etc'
path = /usr/users/username/input 
valid users = username
public = no 
writable = yes 
printable = no

5. Restarted the samba daemons.

Can anyone spot what the problem is? Have I missed out a particular step? 

In desperation I tried adding username to the samba password file by
running
smbpasswd but it would appear this user is already a member. This I
concluded
from the fact that I typed Enter when first asked for the existing
password
and when I entered the new password twice the following messages were
displayed.

error connecting to #.#.#.#:# (Connection refused)
unable to connect to SMB server on machine #.#.#.#. Error was : code 0.
Failed to change password for statdat

Note the # symbols represent numbers which I have physically replaced with
#.
I believe they are addresses of some sort.

If you know what the problem is please can you let me know as soon as you
can. Your help with be greatly appreciated. 

I am hoping this is something very simple that can be quickly knocked on the
head

Many thanks

Raymond


===
This electronic message contains information from the mmO2 plc Group 
which may be privileged or confidential. The information is intended to be for the use 
of the individual(s) or entity named above. If you are not the intended recipient be 
aware that any disclosure, copying, distribution or use of the contents of this 
information is prohibited. If you have received this electronic message in error, 
please notify us by telephone or email (to the numbers or address above) immediately. 
Please note that as of June 1st we will no longer be accepting email for any 
btcellnet.net, btcellnet.co.uk or cellnet.co.uk addresses.  From this date all mail 
should be addressed to O2.com
===

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL bug

[Michael Gasch]

hi

damn!

i'm going crazy...

files created in the shell (bash) also get -x'ed

example again:

humanpdc:~ # getfacl /data/test/home/
getfacl: Removing leading '/' from absolute path names
# file: data/test/home
# owner: test
# group: users
user::rwx
group::---
other::---
default:user::rwx
default:group::---
default:mask::rwx
default:other::---
humanpdc:~ # touch /data/test/home/test

humanpdc:~ # getfacl /data/test/home/test
getfacl: Removing leading '/' from absolute path names
# file: data/test/home/test
# owner: root
# group: rootgroup
user::rw-
group::---
mask::rw-
other::---
*argh*

what's this?

can anybody help me although it's not really smb related?

thx³

Dariush Forouher schrieb:
On Fri, 13 Feb 2004, Michael Gasch wrote:


unfortunately this was not the problem though :(


No, I think so as well. The umask setting only can take away permission
bits, but it can't set new ones. Beside of that AFAIK Samba doesn't use
an umask setting inherited from the parent process (and even if it would
certenly be overwritten by the create mask setting).
The problem I observed happens when creating files through Samba. Creating
files from native Linux works (at least here) exactly as I'm expecting it
to work.

with attention to default:user::rwx
why is it automatically set?


AFAIK this is the default behaviour of the ACL implementation of Linux.
The first time when setfacl is used these three defaults ACEs are
automatically added with the same permissions of their non-default peers.

and of course: on any file created in install owner just gets rw-, but
my mask isn't recalculated (which is fine)


Not for me! I don't like it if ordinary files have the x-bit set, which
will happen if mask isn't shortened to rw-, like Samba does it at the
moment!
ciao
Dariush
--

 Matrix - more than a vision

**
 Michael Gasch
   - Central IT Department -

Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig
Germany
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Loss of connection when changing smb.conf?

[Andreas Heinlein]

Hello,

since upgrading to Samba 3 (3.0.1 on Debian 3.0), I noticed that clients 
seems to sometimes lose connection to the samba server when the 
configuration file is changed. Today I added oplocks = no to the 
homes section because I wanted to track down a specific problem, and 
voila: 1-2 minutes later some Win2K-Clients (but probably not all, 
couldn't check that) lost connection to the homes share and had to sign 
off and sign on again. Later on I added log level = 3 to the global 
section and the same happened again.
I'm pretty sure this didn't happen with Samba 2.2.8.

Could this have something to do with smb signing? I assume SMB signing 
maintains some kind of state information or serial number on the 
packages, in order to prevent man-in-the-middle attacks; and this could 
information could get lost when samba reloads the smb.conf?

Thanks,
Andreas
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Quark Express 4.1 Saving problems

[Andreas Heinlein]

Hello,

found this topic in the archives and would like to re-open this thread.

I have some problems with Quark XPress Passport 4.1 on Win2K Clients and 
Samba 3.0.1 . Sometimes when saving a file, either an existing one or 
new, QuarkXPress produces an I/O-Error [-36] and cannot save the file, 
not even with Save as... under a different name.
I turned off oplocks on this share, but it changed nothing.
Other Apps seem to work fine.

The problem cannot be easily reproduced, it occurs only every now and 
then. I set log level to 3 today and will wait till tomorrow, hope this 
happens again soon so I can provide log output.

Has anyone else had this problem?

Thanks,
Andreas
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Installation HP Tru64

[Paul Stanard]

I am installing the latest version of Samba on my DEC Alpha running HP Tru 64 and I 
was told to run ./autogen.sh before running the ./configure script. When I do so, I 
get the error message:
 
./autogen.sh: autoheader:not found
./autogen.sh: test:argument expected


-
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL bug

[Michael Gasch]

so,

i think i found an explanation:

touch relies on mode parameter of creat(2), which is by default 666

this explains the behaviour of recalculating the mask and setting user:: 
to rw-

anybody an idea how to change the default mode of 666 (kind of diabolic 
*gg) 

greez

Michael Gasch schrieb:
hi

damn!

i'm going crazy...

files created in the shell (bash) also get -x'ed

example again:

humanpdc:~ # getfacl /data/test/home/
getfacl: Removing leading '/' from absolute path names
# file: data/test/home
# owner: test
# group: users
user::rwx
group::---
other::---
default:user::rwx
default:group::---
default:mask::rwx
default:other::---
humanpdc:~ # touch /data/test/home/test

humanpdc:~ # getfacl /data/test/home/test
getfacl: Removing leading '/' from absolute path names
# file: data/test/home/test
# owner: root
# group: rootgroup
user::rw-
group::---
mask::rw-
other::---
*argh*

what's this?

can anybody help me although it's not really smb related?

thx³

Dariush Forouher schrieb:

On Fri, 13 Feb 2004, Michael Gasch wrote:


unfortunately this was not the problem though :(


No, I think so as well. The umask setting only can take away permission
bits, but it can't set new ones. Beside of that AFAIK Samba doesn't use
an umask setting inherited from the parent process (and even if it would
certenly be overwritten by the create mask setting).
The problem I observed happens when creating files through Samba. 
Creating
files from native Linux works (at least here) exactly as I'm expecting it
to work.


with attention to default:user::rwx
why is it automatically set?


AFAIK this is the default behaviour of the ACL implementation of Linux.
The first time when setfacl is used these three defaults ACEs are
automatically added with the same permissions of their non-default peers.

and of course: on any file created in install owner just gets rw-, but
my mask isn't recalculated (which is fine)


Not for me! I don't like it if ordinary files have the x-bit set, which
will happen if mask isn't shortened to rw-, like Samba does it at the
moment!
ciao
Dariush

--

 Matrix - more than a vision

**
 Michael Gasch
   - Central IT Department -

Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig
Germany
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] I can see share, but it won't let me use my pwd (OSX)

[darrel]

(Apologies if this has already gone to the list. I've been trying to 
post via the newsgroup and it appears none of my messages went 
through...so now I'm doing it via the list-serv)

I have samba (2.28) running on a linux server (Mandrake 9.2).

Neither my win2k machine nor my OSX (panther) machine will see the 
share via the network browser. In my OSX machine, I CAN connect if I 
specifically connect to server using the SMB://serverip/ format.

It connects, and sees the shares (but only the ones I made...not the 
default home shares), but refuses my username/pwd.

Here's some pertinent parts of my config file:

[mp3onserver]
comment = mp3s
printable = no
valid users = mp3,homerj
create mode = 0765
writeable = yes
path = /home/mp3/
[testshare]
qeirw liar = mp3, homerj, @mp3, @homerj
path = /home/mp3/
Via webin, I've told Samba to use the Unix usernames and passwords. 
It all appears to be set up correctly via webmin (the system's users 
show up as samba users).

That all led to a connection, but would get invalid usr/pwd error.

So, I made some more adjustments to Samba...namely putting in a 
default directory. Now I get a different error:

the finder cannot complete the operation because some data in smb 
could not be read or written. (Error code -36). Google isn't turning 
anything up specific to that other than some mention of rebooting the 
router a few times (which I tried, to no avail).

Any thoughts?

-Darrel
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] APW: Print Driver not Storing for some printer types

[Paul Cochrane]

Hi there.
I'm using samba 3.0.2 as a printserver. It's been working for ages and I 
upgraded it the other day to see if it fixed this problem I've been 
having trying to get printer drivers stored onto the server.

The mechanism for uploading drivers seems to be working fine but I've 
recently got two new printers: an HP laserjet4200tn  and OKI c5100. No 
matter what I seem to try, trying to get the APW to install these 
drivers to the print$ share on the sambe printserver fails.  The error 
messages is:
Unable to install HP LaserJet 4200 PS, Windows 2000 or XP, Intel Driver. 
Operation could not be completed.

On pressing the New Driver button, it runs through the wizard OK then 
gives this error on Finish.

What bugs me most is that It's working fine for my old printer drivers 
(mostly a variety of HP laserjets).  I've reinstalled the drivers to 
check but these two refuse to work.

I'm trying to install the latest PS drivers from the internet if that 
helps anyone.

Two other things I have noticed which may be related to the problem:
1. On an XP machine, in the print$/w32x86 dir, there seems to be other 
folders created (hewletpackard. and oki_data_...). Could the drivers 
be trying to install not to the 3 folder as I think they should?

2. On the servers print$ share int the w32x86 folder it seems to try to 
have creates a temporary folder __SKIP_ when the error message is 
popped up.  This folder is empty by the way.

I'm thinking it's the drivers at fault. Or perhaps there's a new driver 
format that Samba doesn't support yet?

Any help on my problem would be appreciated.
Thanks
--
 Paul Cochrane   (paul.m.cochrane (***at***) tuht.scot.nhs.uk)
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roman numerals in Samba HOWTO collection

[John H Terpstra]

On Mon, 16 Feb 2004, Karel Kulhavy wrote:

 Hello

 What is the purpose of Roman numbering of pages in Samba HOWTO
 Collection?

That happens to be the default behaviour of t he way the PDF is generated
from the XML soruces. To force a change of page numbering to Roman
numerals requires the insertion of a latex command which interferes with
HTML production. Since we produce both PDF adn HTML for the Samba web site
we have chosen to leave the default behaviour - at least until all the
content of The Samba-3 HOWTO and Reference Guide has been committed to
public CVS. That should happen around April.

- John T.
-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Documentation bug? domadm privileges

[John H Terpstra]

Karel,

Thanks for your feedback. I will certainly take this into account when I
get time to update the HOWTO documentation.

Cheers,
John T.


On Mon, 16 Feb 2004, Karel Kulhavy wrote:

 Hello

 I have been solving a problem how to make a nonroot user able to administer
 the domain (add users, groups, modify them etc.) from Windows workstation
 using usrmgr.exe

 It looks like what is stated in Samba HOWTO collection as prerequisites
 is not enough.

 First I found Chapter 12 cxl How to make Samba PDC users member of the Domain
 Admins group - made the nonroot user member of domadm group, added domadm
 unix group and groupmapped Domain Admins NT group to domadm UNIX group.

 This didn't work. I suggest changing steps describe how to make Samba PDC
 users members of the Domain Admins to steps describe how to make Samba
 PDC users members of the Domain Admins (note that this won't assure same
 functionality as being a Domain Admin on an NT4 PDC, for further details,
 see 12.2.1 Important Administrative Information (page cxli) (why the heck
 was the numbering changed from Arabic to Roman numerals?).

 Then I searched further for the term 'Admins' in the Samba HOWTO Collection pdf
 and found 12.2.1 Important Administrative Information. It states among others:
 [...]adding users or groups, requires root level privilege.[...]Provision
 of root privileges can be done [...] by permitting [...] users to use a UNIX
 account that is a member of the UNIX group that has a GID=0 as the primary group in
 the /etc/passwd database.

 So I made the non-root user's primary group root (GID=0) and it still didn't
 work. I tried to restart samba. Still didn't work. Logout user from Windows
 and login back. Still didn't work. Restart samba again. Still didn't work.

 - Is there a place in the HOWTO that describes how to determine what sequence
 of reboots, logouts, domain removal and reattachments and Samba restarts
 is necessary to assure integrity of any given operation when dealing with Samba?

 Then I discovered another place in Samba HOWTO that contains example:
 Section 31.2. Migration Options cdxv (why the heck were the Arabic numerals
 replaced with Roman? Comparison of two Roman numeral takes about a minute
 to me and decreases the speed of manual binary search for a given page by
 several orders of magnitude)

 5. Now assign each of the UNIX groups to NT groups:
 [...]
 # First assign well known domain global groups
 net groupmap modify ntgroup=Domain Admins unixgroup=root rid=512

 This didn't work:
 oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root
 rid=512
 Bad option: rid=512
 However I got the idea behind the command and tried:
 net groupmap modify ntgroup=Domain Admins unixgroup=root
 oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root
 Updated mapping entry for Domain Admins
 oberon root # net groupmap list
 [...]
 Domain Admins (S-1-5-21-3784068046-1792391053-1311982112-512) - root

 Suggestion: replace
 net groupmap modify ntgroup=\Domain Admins\ unixgroup=root rid=512
 in the Samba HOWTO Collection with
 net groupmap modify ntgroup=\Domain Admins\ unixgroup=root

 After that I reloaded Samba and tried the running usrmgr.exe: Invalid handle.
 Exited the usrmgr.exe and restarted usrmgr.exe (without logout) and it --
 MIRACULOUSLY WORKED!

 Suggestion: replace Users of such accounts can use tools like the NT4 Domain
 User Management with Users of such accounts cannot still use tools like the
 NT4 Domain User Management because having root as primary group is not enough.
 However, if the Domain Admins group is in addition mapped to root group, this
 task becomes possible into chapter 12.2.1 Important Administrative Information
 (page cxli)

 Cl


-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Quark Express 4.1 Saving problems

[John H Terpstra]

On Mon, 16 Feb 2004, Andreas Heinlein wrote:

 Hello,

 found this topic in the archives and would like to re-open this thread.

 I have some problems with Quark XPress Passport 4.1 on Win2K Clients and
 Samba 3.0.1 . Sometimes when saving a file, either an existing one or
 new, QuarkXPress produces an I/O-Error [-36] and cannot save the file,
 not even with Save as... under a different name.
 I turned off oplocks on this share, but it changed nothing.
 Other Apps seem to work fine.

 The problem cannot be easily reproduced, it occurs only every now and
 then. I set log level to 3 today and will wait till tomorrow, hope this
 happens again soon so I can provide log output.

 Has anyone else had this problem?

The Samba-HOWTO-Collection has a chapter on File and Record Locking that
may help you. The bottom line is that Microsoft recognise that sometimes
the only way to avoid a potential oplock problem is by turning off client
registry settings that cause it to request oplock behaviour. I have
documented specific examples of this in my new book Samba-3 by Example,
however, the core of the information you need is in the
Samba-HOWTO-Collection chapter I refer you to. You can find the HOWTO
collection from the documentation page of the Samba web sites.

Cheers,
John T.
-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RES: RES: [Samba] Daylight saving

[Tercio Ferdinando Gaudencio Filho]

Sorry by the delay

All my workstations are W2K SP4.

I already changed the Dayligth saving option in the workstations but no
results

Tercio


-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] nome
de Collen
Enviada em: sexta-feira, 13 de fevereiro de 2004 12:17
Para: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Assunto: Re: RES: [Samba] Daylight saving


are your workstations w98 ??
or nt/w2k ??
(have the same here, only with w98 ws)

you can also use net time /SETSNTP:ntp server

Collen
Friday, February 13, 2004, 3:45:21 PM, you wrote:

TFGF I already configured my time zone, daylight, etc.

TFGF The server date is correct. I already compiled a TimeZone file(.ZIC)
with
TFGF the correct date for DayLight saving.

TFGF The server knows that it is daylight saving, but the workstation
don´t
TFGF :-(

TFGF []´s Tercio

TFGF -Mensagem original-
TFGF De: Kristyan Osborne [mailto:[EMAIL PROTECTED]
TFGF Enviada em: sexta-feira, 13 de fevereiro de 2004 10:29
TFGF Para: Tercio Ferdinando Gaudencio Filho; [EMAIL PROTECTED]
TFGF Assunto: RE: [Samba] Daylight saving


TFGF Hi,

TFGF have a look at the time offset option in the man pages.

TFGF Cheers

TFGF -
TFGF Kristyan Osborne - IT Technician / Community Manager
TFGF Longhill High School
TFGF 01273 391672 / 304086

TFGF --
TFGF Computers are like airconditioners: They stop working properly if you
open
TFGF windows.
TFGF Win95:   A 32-bit patch for a 16-bit GUI shell running on top of
an
TFGF  8-bit operating system written for a 4-bit processor by a
TFGF  2-bit company who cannot stand 1 bit of competition.



TFGF -Original Message-
TFGF From:
TFGF [EMAIL PROTECTED]
TFGF
[mailto:[EMAIL PROTECTED]
TFGF ]On Behalf Of Tercio Ferdinando Gaudencio Filho
TFGF Sent: 13 February 2004 14:35
TFGF To: [EMAIL PROTECTED]
TFGF Subject: [Samba] Daylight saving


TFGF Hello there,

TFGF   I have a samba PDC 3.0.0 running ok, but I had turned on the option
Time
TFGF Server in smb.conf, to synchronize the workstations time with server.
But
TFGF the workstations synchronize 1 hour less than it is. I think that the
TFGF workstations isn´t considering the daylight saving time.

TFGF   I´m using the command: net time \\server /set /yes

TFGF Thank´s,

TFGF []´s Tercio

TFGF --
TFGF To unsubscribe from this list go to the following URL and read the
TFGF instructions:  http://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Profiles

[Saad Ahmed]

For Roaming Profiles, I could use the following in smb.conf file

logon path = \\%L\Profiles\%u

If I need the profiles to be local, what do I need to do in smb.conf?

logon path = \\(name of local computer)\%u (HOW WOULD I FILL IN name of local 
computer)?

Thanks,

Saad.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Local Profiles - Quick Question

[Saad Ahmed]

What changes should I make in
logon home and 

logon path

in smb.conf to force local profiles?

Saad
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] w2k client problem

[Earl Brink]

Hi there;

[apologies if this has already been posted, if so can someone point me in the right 
direction...]

Experiencing problem with a w2k client listing content of a share on a samba server.

I have Redhat 9 running Samba 2.2.7 release 7.9.0.
I have various w2k clients connecting to a share downloading files nightly. [via WAN 
not LAN] 
I am experiencing a problem on a w2k client, where it is unable to list the contents 
of a share.

The w2k client is able to see the samba server and it's shares via:
net view //smb_svr
and it is able to connect to the visible shares e.g.:
net use t: //smb_svr/share

When I try dir t:/  the client takes a while and returns with nothing.

I have upgraded and tested on various versions of (2.2.7 release 7.9.0 and 8.9.0, 
2.2.8, 3.0.2) with the same result.
I am able to connect to other shares with less content, and it lists ok, does any one 
have any idea what might be wrong?

thanks in advance.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Changing permissions not being root or owner

[Joerg Redemann]

Hi all,
 
got the following problem:
I'm trying to set up a samba share and want the allowed group to
administrate the file and directory permissions on their own.
Goal is that everyone in the group can decide via NT security box who - from
outside the group - should have read or write permissions
on a specific file. I'm using ACL's and everything except this is working
fine.
 
Problem is that only the owner of that file or root is able to change the
permissions.
man smb.conf tells me that I have to use dos filemode = yes to allow users
with write access to do this job.
But this doesn't work. I don't now how many mode =  combiniations I
tried - nothing helped.
 
Here is my current config:
 
[global]
workgroup = DCSHH
netbios name = fileserver
server string = File Server
security = domain
password server = *
winbind uid = 1-2
winbind separator = +
winbind gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/false
add user script = /usr/local/bin/add_samba_user %u
unix extensions = Yes
encrypt passwords = Yes
log level = 0
nt acl support = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
wins support = No
veto files = /.AppleDouble/lost+found/aquota.user/aquota.group
 
[testshare]
comment = Test share
path = /shares/test
public = yes
writable = yes
dos filemode = yes
write list = @DCSHH+Domain-User
 
 
ls -l /shares/test
drwxrwxr-x2 DCSHH+Administrator DCSHH+Domain-User 4096 Feb 16 15:47
test
 
And an example file in /shares/test:
ls -l 
-rw-rw+   1 DCSHH+silke DCSHH+Domain-User  105 Feb 16 13:55
testfile3.txt
 
So as User DCSHH+alex (member of DCSHH+Domain-User) I should be able to
modify the permissions of that file !
 
Can anyone give me a clue why dos filemode = yes isn't working as expected
???
 
Many thanks in advance
 
 
Joerg
 
 
 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] problems with compiling samba under MacOS 10.2

[VInzenz]

Hi,

I'm trying to compile samba on a G3 Powerbook Pismo by 
following the instructions on http://www.opensource.
apple.com/projects/documentation/howto/html/osxsmb.html, 
but somehow the compiling doesn't work, I'm allways getting
a compilation error. Using samba 2.2.1a I'm getting an 
error in printing/print_cups.c and using samba 3.0.2a 
I'm getting an error in libsmb/clikrb5.c. 
Does anybody know how I could solve this problem 
or which version I should use?
Thanks alot,

Vinzenz

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.2 mapped by Actve Directory

[Costlow Erik A.]

I have spent a while trying to join a samba machine to our university's
active directory structure so that allowed users can map to it by simply
running \\webserver
I was able to join the machine just fine via: net ads join
VPSA/UH/UH-_ResComp_Servers/ -U adminname
And now I can run wbinfo -u to get a listing of all users on our
network. I have the right permissions, because from that computer, I can
run smbclient //IP/c\$ -k and it lets me through as it should.

However, when I run \\webserver from any other computer, log.smbd
shows: 
[2004/02/16 10:51:46, 0] auth/auth_util.c:make_server_info_info3(1100)
  make_server_info_info3: pdb_init_sam failed!
[2004/02/16 10:51:46, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [rceacostl] -
[rceacostl] FAILED with error NT_STATUS_NO_SUCH_USER

How can I make it so users can map their drives to this computer?

Part of /etc/smb.conf
[global]
workgroup = ADILSTU
realm = AD.ILSTU.EDU
security = ADS
auth methods = winbind, guest, sam
password server = air.ad.ilstu.edu
idmap uid = 1-5
winbind gid = 1-5
winbind enum users = yes
winbind enum groups = yes
valid users = @AD.ILSTU.EDU\ResCompBackupUser,
@AD.ILSTU.EDU\ResCompAll, @AD.ILSTU.EDU\DevTeam
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbindd timeout on unreacheable domains

[ww m-pubsyssamba]

Hi All,

I have a concern with the behaviour of winbindd on startup in a multi-domain 
environment, in my case a 6 domain AD forest + trusts to 3 NT 4 domains. I've tested 
startup of winbindd in a 2 domain development environment and found if a trusted 
domain is not contactable it takes five minutes to timeout before winbindd becomes 
active (/tmp/.winbindd/pipe is created). 
  If I assume this will be the same behaviour for winbindd in our production 
environment then if our domain were isolated from the rest of the trusted domains then 
winbindd would take 45 minutes (9x 5minutes) to become active if we needed to restart 
a server. Because our domain is on a physically different and separately managed 
network from the others it is more than possible this type of situation could occur. 
45 minutes to startup is obviously unacceptable especially as I hope to deploy Samba 
3.x on one of our clusters. And to put this in comparison with a pure windows solution 
we would have no such issues starting a DC or fileserver in a domain just because it 
couldn't see any or all trusted domains.

  If I am incorrect please can you put me right on this, if I am correct is it 
possible that winbindd can be modified to establish connection only with its local 
domain at startup and start serving data to Samba from cached data for other domains?


thanks in advance, Andy Smith.

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views which 
are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy 
or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors 
e-mails sent or received.
Further communication will signify your consent to this.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] primary gid of user [desires] is not a Domain group !

[C.Lee Taylor]

Wendell Wilson wrote:

Precisely the same thing is happening to me! There have been a couple 
other threads with others having more or less the same problem... but 
I haven't seen any fixes that work for me, yet.

I have 3.0.1, at the moment. Did you upgrade from 2.2.x? or from an 
earlier version of 3.x? Or did this just start out of the blue? I am 
not using LDAP, at this point, or even winbind to handle user/group 
mappings. What sort of setup do you have?
   Currently using 3.0.2, at least the ones FC1 just shiped over the 
weekend ...

   I did a clean installation and converted my LDAP ldif file to from 
Samba2 to Samba3 ... I have made all sorts of changes and can't get this 
to go away, so I don't know what the problem is ...

   At first I through that my posix accounts primary gid how to be 
mapped to an NT one, then I modified the Primary SID for each users and 
still got it ... so I really don't know ...

Mailed
Lee
Wendell

C.Lee Taylor wrote:

Greetings ...

   I hope somebody can explain this to me, or give me a help to fix 
this problem ...

   On my Samba server ( 3.0.2rc2 ) I am getting ...

Feb  9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0] 
rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
Feb  9 17:31:21 eastrand smbd[2113]:   failed to decode PDU
Feb  9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0] 
rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
Feb  9 17:31:21 eastrand smbd[2113]:   process_request_pdu: failed to 
do schannel processing.
Feb  9 17:31:26 eastrand smbd[2113]: [2004/02/09 17:31:26, 0] 
rpc_server/srv_util.c:get_domain_user_groups(372)
Feb  9 17:31:26 eastrand smbd[2113]:   get_domain_user_groups: 
primary gid of user [desires] is not a Domain group !
Feb  9 17:31:26 eastrand smbd[2113]:   get_domain_user_groups: You 
should fix it, NT doesn't like that

   But if I do ...

[EMAIL PROTECTED] root]# pdbedit -L -v -u desires
Unix username:desires
NT username:  desires
Account Flags:[UX ]
User SID: S-1-5-21-3795178988-3942151060-2329322268-44008
Primary Group SID:S-1-5-21-3795178988-3942151060-2329322268-513
Full Name:Desire Steyn
Home Directory:   \\eastrand\desires
HomeDir Drive:l:
Logon Script: login.bat
Profile Path: \\eastrand\desires\profile
Domain:   X-ZA-DM
Account desc:
Workstations:
Munged dial:
Logon time:   0
Logoff time:  Fri, 13 Dec 1901 22:45:51 GMT
Kickoff time: Fri, 13 Dec 1901 22:45:51 GMT
Password last set:Thu, 13 Feb 2003 13:24:06 GMT
Password can change:  0
Password must change: Fri, 13 Dec 1901 22:45:51 GMT
[EMAIL PROTECTED] root]#
   Now I have an LDAP passdb, and I have done a
[EMAIL PROTECTED] root]# net groupmap list
Domain Users (S-1-5-21-3795178988-3942151060-2329322268-513) - ntusers
Domain Computers (S-1-5-21-3795178988-3942151060-2329322268-515) - 
machines
Domain Admins (S-1-5-21-3795178988-3942151060-2329322268-512) - ntadmin
Domain Guests (S-1-5-21-3795178988-3942151060-2329322268-514) - nobody

   And

[EMAIL PROTECTED] root]# getent passwd |grep -i des
desires:x:21504:1:Desire:/home/users/desires:/sbin/nologin
   Has anyone got an idea of what I am missing ...

Mailed
Lee
 



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Setting password must change for more than one user

[Fabien Chevalier]

Hello all,

I'm using Samba 3 with ldapsam_compat and i have a bunch of users (~ 150).
I'm trying to find a way to set 'password must change' attribute to a given value to 
all users of my domain, so
that all be forced to reset their passwords at the same time.

Is there an easy way to do that, better than editing ldap database by hand or 
writing a custom script?
I looked at pdbedit, smbpasswd, smbldap-tools, and no...nothing seems to cope with 
it...

Any idea?

Cheers,

Fabien Chevalier


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Suse 9.0 2.2.8a smbd issue

[chris . haidinyak]

Sorry if this issue has come up before. I have been using samba on a NetApp filer 
successfully for some time but I recently upgraded my samba server to Suse 9.0 
Professional. I am trying to use the 'classic samba' version (since I don't know any 
better) and am having problems with file locking on my shares. Here is a transcript of 
the log.smbd that shows some incompatibility between 32/64-bit system file locking. 
Any ideas as to fix this? It is causing delay and problems for my users but  I need to 
keep this version of Linux for other reasons. Please advise; thank you.

Best Regards,
  Chris Haidinyak


SAMBA LOG TRANSCRIPT SNIPPET

[2004/02/16 10:03:52, 0] smbd/server.c:main(791)
  smbd version 2.2.8a-SuSE started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
tron:/var/log/samba # tail log.smbd
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(658)
  an No locks available error. This can happen when using 64 bit lock offsets
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(659)
  on 32 bit NFS mounted file systems.
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(657)
  posix_fcntl_lock: WARNING: lock request at offset 480, length 1 returned
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(658)
  an No locks available error. This can happen when using 64 bit lock offsets
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(659)
  on 32 bit NFS mounted file systems.
tron:/var/log/samba # tail log.smbd
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(658)
  an No locks available error. This can happen when using 64 bit lock offsets
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(659)
  on 32 bit NFS mounted file systems.
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(657)
  posix_fcntl_lock: WARNING: lock request at offset 480, length 1 returned
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(658)
  an No locks available error. This can happen when using 64 bit lock offsets
[2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(659)
  on 32 bit NFS mounted file systems.
[2004/02/16 10:06:52, 0] smbd/oplock.c:oplock_break(797)
  oplock_break: receive_smb timed out after 30 seconds.
  oplock_break failed for file .XXX (dev = 13, inode = 987266, file_id = 17).
[2004/02/16 10:06:52, 0] smbd/oplock.c:oplock_break(869)
  oplock_break: client failure in oplock break in file .XXX




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] printing form linux clients to samba

[zynkx]

hi all and thanks in advance for reading this

i have worked with samba for a while, sharing drives on
 my linux boxes and all went well until now.

now, i tried to share a printer.

1 i setup a printer in a box with cups. the printer is
working fine in that host printing everything as it is
told.

2 i tried to share the printer to:
 2.1 one windows wrokstation in the lan
 2.2 two linux boxes on the lan

with the following config file:
[global]
   workgroup = PRINTSERVER
   netbios name = NEPTUN
   server string = neptun print server
   log file = /var/log/samba/log.%m
   max log size = 50
   security = share
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
   printcap name = lpstat
   printing = cups
[printers]   
   comment = All Printers
   printer = hp_670C 
   path = /var/spool/samba
   browseable = no
   guest ok = yes
   writable = no
   printable = yes
   create mode = 0700
   print command = lpr -P %p -o raw %s -r
   lpq command = lpstat -o %p
   lprm command = cancel %p-%j
   use client driver = yes  

i then made the client configuration on the windows
workstation, and windows is printing well to my linux
printing server with samba. it shares drives and the
printer without any kind of problem.

the problem is that i cannot print form my linux boxes
to that shared printer...

on linux boxes i made the following

1 configured one printer queue with cups linking the
smbspool to /usr/lib/cups/backend/ 

ln -s /usr/bin/smbspool /usr/lib/cups/backend/smb

2 loaded the driver for hp 670c in cups

3 tried to print a test page and i did it successfully

now... the only thing is that i am only able to print
test pages... and i can't figure out the command line
options to print from my linux print clients to my
linux print server...

windows is doing fine though. 

other thing is that when I:

smbclient //neptun/printers

i can mount the share but it does not print.


-
Email Enviado utilizando o serviço MegaMail
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] printing form linux clients to samba

[zynkx]

hi all and thanks in advance for reading this

i have worked with samba for a while, sharing drives on
 my linux boxes and all went well until now.

now, i tried to share a printer.

1 i setup a printer in a box with cups. the printer is
working fine in that host printing everything as it is
told.

2 i tried to share the printer to:
 2.1 one windows wrokstation in the lan
 2.2 two linux boxes on the lan

with the following config file:
[global]
   workgroup = PRINTSERVER
   netbios name = NEPTUN
   server string = neptun print server
   log file = /var/log/samba/log.%m
   max log size = 50
   security = share
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
   printcap name = lpstat
   printing = cups
[printers]   
   comment = All Printers
   printer = hp_670C 
   path = /var/spool/samba
   browseable = no
   guest ok = yes
   writable = no
   printable = yes
   create mode = 0700
   print command = lpr -P %p -o raw %s -r
   lpq command = lpstat -o %p
   lprm command = cancel %p-%j
   use client driver = yes  

i then made the client configuration on the windows
workstation, and windows is printing well to my linux
printing server with samba. it shares drives and the
printer without any kind of problem.

the problem is that i cannot print form my linux boxes
to that shared printer...

on linux boxes i made the following

1 configured one printer queue with cups linking the
smbspool to /usr/lib/cups/backend/ 

ln -s /usr/bin/smbspool /usr/lib/cups/backend/smb

2 loaded the driver for hp 670c in cups

3 tried to print a test page and i did it successfully

now... the only thing is that i am only able to print
test pages... and i can't figure out the command line
options to print from my linux print clients to my
linux print server...

windows is doing fine though. 

other thing is that when I:

smbclient //neptun/printers

i can mount the share but it does not print.


-
Email Enviado utilizando o serviço MegaMail
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with trust account passowrds ???

[Rob Tanner]

Hi,

I'm getting near a thousand error messages a day on only one of my two samba 
servers that both participate in the same domain:

[2004/02/16 09:17:52, 0] 
rpc_client/cli_trust.c:change_trust_account_password(248)
 2004/02/16 09:17:52 : change_trust_account_password: Failed to change 
password for domain ITS.

The server getting the errors is version 2.2.7a-security-rollup-fix running 
on RedHat Linux.  The server not receiving the error messages is version 
2.2.0 running on SPARC Solaris. Both servers participate in the same domain, 
and neither act as a domain controller or WINS server.  The technician that 
manages the microsoft domain itself has no idea since he doesn't see any 
problem on the microsoft side.  I'm assuming, therefore, there is some fine 
tuning I need to do on the one samba server giving me the errors.

Any ideas??

Thanks,
Rob
  _ _ _ _   __ _ _ _ _
 /\_\_\_\_\/\_\ /\_\_\_\_\_\
/\/_/_/_/_/   /\/_/ \/_/_/_/_/_/  QUIDQUID LATINE DICTUM SIT,
   /\/_/__\/_/ __/\/_//\/_/  PROFUNDUM VIDITUR
  /\/_/_/_/_/ /\_\  /\/_//\/_/
 /\/_/ \/_/  /\/_/_/\/_//\/_/ (Whatever is said in Latin
 \/_/  \/_/  \/_/_/_/_/ \/_/  appears profound)
 Rob Tanner
 UNIX Services Manager
 Linfield College, McMinnville OR
 (503) 434-2558 [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] touble with install

[Anne Ramey]

I did
./configure
make
make install
I got no errors, but it doesn't seem to have installed everything I 
need.  Swat won't start.  It didn't put an smb.conf file in /etc/samba 
(it didn't even create this folder) or /usr/local/samba/lib/.  When I 
run testparm, I get Segmentation fault as my only output.  Even if I 
create an smb.conf and run testparm on that file I get the exact same 
thing.  Please help...

Thanks,
Anne
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] primary gid of user [desires] is not a Domain group !

[Gémes Géza]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
C.Lee Taylor írta:
| Wendell Wilson wrote:
|
| Precisely the same thing is happening to me! There have been a couple
| other threads with others having more or less the same problem... but
| I haven't seen any fixes that work for me, yet.
|
| I have 3.0.1, at the moment. Did you upgrade from 2.2.x? or from an
| earlier version of 3.x? Or did this just start out of the blue? I am
| not using LDAP, at this point, or even winbind to handle user/group
| mappings. What sort of setup do you have?
|
|
|Currently using 3.0.2, at least the ones FC1 just shiped over the
| weekend ...
|
|I did a clean installation and converted my LDAP ldif file to from
| Samba2 to Samba3 ... I have made all sorts of changes and can't get this
| to go away, so I don't know what the problem is ...
|
|At first I through that my posix accounts primary gid how to be
| mapped to an NT one, then I modified the Primary SID for each users and
| still got it ... so I really don't know ...
|
|
| Mailed
| Lee
|
|
| Wendell
|
| C.Lee Taylor wrote:
|
| Greetings ...
|
|I hope somebody can explain this to me, or give me a help to fix
| this problem ...
|
|On my Samba server ( 3.0.2rc2 ) I am getting ...
|
| Feb  9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0]
| rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
| Feb  9 17:31:21 eastrand smbd[2113]:   failed to decode PDU
| Feb  9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0]
| rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
| Feb  9 17:31:21 eastrand smbd[2113]:   process_request_pdu: failed to
| do schannel processing.
| Feb  9 17:31:26 eastrand smbd[2113]: [2004/02/09 17:31:26, 0]
| rpc_server/srv_util.c:get_domain_user_groups(372)
| Feb  9 17:31:26 eastrand smbd[2113]:   get_domain_user_groups:
| primary gid of user [desires] is not a Domain group !
| Feb  9 17:31:26 eastrand smbd[2113]:   get_domain_user_groups: You
| should fix it, NT doesn't like that
|
|But if I do ...
|
| [EMAIL PROTECTED] root]# pdbedit -L -v -u desires
| Unix username:desires
| NT username:  desires
| Account Flags:[UX ]
| User SID: S-1-5-21-3795178988-3942151060-2329322268-44008
| Primary Group SID:S-1-5-21-3795178988-3942151060-2329322268-513
| Full Name:Desire Steyn
| Home Directory:   \\eastrand\desires
| HomeDir Drive:l:
| Logon Script: login.bat
| Profile Path: \\eastrand\desires\profile
| Domain:   X-ZA-DM
| Account desc:
| Workstations:
| Munged dial:
| Logon time:   0
| Logoff time:  Fri, 13 Dec 1901 22:45:51 GMT
| Kickoff time: Fri, 13 Dec 1901 22:45:51 GMT
| Password last set:Thu, 13 Feb 2003 13:24:06 GMT
| Password can change:  0
| Password must change: Fri, 13 Dec 1901 22:45:51 GMT
| [EMAIL PROTECTED] root]#
|
|Now I have an LDAP passdb, and I have done a
| [EMAIL PROTECTED] root]# net groupmap list
| Domain Users (S-1-5-21-3795178988-3942151060-2329322268-513) - ntusers
| Domain Computers (S-1-5-21-3795178988-3942151060-2329322268-515) -
| machines
| Domain Admins (S-1-5-21-3795178988-3942151060-2329322268-512) - ntadmin
| Domain Guests (S-1-5-21-3795178988-3942151060-2329322268-514) - nobody
|
|And
|
| [EMAIL PROTECTED] root]# getent passwd |grep -i des
| desires:x:21504:1:Desire:/home/users/desires:/sbin/nologin
|
|Has anyone got an idea of what I am missing ...
|
| Mailed
| Lee
|
|
|
|
|
|
|
Just in time!
I've had a strange problem: Windows98 and 2000 clients refused to
implement the policy defined for groups, but implemented those defined
for users and computers. In the same time I've found similar entries in
the logs (My production systems are Samba3.0.1.pre1+some patches with
ldapsam backend).  I decided to set up a small test system: Samba3.0.2
with tdbsam backend. And found that the problem is related to one of the
~ users attributes called sambaPrimaryGroupSID in LDAP or Primary Group
SID if you look at it with pdbedit -L -v username_here. I've fixed, half
an hour ago, and now everything is working well.
The sollution is simple, but can be a big lot of work if you have a lot
of users and groups; take care, that sambaPrimaryGroupSID for any of
your users is a valid SID of an existing ntgroup. Best if it the
ntgroup, which corespond to your users primary unixgroup.
Hope it helps.

Cheers

Geza
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAMRsS/PxuIn+i1pIRAsgKAKC6Hcatrtdk6KFamlYcNGvRDxvDpACglOSb
e6Us9tIYTC6L3csR5GH0zTU=
=2T8G
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Newbie, Win2K config, fails on test 8 (long)

[Maitland Lederer]

CORRECTION!!

It would appear that I did something to make test 7 fail, and like a bad
person, I didn't run through all the tests after every change.  Anyway,
here's the new status.  Sorry for the extra spam.  Again, thanks in
advance.

*   sensorlabwrkst in lmhosts
*   smbpasswd -a mlederer
*   no firewall on linux box

*TEST 7:*
$ smbclient //sensorlabwrkst/tmp
added interface ip=172.17.5.144 bcast=172.17.5.255 nmask=255.255.255.0
Password:
Domain=[FOSTER-MILLER] OS=[Unix] Server=[Samba 2.2.3a]
smb: \

*TEST 8:* 
net view \\sensorlabwrkst
System error 5 has occurred.

Access is denied.


net view \\172.17.5.144
Shared resources at \\172.17.5.144

Samba 2.2.3a

Share name   Type Used as  Comment


---
tmp  Disk X:   test share for maitland
The command completed successfully.

*TEST 9:*
net use x: \\sensorlabwrkst\tmp
System error 1240 has occurred.

The account is not authorized to log in from this station.

L:\net use x: \\172.17.5.144\tmp
The command completed successfully.

*TEST 10:*
$ nmblookup -M FOSTER-MILLER
querying FOSTER-MILLER on 172.17.5.255
172.17.5.17 FOSTER-MILLER1d

*smb.conf*
# Samba config file created using SWAT
# from b5pc-mlederer.foster-miller.com (172.17.5.51)
# Date: 2004/02/16 12:49:18

# Global parameters
[global]
workgroup = FOSTER-MILLER
netbios name = SENSORLABWRKST
encrypt passwords = Yes
log level = 2
log file = /etc/samba/log.%m
os level = 0
preferred master = False
local master = No
domain master = False
hosts allow = 172.17.5.

[tmp]
comment = test share for maitland
path = /tmp
guest ok = Yes


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind and pam_mkhomdedir problem

[John Simovic]

I have managed to join my samba server to an AD domain. I use winbind as
an authenticator and pam_mkhomedir creates dirs on the fly. How do I get
the users in windows to be able to access their files. 

 

Kind REgards


**
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP compiling

[J W]

Hello  All

I've read documentation that i had to compile samba
with LDAP support.  However, I also read that LDAP
support is already compiled with Samba ver 3.x.  Is it
true that ldap is compiled with Samba 3.x.  I will be
using the binary distribution for fedora core 1


Thanx for you patience

Jeremy

__
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] What should my smbpasswd file look like?

[darrel]

I can not connect to my linux box from my Mac. I get a 'Could not 
connect to the server because the name or password is not correct' 
error.

I'm not sure where to check to even see what username/pwd samba is using.

If I open up my smbpasswd file, it looks like this:

drrl:501:xxx:x:[UD]:LCT-402FFFE4:

Is there anyway/format that I can add a usr/pwd to this file in 
plain-text so I can test it? I'm stumped as to how to tell which pwds 
samba is using for log-ins.

-Darrel
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] joining to a Domain with a tdbsam backend (smb.conf, testparm and log included)

[Roberto Mason]

I'm about to give up. It's been months now that I've been playing around
with Samba 3.0. I've downloaded their documentation. Tried to follow it as
much as possible, but I'm getting no where with adding machine accounts to a
Domain, real fast.

I've asked this question a couple of times at the Samba Mailing list, but
have gotten no reply(probably my fault, not enough info). So here goes. I'm
a home user, with some Knowledge of NT 4 Domain Controllers. Years ago a set
one up for a company I worked for. So when I got exposed to Linux, I
naturally gravitated to Samba 2.2xx.

Took me a while to figure it out, but I managed to setup a simple domain at
home, with a few shares. Was able to add both Win XP and Linux machines to
my domain.

Now they came out with Samba 3. I did an upgrade several times to version 3.
All machines that were already members of the domain I have no problem with.
But when I try to add new machines (actually 1 new machine) if I try to use
root in adding the domain, I get user/password not found (something or other
like that).

If I try to use my log in name Roberto (Domain Admin) set up according to
the Doc, I get access denied. Considering myself still a newbie, I asking
you guys for help. HELP

Here's my setup:

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/02/14 13:40:54

# Global parameters
[global]
workgroup = MEPHISTOPHELES
server string = Samba Server %v (Wish me luck)
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = wins lmhosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = %U.bat
domain logons = Yes
os level = 62
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap ssl = no

[homes]
comment = Home Directories
read only = No
browseable = No

[netlogon]
path = /home/netlogon
guest ok = Yes
share modes = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[work]
path = /home/storage/work
write list = @storage
read only = No

[movie]
path = /home/storage/Movie
write list = @storage
read only = No

[anonymous]
path = /home/storage/anonymous
valid users = @storage
write list = @storage
read only = No

[Log]
path = /var/log

[installation]
path = /home/storage/Installations
valid users = @installation, @storage
read list = @anonymous
write list = @storage
read only = No
create mask = 0774
directory mask = 0774

[DOCUMENTS]
path = /home/storage/Documents
force user = roberto
force group = documentation
read only = No
create mask = 0664
directory mask = 0664
inherit permissions = Yes

[storage]
path = /home/storage
valid users = @storage, @installation
read list = @installation
write list = @storage
force user = root
force group = storage
force create mode = 0775
force directory mode = 0775

[linuxdoc]
path = /usr/share/doc

This is what my net groupmap list gives

[EMAIL PROTECTED] root]# net groupmap list
System Operators (S-1-5-32-549) - -1
Replicators (S-1-5-32-552) - -1
Guests (S-1-5-32-546) - -1
Domain Admins (S-1-5-21-517848066-3869322434-1176822426-512) - domadmin
Domain Guests (S-1-5-21-517848066-3869322434-1176822426-514) - -1
Domain Users (S-1-5-21-517848066-3869322434-1176822426-513) - domusers
Power Users (S-1-5-32-547) - -1
Print Operators (S-1-5-32-550) - -1
Administrators (S-1-5-32-544) - -1
Account Operators (S-1-5-32-548) - -1
Backup Operators (S-1-5-32-551) - -1
Users (S-1-5-32-545) - -1

I'm including the log for log.programxp (programxp being the machine that
I'm trying to join to the domain) This is only part of what was generated
(what I assumed was necessary)

[2004/02/16 16:46:57, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/02/16 16:46:57, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2004/02/16 16:46:57, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/02/16 16:46:57, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/02/16 16:46:57, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/02/16 16:46:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/02/16 16:46:57, 3] auth/auth_sam.c:check_sam_security(473)
  check_sam_security: Couldn't find user 'root' in passdb file.
[2004/02/16 16:46:57, 3] auth/auth_winbind.c:check_winbind_security(79)
  check_winbind_security: Not using winbind, requested domain was for this
SAM.
[2004/02/16 16:46:57, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [admin] - [root] FAILED

Re: [Samba] What should my smbpasswd file look like?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
darrel wrote:
| I can not connect to my linux box from my Mac. I get a 'Could not
| connect to the server because the name or password is not correct' error.
|
| I'm not sure where to check to even see what username/pwd samba is using.
|
| If I open up my smbpasswd file, it looks like this:
|
| drrl:501:xxx:\
|  x:[UD]:LCT-402FFFE4:
This is a disabled account ('D') with no password ('...').

Run these commands as root

~  $ smbpasswd drrl
~  Password:
~  $ smbpasswd -e drrl



cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAMUKgIR7qMdg1EfYRArm/AKDWes17nQ6UY4xBRbRe5X5S/dvHCACfXizD
kEoJzxpueFlX37BklfZDnrU=
=/qil
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Any help will be great. THX.

[reza . rafiee]

I've just installed Samba 2.2.3a on AIX 5.2.  We're using a NT password
server to authenticate username/password.  Our NT guru's are complaining 
that there're seeing several authentication failures events with an account 
called sambatest which is not a valid userid on our site.  It looks like 
some type of polling that Samba is doing.

This is part of the errors they are seeing:

Logon Failure:
Reason: Unknown user name or bad password
User Name:  sambatestHOSTNAME
Domain: OURDOMAIN

In my smb.conf file I'm using:

security = SERVER

How can we stop these errors from occurring?


We are getting a login screen to login to the network and when we try we get
the same message over and over.


Georges's Inc.

402 W. Robinson

Springdale, AR 72764

(  479-927-7134

2 479-927-7101

*  [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] What should my smbpasswd file look like?

[darrel]

| drrl:501:xxx:\
|  x:[UD]:LCT-402FFFE4:
This is a disabled account ('D') with no password ('...').
Ah! Well, that explains my problems. Any idea why they're all 
disabled? How does one enable it?

Run these commands as root

~  $ smbpasswd drrl
~  Password:
~  $ smbpasswd -e drrl
I'll try that...does that set the password for Samba?

-Darrel
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind issue

[Jason Gray]

I have 3 Linux rh9.0 servers on the network all using Samba/LDAP to
authenticate.  One is acting as the PDC and the other two are domain
members.  On one server I don't have winbind running and everything works
great, however, on the other server, if I turn off the winbind I get a
password prompt and cannot access the server.  I have no need for winbind
but I'm forced to keep it on.

I'm using the PAM/NSS method to authenticate through the ldap server.  I
have the nsswitch set properly, all the library files are in the security
folder and the login file in pam.d has all the necessary references, so I
don't think it's related to LDAP.  I am getting this error:

make_server_info_info3: pdb_init_sam failed!

but it seems to be related to winbind itself.  How can I remove this systems
need to use winbind?

Cheers,

Jason

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] REPOST: Problems with trust account passowrds ???

[Rob Tanner]

REPOST:  Somehow I got unsubscribed so I resubscribed and am reposting.
Apologies if you've seen this post before.
Hi,

I'm getting near a thousand error messages a day on only one of my two samba
servers that both participate in the same domain:
[2004/02/16 09:17:52, 0]
rpc_client/cli_trust.c:change_trust_account_password(248)
 2004/02/16 09:17:52 : change_trust_account_password: Failed to change
password for domain ITS.
The server getting the errors is version 2.2.7a-security-rollup-fix running
on RedHat Linux.  The server not receiving the error messages is version
2.2.0 running on SPARC Solaris. Both servers participate in the same domain,
and neither act as a domain controller or WINS server.  The technician that
manages the microsoft domain itself has no idea since he doesn't see any
problem on the microsoft side.  I'm assuming, therefore, there is some fine
tuning I need to do on the one samba server giving me the errors.
Any ideas??

Thanks,
Rob
 Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR


  _ _ _ _   __ _ _ _ _
 /\_\_\_\_\/\_\ /\_\_\_\_\_\
/\/_/_/_/_/   /\/_/ \/_/_/_/_/_/  QUIDQUID LATINE DICTUM SIT,
   /\/_/__\/_/ __/\/_//\/_/  PROFUNDUM VIDITUR
  /\/_/_/_/_/ /\_\  /\/_//\/_/
 /\/_/ \/_/  /\/_/_/\/_//\/_/ (Whatever is said in Latin
 \/_/  \/_/  \/_/_/_/_/ \/_/  appears profound)
 
 Rob Tanner
 UNIX Services Manager
 Linfield College, McMinnville OR
 (503) 434-2558 [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] permision problem

[Clemente Acosta]

I have a server with SuSE 9.0 professional and samba 2.2.8a-170, with
approximately 70 directories.  I have created in samba a resource or share
called data, within as the 70 directories inside it.  The problem is since I
make to assign the permissions to these directories.  If for example, userA
belongs to group1 and to group2 and directoryA has like group to grupo1, but
when a user of group2 requires and enters directorioA, the group and the
user owner  changes and other users of group1 or group2 lose the access to
that resource.


What can I do?

I think create a share for each directory, but are more than 70 directories.
I try to assign permisions for group, but one user belongs to 2 groups, and
dosen't work too.




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Winbind issue

[Jason Gray]

Just in case anyone is interested I found the problem...my /etc/ldap.conf
file was not correct.

Cheers,

Jason

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of Jason Gray
Sent: Monday, February 16, 2004 4:29 PM
To: Smb_List
Subject: [Samba] Winbind issue


I have 3 Linux rh9.0 servers on the network all using Samba/LDAP to
authenticate.  One is acting as the PDC and the other two are domain
members.  On one server I don't have winbind running and everything works
great, however, on the other server, if I turn off the winbind I get a
password prompt and cannot access the server.  I have no need for winbind
but I'm forced to keep it on.

I'm using the PAM/NSS method to authenticate through the ldap server.  I
have the nsswitch set properly, all the library files are in the security
folder and the login file in pam.d has all the necessary references, so I
don't think it's related to LDAP.  I am getting this error:

make_server_info_info3: pdb_init_sam failed!

but it seems to be related to winbind itself.  How can I remove this systems
need to use winbind?

Cheers,

Jason

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] CUPS printing from Windows

[Alan Becker]

I have replaced a WinNT4 PDC with a Samba server.  I'm not experiencing 
problems
with file sharing/locking at all, but printing is another issue.  In 
this network, there are
several dot-matrix printers that are ONLY printed to using a DOS 
application, and
a laser (HP 2300, PCL and PS) that is primarily used for Windows printing. 

Problem:  Windows clients (using downloaded drivers from print$) don't 
seem to
have full or proper control of printing.  Example 1: An excel user has 
to click on
Print to fit in Page setup in order for the page to be scaled 
properly.  Otherwise
it prints on multiple pages in very large type.  Example 2: Another 
Excel user
attempts to set Landscape orientation.  The setting is accepted. no 
error is generated,
but the page continues to print in portrait orientation.

To begin with, this unit is based on RedHat 9 with all current updates 
(kernel 2.4.20-28.9, 
Samba 2.2.7a-8.9.0, Cups 1.1.17-13.3.0.3).  After discovering that CUPS 
was the only
printing system that RH9 installed, I went to the documentation and read 
the HOWTO
chapters 18 (Classical printing support) and 19 (CUPS printing support). 
I then did the following:

(1) Create the print queues using the RH/Gnome Printing control applet
(2) Test printing from Linkx (ok)
(3) Obtain the Windows drivers from the NT4 PDC (copied the whole
  c:\winnt\...\w32x86 structure to a scratch area.
(4) Obtain the detailed descriptions of each installed driver using the 
rpcclient utility
  from the Samba server, querying the old NT4 server (temporarily 
attached) with the
  getdriver queue_name function.  Route the query results to a file.  
Repeat for all queues.
(5) Write a script to parse the output of (4) and automate steps 4-10 of 
Manual
  Driver Installation in 15 Steps from Chapter 19. 
(6) Run the script for each print queue.  Drivers appear to be added 
without problem.
(7) Join a WinNT workstation to the Samba domain
(8) As Administrator, connect to the laser print queue.  Succeeds, no 
error message.
(9) Bring up Excel, attempt to print Landscape as noted above. This fails.

Questions::
(A) The failure to command the printer properly suggests a problem with 
the uploaded
  drivers.  Are there any other common explanations for this type of 
behavior??

(B) I attempted to set the dot-matrix queues to the Generic printer/Raw 
device.  In this
mode, I printed a short text file (in Linux), and copied a test file to 
the network queue
(under Windows).  In either case, the file was printed, but the paper 
was not advanced
to the next page.  In other words, this queue is so raw that it doesn't 
even recognise the
end of a print job, so multiple print jobs can be printed on the same 
page.  Is there any
middle ground, where inter-job pagination occurs, but no other filtering 
is enabled??

TIA for your attention.
A. Becker
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] permision problem

[Craig White]

On Mon, 2004-02-16 at 19:49, Clemente Acosta wrote:
 I have a server with SuSE 9.0 professional and samba 2.2.8a-170, with
 approximately 70 directories.  I have created in samba a resource or share
 called data, within as the 70 directories inside it.  The problem is since I
 make to assign the permissions to these directories.  If for example, userA
 belongs to group1 and to group2 and directoryA has like group to grupo1, but
 when a user of group2 requires and enters directorioA, the group and the
 user owner  changes and other users of group1 or group2 lose the access to
 that resource.
 
 
 What can I do?
 
 I think create a share for each directory, but are more than 70 directories.
 I try to assign permisions for group, but one user belongs to 2 groups, and
 dosen't work too.

I think you should be able to set guid on any particular directory...

chmod g+s /path/to/directory/inside/of/windows/share and it should hold

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: nmbd multihomed registration request must be directed at aWINS server error

[Dylan Cuthbert]

mm.. no response, so I'll reply to myself :-)
(B
(BI think this error seemed to be caused by my entry of a server name into the
(B"WINS Server" field, even though WINS support was turned off.  Any idea why?
(BDeleting the name seemed to stop the warning/error cropping up.
(B
(B-
(BQ-Games, Dylan Cuthbert.
(Bhttp://www.q-games.com
(B
(B
(B"Dylan Cuthbert" [EMAIL PROTECTED] wrote in message
(Bnews:[EMAIL PROTECTED]
(B Hi there,
(B
(B I just got a new machine with Redhat Enterprise Workstation and samba
(B 3.0.0-14 pre-installed.  I am trying to connect it to my existing network
(B which has a redhat v8 samba v2 PDC controlling 16 or so win2k and winxp
(B machines.
(B
(B In the nmbd log I get this error 3 times every 5 seconds or so:
(B
(B nmbd/nmbd_packets.c:process_nmb_request(1448)
(B   process_nmb_request: Multihomed registration request must be directed at
(Ba
(B WINS server.
(B
(B What does this mean?  Multihomed?  The network is as simple as it gets,
(B there is one PDC (and WINS server), and 16 or so clients, and everybody is
(B on the same domain.
(B
(B As far as I can see this error doesn't cause anything to fail (I can
(Baccess
(B shares on the new machine fine) but I felt it best to check in case it
(Bcomes
(B back to bite me later on.
(B
(B Regards
(B
(B -
(B Q-Games, Dylan Cuthbert.
(B http://www.q-games.com
(B
(B
(B -- 
(B To unsubscribe from this list go to the following URL and read the
(B instructions:  http://lists.samba.org/mailman/listinfo/samba
(B
(B
(B
(B-- 
(BTo unsubscribe from this list go to the following URL and read the
(Binstructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] group problem on NT4 domain

[steven.TSE]

Hi,
 
Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc
join successfully.
 
everything work great, but group permission failed, error message is
user_in_winbind_group_list: nametogid for group NTGROUP failed.  
 
smb.conf on shares as below:
=
omitted base configurations...
 
[shareA]
path = /public/shareA
valid users =  mailto:'@NT\Domain '@NT\Domain Users'
write list = NT\steven
 
 
the conf is simple but error occured.  No one can access to shareA, a login
prompted out for user/pass.  BTW, it has no problem at all if only use user
rather than group.  Please kindly help or advise, thankyou.
 
 
Best Regards,
Steven Tse
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: nmbd multihomed registration request must be directed at aWINS server error

[John H Terpstra]

On Tue, 17 Feb 2004, Dylan Cuthbert wrote:

 mm.. no response, so I'll reply to myself :-)

 I think this error seemed to be caused by my entry of a server name into the
 WINS Server field, even though WINS support was turned off.  Any idea why?
 Deleting the name seemed to stop the warning/error cropping up.

The wins server = parameter requires the IP Address of your WINS server.
Make sure that it is not the IP address of the Samba server if it is your
WINS server (ie: wins support = yes in smb.conf).

- John T.


 -
 Q-Games, Dylan Cuthbert.
 http://www.q-games.com


 Dylan Cuthbert [EMAIL PROTECTED] wrote in message
 news:[EMAIL PROTECTED]
  Hi there,
 
  I just got a new machine with Redhat Enterprise Workstation and samba
  3.0.0-14 pre-installed.  I am trying to connect it to my existing network
  which has a redhat v8 samba v2 PDC controlling 16 or so win2k and winxp
  machines.
 
  In the nmbd log I get this error 3 times every 5 seconds or so:
 
  nmbd/nmbd_packets.c:process_nmb_request(1448)
process_nmb_request: Multihomed registration request must be directed at
 a
  WINS server.
 
  What does this mean?  Multihomed?  The network is as simple as it gets,
  there is one PDC (and WINS server), and 16 or so clients, and everybody is
  on the same domain.
 
  As far as I can see this error doesn't cause anything to fail (I can
 access
  shares on the new machine fine) but I felt it best to check in case it
 comes
  back to bite me later on.
 
  Regards
 
  -
  Q-Games, Dylan Cuthbert.
  http://www.q-games.com
 
 
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba
 




-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] group problem on NT4 domain

[John H Terpstra]

On Tue, 17 Feb 2004, steven.TSE wrote:

 Hi,

 Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc
 join successfully.

 everything work great, but group permission failed, error message is
 user_in_winbind_group_list: nametogid for group NTGROUP failed.

Do you have winbindd running?
Is /etc/nsswitch.conf configured to use winbind?

- John T.


 smb.conf on shares as below:
 =
 omitted base configurations...

 [shareA]
 path = /public/shareA
 valid users =  mailto:'@NT\Domain '@NT\Domain Users'
 write list = NT\steven


 the conf is simple but error occured.  No one can access to shareA, a login
 prompted out for user/pass.  BTW, it has no problem at all if only use user
 rather than group.  Please kindly help or advise, thankyou.


 Best Regards,
 Steven Tse


-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] group problem on NT4 domain

[steven.TSE]

Yes, winbindd is running and nsswitch.conf is configured as:

passwd: file winbind
shadow: file
group: file winbind

smb.conf
===
[global]
workgroup = NTDOM
server string = Central File Server
security = DOMAIN
auth methods = winbind
password server = bga peh pbe_filpn
client lanman auth = No
client plaintext auth = No
log file = /var/log/samba/%m.log
min protocol = LANMAN1
local master = No
wins server = 192.168.100.9, 192.168.100.55
get quota command = /usr/bin/quota
set quota command = /usr/sbin/setquota
idmap uid = 1-2
idmap gid = 1-2
template homedir = /public/home/%U
template shell = /bin/bash
winbind cache time = 5

[finance]
comment = Finance Dept
path = /public/finance
valid users = '@NTDOM\Domain Users'
write list = PBE\steven_tse
force group = ntgroup
create mask = 0666
directory mask = 0777

I cannot access to shared folder finance, it always prompt for user login.
Please help, thankyou

Steve


-Original Message-
From: John H Terpstra [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 17, 2004 3:09 PM
To: steven.TSE
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] group problem on NT4 domain


On Tue, 17 Feb 2004, steven.TSE wrote:

 Hi,

 Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc
 join successfully.

 everything work great, but group permission failed, error message is
 user_in_winbind_group_list: nametogid for group NTGROUP failed.

Do you have winbindd running?
Is /etc/nsswitch.conf configured to use winbind?

- John T.


 smb.conf on shares as below:
 =
 omitted base configurations...

 [shareA]
 path = /public/shareA
 valid users =  '@NT\Domain Users'
 write list = NT\steven


 the conf is simple but error occured.  No one can access to shareA, a
login
 prompted out for user/pass.  BTW, it has no problem at all if only use
user
 rather than group.  Please kindly help or advise, thankyou.


 Best Regards,
 Steven Tse


-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.2 mapped by Actve Directory

[Andrew Bartlett]

On Tue, 2004-02-17 at 04:06, Costlow Erik A. wrote:
 I have spent a while trying to join a samba machine to our university's
 active directory structure so that allowed users can map to it by simply
 running \\webserver
 I was able to join the machine just fine via: net ads join
 VPSA/UH/UH-_ResComp_Servers/ -U adminname
 And now I can run wbinfo -u to get a listing of all users on our
 network. I have the right permissions, because from that computer, I can
 run smbclient //IP/c\$ -k and it lets me through as it should.
 
 However, when I run \\webserver from any other computer, log.smbd
 shows: 
 [2004/02/16 10:51:46, 0] auth/auth_util.c:make_server_info_info3(1100)
   make_server_info_info3: pdb_init_sam failed!
 [2004/02/16 10:51:46, 2] auth/auth.c:check_ntlm_password(312)
   check_ntlm_password:  Authentication for user [rceacostl] -
 [rceacostl] FAILED with error NT_STATUS_NO_SUCH_USER
 
 How can I make it so users can map their drives to this computer?

Add winbind to your nsswitch.conf - you need 'getent passwd' to return
your AD users, before samba can use them.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Setting password must change for more than one user

[Andrew Bartlett]

On Tue, 2004-02-17 at 05:02, Fabien Chevalier wrote:
 Hello all,
 
 I'm using Samba 3 with ldapsam_compat and i have a bunch of users (~ 150).
 I'm trying to find a way to set 'password must change' attribute to a given value to 
 all users of my domain, so
 that all be forced to reset their passwords at the same time.
 
 Is there an easy way to do that, better than editing ldap database by hand or 
 writing a custom script?
 I looked at pdbedit, smbpasswd, smbldap-tools, and no...nothing seems to cope with 
 it...

Administrators with large LDAP sites soon become very familiar with
Net::LDAP and perl scripting :-)

It's really not that hard... ;-)

(and yes, I know ldap can be a real pain - the benefit is that you *can*
do this kind of manipulation, directly on the backend)

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] group problem on NT4 domain (revised)

[steven.TSE]

revised to prevent confusion, sorry

-Original Message-
From: steven.TSE 
Sent: Tuesday, February 17, 2004 3:30 PM
To: John H Terpstra
Cc: [EMAIL PROTECTED]
Subject: RE: [Samba] group problem on NT4 domain


Yes, winbindd is running and nsswitch.conf is configured as:

passwd: file winbind
shadow: file
group: file winbind

smb.conf
===
[global]
workgroup = NTDOM
server string = Central File Server
security = DOMAIN
auth methods = winbind
password server = bga peh pbe_filpn
client lanman auth = No
client plaintext auth = No
log file = /var/log/samba/%m.log
min protocol = LANMAN1
local master = No
wins server = 192.168.100.9, 192.168.100.55
get quota command = /usr/bin/quota
set quota command = /usr/sbin/setquota
idmap uid = 1-2
idmap gid = 1-2
template homedir = /public/home/%U
template shell = /bin/bash
winbind cache time = 5

[finance]
comment = Finance Dept
path = /public/finance
valid users = '@NTDOM\Domain Users'
write list = NTDOM\steven_tse
force group = ntgroup
create mask = 0666
directory mask = 0777

I cannot access to shared folder finance, it always prompt for user login.
Please help, thankyou

Steve


-Original Message-
From: John H Terpstra [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 17, 2004 3:09 PM
To: steven.TSE
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] group problem on NT4 domain


On Tue, 17 Feb 2004, steven.TSE wrote:

 Hi,

 Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc
 join successfully.

 everything work great, but group permission failed, error message is
 user_in_winbind_group_list: nametogid for group NTGROUP failed.

Do you have winbindd running?
Is /etc/nsswitch.conf configured to use winbind?

- John T.


 smb.conf on shares as below:
 =
 omitted base configurations...

 [shareA]
 path = /public/shareA
 valid users =  '@NT\Domain Users'
 write list = NT\steven


 the conf is simple but error occured.  No one can access to shareA, a
login
 prompted out for user/pass.  BTW, it has no problem at all if only use
user
 rather than group.  Please kindly help or advise, thankyou.


 Best Regards,
 Steven Tse


-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] group problem on NT4 domain

[John H Terpstra]

On Tue, 17 Feb 2004, steven.TSE wrote:

 Yes, winbindd is running and nsswitch.conf is configured as:

 passwd: file winbind
 shadow: file
 group: file winbind

What is the output of:

getent passwd
getent group

wbinfo -u
wbinfo -g

See further comments below.

- John T.


 smb.conf
 ===
 [global]
   workgroup = NTDOM
   server string = Central File Server
   security = DOMAIN
   auth methods = winbind

Get rid of auth methods

   password server = bga peh pbe_filpn

Why is it necessary to set password server? If possible remote this
too.

   client lanman auth = No
   client plaintext auth = No

Neither of these should be needed.

   log file = /var/log/samba/%m.log

   min protocol = LANMAN1
   local master = No

The above 2 should not be needed either.

   wins server = 192.168.100.9, 192.168.100.55
   get quota command = /usr/bin/quota
   set quota command = /usr/sbin/setquota
   idmap uid = 1-2
   idmap gid = 1-2
   template homedir = /public/home/%U
   template shell = /bin/bash
   winbind cache time = 5

 [finance]
   comment = Finance Dept
   path = /public/finance
   valid users = '@NTDOM\Domain Users'

Try:
valid users = @NTDOM\Domain Users

   write list = PBE\steven_tse

What do you get if you run as root on this server:

id PBE\steven_tse


   force group = ntgroup
   create mask = 0666
   directory mask = 0777

 I cannot access to shared folder finance, it always prompt for user login.
 Please help, thankyou

 Steve


 -Original Message-
 From: John H Terpstra [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, February 17, 2004 3:09 PM
 To: steven.TSE
 Cc: [EMAIL PROTECTED]
 Subject: Re: [Samba] group problem on NT4 domain


 On Tue, 17 Feb 2004, steven.TSE wrote:

  Hi,
 
  Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc
  join successfully.
 
  everything work great, but group permission failed, error message is
  user_in_winbind_group_list: nametogid for group NTGROUP failed.

 Do you have winbindd running?
 Is /etc/nsswitch.conf configured to use winbind?

 - John T.

 
  smb.conf on shares as below:
  =
  omitted base configurations...
 
  [shareA]
  path = /public/shareA
  valid users =  '@NT\Domain Users'
  write list = NT\steven
 
 
  the conf is simple but error occured.  No one can access to shareA, a
 login
  prompted out for user/pass.  BTW, it has no problem at all if only use
 user
  rather than group.  Please kindly help or advise, thankyou.
 
 
  Best Regards,
  Steven Tse
 



-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Mapping Windows 2000 Drives/Shares from VMS

[John E. Malmberg]

Matthew Robey wrote:
Hi,

I am running VMS V7.3-1 with TCPIP V5.3 eco 2 and Samba V2.2.8

Is it possible to map a Windows 2000 drive/share from VMS  ?
I can list the shares by doing:
$ smbc -L windows server -U username

But I cant work out how to use it to 'map' a drive.
You can not map a drive on OpenVMS.

It would require implementing a SMB file ACP on OpenVMS, and that would 
be a lot of work, and probably require the source listings.

With out an assist from some TCP/IP internals, it also probably would be 
extremely slow.

-John
[EMAIL PROTECTED]
Personal Opinion Only
PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:

http://www.catb.org/~esr/faqs/smart-questions.html

CVS update: samba/source/utils

[vlendec]

Date:   Mon Feb 16 14:04:56 2004
Author: vlendec

Update of /data/cvs/samba/source/utils
In directory dp.samba.org:/tmp/cvs-serv9086

Modified Files:
  Tag: SAMBA_3_0
net_groupmap.c 
Log Message:
Fix success message for net groupmap modify

Volker


Revisions:
net_groupmap.c  1.1.2.20 = 1.1.2.21

http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net_groupmap.c.diff?r1=1.1.2.20r2=1.1.2.21

CVS update: samba/source/utils

[vlendec]

Date:   Mon Feb 16 14:05:46 2004
Author: vlendec

Update of /data/cvs/samba/source/utils
In directory dp.samba.org:/tmp/cvs-serv9470

Modified Files:
net_groupmap.c 
Log Message:
Fix success message for net groupmap modify

Volker


Revisions:
net_groupmap.c  1.15 = 1.16

http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net_groupmap.c.diff?r1=1.15r2=1.16

CVS update: samba/source/rpc_server

[vlendec]

Date:   Mon Feb 16 14:24:35 2004
Author: vlendec

Update of /data/cvs/samba/source/rpc_server
In directory dp.samba.org:/tmp/cvs-serv13679

Modified Files:
  Tag: SAMBA_3_0
srv_samr_nt.c 
Log Message:
Cosmetic fix: Use sid_is_in_our_domain instead of doing it per hand.

Volker


Revisions:
srv_samr_nt.c   1.86.2.65 = 1.86.2.66

http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_samr_nt.c.diff?r1=1.86.2.65r2=1.86.2.66

CVS update: samba-docs/docbook/projdoc

[Alexander Bokovoy]

Date:   Mon Feb 16 18:24:00 2004
Author: ab

Update of /home/cvs/samba-docs/docbook/projdoc
In directory dp.samba.org:/tmp/cvs-serv26282

Modified Files:
CUPS-printing.xml NetworkBrowsing.xml printer_driver2.xml 
Log Message:
Make link/ elements non-empty

Revisions:
CUPS-printing.xml   1.12 = 1.13

http://www.samba.org/cgi-bin/cvsweb/samba-docs/docbook/projdoc/CUPS-printing.xml.diff?r1=1.12r2=1.13
NetworkBrowsing.xml 1.13 = 1.14

http://www.samba.org/cgi-bin/cvsweb/samba-docs/docbook/projdoc/NetworkBrowsing.xml.diff?r1=1.13r2=1.14
printer_driver2.xml 1.10 = 1.11

http://www.samba.org/cgi-bin/cvsweb/samba-docs/docbook/projdoc/printer_driver2.xml.diff?r1=1.10r2=1.11

CVS update: samba/source/client

[sfrench]

Date:   Mon Feb 16 23:43:14 2004
Author: sfrench

Update of /home/cvs/samba/source/client
In directory dp.samba.org:/tmp/cvs-serv20782

Modified Files:
  Tag: SAMBA_3_0
mount.cifs.c 
Log Message:
Disable suid on user mounts (can override with -DCIFS_ALLOW_USR_SUID)


Revisions:
mount.cifs.c1.2.2.11 = 1.2.2.12

http://www.samba.org/cgi-bin/cvsweb/samba/source/client/mount.cifs.c.diff?r1=1.2.2.11r2=1.2.2.12