information
you earn money attachment: textfile.zip
Re: [Samba] Permissions on ou for net join to ADS
On Wed, 2004-02-25 at 03:16, Unix Service (ANTS) wrote: Hi I have noticed the following behaviour: If I get a kerberos ticket as a domain admin user using kinit and then do a net join to an ADS domain, then this works fine and net ads testjoin and net ads leave work too. However if I do it as a user with full control on a particular ou within the AD tree, net join gives the following: net join /Global Administration/Samba Servers [2004/02/24 14:33:48, 0] libads/ldap.c:(1072) Warning: ads_set_machine_sd: NT_STATUS_INVALID_PARAMETER Using short domain name -- AD Joined 'host1' to realm 'AD.ME.CO.UK' net ads test join still returns ok but net ads leave returns failed to delete host from dd realm ( I do a net join again it deletes the old entry and re adds the host ok ). It's not causing any problems as such, but I just wondered if there was any explanation for the above behaviour as I assumed full control on an ou would be equivlaent to domain admin within the scope of that ou. Not quite - it does not allow us to set security descriptors.We need to return better errors there, but that's what is going on. So, we allow the join to work, but we can't remove our account on domain leave. (We normally modify the SD to permit exactly that). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Samba 3.0.2-2 and offcie
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, I recently set up my first samba 3 server and now I have the problem that the office applications (mainly winword 97) are opening the document files very slow. Filetransfer is at a reasonable speed (about 90Mbit on a 1000MBit Network; tested with a 90Mb file) so this is not the problem. I think that there are some problems with the socket options or such... I do have a level 5 logfile and my smb.conf attached if it is of some help. I hope that anyone of you has a solution to this problem because over 30 seconds for opening a word document is a pain in the ass... Cheers and thanks Nicki - -- Linksystem Muenchen GmbH [EMAIL PROTECTED] Schloerstrasse 10 http://www.link-m.de 80634 Muenchen Tel. 089 / 890 518-0 We make the Net work. Fax 089 / 890 518-77 PGP-Key: https://www.link-m.de/pgp/n.messerschmidt.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Get keys at: https://www.link-m.de/pgp iD8DBQFAPIEE6zWc+bXuIEMRAvJkAJ4guemq4RTjeA1Gub0+HuAlksWBgQCfZM6A S3se2aa3ohiKAr13CRjGV7Q= =HKQW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Samba 3.0.2-2 and offcie
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 25 Feb 2004, Nicki Messerschmidt, Linksystem Muenchen GmbH wrote: I do have a level 5 logfile and my smb.conf attached if it is of some help. Hmm.. the attachements were filtered out... O.k. you can find the files at http://www.alienn.net/share Cheers and thanks Nicki - -- Linksystem Muenchen GmbH [EMAIL PROTECTED] Schloerstrasse 10 http://www.link-m.de 80634 Muenchen Tel. 089 / 890 518-0 We make the Net work. Fax 089 / 890 518-77 PGP-Key: https://www.link-m.de/pgp/n.messerschmidt.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Get keys at: https://www.link-m.de/pgp iD8DBQFAPIL46zWc+bXuIEMRAu6iAKDsaJSC9bdQ9z+ev/fzv0sPYFvGJgCdHvQv uWSccQ6//h3xZsLiab0deU0= =B6fq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] something for you
i hope it is not true! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] hello
yes, really? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit -P 'maximum password age' -C 0 should == never expire?
Thanks for the bug-report, this is now Fixed in 3.0 CVS. Damned, this is a bug? I though it was logical that it was running that way... Fabien Chevalier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] This is a test
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.2 config error using --with-ldap
Hi, I also use the openldap libldap (need to install openldap configured with --null-backend=yes). Then set the library search path for solaris with crle -c /var/ld/ld.config -l /usr/lib:/usr/local/lib. I didn't need to hack any files to get this to compile :-). hope this helps, Andy. - snip -- #!/bin/sh # --- Mods by Lou for SAMBA 3.0.2a # -- have libxml2 on board, but dsabled test because config chokes... # - having enabled additional library paths, now got config to work, # but with spinlocks enabled, make chokes. # SO NO SPINLOCKS for the time being !!! LD_LIBRARY_PATH=/usr/local/lib:/usr/local/mysql/lib:/opt/csw/lib \ LDFLAGS=-L/usr/local/mysql/lib -L/opt/csw/lib \ CPPFLAGS=-I/usr/local/mysql/include -I/opt/csw/include -I/usr/include/libxml2/libxml \ CFLAGS=-I/usr/local/mysql/include -I/opt/csw/include -I/usr/include/libxml2/libxml -DHAS_LDAP \ './configure' \ '--enable-debug' \ '--enable-developer' \ '--enable-krb5developer' \ '--with-ldap=/opt/csw/include/ldap.h' \ '--with-ads' \ '--with-krb5' \ '--with-expsam=xml, mysql' \ '--with-xml-prefix=/usr/lib' \ '--with-xml-exec-prefix=/usr/lib' \ '--disable-xmltest' \ '--with-mysql-prefix=/usr/local/mysql' \ '--with-mysql-exec-prefix=/sr/local/mysql/bin' \ '--with-ldapsam' \ $@ I am getting below errors when running configure --with-ldap --with-ldapsam --with-ads on Solaris 8: Begin *** configure:23349: result: no configure:23379: WARNING: libldap is needed for LDAP support ** End *** Note that I am using libldap that comes with Solaris 8 Shared Libs package (SUNWcsl). Thanks a lot in advance, Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] maximum username length
Hello! We encountered a problem with our (LDAP) usernames: It seems that windows truncates uids to 20 characters and since our ~4000 users follow the uid-schema givenname.lastname we have some uid's that are (much) longer than 20 characters. Does anybody know if this is a samba or a windows problem and how we can fix it (without changing the actual uid's that work any other service without problems: smtp/pop/imap/ssh/ftp/http/...) best regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit -P 'maximum password age' -C 0 should == never expire?
On Wed, 2004-02-25 at 23:08, Fabien Chevalier wrote: Thanks for the bug-report, this is now Fixed in 3.0 CVS. Damned, this is a bug? I though it was logical that it was running that way... If microsoft has '0' as no limit (and making people change passwords forever more doesn't make much sense) then we need to match it, as these can be set from usrmgr. We map 0 NTTime to 0 unixtime. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
I can't compile samba (got from cvs). This is what I get: ./autogen.sh: running autoheader NONE:0: /usr/bin/m4: ERROR: EOF in string autom4te-2.5x: /usr/bin/m4 failed with exit status: 1 autoheader-2.5x: /usr/bin/autom4te failed with exit status: 1 Can you help me please? Thank you -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Information
Please see the attached file for details -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.2 Exchange 2003 / Active Directory?
Brandon How did you deal with licensing then, don't you still have to pay domain/AD client access licenses as well as Exchange client access licenses? Brandon wrote: We have semi-successfully set up Samba 3.0.2 and Exchange 2003. Exchange 2003 requires Active Directory, however we wanted to still use Samba as a PDC in our domain. We set up Exchange in a Windows2000 separate domain and then established a one-way trust between the exchange domain and the samba domain (where the samba domain is the trusted domain). We established our users on Exchange and corresponding users on the Samba PDC. Getting Exchange to authenticate off the Samba PDC was tricky but not impossible. In Exchange you must set the msExchMasterAccountSid variable in Active Directory to the Samba domain SID of the mailbox's owner. Microsoft has documented this procedure in KB article 27: http://support.microsoft.com/default.aspx?scid=kb;en-us;27 This procedure will make the Samba SID (account) the owner of the exchange mailbox; the corresponding account in the exchange domain becomes disabled. It is essential to set exchange up this way or else OWA, public folders, mailbox sharing, and other exchange features will not work correctly. It is not enough to just check the Associated External Rights box without following the steps to set the msExchMasterAccountSid variable. Failing to set this attribute will cause Exchange to randomly bounce emails and other features to work sporadically. To get Outlook Web Access to work properly with this setup you must disable Integrated Windows Authentication in IIs for the all virtual directories associated with exchange (exchange, public, exchweb). Instead use Basic Authentication where the domain name is the Samba domain. Be aware this sends the users password unencrypted so be sure you are using SSL when you authenticate a user. This solution will all Exchange to authenticate off the Samba PDC domain when using OWA. We ran into a little trouble when trying to set up the Samba-Windows2000 trusts. When trying two-way trusts, everything would work fine for a few hours, but then Windows2000 would stop letting us view the Samba PDC users (which we needed because we had to associate these accounts with mailboxes). Two-way windows2000 trusts aren't working too well yet it seems, however Exchange only needs a one way trust. The one-way trust solution (with Samba as the trusted domain) has been working fine. Associating Samba accounts with Exchange mailboxes using this procedure may not work for more then 100 or so accounts. I am sure there is a way to do it programmatically, such as KB article 322890: http://support.microsoft.com/default.aspx?scid=kb;en-us;322890 - Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] stolen
i hope it is not true! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'logon drive' questions
I would like to ask the list to help me understand three Samba settings: 'logon path', 'logon drive', and 'logon home'. Please see my question at the bottom of this post. THANKS! --- My settings are: . . . logon path = \\%L\profiles\%u\%m logon drive = H: logon home = \\%L\%u\.win_profiles\%m [profiles] path = /home/samba/nt_profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [homes] comment = %u's Home Directory valid users = %S read only = No create mask = 0640 directory mask = 0750 hide dot files = No veto files = /.*/Documents/public_html/ browseable = No --- On my XP Pro client, when I click on Command Prompt, I get a dos window that displays the prompt as: C:\Documents and Settings\testuser. This happens, because the properties for the Command Prompt have this setting in the Start in box: %HOMEDRIVE%%HOMEPATH% According to http://support.microsoft.com/default.aspx?scid=kb;en-us;100843 ... [quote] HOMEPATH HOMEDRIVE HOMESHARE These three environment variables are set based on the value of the home directory. The user's home directory is specified in User Manager (Choose Profile and Properties). If the home directory uses universal naming conventions (UNC), then they will have the following values: HOMESHARE=\\server name\share name HOMEPATH=\path HOMEDRIVE=drive letter: If the home directory is a local path such as c:\nt then they will look like this: HOMEDRIVE=c: HOMESHARE= HOMEPATH=\nt [/quote] MY variables are set like this: C: set | find HOME HOMEDRIVE=C: HOMEPATH=\Documents and Settings\testuser When I run USRMGR.EXE (User manager for Domains), I can see the two users listed in /etc/samba/smbpasswd (just as it should be). When I double-click on testuser (to open the Properties window), I can now click on the Profile button to see the two other boxes: User Profiles User Profile path: \\mutt\profiles\testuser\lapdog Logon Script Name: logon.bat Home Directory Local Path: Connect H: to \\mutt\testuser\.win_profiles\lapdog Remember the Microsoft Q100383 article says, If the home directory uses universal naming conventions (UNC), then they will have the following values: HOMESHARE=\\server name\share name HOMEPATH=\path HOMEDRIVE=drive letter: So, this indicates the Samba is not working correctly regarding these these variables! QUESTION: Can some of you please click on your Command Prompt and see if you get H: or C:\Documents and Settings\youruser? THANKS! -- SuSE 9.0 Pro (2.4.21-192-default) and samba-2.2.8a-107 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] authenticating from another samba server
Hi, I have a server, snap1 10.8.5.10, that runs samba, and have users created by using useradd (but not added them to snap1's smbpasswd). I'd like for users on our primary samba server, archives1 10.8.5.2, to be able to type in \\snap1\username in windows and have the snap1 server take them to their home directory on the snap1 server, but athenticate the users against archives1's snmbpasswd. The usernames on archives1 and snap1 are identical. I tried adding wins server = 10.8.5.2 but it didn't work. The only other thing I can think of is using scp or ncftpget to copy archives1's smbpasswd file to snap1, but I'd like to know if there is a way to setup snap1's samba to authenticate users using archives1's smbpasswd directly instead of copying over archives1's smbpasswd file. archives1 is Redhat 9 with samba 2.2.8a. snap1 is a snap appliance server (1U rackmount hard drive array) running Guardian OS Linux. smbd -V on it doesn't show the samba version but it appears to be a version of samba 2.2 from its functionality. any suggestions on how to get snap1 to authenticate users against archives1's smbpasswd file? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Ordinary users automatically member of Domain Admins
I've just migrate existing NT users to samba, some users are having SID number 100x. The funny thing is, from NT usermanager, these users are member of Domain Admins group because of their SID? [EMAIL PROTECTED] samba]# pdbedit -L -v jktajit Unix username:jktajit NT username: jktajit Account Flags:[U ] User SID: S-1-5-21-2140563141-904681572-988572150-1012 Primary Group SID:S-1-5-21-2140563141-904681572-988572150-513 ... However, admin user which having SID 500 and Group RID 512 (uid=0,gid=0) is not member of domain admins! [EMAIL PROTECTED] samba]# pdbedit -L -v smbrootjkt Unix username:smbrootjkt NT username: smbrootjkt Account Flags:[U ] User SID: S-1-5-21-2140563141-904681572-988572150-500 Primary Group SID:S-1-5-21-2140563141-904681572-988572150-512 Full Name:SAMBA Root Account [EMAIL PROTECTED] samba]# net groupmap list Domain Users (S-1-5-21-2140563141-904681572-988572150-513) - userjkt Domain Computers (S-1-5-21-2140563141-904681572-988572150-515) - wsjkt Domain Guests (S-1-5-21-2140563141-904681572-988572150-514) - guestjkt Domain Admins (S-1-5-21-2140563141-904681572-988572150-512) - root ... Why? --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] unknown
here, the introduction -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] something for you
yes, really? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password changes with ctrl-alt-del
Currently I'am using samba for file sharing. My smb.conf file is basically setup as default with a few minor changes. Therefore, my samba server is not part of a domain. Right now users can map the samba shares with windows XP... With this type of setup is it possible for them to change there smbpasswd using ctrl-alt-del? If so any examples or hints on how to set this up would be great. I have tried a few things and the only way I can get this to work is to make my samba server a PDC and have the workstations join the domain. The version of samba I'am using is 2.2.7a. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Remote Windows registry read access from Linux?
Hi, In order to do some inventory and network management of our Windows machines, we'd really like to be able to extract some bookkeeping info from them - mostly from the registry. Anybody know how this is possible from Linux? (Most of) the information we seek is present in the registry of the remote windows machine, e.g. installed programs/hotfixes. But the Event Log, Info about running services, users, shares etc. is also on our wishlist. I tried upgrading my samba to 3.0.2a, and editreg(1) says ...currently only NT4..., and editreg was also not created during my build. Regardless, from reading editreg(1) it doesn't seem that it would do what I need anyway, such as accessing a remote registry. rpcclient also seems very handy - just not quite the tool for my exact job. I have no need to modify the registry, only extract keys from it. I suspect that the binary version of the registry on XP is in: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT And then there is a part for each user. Is that correct? I was thinking that maybe I could use smbclient to retrieve the actual remote binary version of the registry and then use some application to decode/dump that binary file. Has anybody succeeded in that approach? With what dumper? I seem to have no similar global file on my W2K installation... - what would that be on W2K? ??On W3K?? I've tried looking at the PDUs that regedit/LANGuard for windows send with a sniffer, but there are 994/11009 of them in my traces, and making sense of the decodes seems a daunting task. SMB, CIFS and MS/DCE RPC keeps re-appearing in those traces, so I thought I'd ask here. As you can well imagine, I would really hate to have to have a separate Windows machine in the loop running some Visual Basic / TCP daemon nastiness just to do this... Very likely, my ignorance stems from not having any fundamental knowledge of how Windows remote management works. What is possible and what are the protocols (RPC?/DCOM?/What else?) . googling reveals lots of Windows Howto pages, but GUI guides (run regedit.exe, click herethere) are of very little use here. Can the Windows RPC be used to run a visual basic script (uploaded with smbclient) on the remote side to do this? E.g. Any links to *any* useful Linux information? Peter -- Peter Valdemar Mørch http://www.morch.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] sambaAcctFlags for PDC
What should be the flag for PDC machine trust account? If I set to S then it will appear as BDC in NT server manager, if W then as Workstation or server, if no machine trust then it will not appear on server manager list. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'logon drive' questions
On Wed, 25 Feb 2004, flinchlock wrote: I would like to ask the list to help me understand three Samba settings: 'logon path', 'logon drive', and 'logon home'. Please see my question at the bottom of this post. THANKS! --- My settings are: . . . logon path = \\%L\profiles\%u\%m logon path sets the Windows XP environment variable %USERPROFILE% that pervades the Windows registry. logon drive = H: logon drive sets the drive letter that is used when you run: net use * /home If set in smb.conf and you use either tdbsam or ldapsam this will automatically map the users UNIX home directory to the drive letter specified _and_ will set the environment variable %HOMEDRIVE% on the workstation. Of course, the Windows XP Pro client must be a Domain Member client for this to work. logon home = \\%L\%u\.win_profiles\%m This has no real place in Windows NT/XP, it is used to set the profile directory for Windows 9x/Me clients. [profiles] path = /home/samba/nt_profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [homes] comment = %u's Home Directory valid users = %S read only = No create mask = 0640 directory mask = 0750 hide dot files = No veto files = /.*/Documents/public_html/ browseable = No --- On my XP Pro client, when I click on Command Prompt, I get a dos window that displays the prompt as: C:\Documents and Settings\testuser. This happens, because the properties for the Command Prompt have this setting in the Start in box: %HOMEDRIVE%%HOMEPATH% According to http://support.microsoft.com/default.aspx?scid=kb;en-us;100843 ... [quote] HOMEPATH The %HOMEPATH% is derived from the Windows registry variables. When you implement folder redirection (as I have documented in my new book Samba-3 by Example - can be ordered from Amazon.Com now) to redirect the user's desktop folder contents to network drives, then this environment variable will be changed also. But remember, roaming profiles are copied from the server to the local machine - no matter what - this always happens. It you have set Windows registry to delete roaming profiles on logout (a good practice) you will not see any remnants of the profile after the user has logged out. Otherwise, if roaming profiles are not set to delete on logout you will find a mirror of the roaming profile (temporary profile) under: C:\Documents and Settings\'username' and you will find that the matching environment parameters for this are: HOMEDRIVE=C: HOMEPATH=\Documents and Settings\'username' You have been confusing two entirely different aspects of profile handling. There are two components: 1) Those that specify where windows obtains the profile to copy across the network to the client 2) The location of the working image of the desktop profile Cheers, John T. HOMEDRIVE HOMESHARE These three environment variables are set based on the value of the home directory. The user's home directory is specified in User Manager (Choose Profile and Properties). If the home directory uses universal naming conventions (UNC), then they will have the following values: HOMESHARE=\\server name\share name HOMEPATH=\path HOMEDRIVE=drive letter: If the home directory is a local path such as c:\nt then they will look like this: HOMEDRIVE=c: HOMESHARE= HOMEPATH=\nt [/quote] MY variables are set like this: C: set | find HOME HOMEDRIVE=C: HOMEPATH=\Documents and Settings\testuser When I run USRMGR.EXE (User manager for Domains), I can see the two users listed in /etc/samba/smbpasswd (just as it should be). When I double-click on testuser (to open the Properties window), I can now click on the Profile button to see the two other boxes: User Profiles User Profile path: \\mutt\profiles\testuser\lapdog Logon Script Name: logon.bat Home Directory Local Path: Connect H: to \\mutt\testuser\.win_profiles\lapdog Remember the Microsoft Q100383 article says, If the home directory uses universal naming conventions (UNC), then they will have the following values: HOMESHARE=\\server name\share name HOMEPATH=\path HOMEDRIVE=drive letter: So, this indicates the Samba is not working correctly regarding these these variables! QUESTION: Can some of you please click on your Command Prompt and see if you get H: or C:\Documents and Settings\youruser? THANKS! -- SuSE 9.0 Pro (2.4.21-192-default) and samba-2.2.8a-107 -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sambaAcctFlags for PDC
On Wed, 25 Feb 2004, Beast wrote: What should be the flag for PDC machine trust account? If I set to S then it will appear as BDC in NT server manager, if W then as Workstation or server, if no machine trust then it will not appear on server manager list. Go to: http://samba.org/samba/docs/man/passdb.html Search for Table 11.1. The X means: String of 11 characters surrounded by square brackets [] representing account flags such as U (user), W (workstation), X (no password expiration), I (Domain trust account), H (Home dir required), S (Server trust account), and D (disabled). No special flag is needed for the PDC. If you enable domain logons, and use default security it should automatically be a PDC. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 100% CPU eaten -- tdb_fetch failed
Hello, From time to time Samba 3.0.2 performance suddenly fails bellow what is acceptable. One smbd process eats between 30% and 100% of CPU usage, and for the machine associated with the smbd process i got dozens of (debug level 2): [2004/02/25 17:59:18, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:20, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:20, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:20, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:20, 0] smbd/connection.c:register_message_flags(220) I tried to stop and restart Samba without success. The client machine recreates the connection, Samba forks a new smbd, which sill eats too much CPU. I looked at previous posts, but didn't found any explanation regarding tdb_fetch failed issues. How can i know which tdb is faulty? Is there another way to solve this issue than removing the tdb ? (...but for now i don't know which one it is...) Bye, Fabien -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 100% CPU eaten -- tdb_fetch failed
[2004/02/25 17:59:18, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed Little addition : i got 6385 of these in ~ 17 minutes. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'logon drive' questions
Quoting John H Terpstra Quoting flinchlock logon path = \\%L\profiles\%u\%m logon path sets the Windows XP environment variable %USERPROFILE% that pervades the Windows registry. OK, that helps ALOT!!! :-) logon drive = H: logon drive sets the drive letter that is used when you run: net use * /home If set in smb.conf and you use either tdbsam or ldapsam this will automatically map the users UNIX home directory to the drive letter specified _and_ will set the environment variable %HOMEDRIVE% on the workstation. So, I guess the only use for mapping this (HOME), is to allow a user to share/access his/her *nix files on a Windows machine... right? Most? applications don't need/use a HOME directory... right? logon home = \\%L\%u\.win_profiles\%m This has no real place in Windows NT/XP, it is used to set the profile directory for Windows 9x/Me clients. Sure/OK, I havn't started messing with my W98 clients. (I won't ask you any questions!) The %HOMEPATH% is derived from the Windows registry variables. When you implement folder redirection (as I have documented in my new book Samba-3 by Example - can be ordered from Amazon.Com now) to redirect the user's desktop folder contents to network drives, then this environment variable will be changed also. I'm just a home user, and I'll wait until Samba 3.1.x is out... and I *do* have an Amazon account. But remember, roaming profiles are copied from the server to the local machine - no matter what - this always happens. It you have set Windows registry to delete roaming profiles on logout (a good practice) you will not see any remnants of the profile after the user has logged out. Otherwise, if roaming profiles are not set to delete on logout you will find a mirror of the roaming profile (temporary profile) under: C:\Documents and Settings\'username' and you will find that the matching environment parameters for this are: HOMEDRIVE=C: HOMEPATH=\Documents and Settings\'username' I'll need time to digest this. You have been confusing two entirely different aspects of profile handling. There are two components: 1) Those that specify where windows obtains the profile to copy across the network to the client 2) The location of the working image of the desktop profile OK. I guess my definition of HOME needs to be re-thought about. When I think about HOME, I think about the home dir field in /etc/passwd. Seems like 'logon path' has NOTHING to-do with my thoughts about what/where HOME is. I'll eventually figure it out... but I promise I won't ask you any questions. THANKS for your insight/patience. :-) Mike -- SuSE 9.0 Pro (2.4.21-192-default) with samba-2.2.8a-107 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd krb5_get_credentials errors
Second posting of this, can anyone help? thanks Andy. can you explain the many instances (against different servers of different domains) of errors of the type from winbindd?, krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find KDC for requested realm) KDC's must either be able to be found in DNS (using the SRV records etc) or be in /etc/krb5.conf. Andrew Bartlett Service records exist for DC's only on DNS servers in that domain (ie DNS server in domain X has service records only for all DC's in domain X and so on for each domain), should normal DNS forwarding not allow a client in one domain to read the service record data from another? Normal host records for all domains in the forest are resolveable via DNS forwarding. Otherwise I'll need to have service records for all our DC's in all 6 domains in every DNS server in the forest which is not practical!?! thanks in advance, Andy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: something for you
What is this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 12:47 PM To: [EMAIL PROTECTED] Subject: something for you stuff about you? --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.583 / Virus Database: 369 - Release Date: 2/10/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.583 / Virus Database: 369 - Release Date: 2/10/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Remember Password from 2000/XP to Samba share?
I have searched for the actual answer to this repeatedly, but keep coming up with different answers. Most people say that it just can't be done but then, once in a while, someone seems to reply that they are doing it and it works fine. Which messes up that whole it can't be done argument. :) Basically, we have a network with a Windows 2000 Small Business server, a Linux box running Samba v2.2.3a (which I did not configure and do not have direct administrative access to) -- and then various client machines ranging from Win9x to 2000 to XP. For the Windows 2000/XP machines, if the user/password used on that machine is identical to the samba share user/pass, then it auto-logins and works fine. But, if the passwords do not match (they are still using the same usernames -- just different passwords on the Windows box and samba box), then there does not appear to be a way to get them to automatically reconnect to the samba share. It works when they connect, but the remember password option on the mapping appears to be ignored. If they log out of the Windows box and then log back in, it asks for the samba share password again when it tries to remap it. Some people say that that's just the way it is with 2000/XP -- that it simply won't remember the password to a samba share and, to make it work, you have to make sure that that match. But, I've found a couple people that swear that it remembers fine for them -- and that they haven't done anything special to either side. As I said, I didn't configure the samba box, so I'm not sure if something might be wrong there. I do have access to the config file though, so here are what I believe may be the relevant bits from the smb.conf file: workgroup = ourdomain.local security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes pam password change = yes When all is said and done, what we'd like is one (or both) of the following: 1. The ability to have the same username on both the Windows box and Samba box, but with different passwords -- and have the samba share automatically remapped when the user logs into the Windows box without having to re-type the password each time (i.e. log into the Windows box, connect to the share with the username and different password, create a drive mapping and choose the remember password option, and have it just work next time the user logs back into the Windows box using their Windows/domain password. (Note that I could do that know with a batch file that does net use and has the samba password in it in plaintext, but that doesn't seem like the right solution to me.) 2. Have the passwords always match by automating the changing of the password on the Samba box for the user when they change their Windows/domain password normally. Thanks much for any guidance here! - John... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] probleb with 'passwd chat' and 'passwd program'
Hi ! I have a problem using an external script to change password : in smb.conf, i have : = passwd chat = Changing password for*\nNew password* %n\n \nRetype new password* %n\n = passwd chat debug = Yes = log level = 100 = unix password sync = Yes = passwd program = /usr/local/sbin/smbldap-passwd %u The script is called normally, and logs show that the passwd chat looks good as the new password (coucou) is send two times. You can find the logs bellow. But the script should normally also changed the userPassword attribut and this is not done. The smbldap-passwd script read the passwords like that (it's a perl script) : -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= system stty -echo; print New password : ; chomp($pass=STDIN); print \n; system stty echo; system echo pass=$pass /tmp/bla.txt; system stty -echo; print Retype new password : ; chomp($pass2=STDIN); print \n; system stty echo; system echo pass2=$pass2 /tmp/bla.txt; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= I added two 'echo ... /tmp/bla.txt' to see what is passed to the script. The first one is called as it should be, but the second one is never called. The end of the script is then never done : the userPassword is then never updated :-( (i am using samba 3.0.2rc2). I can find what is wrong. Anyone has an idea ? Thanks :) Here are the log of smbd : -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Invoking '/usr/local/sbin/smbldap-passwd jto' as password change program. [2004/02/25 20:33:01, 10] lib/util_sock.c:read_socket_with_timeout(263) read_socket_with_timeout: timeout read. select timed out. [2004/02/25 20:33:01, 100] smbd/chgpasswd.c:expect(274) expect: expected [Changing password for* New password*] received [Changing password for jto New password : ] match yes [2004/02/25 20:33:01, 10] smbd/chgpasswd.c:expect(285) expect: returning True [2004/02/25 20:33:01, 100] smbd/chgpasswd.c:expect(237) expect: sending [coucou ] [2004/02/25 20:33:01, 10] lib/util_sock.c:read_socket_with_timeout(263) read_socket_with_timeout: timeout read. select timed out. [2004/02/25 20:33:01, 100] smbd/chgpasswd.c:expect(274) expect: expected [ Retype new password*] received [ Retype new password : ] match yes [2004/02/25 20:33:01, 10] smbd/chgpasswd.c:expect(285) expect: returning True [2004/02/25 20:33:01, 100] smbd/chgpasswd.c:expect(237) expect: sending [coucou ] [2004/02/25 20:33:21, 3] smbd/chgpasswd.c:chat_with_program(440) chat_with_program: Password change successful for user jto -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Remember Password from 2000/XP to Samba share?
1. The ability to have the same username on both the Windows box and Samba box, but with different passwords -- and have the samba share automatically remapped when the user logs into the Windows box without having to re-type the password each time (i.e. log into the Windows box, connect to the share with the username and different password, create a drive mapping and choose the remember password option, and have it just work next time the user logs back into the Windows box using their Windows/domain password. You can do this with windows xp. From the control panel click on User Accounts. Chose a user. In the related task box there is an option called Manage my network passwords. From this box you can setup arbitrary server/username/password combinations. I don't know of another way to this menu, but I'm sure there are. Its the Stored Username and Passwords manager. A quick google finds http://support.microsoft.com/?kbid=287536 -- Steven Kurylo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] hiding the UNIX system name from Network Neighborhood
Hi, Here's the deal; Currently within our NT domain, Network Neighborhood can see our SAMBA server via both the netbios name (set with 'netbios name = vegas' from within the smb.conf file), plus the actual UNIX system name. We want our users to browse our SAMBA server only via the netbios name and not the actual UNIX system name. How can I configure SAMBA not to advertise the 'actual' UNIX system name? Thanks, Derek Moran KWC/IT -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.2 config error using --with-ldap
Thanks for the reply. But my problem is not locating the libraries. It's basically Sun's libldap vs. OpenLDAP's libldap (or other supported libldap). As indicated in my previous email, the key error was: Undefined first referenced symbol in file ldap_initialize conftest.o ld: fatal: Symbol referencing errors. No output written to conftest I checked the symbols in Sun's libldap, it doesn't seem to contain ldap_initialize. So the question is how to bypass the checking of ldap_initialize. Thanks, Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 5:52 PM To: [EMAIL PROTECTED] Cc: Chu, Dan Subject: Re: [Samba] Samba 3.0.2 config error using --with-ldap Dan, Though I don't use the Solaris-packaged ldap libs (I am using OpenLDAP), locating the libraries for Samba was a big problem. I did a lot of fiddling with compiler and preprocessor flags, including some which I didn't think we should need; these mods are shown below. (I put all my config commands, by habit, into a script file, so I can annotate). Obviously, your mileage will vary, but hopefully you can surmise something about your required lib pathnames... You'll see we also had problems with Solaris spinlocks, and with the xml test (though we do have libxml2 installed), so disabled the test and have had no further probs with the xml2 side of things. We finally did get a good configure, but are now having probs with the make. Best Luck - Lou - snip -- #!/bin/sh # --- Mods by Lou for SAMBA 3.0.2a # -- have libxml2 on board, but dsabled test because config chokes... # - having enabled additional library paths, now got config to work, # but with spinlocks enabled, make chokes. # SO NO SPINLOCKS for the time being !!! LD_LIBRARY_PATH=/usr/local/lib:/usr/local/mysql/lib:/opt/csw/lib \ LDFLAGS=-L/usr/local/mysql/lib -L/opt/csw/lib \ CPPFLAGS=-I/usr/local/mysql/include -I/opt/csw/include -I/usr/include/libxml2/libxml \ CFLAGS=-I/usr/local/mysql/include -I/opt/csw/include -I/usr/include/libxml2/libxml -DHAS_LDAP \ './configure' \ '--enable-debug' \ '--enable-developer' \ '--enable-krb5developer' \ '--with-ldap=/opt/csw/include/ldap.h' \ '--with-ads' \ '--with-krb5' \ '--with-expsam=xml, mysql' \ '--with-xml-prefix=/usr/lib' \ '--with-xml-exec-prefix=/usr/lib' \ '--disable-xmltest' \ '--with-mysql-prefix=/usr/local/mysql' \ '--with-mysql-exec-prefix=/sr/local/mysql/bin' \ '--with-ldapsam' \ $@ I am getting below errors when running configure --with-ldap --with-ldapsam --with-ads on Solaris 8: Begin *** configure:23349: result: no configure:23379: WARNING: libldap is needed for LDAP support ** End *** Note that I am using libldap that comes with Solaris 8 Shared Libs package (SUNWcsl). Thanks a lot in advance, Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sambaAcctFlags for PDC
On Thu, 2004-02-26 at 03:25, Beast wrote: What should be the flag for PDC machine trust account? If I set to S then it will appear as BDC in NT server manager, if W then as Workstation or server, if no machine trust then it will not appear on server manager list. You are using NT4 server manager against a Samba domain? The correct flag is 'S' for sever (DC) trust account - the machine should be joined to itself. Server manager is not picking up some other sign that this is the PDC - it's not recorded in the SAM. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 100% CPU eaten -- tdb_fetch failed
Fabien, You should run the tdbbackup tool every time Samba (smbd) is shut down. Please refer to the man page for further information. The use of tdbbackup is a very important step to prevention of catastrophic problems with tdbs. Cheers, John T. On Wed, 25 Feb 2004, Fabien Chevalier wrote: Hello, From time to time Samba 3.0.2 performance suddenly fails bellow what is acceptable. One smbd process eats between 30% and 100% of CPU usage, and for the machine associated with the smbd process i got dozens of (debug level 2): [2004/02/25 17:59:18, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:19, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:20, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:20, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:20, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/02/25 17:59:20, 0] smbd/connection.c:register_message_flags(220) I tried to stop and restart Samba without success. The client machine recreates the connection, Samba forks a new smbd, which sill eats too much CPU. I looked at previous posts, but didn't found any explanation regarding tdb_fetch failed issues. How can i know which tdb is faulty? Is there another way to solve this issue than removing the tdb ? (...but for now i don't know which one it is...) Bye, Fabien -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Persistant Z drive in XP
Hello. New to SAMBA.(2.2.8 on RH9) Mixed environment of 98 (trying) XP. My net use s: /home command works wonderfully for XP and 98. But XP throws in an extra more home-than-home directory - namely \username\.win_profile on the Z drive. I've tried disconnecting it with: net use Z: /delete, but XP claims to have a process running on it (even after 10 min). This is going to confuse the @$%@ out of my users. What is going on? And more importantly: how do I get it to stop? My SMB.conf file is a-la Using SAMBA from O'reilly press and therefore says: logon path = \\%L\profiles\%u\%m logon script = logon.bat logon home = \\%L\%u\.win_profile\%m with - [netlogon] path = /usr/local/samba/lib/netlogon create mask = 0600 directory mask = 0700 browseable = No [profiles] path = /ovs/home/samba-ntprof browsable = no writable = yes create mask = 0600 directory mask = 0700 [homes] read only = No browseable = No Hopefully, somebody will reply, if only to commiserate. smile -Moondance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain users not logging on to linux box
Hello everyone I have installed and configured samba 3 on redhat linux AS 2.1. I can access the server from network neighborhood but my domain users are not logging on to linux box using DOMAIN+user way .It logs in and immediately returns to getty and /var/log/messages shows that access granted to domain user. I have defined template homedir and template shell options in my smb.conf but there are not home directories in /home/winnt .Somebody pls help me how my domain users could log on to linux box. Thanks __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Persistant Z drive in XP
On Wed, 25 Feb 2004, Moondance Foxmarnick wrote: Hello. New to SAMBA.(2.2.8 on RH9) Mixed environment of 98 (trying) XP. My net use s: /home command works wonderfully for XP and 98. But XP throws in an extra more home-than-home directory - namely \username\.win_profile on the Z drive. I've tried disconnecting it with: net use Z: /delete, but XP claims to have a process running on it (even after 10 min). This is going to confuse the @$%@ out of my users. What is going on? And more importantly: how do I get it to stop? My SMB.conf file is a-la Using SAMBA from O'reilly press and therefore says: logon path = \\%L\profiles\%u\%m logon script = logon.bat logon home = \\%L\%u\.win_profile\%m logon home = i.e.: Leave the value blank. - John T. with - [netlogon] path = /usr/local/samba/lib/netlogon create mask = 0600 directory mask = 0700 browseable = No [profiles] path = /ovs/home/samba-ntprof browsable = no writable = yes create mask = 0600 directory mask = 0700 [homes] read only = No browseable = No Hopefully, somebody will reply, if only to commiserate. smile -Moondance -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NTFS file streams and Samba?
Is there any way to keep file streams over Samba shares? I realize that Linux filesystems does not have something similar. However one way Samba could do it is to use additional files (hidden to users). It could also be possible to use a plugin module for ReiserFS 4? ~S -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Persistant Z drive in XP
logon home = i.e.: Leave the value blank. Then my Win98 users won't have roaming profiles, correct? My O'Reilly book defines logon home as setting the directory for all Windows Platforms, and to achieve roaming for 95/98/Me add the /.win_profile. Let me guess. I can't have my cake and eat it too..? There must be some crafty way around this. Can the smb.conf file determine platform and then branch? Thank you, -Moondance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H Terpstra Sent: Wednesday, February 25, 2004 8:26 PM To: Moondance Foxmarnick Cc: SAMBA Subject: Re: [Samba] Persistant Z drive in XP On Wed, 25 Feb 2004, Moondance Foxmarnick wrote: Hello. New to SAMBA.(2.2.8 on RH9) Mixed environment of 98 (trying) XP. My net use s: /home command works wonderfully for XP and 98. But XP throws in an extra more home-than-home directory - namely \username\.win_profile on the Z drive. I've tried disconnecting it with: net use Z: /delete, but XP claims to have a process running on it (even after 10 min). This is going to confuse the @$%@ out of my users. What is going on? And more importantly: how do I get it to stop? My SMB.conf file is a-la Using SAMBA from O'reilly press and therefore says: logon path = \\%L\profiles\%u\%m file:///\\%25L\profiles\%25u\%25m logon script = logon.bat logon home = \\%L\%u\. file:///\\%25L\%25u\.win_profile\%25m win_profile\%m logon home = i.e.: Leave the value blank. - John T. with - [netlogon] path = /usr/local/samba/lib/netlogon create mask = 0600 directory mask = 0700 browseable = No [profiles] path = /ovs/home/samba-ntprof browsable = no writable = yes create mask = 0600 directory mask = 0700 [homes] read only = No browseable = No Hopefully, somebody will reply, if only to commiserate. smile -Moondance -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] calculating uidnumber
We too are trying to find away to more automate user creating in Samba+LDAP. Does anyone have any information about how SSIDs are created? If we create it in LDAP, do we have to put in anywhere else? David Bierce On Feb 24, 2004, at 10:17 PM, Torben Thomsen wrote: Hi, I'm building my system on a LDAP backend, but I wan't to have full control over the user creation-process. I have developed a backend in php, to handle most of my needs. Except for calculating the uidnumber, from where i calculate sambaSID... My question is, can I call a function somewhere that returns the next uidnumber/gidnumber? or do I have to look at idmap? Thanks Torben -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba and 59000 users in Active Directory
Hi, we've been trying to get samba and winbind to work on our campus. The whole campus is on Active Directory, that's about 59000 users. Only about 3500 of them are actually part of our group. We have our own AD Primary Domain Controller with those 3500 users. Our fileserver is running samba 3.0.0final and authenticates pretty well with our PDC. Even though uploading the profiles to it can sometimes take forever, we're not sure where the problem lies. Lately we have been trying to switch to the campus wide AD. Our testing server joined the domain and wbinfo -u would print out the whole list of users after a long wait (30 to 60 minutes). Are winbind/samba fit for this amount of users? 59000 winbind keeps taking forever. Also, We don't understand why sometimes users can authenticate and sometimes they can't. Shares are not available, etc. Help or at least knowing someone managed to do samba fileserving for AD with similar amount of users would be nice. thanks a lot, and keep up the good work. Denis MJ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and firewall
Hi Everyone, I'm new to Samba. I have setup a samba server (Redhat 9) in the internal LAN and a samba client (Win2k) in the external LAN. There is a firewall between these two LANs. My problem is I cant see my workgroup in the client Microsoft Windows Network window. I have open 139, 445 tcp ports and 137, 138 udp ports. I have open 901 port as well. Before this I have tried connect to the Samba server from another Samba client (Win XP) in internal LAN. It works well. How to configure my samba server or firewall to enable me to access to the Win2k samba client in the external LAN? Hope somebody reply me. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
CVS update: samba/source/rpc_server
Date: Wed Feb 25 15:01:38 2004 Author: jmcd Update of /home/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv12577/rpc_server Modified Files: srv_samr_nt.c Log Message: reset time and duration are set in minutes, not seconds. Works from usrmgr. Revisions: srv_samr_nt.c 1.173 = 1.174 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_samr_nt.c.diff?r1=1.173r2=1.174
CVS update: samba/source/rpc_server
Date: Wed Feb 25 15:02:55 2004 Author: jmcd Update of /home/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv12770/rpc_server Modified Files: Tag: SAMBA_3_0 srv_samr_nt.c Log Message: reset time and duration are set in minutes, not seconds. Works from usrmgr. Revisions: srv_samr_nt.c 1.86.2.68 = 1.86.2.69 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_samr_nt.c.diff?r1=1.86.2.68r2=1.86.2.69
CVS update: samba/source/rpc_server
Date: Wed Feb 25 20:02:41 2004 Author: jmcd Update of /home/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv/rpc_server Modified Files: srv_samr_nt.c Log Message: Do the query part of the previous fix...reset time and duration are set in minutes, not seconds. Works from usrmgr. Revisions: srv_samr_nt.c 1.174 = 1.175 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_samr_nt.c.diff?r1=1.174r2=1.175
CVS update: samba/source/rpc_server
Date: Wed Feb 25 20:02:47 2004 Author: jmcd Update of /home/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv3349/rpc_server Modified Files: Tag: SAMBA_3_0 srv_samr_nt.c Log Message: Do the query part of the previous fix...reset time and duration are set in minutes, not seconds. Works from usrmgr. Revisions: srv_samr_nt.c 1.86.2.69 = 1.86.2.70 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_samr_nt.c.diff?r1=1.86.2.69r2=1.86.2.70
CVS update: samba/source/smbd
Date: Wed Feb 25 21:37:09 2004 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv19585/smbd Modified Files: reply.c Log Message: Fixup strange rename error case (gentest). Jeremy. Revisions: reply.c 1.445 = 1.446 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/reply.c.diff?r1=1.445r2=1.446
CVS update: samba/source/smbd
Date: Wed Feb 25 21:37:22 2004 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv19609/smbd Modified Files: Tag: SAMBA_3_0 reply.c Log Message: Fixup strange rename error case (gentest). Jeremy. Revisions: reply.c 1.381.2.64 = 1.381.2.65 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/reply.c.diff?r1=1.381.2.64r2=1.381.2.65
CVS update: samba/source/passdb
Date: Wed Feb 25 22:01:02 2004 Author: abartlet Update of /home/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv23162/passdb Modified Files: Tag: SAMBA_3_0 machine_sid.c pdb_ldap.c Log Message: I *hate* global variables... OK, what was happening here was that we would invalidate global_sam_sid when we set the sid into secrets.tdb, to force a re-read. The problem was, we would do *two* writes into the TDB, and the second one (in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups to fail, on a blank TDB. By using a local variable in the pdb_generate_sam_sid() code, we avoid this particular trap. I've also added better debugging for the case where this all matters, which is particularly for LDAP, where it finds out a domain SID from the sambaDomain object. Andrew Bartlett Revisions: machine_sid.c 1.9.2.7 = 1.9.2.8 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/machine_sid.c.diff?r1=1.9.2.7r2=1.9.2.8 pdb_ldap.c 1.28.2.103 = 1.28.2.104 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/pdb_ldap.c.diff?r1=1.28.2.103r2=1.28.2.104
CVS update: samba/source/utils
Date: Wed Feb 25 22:01:02 2004 Author: abartlet Update of /home/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv23162/utils Modified Files: Tag: SAMBA_3_0 smbpasswd.c net.c Log Message: I *hate* global variables... OK, what was happening here was that we would invalidate global_sam_sid when we set the sid into secrets.tdb, to force a re-read. The problem was, we would do *two* writes into the TDB, and the second one (in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups to fail, on a blank TDB. By using a local variable in the pdb_generate_sam_sid() code, we avoid this particular trap. I've also added better debugging for the case where this all matters, which is particularly for LDAP, where it finds out a domain SID from the sambaDomain object. Andrew Bartlett Revisions: smbpasswd.c 1.140.2.19 = 1.140.2.20 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/smbpasswd.c.diff?r1=1.140.2.19r2=1.140.2.20 net.c 1.43.2.40 = 1.43.2.41 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net.c.diff?r1=1.43.2.40r2=1.43.2.41
CVS update: samba/source/utils
Date: Wed Feb 25 22:09:46 2004 Author: abartlet Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv25743/source/utils Modified Files: net.c smbpasswd.c Log Message: (merge from 3.0) I *hate* global variables... OK, what was happening here was that we would invalidate global_sam_sid when we set the sid into secrets.tdb, to force a re-read. The problem was, we would do *two* writes into the TDB, and the second one (in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups to fail, on a blank TDB. By using a local variable in the pdb_generate_sam_sid() code, we avoid this particular trap. I've also added better debugging for the case where this all matters, which is particularly for LDAP, where it finds out a domain SID from the sambaDomain object. Andrew Bartlett Revisions: net.c 1.91 = 1.92 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net.c.diff?r1=1.91r2=1.92 smbpasswd.c 1.155 = 1.156 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/smbpasswd.c.diff?r1=1.155r2=1.156
CVS update: samba/source/passdb
Date: Wed Feb 25 22:09:46 2004 Author: abartlet Update of /data/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv25743/source/passdb Modified Files: machine_sid.c pdb_ldap.c Log Message: (merge from 3.0) I *hate* global variables... OK, what was happening here was that we would invalidate global_sam_sid when we set the sid into secrets.tdb, to force a re-read. The problem was, we would do *two* writes into the TDB, and the second one (in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups to fail, on a blank TDB. By using a local variable in the pdb_generate_sam_sid() code, we avoid this particular trap. I've also added better debugging for the case where this all matters, which is particularly for LDAP, where it finds out a domain SID from the sambaDomain object. Andrew Bartlett Revisions: machine_sid.c 1.18 = 1.19 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/machine_sid.c.diff?r1=1.18r2=1.19 pdb_ldap.c 1.133 = 1.134 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/pdb_ldap.c.diff?r1=1.133r2=1.134
CVS update: samba/source/passdb
Date: Wed Feb 25 23:12:29 2004 Author: abartlet Update of /home/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv4306/passdb Modified Files: Tag: SAMBA_3_0 machine_sid.c Log Message: Fix bug in previous global_sam_sid() commit. I broke the 'read from MACHINE.SID' file functionality. Also, before we print out the results of 'net getlocalsid' and 'net getdomainsid', ensure we have tried to read that file, or have generated one. Andrew Bartlett Revisions: machine_sid.c 1.9.2.8 = 1.9.2.9 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/machine_sid.c.diff?r1=1.9.2.8r2=1.9.2.9
CVS update: samba/source/utils
Date: Wed Feb 25 23:12:29 2004 Author: abartlet Update of /home/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv4306/utils Modified Files: Tag: SAMBA_3_0 net.c Log Message: Fix bug in previous global_sam_sid() commit. I broke the 'read from MACHINE.SID' file functionality. Also, before we print out the results of 'net getlocalsid' and 'net getdomainsid', ensure we have tried to read that file, or have generated one. Andrew Bartlett Revisions: net.c 1.43.2.41 = 1.43.2.42 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net.c.diff?r1=1.43.2.41r2=1.43.2.42
CVS update: samba/source/utils
Date: Wed Feb 25 23:19:17 2004 Author: abartlet Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv5824/source/utils Modified Files: net.c Log Message: (merge from 3.0) Fix bug in previous global_sam_sid() commit. I broke the 'read from MACHINE.SID' file functionality. Also, before we print out the results of 'net getlocalsid' and 'net getdomainsid', ensure we have tried to read that file, or have generated one. Andrew Bartlett Revisions: net.c 1.92 = 1.93 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net.c.diff?r1=1.92r2=1.93
CVS update: samba/source/smbd
Date: Thu Feb 26 01:30:56 2004 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv27817/smbd Modified Files: reply.c Log Message: Interesting fact found by IFSTEST /t LockOverlappedTest... Even if it's our own lock context, we need to wait here as there may be an unlock on the way. So I removed a !my_lock_ctx from the following if statement. if ((lock_timeout != 0) lp_blocking_locks(SNUM(conn)) ERROR_WAS_LOCK_DENIED(status)) { Jeremy. Revisions: reply.c 1.446 = 1.447 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/reply.c.diff?r1=1.446r2=1.447
CVS update: samba/source/smbd
Date: Thu Feb 26 01:31:10 2004 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv28527/smbd Modified Files: Tag: SAMBA_3_0 reply.c Log Message: Interesting fact found by IFSTEST /t LockOverlappedTest... Even if it's our own lock context, we need to wait here as there may be an unlock on the way. So I removed a !my_lock_ctx from the following if statement. if ((lock_timeout != 0) lp_blocking_locks(SNUM(conn)) ERROR_WAS_LOCK_DENIED(status)) { Jeremy. Revisions: reply.c 1.381.2.65 = 1.381.2.66 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/reply.c.diff?r1=1.381.2.65r2=1.381.2.66
CVS update: samba/source/torture
Date: Thu Feb 26 01:33:35 2004 Author: jra Update of /data/cvs/samba/source/torture In directory dp.samba.org:/tmp/cvs-serv28718/torture Modified Files: Tag: SAMBA_3_0 torture.c Log Message: Merging Richard's rename test. Jeremy. Revisions: torture.c 1.63.2.24 = 1.63.2.25 http://www.samba.org/cgi-bin/cvsweb/samba/source/torture/torture.c.diff?r1=1.63.2.24r2=1.63.2.25
CVS update: samba/source/client
Date: Thu Feb 26 06:42:52 2004 Author: sfrench Update of /home/cvs/samba/source/client In directory dp.samba.org:/tmp/cvs-serv32507 Modified Files: Tag: SAMBA_3_0 mount.cifs.c Log Message: Fixes to minor security bug pointed out by AB in the mount helper Revisions: mount.cifs.c1.2.2.14 = 1.2.2.15 http://www.samba.org/cgi-bin/cvsweb/samba/source/client/mount.cifs.c.diff?r1=1.2.2.14r2=1.2.2.15