[Samba] Re: (3.0.2a) nsswitch/winbindd_user.c:winbindd_getpwnam(157)
Seems as though the log entries below were a red herring. After setting local permissions to DOMAIN+USER/GROUP I am able to read/write as expected from a domain windoze machine. The smb.conf entries required the same format of DOMAIN+USER/GROUP in the share block (valid users =, write list = , etc.). I did read where this format was to be discontinued in smb.conf but apparently not yet. What puzzles me now is how to provide equal access to files/directories for both local users and domain users. As stated, I have setup the maps between local and domain groups using net groupadd, but as of yet am unable to provide local write access to files/directories having domain ownership and visa versa. Does groupmap not provide this? Thanks, Ken Ken Wright wrote: After connecting to the samba server as a domain user without password challenge, authenticating against a w2k DC (security = ADS), with winbindd running, I can navigate the shares successfully but cannot write to the share. I have done net groupadd ... to map windoze-unix groups. I am assuming from the log enties below that my access problem lies in the given errors. How to resolve? Also, I have seen a variety of conflicting examples of how to properly define domain users and groups in smb.conf. Can someone provide the proper definition that has evolved for 3.0.2a? From winbind.log: - nsswitch/winbindd_user.c:winbindd_getpwnam(157) user 'SERVER$' does not exist From the SERVER.log: [2004/03/15 18:08:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(245) Username DOMAIN+SERVER$ is invalid on this system Thanks, Ken -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] understanding pam_ldap vs. winbindd
Hi Craig, On Mon, 2004-03-15 at 21:18, Craig White wrote: Do I understand winbindd right in that way that I do not need winbindd at all in this setup? --- I would agree with that That sounds good to me and my logic...:-) If no, why does I get map errors in the log that SIDs cant be mapped to gid or uid? (net groupmap list just shows -1 entries, manual groupmaps cant be inserted = error) --- net groupmap list (would have been nice to see that) on the pdc: ---cut--- pfoertner:~# net groupmap list Domain Admins (S-1-5-21-2443489570-4015384086-1858331161-512) - root Domain Users (S-1-5-21-2443489570-4015384086-1858331161-513) - users Domain Guests (S-1-5-21-2443489570-4015384086-1858331161-514) - nogroup Technik (S-1-5-21-2443489570-4015384086-1858331161-3005) - technik Vorstand (S-1-5-21-2443489570-4015384086-1858331161-3003) - vorstand Buchhaltung (S-1-5-21-2443489570-4015384086-1858331161-3009) - buchhaltung Marketing (S-1-5-21-2443489570-4015384086-1858331161-3007) - marketing Verwaltung (S-1-5-21-2443489570-4015384086-1858331161-3001) - verwaltung ---cut--- on the member server: ---cut--- fileserver:~# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Domain Admins (S-1-5-21-243015202-3338874213-4097231961-512) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Guests (S-1-5-21-243015202-3338874213-4097231961-514) - -1 Domain Users (S-1-5-21-243015202-3338874213-4097231961-513) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 ---cut--- net groupmap modify sid=S-1-5-AND-SO-ON ntgroup=Domain Users unixgroup=valid_unix_group type=domain if groupmap exists for ntgroup, you either must delete it and then add it or modify it. OK, maybe this was what I was misunderstanding: I thought that with security=DOMAIN the groupmaps should be some kind of resolved between PDC and the members server or at least with groupmap = -1 I have to create them which didnt work. Thanks a lot! You solved our problem. Matthias -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Speed issue
Hi, What I would do is to set up a separate share and user for this program. Then force all connections to this share to be from the specific user. I see in your smb.conf that you haven't set up a guest user yet so maybe set up a guest user and make sure that guest only access is on. What your aim is I think is to make it look like only one user is accessing the program files. This is because I would guess that the DOS program uses flat files for its database access. Modern network share systems are very user orientated for security, but the DOS program doesn't like it when many users all access the same database file at the same time. I first found this problem when trying to do the same thing with an NT server. This made me think of opportunistic locking that NT has, but I have successfully set up a samba server without changing the default oplocks setting. Anyway what I suggest is to add something like this into your smb.conf: [dosprogram] comment = Share for DOS Program path = /path/to/dosprogram/folder guest account = dosuser guest ok = yes guest only = yes writeable = yes Anyway try your hardest to get it to single out a user account to use when accessing this share. That's my advice. The above share definition will allow guest access (be warned). Hope this makes sense and helps. Ned -Original Message- From: Daniel Kiss [mailto:[EMAIL PROTECTED] Sent: 16 March 2004 08:15 To: Edward Ashley Subject: RE: [Samba] Speed issue Hi, Thank you for trying to help me. I attached my smb.conf file. By the way, you were right. I didn't mention, but this slowness thing only occurs when two or more clients try to access the same database file at the same time. I hope you can give me some useful ideas. Thanks, Dan I have done the same thing and dramatically increased the speed of the system. Does the system slow down only when you have more than one user accessing the database? This is a problem I found when trying to upgrade it to a windows 2000 server. Anyway if you let me have a look at your smb.conf I might be able to work out why. Just for starters though try setting oplocks to off. Ned -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Kiss Sent: 15 March 2004 21:58 To: [EMAIL PROTECTED] Subject: [Samba] Speed issue Hi all, I am trying to migrate a NetWare file server to samba (on Red Hat 9). My problem is that unfortunatelly samba is somehow painfully slow, when we run DOS programs from it on the client machines. The NetWare server is an ancient machine. P1, probably. The Samba server is P4 3G, 1G RAM, RAID mirroring, etc. We are running and old DOS program on the client machines, and when it's running from the Samba server it's less than half of the speed when it runs from the old NetWare machine. (It's and old database handler application, generating huge network traffic.) As far as I can tell, in every aspect the Samba machine is far better than the NetWare one. The only main difference between the two is that Samba (Linux) and NetWare are using different network protocols. Any idea? Thanks, Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] understanding pam_ldap vs. winbindd
* Matthias Eichler [EMAIL PROTECTED] nulis: on the member server: ---cut--- fileserver:~# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Domain Admins (S-1-5-21-243015202-3338874213-4097231961-512) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Guests (S-1-5-21-243015202-3338874213-4097231961-514) - -1 Domain Users (S-1-5-21-243015202-3338874213-4097231961-513) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 ---cut--- net groupmap modify sid=S-1-5-AND-SO-ON ntgroup=Domain Users unixgroup=valid_unix_group type=domain if groupmap exists for ntgroup, you either must delete it and then add it or modify it. OK, maybe this was what I was misunderstanding: I thought that with security=DOMAIN the groupmaps should be some kind of resolved between PDC and the members server or at least with groupmap = -1 I have to create them which didnt work. Groupmapping was stored on ldap (if using ldapsam), so for every samba machine you wish to obtain the mapping should using same backend. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6
Hi Clint, Actually just your comment in there that I didn't have an LDAP group suffix set in my smb.conf file solved my problem, turns out that I needed to set my user, group, and machine suffixes in order for it to work properly, so I just added/modified the following lines: ldap suffix = dc=ana,dc=mercyships,dc=org ldap user suffix = ou=MSAN ldap group suffix = ou=MSAN_G ldap machine suffix = ou=MSAN_C and now it works great. Thanks for the help! Chris Chris Slack IT System Administrator Mercy Ships M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa www.mercyships.org -Original Message- From: Clint Sharp [mailto:[EMAIL PROTECTED] Sent: 15 March 2004 21:52 To: Chris Slack Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6 On Mon, 15 Mar 2004, Chris Slack wrote: Hello all, I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for my user/group authentication backend. So far everything seems to be working properly, I can join the domain from a Win2k PC, login via an account created with smbldap-useradd.pl, map my home directory, run the proper login script, etc. However, with all of that working I'm still having difficulties getting group mapping to work. I've run through the steps in the Samba HOWTO manual and tried everything else I could find on the web but I'm stumped at this point. When I type: net groupmap list I get nothing, when I type: net groupmap add rid=512 ntgroup=Domain Admins unixgroup=Domain Admins I get the message adding entry for group Domain Admins failed!. I've tried several permutations of this using different groups, I've tried adding groups to the local /etc/group file to see if it was having an issue with LDAP, but nothing seems to help. I can't seem to find anyone else who has had this problem and like I said, everything else is working fine. Attached to the bottom of this message is a dump from testparm with the details of my /etc/samba/smb.conf file. Please let me know if anyone can give me any suggestions. Thanks, Chris Slack IT System Administrator Mercy Ships M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa www.mercyships.org Chris, What do your LDAP logs show samba is sending as the queries? In the past when I've had this problem it was related to my ldap suffix. User queries worked, but group queries did not (I had groups in a seperate ou from users). However, your user and group suffixes are not set in your smb.conf, so it's not the exact same problem I had. Please send me the output from a: net -d3 groupmap list Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] accepting users from mutiple non trusted domains
hi - any tips on how this can be done. have tried putting both domains in the conf and listing all the password servers but it does nothing more than try the first one? thanx sarah _ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] prf*.tmp in samba-profiles
Hello, Hello list, sometimes, when a user logs off, not ntuser.dat, but prf4EC.tmp, prf4ED, ..., will save. Does anyone have this problem, too? matze I have lots of problems with roaming profiles, and this is one of them. In my case it's not service affecting though. Is this causing you some sort of an issue? This generally means Windows did not finish properly saving the roaming profile (at least in my experience). When is set in my profiles-share: force user = root all works fine. But that's a very bug security hole. Is there a chance to give a user full permission only at his own directory? Full permissions for me: Read/Write access to all files and directorys with no kond of locks matze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Traduction Express Gratuite
Nous sommes une équipe de traducteurs professionnels spécialisés dans l'informatique (ERP, manuels utilisateur, etc.), la communication multimédia et les divers processus d'entreprise (marketing, finance, supply chain, production, etc.). Vous avez été sélectionnés pour bénéficier de notre nouveau et intéressant service de TRADUCTION EXPRESS GRATUITE, d'excellente qualité et fiabilité, (rédigée directement par nos traducteurs). Tout ceci simplement en visitant notre site www.lipsie.com, où vous pourrez mieux nous connaître et nous envoyer le texte que vous souhaitez traduire. A bientôt. Elisabetta Bertinotti Responsable traductions marketing communication et multimédia Cette communication est unique. Dans le cas où vous n'êtes pas intéressé à ce service, prière de cliquer sur le lien suivant et d'insérer votre adresse e-mail comme objet du message: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind: how to map Windows groups to existing unix groups; limit windows group to unix groups
Hi, I'm running samba 3.0.2a as a windows domain MEMBER, security=ADS. Just installed winbind last week it it looks great. However I would like to have winbind 'map' some windows groups (e.g. Domain Users) to existing unix groups (e.g. users). First I thought net groupmap could be used to achieve this but this tool seems only intended to map unix groups to windows groups where samba is the Primary DC (not my case..). Also I would like winbind to ignore any windows groups that I'm not interested in. As I discovered that under Solaris/unix a user cannot have more than 16 secondary groups (NGROUPS_MAX limit = 16). Think this would need a patch to winbind ; I'm thinking of creating a groupmap.txt file that is read by winbind and only maps windows groups that are found in the first column of this file to unix groups in the second column of this file. I wouldn't mind winbind not allocating dynamic group id's at all! This seems an unnecessary feature for my purpose... Any thoughts on this or work done already? regard Leon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] schannels
Hello Can anybody point me to some text explaining what the server and client schannels are? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] username password client machine
Hello Page xli of Samba HOWTO says that with user level security, the client sends username, password and client computer name. Does the client also send the domain for which the username is meant? Or is this a part of the username, so that the username is in form DOMAINNAME\username? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind: auto create home directories
Hi, I'm running samba 3.0.2a as a windows domain MEMBER, security=ADS. Just installed winbind last week it it looks great. I noticed that it is possible to set a homedir_template for winbind; however winbind has no option to create this directory on the fly (and populate it with .profile etc). I found the code for pam_mkhomedir to have pam session create the homedirectory when a session is established via the pam mechanism. Then I found that when opening a xterm using rexec the pam session does not get triggered, i.e. no home directory created... (weird...). Then why not have winbind create the homedirectory... it got the template already... I patched winbindd_user.c and inserted most of the pam_mkhomedir.c code in it. It seems to work great except that when the user logs on as USER1 and next time as user1 it will create the directory 2x in both lower and upercase... (I have logged this behavior as a bug on bugzilla). Anybody else worked on this, interested in my code? making this a standard enhancement in winbind? I would love to see added to smb.conf the following parameters: - umask for creating home directories - a flag to create homedirs yes/no - a 'skel' directory where initial files are copied from to setup a new home dir I wonder if the place where I inserted the create_homedir() is appropriate... regards Leon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] make_server_info_info3: pdb_init_sam failed!
When I connected Samba 3.0 as ADS Domain member (Windows2003), I always got error messages as below. auth/auth_util.c:make_server_info_info3(1017) make_server_info_info3: pdb_init_sam failed! And Windows client cannot show share list. What's the error messages mean? -- Costa Curta ___ http://odin.unaerp.br/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password changing error message, but workin
Hi List, sorry to bother you folks again, but there is some problem which makes me nuts for hours now: we have samba 3.0.2a with ldapsam (openldap 2.2), and pam_ldap (not winbindd) when changing the users password from a win-xp-client i get an error wrong username or password BUT the password change works in the ldapsam, so as well as lmpassword, ntpassword and userPassword! Unfortunately the log output (log level 3 and then 5) is not very clear. Anybody any idea where I should put my finger on? Thanks a lot, Matthias -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ADS Kerberos Authentication without winbind problem
Further to this problem I have found it impossible to get any syntax to succesfully mount a Samba 3.0.2 share with Kerberos authentication using the BSD mount_smbfs (on Mac OS X), where this does work without problems when the local UNIX account is a Winbind account. Again I see the behaviour where a ticket is obtained by the client but somewhere this is not being associated with the local account on the Samba server. So again I ask, does anyone know how to get the Samba server and client system to treat a Kerberos ticket such as [EMAIL PROTECTED] as being associated with local UNIX account user? Is anyone else running Samba as a AD member server without winbind? thanks Andy. Hello list, Due to problems with winbind on Solaris I cannot use winbind. Instead I need to get Kerberos authentication from ADS working with a Samba member server with local UNIX user accounts. So to briefly describe my configuration, I have an account in AD and a duplicate account locally on my Samba server which has been initialised with smbpasswd -a user password. My Samba server has successfully joined my AD domain and can successfully obtain Kerberos tickets. This does work in principal but I have the following problem, in order to get Kerberos authentication I have to use syntax like this on the Windows client net use \\bbcwwp-sun24\share /user:bbcwwp-sun24\user This works perfectly, but because my AD domain is called TESTLAN if you try and access the samba share by either of the following methods: from windows explorer directly accessing the URL \\bbcwwp-sun24\share or from command line net use \\bbcwwp-sun24\share They both fail, presumably because its assuming that the user account is TESTLAN\user which will not work (I tried this syntax manually and it didn't work). Although they fail I have verified that the client is still obtaining a ticket for the Samba server HOST/bbcwwp-sun24. Given that I don't expect my users to be using net use in order to access data on a Samba share I basically don't have a working solution at present. Is there anything I can tweak in the Samba config to get round this? Any help much appreciated, thanks in advance, Andy. BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mail Returned: Possible infeccion de Virus
Este mensaje ha sido rechazado por el servidor de correo de Heinsohn Asociados porque contiene potencialmente contenido ejecutable. Esta forma de mensajes es a menudo utilizada por virus de e-mail y worms. Si usted sin embargo desea enviar este archivo por favor comprimali en un archivo zip y re-envielo. -- This is a copy of the message, including all the headers. -- Received: from srvias.heinsohn.com.co ([197.0.0.138]) by www.heinsohn.com.co with smtp (Exim 3.35 #1 (Debian)) id 1B3Dlh-0001bN-00 for [EMAIL PROTECTED]; Tue, 16 Mar 2004 07:34:01 -0500 Received: FROM heinsohn.com.co BY srvias.heinsohn.com.co ; Tue Mar 16 07:31:37 2004 -0500 Received: from SMTP agent by mail gateway Tue, 16 Mar 2004 07:29:59 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Here is the document Date: Tue, 16 Mar 2004 07:45:52 -0500 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0002_6247.54BB X-Priority: 3 X-MSMail-Priority: Normal Message-Id: [EMAIL PROTECTED] X-Envelope-To: [EMAIL PROTECTED] This is a multi-part message in MIME format. --=_NextPart_000_0002_6247.54BB Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit Here is the file. --=_NextPart_000_0002_6247.54BB Content-Type: application/octet-stream; name=document_full.pif Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=document_full.pif --=_NextPart_000_0002_6247.54BB-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Un message dont vous etes le destinataire a ete refuse par exim Il contenait un fichier attache non autorise : exe,bat,zip,... l'auteur de ce mail est : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2.2.3a / openLDAP connection problem
Markus Amersdorfer wrote: On Mon, 15 Mar 2004 16:47:14 + Martin Wood [EMAIL PROTECTED] wrote: Hi, ok, thanks for the replies so far...I dont seem to be having much luck the samba and ldap servers are on the same machine.. [...] ldapsearch -x '(cn=Manager)' gives : [nothing-found] Can you add entries to and search the directory without any Samba software involved? What does ldapsearch -x return? Also, try some more verbose ldapsearch-commands. Debian e.g. needs /etc/ldap/ldap.conf to hold BASE and URI information in order for ldapsearch -x '(pattern)' to succeed (AFAICT), otherwise your have to set these options explicitly... right, i edited ldap.conf and now my ldapsearch queries are returning responses. e.g. ldapsearch -b ou=People,dc=ideaworks3d,dc=com -LLL -D cn=manager,dc=ideaworks3d,dc=com -W -x (uid=marvldap) gives me the correct output (the LDIF format entry for marvldap) but still no luck with smbpasswd -a smbuser i've checked my smb.conf : # ldap admin dn = cn=manager,dc=ideaworks3d,dc=com ldap server = localhost ldap suffix = ou=People,dc=ideaworks3d,dc=com # Don't include root here, as joining clients need the root user... invalid users = bin daemon adm sync shutdown halt mail news uucp operator gopher hosts allow = 10.xxx.xxx.xxx/255.xxx.xxx.xxx localhost my slapd.conf has these access controls : access to attribute=userPassword,lmPassword,ntPassword by dn=cn=manager,dc=ideaworks3d,dc=com write by anonymous auth by * none access to * by dn=cn=manager,dc=ideaworks3d,dc=com write by dn=cn=nss,dc=ideaworks3d,dc=com read by * auth # from what i can make out from the slapd output, the query for an existing posix account is being made, but nothing happens after that. from reading http://mawi.org/sambaldap/Samba_and_LDAP_on_Debian.html#usermanadd he first creates the *nix account, then adds user info to ldap from and ldif file and then runs smbpasswd I thought the idea was the smbpasswd would add the ldap info automatically? and anyway, even adding the user.ldif file via ldapadd (which succeeds) doesnt change the behaviour of smbpasswd -a user any other details i should be scrutinising for possible errors ? thanks again for your help, its really appreciated. martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Auto Change Password
Hello all, Is it possible to setup Samba to issue an auto-change password on windows machines when the user logs for the first (or in a sense, the next) time ? Thanks, Marcelo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] clients logout and client creating users
Hi, Two questions, only slightly related to SAMBA : 1) when I have logged into my Samba server (rh9) from a W2K or XP client, how can I log out again so that I can log in as someone else. I know logging out of W2K/XP will work, but I would like to log out of the SAMBA server w/o logging out of W2K/XP. My Mac OS X client has an 'eject' button which I can use - something similar to that is what I am after. 2) We have a W2K server as PDC. The admin for that m/c has mentioned that it is always a chore to create users each term when new students arrive (we're a small school). He noticed how easily I created users on our RH9 box, which also runs SAMBA in the same domain as a file server. Is there a way I can use the scripting capabilities of the RH9 box (perl, for example) to create users on the W2K PDC? Max. __ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Switch roles of PDC and BDC machines?
I've got two sites that I am planning a Samba3/LDAP implementation on, each will have its own local server. The problem is that I want to implement in my local office first, which is not the site that eventually will be the 'master' site. Sometime later when the proper master site comes online, I'd like to demote for lack of a better term, my local machine to a BDC and then promote the other one to a PDC. What I think would be involved would be: 1. Swap the Domain Master parameter so that the first server is set to No and the new and eventual master is Yes. 2. Change WINS parameters so that the new PDC is the WINS server, 'wins support' gets the same treatment as Domain Master, point the BDC at the new PDC and then alter DHCP. 3. maybe rejoin the xDC machines to the domain with the PDC and BDC parameters for type set for their new values. Am I missing any terribly important but non-obvious (to me) parameters? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: tdb_fetch failed
I was able to stop smb services, run tdbbackup, run tdbbackup -v, and made sure file permissions were the same for all tdbs under /var/liv/samba and /etc/samba. Tdbbackup -v just list how many records are in the tdbs, no error messages. I restart smb and am still getting the tdb_fetch failed messages. What's up? Lee. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Umbach Sent: Monday, March 15, 2004 2:52 PM To: [EMAIL PROTECTED] Subject: [Samba] Re: tdb_fetch failed I've seeing this as well. Lee Thao [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] My error messages are tiggered by print jobs. The print jobs DO go through but I get the same errors as your in my /var/log/messages log file. Anybody have any ideas? What are the steps to troubleshoot this? Lee. -Original Message- From: Guy Van den Bergh [mailto:[EMAIL PROTECTED] Sent: Saturday, March 13, 2004 6:10 AM To: Lee Thao Subject: Re: [Samba] tdb_fetch failed I got the same problem: but it has something to do with users logged on to an terminal server 2003 strange error's after upgrade to 3.0.2rc1 does somebody knows the cause? The messages are from user connected on a terminal server. Mar 9 19:07:05 farma1 smbd[]: [2004/03/09 19:07:05, 0] smbd/connection.c:register_message_flags(220) Mar 9 19:07:05 farma1 smbd[]: register_message_flags: tdb_fetch failed Mar 9 19:07:05 farma1 smbd[]: [2004/03/09 19:07:05, 0] smbd/connection.c:register_message_flags(220) Mar 9 19:07:05 farma1 smbd[]: register_message_flags: tdb_fetch failed Mar 9 19:07:05 farma1 smbd[]: [2004/03/09 19:07:05, 0] smbd/connection.c:register_message_flags(220) - Original Message - From: Lee Thao [EMAIL PROTECTED] Newsgroups: linux.samba Sent: Friday, March 12, 2004 6:10 PM Subject: [Samba] tdb_fetch failed Does this mean that one of my tdb files is corrupt? Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Vacation notice
I'm on vacation until monday, 03/22/2004. Regards Oliver Krehan IT Security Assistent Actaris Hardeckstrasse 2 76185 Karlsruhe, Germany Tel:+49 721 5981 325 Fax:+49 721 5981 189 http://www.actaris.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple copies sent to print only print once?
Can someone shed some light on this for me please. I have a samba PDC with a locally connected HP Deskjet 710c. It is set up to use the client driver. But when I print anything from a windows workstation and select multiple copies, only the first copy prints and the rest seem to disappear. Does anyone know what the problem is? Thanks Ned -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3, ADS, kerberos, keytab problem - Additional pre-authentication required
Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the userdata with password from some account in the Administrator group. - Filetransfer and Name services and winbind work flawlessly, as long as there is a valid ticket. I have googled and read in mailing lists, and became good advice (thanks chris!) on how to get a ticket wih a cronjob and a keytab file: - On the ADS-KDC I created a user, to whose account the new kerberos principal is to be mapped, - which I did by typing ktpass -princ host/[EMAIL PROTECTED] -mapuser username -pass password -out keyfile, like microsoft explains on their techinfo sites. - Then I transferred the keyfile to the linux box and tried to use it for kinit with the -k and -t switches. BUT: All I got is: Additional pre-authentication required. (which seems to be the least explanatory of all samba errors...) Here follow my tries: --SCHNIPP linux-router:~ # kinit --use-keytab -t /etc/krb5.keytab kinit: krb5_get_init_creds: Additional pre-authentication required linux-router:~ # ktutil -k /etc/krb5.keytab list /etc/krb5.keytab: Vno Type Principal 1 des-cbc-crc host/[EMAIL PROTECTED] linux-router:~ # kinit -k host/linux-router.linux.xx.local kinit: krb5_get_init_creds: Additional pre-authentication required #linux-router:~ # kinit host/linux-router.linux.ermer.local host/[EMAIL PROTECTED]'s Password: linux-router:~ # -SCNHAPP-- The funny thing is: - I can get a ticket with any valid useraccount in the Administrator group. - the User Mapping on the windows box seems to work, because I enter the user's password with kinit host/. and i get a ticket. Who can help? Where is my mistake? Thanks a lot in advance -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6
Hi, Didn't you forget to create a posixGroup entry for the group you're trying to add ? 1 - Create your group in /etc/group groupadd somegroup 2 - Add this entry to your Ldap directory : dn: cn=somegroup,ou=Groups,dc=domain,dc=com objectClass: posixGroup cn: somegroup gidNumber: 1003 (modify the dn and gid to match your needs...) Once this entry added, you should be able to map somegroup to any Windows group... Good luck, Ganaël LAPLANCHE [EMAIL PROTECTED] http://www.martymac.com Tel : (+33)6.84.03.57.24. -- Original Message --- From: Chris Slack [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Mon, 15 Mar 2004 13:58:34 - Subject: [Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6 Hello all, I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for my user/group authentication backend. So far everything seems to be working properly, I can join the domain from a Win2k PC, login via an account created with smbldap-useradd.pl, map my home directory, run the proper login script, etc. However, with all of that working I'm still having difficulties getting group mapping to work. I've run through the steps in the Samba HOWTO manual and tried everything else I could find on the web but I'm stumped at this point. When I type: net groupmap list I get nothing, when I type: net groupmap add rid=512 ntgroup=Domain Admins unixgroup=Domain Admins I get the message adding entry for group Domain Admins failed!. I've tried several permutations of this using different groups, I've tried adding groups to the local /etc/group file to see if it was having an issue with LDAP, but nothing seems to help. I can't seem to find anyone else who has had this problem and like I said, everything else is working fine. Attached to the bottom of this message is a dump from testparm with the details of my /etc/samba/smb.conf file. Please let me know if anyone can give me any suggestions. Thanks, Chris Slack IT System Administrator Mercy Ships M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa www.mercyships.org [EMAIL PROTECTED] /etc]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [nobody] Processing section [netlogon] Processing section [Profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = CHANNEL server string = Samba Server null passwords = Yes passdb backend = ldapsam:ldap://127.0.0.1/ passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g 553 -s /bin/false %u add machine script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g 553 -s /bin/false %u logon script = login.js logon path = \\%L\Profiles\%U logon drive = X: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap port = 389 ldap suffix = ou=MSAN,dc=ana,dc=mercyships,dc=org ldap admin dn = cn=Manager,dc=ana,dc=mercyships,dc=org ldap ssl = no [homes] comment = Home Directories read only = No browseable = No [nobody] comment = to prevent from user nobody from having a home share path = /dev/null browseable = No [netlogon] comment = Network Logon Service path = /msu/netlogon browseable = No share modes = No root preexec = /usr/local/bin/mkuserconfig.pl %U root postexec = rm /msu/netlogon/%U.conf [Profiles] path = /msu1/Profiles read only = No create mask = 0600 directory mask = 0700 guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- End of Original Message --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] clients logout .............
I hope someone can anser that... I would find it ver useful too !! There was the DOS net logoff but that will not work in a Windows VM, only in real mmode :-( Hi, Two questions, only slightly related to SAMBA : 1) when I have logged into my Samba server (rh9) from a W2K or XP client, how can I log out again so that I can log in as someone else. I know logging out of W2K/XP will work, but I would like to log out of the SAMBA server w/o logging out of W2K/XP. My Mac OS X client has an 'eject' button which I can use - something similar to that is what I am after. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.622 / Virus Database: 400 - Release Date: 13/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] clients logout .............
You should be able to click Tools/Disconnect Network Drive from a Windows Explorer window, then select the connection to the Samba server and click ok. Note, this can be done even if the connection was not mapped to a drive letter, such as by typing \\server\share in the run box. You can then map a drive to the server with a different user account. Steve Aden Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Mike Stewart [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 8:55 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] clients logout . I hope someone can anser that... I would find it ver useful too !! There was the DOS net logoff but that will not work in a Windows VM, only in real mmode :-( Hi, Two questions, only slightly related to SAMBA : 1) when I have logged into my Samba server (rh9) from a W2K or XP client, how can I log out again so that I can log in as someone else. I know logging out of W2K/XP will work, but I would like to log out of the SAMBA server w/o logging out of W2K/XP. My Mac OS X client has an 'eject' button which I can use - something similar to that is what I am after. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.622 / Virus Database: 400 - Release Date: 13/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BJ089f8ac1.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 'Adminsitrator' User Can't Connect
Hello all, I'm in the process of moving from Samba 2.2 - Samba 3.0 and I'm running into an issue with the Windows user 'Administrator'. This samba box is using ADS and has Kerberos properly configured. All windows users except Administrator seem to work properly. I have Administrator in smbusers mapped to root: # Unix_name = SMB_name1 SMB_name2 ... root = Administrator administrator And I have several shares that are marked to allow root as a valid user. These same shares also have other Windows users and a user as one of those people seems to work fine. A share example is: [opt] path = /opt public = no writable = yes force user = root valid users = root jmccormick sconrad However when logged into a Windows box as the Administrator user I get the following error message in smbd.log: [2004/03/16 10:17:31, 1] smbd/sesssetup.c:reply_spnego_kerberos(218) Username Administrator is invalid on this system I've even gone as far to add a UNIX user called Administrator in the system to see if that would fix things. Anyone see what I'm doing wrong? Am I missing some sort of security feature? Thanks -- Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2.2.3a / openLDAP connection problem
On Tue, 16 Mar 2004 12:38:32 + Martin Wood [EMAIL PROTECTED] wrote: Hi, ldapsearch -b ou=People,dc=ideaworks3d,dc=com -LLL -D cn=manager,dc=ideaworks3d,dc=com -W -x (uid=marvldap) gives me the correct output (the LDIF format entry for marvldap) but still no luck with smbpasswd -a smbuser If you don't happen to have your slapd providing ldaps only (and as your Samba-setup uses non-encrypted LDAP), then your best bet is to check the slapd-log/-debug-output: Does Samba connect to the LDAP-server? What does it (Samba) want? What does the LDAP-server think of it? etc... Sorry, I'm running out of ideas... Cheers, Max -- The first time any man's freedom is trodden on, we're all damaged. Cpt. Picard, The Drumhead, StarTrek TNG http://homex.subnet.at/~max/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Web Seminar Invitation: High-Octane Data for CRM
DB and DM Review present B2B CRM in Overdrive: The Revenue Impact of Optimal Data Date: Tuesday, March 23, 2004 Time: 2:00 p.m. - 3:00 p.m. ET 11:00 a.m. - 12:00 a.m. PT Get your CRM system in overdrive by adding high-octane data. CRM is completely dependent on the quality of information contained within. Yet, according to industry experts, poor data quality is the number one cause of CRM failure. Don't fall into the trap. Join Gartner, BearingPoint and DB Tuesday March 23, 2004 at 2pm EST / 11am PST and you'll learn: - working definition of data quality - The opportunity costs and impact of poor data quality - Relationship of data quality and success of CRM - Challenges of defining and recognizing B2B customers - Role of data quality in CRM systems integration - Holistic data quality methodology - Practical solutions you can apply to improve data quality, now Leave this event with a focused strategy and a structured methodology and how they work together to improve the quality of customer data. Within 60 minutes you'll have simple, proven data quality solutions for B2B CRM that increase revenue and lower costs. Speakers: - Ted Freidman, Principal Analyst, Gartner - Bill Baver, Senior Manager, BearingPoint - Jay Daley, AVP - Enterprise CRM Alliances, DB To register visit: http://www.dmreview.com/eletters/clickReg.cfm?URLID=3720 To unsubscribe send a blank e-mail to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about smb_mount
Hello samba list. We have a Windows 2003 Server with a share called users where Windows users store there files (H:) :) We have a several FreeBSD and MacOS X based Computers here. It have wold be very nice to have same home directory for both windows and Unix. so /home/tomten wold be tomtens home directory (:H) in windows. When Im running smb_mount command, it asks me for a password for a specific user I have specified in the smb_mount command. And when Im mounting the windows share as this user, I can see all users home directories with wrong permissions becaus I gave the user name and password when Im mounted the smb share. So my question is. Is there a way to set up this? So every user account have right permissions to the home directory? Have anyone done this? And is it a HOWTO somewhere out there? I know there is a SFU 3.5 for windows out there, but it wold be very nice to use Samba and maybe kerberos that is already there. /regards Olle Hansosn Olle Hansson. System Administrator Dept. of Medical Epidemiology and Biostatistics Karolinska Institutet Nobels Väg 12A 17177 Stockholm Phone: +46852483980 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems Compiling Samba 3.0.2a on SLES8 SP3
I'm trying to get Samba to compile on SLES8 SP3 (Linux under z/VM) and I'm getting the following error. Configure ran fine with ./configure --with-ads --with-winbind --with-krb5, but when I run make I get the following output and error. Using FLAGS = -O -I/usr/local/include -I./popt -Iinclude -I/usr/local/downloads/samba-3.0.2a/source/include -I/usr/local/downloads/samba-3.0.2a/source/ubiqx -I/usr/local/downloads/samba-3.0.2a/source/smbwrapper -I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/local/include -I/usr/local/downloads/samba-3.0.2a/source LIBS = -lcrypt -lresolv -lnsl -ldl LDSHFLAGS = -shared LDFLAGS = Generating smbd/build_options.c Building include/proto.h creating /usr/local/downloads/samba-3.0.2a/source/include/proto.h Building include/wrepld_proto.h creating /usr/local/downloads/samba-3.0.2a/source/include/wrepld_proto.h Building include/build_env.h creating /usr/local/downloads/samba-3.0.2a/source/nsswitch/winbindd_proto.h creating /usr/local/downloads/samba-3.0.2a/source/web/swat_proto.h creating /usr/local/downloads/samba-3.0.2a/source/client/client_proto.h creating /usr/local/downloads/samba-3.0.2a/source/utils/net_proto.h Compiling dynconfig.c cc1: warning: changing search order for system directory /usr/local/include cc1: warning: as it has already been specified as a non-system directory In file included from /usr/include/asm/statfs.h:6, from /usr/include/linux/vfs.h:4, from /usr/include/linux/fs.h:13, from /usr/include/linux/capability.h:17, from /usr/include/sys/capability.h:24, from include/includes.h:355, from dynconfig.c:21: /usr/include/asm-s390/statfs.h:20: redefinition of `struct statfs' make: *** [dynconfig.o] Error 1 Any suggestions are appreciated. Josh Konkol, CNE MCSE Technical Research Specialist .~.GuideOne Insurance /V\ /( )\ ^^-^^ [EMAIL PROTECTED] This message and accompanying documents are covered by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, and contains information intended for the specified individual(s) only. This information is confidential. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, copying, or the taking of any action based on the contents of this information is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Office (and Windows 2000) and oplocks (and even without) - Probabaly solved
Solved I think :) Anyway, just wanted to give other people with the same problem something to find in google, as I myself could not find anything. On Friday 12 March 2004 16:18, Alexander Gretencord wrote: When opening documents word (excel) sometimes just hangs (for 30 seconds until on the server I get at timeout message for an oplock break request) I changed that to 8 seconds in the source, recompiled and tried again. No chance. In the log file I got an 8 second timeout but word/excel still hung for 30 seconds and more. Also not all types of documents exhibited the problem. With normal word documents I was not really able to reproduce the problem but as soon as you imported data from an excel sheet into the word document for making a form letter (I think it's called form letter in english versions :)) we started getting the hangs. As noted in my original post, nothing oplock related really worked. However if you set blocking locks = no the problem seemed to go away. We were not able to reproduce the problem and the users have not got any timeouts today either. Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Questions about smb_mount
Olle, Here is a link to the documents section of the Sweden Samba mirror. You will find a link to the current HOWTO there: http://se.samba.org/samba/docs/ Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Olle Hansson [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: [Samba] Questions about smb_mount Hello samba list. We have a Windows 2003 Server with a share called users where Windows users store there files (H:) :) We have a several FreeBSD and MacOS X based Computers here. It have wold be very nice to have same home directory for both windows and Unix. so /home/tomten wold be tomtens home directory (:H) in windows. When Im running smb_mount command, it asks me for a password for a specific user I have specified in the smb_mount command. And when Im mounting the windows share as this user, I can see all users home directories with wrong permissions becaus I gave the user name and password when Im mounted the smb share. So my question is. Is there a way to set up this? So every user account have right permissions to the home directory? Have anyone done this? And is it a HOWTO somewhere out there? I know there is a SFU 3.5 for windows out there, but it wold be very nice to use Samba and maybe kerberos that is already there. /regards Olle Hansosn Olle Hansson. System Administrator Dept. of Medical Epidemiology and Biostatistics Karolinska Institutet Nobels Väg 12A 17177 Stockholm Phone: +46852483980 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BG08a0ca18.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] understanding pam_ldap vs. winbindd
On Tue, 2004-03-16 at 01:34, Matthias Eichler wrote: Hi Craig, On Mon, 2004-03-15 at 21:18, Craig White wrote: Do I understand winbindd right in that way that I do not need winbindd at all in this setup? --- I would agree with that That sounds good to me and my logic...:-) If no, why does I get map errors in the log that SIDs cant be mapped to gid or uid? (net groupmap list just shows -1 entries, manual groupmaps cant be inserted = error) --- net groupmap list (would have been nice to see that) on the pdc: ---cut--- pfoertner:~# net groupmap list Domain Admins (S-1-5-21-2443489570-4015384086-1858331161-512) - root Domain Users (S-1-5-21-2443489570-4015384086-1858331161-513) - users Domain Guests (S-1-5-21-2443489570-4015384086-1858331161-514) - nogroup Technik (S-1-5-21-2443489570-4015384086-1858331161-3005) - technik Vorstand (S-1-5-21-2443489570-4015384086-1858331161-3003) - vorstand Buchhaltung (S-1-5-21-2443489570-4015384086-1858331161-3009) - buchhaltung Marketing (S-1-5-21-2443489570-4015384086-1858331161-3007) - marketing Verwaltung (S-1-5-21-2443489570-4015384086-1858331161-3001) - verwaltung ---cut--- on the member server: ---cut--- fileserver:~# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Domain Admins (S-1-5-21-243015202-3338874213-4097231961-512) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Guests (S-1-5-21-243015202-3338874213-4097231961-514) - -1 Domain Users (S-1-5-21-243015202-3338874213-4097231961-513) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 ---cut--- net groupmap modify sid=S-1-5-AND-SO-ON ntgroup=Domain Users unixgroup=valid_unix_group type=domain if groupmap exists for ntgroup, you either must delete it and then add it or modify it. OK, maybe this was what I was misunderstanding: I thought that with security=DOMAIN the groupmaps should be some kind of resolved between PDC and the members server or at least with groupmap = -1 I have to create them which didnt work. --- Actually, I think that on 'member' servers, you should use security = domain AND winbind to resolve all the samba groups from the PDC Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba 3, ADS, kerberos, keytab problem - Additional pre-authentication required
Hi Markus, What are you actually trying to achieve? Why do you want to automatically obtain a kerberos ticket? I may be wrong, but I wonder if you are overcomplicating things for yourself. ktpass is indeed a tool for creating keytabs for use on non-windows systems such as Linux, but if you are using Samba 3.0 you should join the Linux server to the domain using Samba specific commands, ie. # net ads join -U Administrator%password This creates a computer account in the AD and negates the need to mess around manually with keytabs. You can check this by looking in your AD domain with adsiedit, if you look at the computer object created you can see it has setup serviceprincipal for host/[EMAIL PROTECTED] etc. You'd use ktpass if you wanted to Kerberise something like NFS which has no specific support for AD. Unless you need access from one Samba server to another you don't need to automatically get a ticket for your Samba server to work, Samba will maintain domain trusts for clients connecting to the Samba server on its own. If this doesn't help or I've misunderstood your requirements post some more details of what you need to achieve, thanks Andy. Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the userdata with password from some account in the Administrator group. - Filetransfer and Name services and winbind work flawlessly, as long as there is a valid ticket. I have googled and read in mailing lists, and became good advice (thanks chris!) on how to get a ticket wih a cronjob and a keytab file: - On the ADS-KDC I created a user, to whose account the new kerberos principal is to be mapped, - which I did by typing ktpass -princ host/[EMAIL PROTECTED] -mapuser username -pass password -out keyfile, like microsoft explains on their techinfo sites. - Then I transferred the keyfile to the linux box and tried to use it for kinit with the -k and -t switches. BUT: All I got is: Additional pre-authentication required. (which seems to be the least explanatory of all samba errors...) Here follow my tries: --SCHNIPP linux-router:~ # kinit --use-keytab -t /etc/krb5.keytab kinit: krb5_get_init_creds: Additional pre-authentication required linux-router:~ # ktutil -k /etc/krb5.keytab list /etc/krb5.keytab: Vno Type Principal 1 des-cbc-crc host/[EMAIL PROTECTED] linux-router:~ # kinit -k host/linux-router.linux.xx.local kinit: krb5_get_init_creds: Additional pre-authentication required #linux-router:~ # kinit host/linux-router.linux.ermer.local host/[EMAIL PROTECTED]'s Password: linux-router:~ # -SCNHAPP-- The funny thing is: - I can get a ticket with any valid useraccount in the Administrator group. - the User Mapping on the windows box seems to work, because I enter the user's password with kinit host/. and i get a ticket. Who can help? Where is my mistake? Thanks a lot in advance -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] understanding pam_ldap vs. winbindd
On Tue, 2004-03-16 at 01:53, Beast wrote: * Matthias Eichler [EMAIL PROTECTED] nulis: on the member server: ---cut--- fileserver:~# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Domain Admins (S-1-5-21-243015202-3338874213-4097231961-512) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Guests (S-1-5-21-243015202-3338874213-4097231961-514) - -1 Domain Users (S-1-5-21-243015202-3338874213-4097231961-513) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 ---cut--- net groupmap modify sid=S-1-5-AND-SO-ON ntgroup=Domain Users unixgroup=valid_unix_group type=domain if groupmap exists for ntgroup, you either must delete it and then add it or modify it. OK, maybe this was what I was misunderstanding: I thought that with security=DOMAIN the groupmaps should be some kind of resolved between PDC and the members server or at least with groupmap = -1 I have to create them which didnt work. Groupmapping was stored on ldap (if using ldapsam), so for every samba machine you wish to obtain the mapping should using same backend. --- seems to me the choice for member server is either to be a slave ldap (necessary for BDC but not for member server) or winbind. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ADS Kerberos Authentication without winbind problem-*SOLVED*
Turned out the whole install was broken when not using winbind, don't know why!?! Uninstalled Samba 3.0.1, re-compiled from scratch Samba 3.0.2a and everything works as expected :-) Further to this problem I have found it impossible to get any syntax to succesfully mount a Samba 3.0.2 share with Kerberos authentication using the BSD mount_smbfs (on Mac OS X), where this does work without problems when the local UNIX account is a Winbind account. Again I see the behaviour where a ticket is obtained by the client but somewhere this is not being associated with the local account on the Samba server. So again I ask, does anyone know how to get the Samba server and client system to treat a Kerberos ticket such as [EMAIL PROTECTED] as being associated with local UNIX account user? Is anyone else running Samba as a AD member server without winbind? thanks Andy. Hello list, Due to problems with winbind on Solaris I cannot use winbind. Instead I need to get Kerberos authentication from ADS working with a Samba member server with local UNIX user accounts. So to briefly describe my configuration, I have an account in AD and a duplicate account locally on my Samba server which has been initialised with smbpasswd -a user password. My Samba server has successfully joined my AD domain and can successfully obtain Kerberos tickets. This does work in principal but I have the following problem, in order to get Kerberos authentication I have to use syntax like this on the Windows client net use \\bbcwwp-sun24\share /user:bbcwwp-sun24\user This works perfectly, but because my AD domain is called TESTLAN if you try and access the samba share by either of the following methods: from windows explorer directly accessing the URL \\bbcwwp-sun24\share or from command line net use \\bbcwwp-sun24\share They both fail, presumably because its assuming that the user account is TESTLAN\user which will not work (I tried this syntax manually and it didn't work). Although they fail I have verified that the client is still obtaining a ticket for the Samba server HOST/bbcwwp-sun24. Given that I don't expect my users to be using net use in order to access data on a Samba share I basically don't have a working solution at present. Is there anything I can tweak in the Samba config to get round this? Any help much appreciated, thanks in advance, Andy. BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2gig limit
I'm running into a 2gig file limit when copying files from a linux machine running smbmount 3.0.2a-Debian and kernel 2.4.23 connecting to another debian machine running smbd 3.0.2a-Debian with the stock 2.4.18-bf2.4 kernel that comes with debian stable (though the machine has been upgraded to sid). If I run this on the client side dd if=/dev/zero of=test.junk bs=1k it eventually fails at the 2gig mark. If I run it on the server side, while running 'ls -l' on the client side, the file size is reported correctly up to 2 gigs. Ex: -rwxr-xr-x1 jenkins jenkins 1988903936 Mar 15 19:57 test.junk As the 'dd' on the server side passes 2gigs, the filesize reported by 'ls -l' on the client side jumps up a tad: -rwxr-xr-x1 jenkins jenkins 18446744071976267776 Mar 15 20:00 test.junk Any idea what is causing this? I've tried searching around on google, and it seems this was a problem back in 2000-2002, but was fixed in one of the 2.* versions, so I'm not sure why I'm having this problem. Thanks, Frank _ Store more e-mails with MSN Hotmail Extra Storage 4 plans to choose from! http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication for user [] - [] FAILED with error NT_STATUS_NO_SUCH_USER
Good day all Newbie problem again... Ive been setting up a samba box for a few days now and have been quite successful in most respects. I can get the win2000 machines to join the domain and I can see the password being authenticated too. I can even see the shared drives. The problem Ive having is that after a few log on and log off I cant seem to logon again. At the win2000 login screen I get the error message The system could not log you on to the domain because the systems computer account in its primary domain is missing or the password on that account is incorrect The password Im using is correct and the machine name exists in the passwd files for both samba (machine name followed by $) and Linux. Here is a copy of the machines log file. [2004/03/16 11:57:18, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/03/16 11:57:18, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/03/16 11:57:18, 1] auth/auth_util.c:make_server_info_sam(821) User pcguest in passdb, but getpwnam() fails! [2004/03/16 11:57:18, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [] - [] FAILED with error NT_STATUS_NO_SUCH_USER [2004/03/16 11:57:29, 2] smbd/server.c:exit_server(558) Closing connections Ive been searching google groups for ages but cant find any thing that helps.. Any help would be greatly appreciated.. Im using red hat 9 and samba-3.0.2a-1 rpm thanks Mia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] local or LDAP passdb for AD member servers?
Can anyone provide any advise, pro/cons etc for how to deal with passdb data (meaning smbpasswd account data and groupmap data) when running multiple Samba 3.0.x member servers in a single AD domain. I'm not using winbind so I think this might be an unusual question. From what I've read most references to using an LDAP backend are for Samba PDC servers (might have misunderstood though). Does it make sense to have Samba 3.0 AD member servers using the same ldapsam read/write passdb backend? Is this supported? The other option is for all Samba member servers to have their own local passdb backend, but this means having to run smbpasswd -a and net groupmap commands separately on every individual server which will result in differing SIDs for groupmap I think, is this a problem? Also this will mean the accounts will have un-synchronised passwords but I don't mind about that because I am happy to rely solely on Kerberos authentication which ignores the password in passdb, Any thought on this subject much appreciated, thanks Andy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Ways to use Samba Authenication with apache 2
Mod_auth_apache seems to be only for version 1.2 and 1.3. Does anyone know of another solution? Any help would be appreciated. Jason Lehman Webmaster, Registrar's Office (813)974-4157 Phone 574-4157 Suncom (813)974-5271 FAX [EMAIL PROTECTED] Email -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] clients logout .............
Thanks Steve, I've just tried that but it doesn't work - the PC seems to remember the last login name and password and reconnects to the server as that user again :-( Mike - Original Message - From: Aden, Steve [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 3:29 PM Subject: RE: [Samba] clients logout . You should be able to click Tools/Disconnect Network Drive from a Windows Explorer window, then select the connection to the Samba server and click ok. Note, this can be done even if the connection was not mapped to a drive letter, such as by typing \\server\share in the run box. You can then map a drive to the server with a different user account. Steve Aden Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Mike Stewart [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 8:55 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] clients logout . I hope someone can anser that... I would find it ver useful too !! There was the DOS net logoff but that will not work in a Windows VM, only in real mmode :-( Hi, Two questions, only slightly related to SAMBA : 1) when I have logged into my Samba server (rh9) from a W2K or XP client, how can I log out again so that I can log in as someone else. I know logging out of W2K/XP will work, but I would like to log out of the SAMBA server w/o logging out of W2K/XP. My Mac OS X client has an 'eject' button which I can use - something similar to that is what I am after. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.622 / Virus Database: 400 - Release Date: 13/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BJ089f8ac1.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] clients logout .............
Somewhere on W2k's connect new share wizard, there's a sort of link that, apparently, allows you to connect to that share using another user name. I found this today on a w2k PC logged onto a SAMBA domain. I don't know if this is still true on a w2k PC on a workgroup. Maybe someone else can take a look at it. Fernando P On Tue, 2004-03-16 at 16:43, Mike Stewart wrote: Thanks Steve, I've just tried that but it doesn't work - the PC seems to remember the last login name and password and reconnects to the server as that user again :-( Mike - Original Message - From: Aden, Steve [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 3:29 PM Subject: RE: [Samba] clients logout . You should be able to click Tools/Disconnect Network Drive from a Windows Explorer window, then select the connection to the Samba server and click ok. Note, this can be done even if the connection was not mapped to a drive letter, such as by typing \\server\share in the run box. You can then map a drive to the server with a different user account. Steve Aden Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Mike Stewart [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 8:55 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] clients logout . I hope someone can anser that... I would find it ver useful too !! There was the DOS net logoff but that will not work in a Windows VM, only in real mmode :-( Hi, Two questions, only slightly related to SAMBA : 1) when I have logged into my Samba server (rh9) from a W2K or XP client, how can I log out again so that I can log in as someone else. I know logging out of W2K/XP will work, but I would like to log out of the SAMBA server w/o logging out of W2K/XP. My Mac OS X client has an 'eject' button which I can use - something similar to that is what I am after. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.622 / Virus Database: 400 - Release Date: 13/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BJ089f8ac1.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] clients logout .............
Mike, How are you specifying the new login name? If using the map network drive gui, you would need to click the link that says Connect using a different name (different being other than the logged on user). If mapping with the net use command, you can specify a different user by doing something like this: net use * \\server\share /user:domain\username *. The * at the end will cause the program to prompt for a password. If you connect via a UNC from the run box or explorer address bar, Windows will attempt to connect with the logged on user or if there is a current connection to the server, it will try to use the id in use by the other connection. You will not be able to connect with another userid until all connections to the server are disconnected. Windows will give you an error which say something about not allowing multiple connections to a server with different credentials. Steve Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Mike Stewart [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 10:44 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] clients logout . Thanks Steve, I've just tried that but it doesn't work - the PC seems to remember the last login name and password and reconnects to the server as that user again :-( Mike - Original Message - From: Aden, Steve [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 3:29 PM Subject: RE: [Samba] clients logout . You should be able to click Tools/Disconnect Network Drive from a Windows Explorer window, then select the connection to the Samba server and click ok. Note, this can be done even if the connection was not mapped to a drive letter, such as by typing \\server\share in the run box. You can then map a drive to the server with a different user account. Steve Aden Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Mike Stewart [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 8:55 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] clients logout . I hope someone can anser that... I would find it ver useful too !! There was the DOS net logoff but that will not work in a Windows VM, only in real mmode :-( Hi, Two questions, only slightly related to SAMBA : 1) when I have logged into my Samba server (rh9) from a W2K or XP client, how can I log out again so that I can log in as someone else. I know logging out of W2K/XP will work, but I would like to log out of the SAMBA server w/o logging out of W2K/XP. My Mac OS X client has an 'eject' button which I can use - something similar to that is what I am after. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.622 / Virus Database: 400 - Release Date: 13/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BJ089f8ac1.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BJ08a00ee2.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3, ADS, kerberos, keytab problem - Additional pre-authentication required
Am Dienstag, 16. März 2004 17:22 schrieb ww m-pubsyssamba: Hi Markus, What are you actually trying to achieve? Why do you want to automatically obtain a kerberos ticket? I may be wrong, but I wonder if you are overcomplicating things for yourself. ktpass is indeed a tool for creating keytabs for use on non-windows systems such as Linux, but if you are using Samba 3.0 you should join the Linux server to the domain using Samba specific commands, ie. I have e.g. squid-winbind-ntlm authentication working, but the samba client only gets new data from the ADS, if it has a valid ticket. Otherwise only old auth data is used (from the winbind cache.) As long as there is a valid ticket, changes on the user/group data in ADS are almost instanteanously also active on the samba server. This is used for permitting access to the internet only for members of a special ADS group. Changes to the members of this group should automagically be known to the samba server without interaction by an admin. It works that way with samba and an NT-compatible ADS, but that makes it insecure. # net ads join -U Administrator%password This creates a computer account in the AD and negates the need to mess around manually with keytabs. You can check this by looking in your AD domain with adsiedit, if you look at the computer object created you can see it has setup serviceprincipal for Yes. But when a ticket is no longer valid, only old user data are known to winbind. In order to always have a valid ticket I need: - a ticket granting ticket and a cronjob that does the renewal. - Or an account that works with a keytab file and does not require a password therefore. Neither does work. (I even set up a testbed net with an virgin ADS Server) host/[EMAIL PROTECTED] etc. You'd use ktpass if you wanted to Kerberise something like NFS which has no specific support for AD. Unless you need access from one Samba server to another you don't need to automatically get a ticket for your Samba server to work, Samba will maintain domain trusts for clients connecting to the Samba server on its own. If this doesn't help or I've misunderstood your requirements post some more details of what you need to achieve, thanks Andy. Thanks a lot, Andy, and tell me if I got something wrong... But try wbinfo -t both with a valid ticket and without. Doesn't seem to make a difference, unless you change the userdata on the ADS server... Any ideas? I would be so happy if I were wrong... Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the userdata with password from some account in the Administrator group. - Filetransfer and Name services and winbind work flawlessly, as long as there is a valid ticket. I have googled and read in mailing lists, and became good advice (thanks chris!) on how to get a ticket wih a cronjob and a keytab file: - On the ADS-KDC I created a user, to whose account the new kerberos principal is to be mapped, - which I did by typing ktpass -princ host/[EMAIL PROTECTED] -mapuser username -pass password -out keyfile, like microsoft explains on their techinfo sites. - Then I transferred the keyfile to the linux box and tried to use it for kinit with the -k and -t switches. BUT: All I got is: Additional pre-authentication required. (which seems to be the least explanatory of all samba errors...) Here follow my tries: --SCHNIPP linux-router:~ # kinit --use-keytab -t /etc/krb5.keytab kinit: krb5_get_init_creds: Additional pre-authentication required linux-router:~ # ktutil -k /etc/krb5.keytab list /etc/krb5.keytab: Vno Type Principal 1 des-cbc-crc host/[EMAIL PROTECTED] linux-router:~ # kinit -k host/linux-router.linux.xx.local kinit: krb5_get_init_creds: Additional pre-authentication required #linux-router:~ # kinit host/linux-router.linux.ermer.local host/[EMAIL PROTECTED]'s Password: linux-router:~ # -SCNHAPP-- The funny thing is: - I can get a ticket with any valid useraccount in the Administrator group. - the User Mapping on the windows box seems to work, because I enter the user's password with kinit host/. and i get a ticket. Who can help? Where is my mistake? Thanks a lot in advance -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the
Re: [Samba] 2gig limit
Hi Frank, smbfs has a 2GB limitation. Look at using 'cifs' as a replacement. Cheers, Mark On Tue, 2004-03-16 at 16:57, frank jenkins wrote: I'm running into a 2gig file limit when copying files from a linux machine running smbmount 3.0.2a-Debian and kernel 2.4.23 connecting to another debian machine running smbd 3.0.2a-Debian with the stock 2.4.18-bf2.4 kernel that comes with debian stable (though the machine has been upgraded to sid). If I run this on the client side dd if=/dev/zero of=test.junk bs=1k it eventually fails at the 2gig mark. If I run it on the server side, while running 'ls -l' on the client side, the file size is reported correctly up to 2 gigs. Ex: -rwxr-xr-x1 jenkins jenkins 1988903936 Mar 15 19:57 test.junk As the 'dd' on the server side passes 2gigs, the filesize reported by 'ls -l' on the client side jumps up a tad: -rwxr-xr-x1 jenkins jenkins 18446744071976267776 Mar 15 20:00 test.junk Any idea what is causing this? I've tried searching around on google, and it seems this was a problem back in 2000-2002, but was fixed in one of the 2.* versions, so I'm not sure why I'm having this problem. Thanks, Frank _ Store more e-mails with MSN Hotmail Extra Storage 4 plans to choose from! http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/ -- Mark Cooke [EMAIL PROTECTED] University Of Birmingham -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.2a - kerberos problem : not the same SIDs !
Hello list,
I ran into a very strange problem with samba 3.0.2a and kerberos on a debian
stable OS, member of a Windows 2000 AD domain.
First of all, sory for the length of this mail, but the explanation is not
simple, and the configuration files hare huge.
The problem is the following :
I have configured the samba server to share printers. The printers are all
well shared, and can be accessed by people. But some people cannot connect
to these printers.
So, I checked the samba log. Here is a bit of the log which interest us :
[2004/03/16 17:23:35, 3]
rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(447)
Setting printer type=\\printsrv2\HP_2100_Extension
[2004/03/16 17:23:35, 3] lib/util_seaccess.c:se_access_check(251)
[2004/03/16 17:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1971762055-1354219083-452636680-21098
se_access_check: also S-1-5-21-1971762055-1354219083-452636680-21001
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-861567501-1844237615-1417001333-513
se_access_check: also S-1-5-21-861567501-1844237615-1417001333-1436
[2004/03/16 17:23:35, 3]
rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1764)
access DENIED for printer open
The HP_2100_Extension is a shared printer, and printsrv2 is the samba
server.
I ran the command
rpcclient -U user printsrv2
to get lookupsids S-1-5-21-1971762055-1354219083-452636680-21098
The result is :
lsa_io_sec_qos: length c does not match size 8
S-1-5-21-1971762055-1354219083-452636680-21098 PRINTSRV2\D_IRCAD+AD user
(1)
D_IRCAD is the netbios name of our Win2000 domain, and AD user is an AD
user which should have access to the printer.
Here comes my first question : why is the name prefixed with the netbios
samba server name ?
I connected to the AD domain controller (through rpcclient) to get the SID
of the AD user, and I got :
AD user S-1-5-21-861567501-1844237615-1417001333-1548 (User: 1)
which is NOT the same SID than the one found on the print server !
So, here comes the second question :
why does some SIDs differ between the samba server and the AD controller ?
Thanks in advance !
Here you will find my configuration :
- samba 3.0.2a
- libkrb53 (1.2.4-5woody4)
- libkrb5-dev (1.2.4-5woody4)
- /etc/krb5.conf :
[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log
[libdefaults]
ticket_lifetime = 24000
default_realm = IRCAD.FR
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
IRCAD.FR = {
kdc = ircadsrv.ircad.fr:88
default_domain = ircad.fr
}
[domain_realm]
.ircad.fr = IRCAD.FR
ircad.fr = IRCAD.FR
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
- /etc/samba/smb.conf :
[global]
workgroup = D_IRCAD
netbios name = PRINTSRV2
client use spnego = yes
server string = %h server (Samba %v)
wins support = no
wins server = 192.168.0.1
dns proxy = no
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog = 0
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
security = ads
password server = IRCADSRV
realm = IRCAD.FR
encrypt passwords = yes
passdb backend = tdbsam guest
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
load printers = yes
printing = cups
printcap name = cups
printer admin = @ntadmin,root,d_ircad+chaessig
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[homes]
comment = Home Directories
# browseable = no
[smblog]
comment = samba page log result
browsable = no
writable = no
path = /var/log/smblog
public = no
guest ok = no
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
public = yes
writable = no
guest ok = yes
printer admin = root, d_ircad+chaessig, @ntadmin
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
browseable = yes
read only = no
guest ok = yes
write list = root, d_ircad+chaessig, @ntadmin
Christian Haessig
IRCAD/EITS
Tel : +33. (0)3.88.11.90.76
Fax : +33. (0)3.88.11.90.99
mailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems Compiling Samba 3.0.2a on SLES8 SP3
I know this from problems with kerberos header files. You have the header file statfs.h (maybe others as well) duplicated and it has different variable definitions. You can try chmod 000 statfs.h on all the copies of the same header file but leave one readable during configure and make. Find all the files with: find / -name statfs.h and then see which one is the one you should be using and chmod 000 the rest. After configure and make chmod the file back to whatever it was. Diego On Tue, 16 Mar 2004, Samba wrote: I'm trying to get Samba to compile on SLES8 SP3 (Linux under z/VM) and I'm getting the following error. Configure ran fine with ./configure --with-ads --with-winbind --with-krb5, but when I run make I get the following output and error. Using FLAGS = -O -I/usr/local/include -I./popt -Iinclude -I/usr/local/downloads/samba-3.0.2a/source/include -I/usr/local/downloads/samba-3.0.2a/source/ubiqx -I/usr/local/downloads/samba-3.0.2a/source/smbwrapper -I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/local/include -I/usr/local/downloads/samba-3.0.2a/source LIBS = -lcrypt -lresolv -lnsl -ldl LDSHFLAGS = -shared LDFLAGS = Generating smbd/build_options.c Building include/proto.h creating /usr/local/downloads/samba-3.0.2a/source/include/proto.h Building include/wrepld_proto.h creating /usr/local/downloads/samba-3.0.2a/source/include/wrepld_proto.h Building include/build_env.h creating /usr/local/downloads/samba-3.0.2a/source/nsswitch/winbindd_proto.h creating /usr/local/downloads/samba-3.0.2a/source/web/swat_proto.h creating /usr/local/downloads/samba-3.0.2a/source/client/client_proto.h creating /usr/local/downloads/samba-3.0.2a/source/utils/net_proto.h Compiling dynconfig.c cc1: warning: changing search order for system directory /usr/local/include cc1: warning: as it has already been specified as a non-system directory In file included from /usr/include/asm/statfs.h:6, from /usr/include/linux/vfs.h:4, from /usr/include/linux/fs.h:13, from /usr/include/linux/capability.h:17, from /usr/include/sys/capability.h:24, from include/includes.h:355, from dynconfig.c:21: /usr/include/asm-s390/statfs.h:20: redefinition of `struct statfs' make: *** [dynconfig.o] Error 1 Any suggestions are appreciated. Josh Konkol, CNE MCSE Technical Research Specialist .~. GuideOne Insurance /V\ /( )\ ^^-^^ [EMAIL PROTECTED] This message and accompanying documents are covered by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, and contains information intended for the specified individual(s) only. This information is confidential. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, copying, or the taking of any action based on the contents of this information is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] VMware Printing Problem - Access Denied, Unable To Connect
I see you are using cups. I had the same problem It is a cups problem. First install a RAW printer in CUPS. Second allow cups to receive jobs from a remote host. By default it doesnot. -- Groetjes/Regards Kees van Hoof -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 'Administrator' User Can't Connect (partially solved)
I've even gone as far to add a UNIX user called Administrator in the system to see if that would fix things. Actually this seemed to fix it after I removed Administrator from smbusers. So having a local Administrator account works but smbusers mapping still doesn't. Anyone know why? Thanks! -- Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] access 2003 clients can't print to samba 3 server (access 2000 can)
Has anyone else heard of or had any issues printing with Access 2003 to samba servers? Other office 2003 products print fine, and Access 2000 worked, but Access 2003 will not print to a samba server here. In order to get access 2003 to print, I have to change default printer to something on a windows server, and then it works? Anybody heard/seen anything? Thanks, ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Windows/Linux Print Command Translation
Hello, I have an strange issue that I was hoping to find an easy cure for :) I have a windows NT GUI ERP database system that is used widely in the company. This system has an alternate web interface to the database, which is hosted on RedHat linux. Each of these two interfaces require reports printing out of the ERP database. I would like to keep all of the printers on the linux machine for simplicity. The issue is the Windows clients needs to see the printers, so I simply set up CUPS and SAMBA and was able to connect and print in the Windows GUI using the \\[LINUXSERVER]\[PRINTER] command. Unfortunetaly, the Linux web version reads the same print command out of the databse and tries to to send the \\[LINUXSERVER]\[PRINTER], instead of lp -d [printer] [file]. Of course, the web version does not work. I tried to translate the \\[LINUXSERVER]\[PRINTER] command to the lp command using alias but because of the backslash issue, it wont translate correctly. Do you know of another way to make this work? Thanks, in advance, for your time. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3 / ADS problems with trusted domain
Hello, I'm running Mandrake 9.2 and Samba-3.0.2a I'm connecting a Samba Server as a Domain member to an 2003 ADS, called TEST2. I've been able to create the computer account. I've also tested successfully, from Chapter 7 of ' Samba HOWTO Collection' with a W2K client logon/mount a share from the samba server using Kerberos. The testing of the smbclient was also successful. The problem that I'm having now is that I can not successfully logon/mount a share with Kerberos from a client logon from a trusted domain, TEST1, with the ADS. Testing with wbinfo -u and -g only show accounts and group information from my local Domain, Test2, and not from the trusted Domain. A wbinfo -m does show me a list of all trusted domain. From the log.winbind file I can also see 'trustdom_store: storing SID S-1-5-21-1060284298-1078145449-682003330 of domain TEST1, so It appears winbind if working. The account name on TEST1 is ibaccaril, the account on TEST2 is ibaccarilsu and the unix account is baccari. I currently have no control of the account names in Test1 and test2. When I tail the log.isaunders-n-1file I extract the error below, Any help would be appreciated. 2004/03/16 13:12:34, 5] auth/auth_util.c:make_user_info(184) making blobs for baccari's user_info struct [2004/03/16 13:12:34, 10] auth/auth_util.c:make_user_info(193) made an encrypted user_info for baccari (iBaccaril) [2004/03/16 13:12:34, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/03/16 13:12:34, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/03/16 13:12:34, 10] auth/auth.c:check_ntlm_password(231) check_ntlm_password: auth_context challenge created by random [2004/03/16 13:12:34, 10] auth/auth.c:check_ntlm_password(233) challenge is: [2004/03/16 13:12:34, 5] lib/util.c:dump_data(1830) [000] 11 25 5A CA CE C1 F4 25 .%ZÊÎÁô% [2004/03/16 13:12:34, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/03/16 13:12:34, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/03/16 13:12:34, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/03/16 13:12:34, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/03/16 13:12:34, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/03/16 13:12:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/03/16 13:12:34, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: winbind authentication for user [iBaccaril] FAILED with error NT_STATUS_NO_SUCH_USER [2004/03/16 13:12:34, 6] auth/auth_sam.c:check_samstrict_security(271) check_samstrict_security: TEST2 is not one of my local names (ROLE_DOMAIN_MEMBER) [2004/03/16 13:12:34, 10] auth/auth.c:check_ntlm_password(259) check_ntlm_password: sam had nothing to say [2004/03/16 13:12:34, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [iBaccaril] - [baccari] FAILED with error NT_STATUS_NO_SUCH_USER [2004/03/16 13:12:34, 5] auth/auth_util.c:free_user_info(1278) attempting to free (and zero) a user_info structure [2004/03/16 13:12:34, 10] auth/auth_util.c:free_user_info(1281) structure was created for iBaccaril [2004/03/16 13:12:34, 6] lib/util_sock.c:write_socket(407) write_socket(5,104) [2004/03/16 13:12:34, 6] lib/util_sock.c:write_socket(410) write_socket(5,104) wrote 104 [2004/03/16 13:12:35, 3] smbd/process.c:timeout_processing(1104) timeout_processing: End of file from client (client has disconnected). [2004/03/16 13:12:35, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2004/03/16 13:12:35, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2004/03/16 13:12:35, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/03/16 13:12:35, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/03/16 13:12:35, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/03/16 13:12:35, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) [2004/03/16 13:12:35, 2] smbd/server.c:exit_server(558) Lou Baccari [EMAIL PROTECTED] HP Labs, Hewlett-Packard Company 617-551-7623 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] clients logout .............
Rather than struggle with the Windows GUI looking for the right thing to click (and I'm not sure there really is a way to do this) If you connect via a UNC from the run box or explorer address bar, Windows will attempt to connect with the logged on user or if there is a current connection to the server, it will try to use the id in use by the other connection. You will not be able to connect with another userid until all connections to the server are disconnected. Windows will give you an error which say something about not allowing multiple connections to a server with different credentials. Unfortunately, even when net use doesn't show any connections cached, there might be an IPC connection of some kind lingering about, which will prevent you from using a new login name. If all else fails, use the DOS prompt and issue this command: net use * /d Which deletes all existing connections to all servers. You can than log into the Samba box with new credentials. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba 3, ADS, kerberos, keytab problem - Additional pre-authentication required
Am Dienstag, 16. März 2004 17:22 schrieb ww m-pubsyssamba: Hi Markus, What are you actually trying to achieve? Why do you want to automatically obtain a kerberos ticket? I may be wrong, but I wonder if you are overcomplicating things for yourself. ktpass is indeed a tool for creating keytabs for use on non-windows systems such as Linux, but if you are using Samba 3.0 you should join the Linux server to the domain using Samba specific commands, ie. I have e.g. squid-winbind-ntlm authentication working, but the samba client only gets new data from the ADS, if it has a valid ticket. Otherwise only old auth data is used (from the winbind cache.) As long as there is a valid ticket, changes on the user/group data in ADS are almost instanteanously also active on the samba server. This is used for permitting access to the internet only for members of a special ADS group. Changes to the members of this group should automagically be known to the samba server without interaction by an admin. It works that way with samba and an NT-compatible ADS, but that makes it insecure. ## ok, I have no experience of using Samba to provide authentication to squid but ## if all you need is to get winbind working then maybe I can help, please see below.. # net ads join -U Administrator%password This creates a computer account in the AD and negates the need to mess around manually with keytabs. You can check this by looking in your AD domain with adsiedit, if you look at the computer object created you can see it has setup serviceprincipal for Yes. But when a ticket is no longer valid, only old user data are known to winbind. In order to always have a valid ticket I need: - a ticket granting ticket and a cronjob that does the renewal. - Or an account that works with a keytab file and does not require a password therefore. Neither does work. (I even set up a testbed net with an virgin ADS Server) ## Ok I think you are wrong here, I tested this as follows: ## On Samba 3.0.2a server join to AD domain using net ads join ## Ensure there are no kerberos tickets with kdestroy ## start winbind, check users see by winbind with wbinfo -u ## Add a new user to AD using MS tools, now wait for winbind cache time to pass ## (winbind cache time defaults to 300 seconds) ## now check users visable to winbind with wbinfo -u (I had to run this twice for it to update) ## I can see the new user, this is what I'd expect all without any kerberos ticket. ## This is because the net ads join performs a similar function to manually ## creating keytab files, it creates a trust or shared secret between ## the Samba server and the AD domain. host/[EMAIL PROTECTED] etc. You'd use ktpass if you wanted to Kerberise something like NFS which has no specific support for AD. Unless you need access from one Samba server to another you don't need to automatically get a ticket for your Samba server to work, Samba will maintain domain trusts for clients connecting to the Samba server on its own. If this doesn't help or I've misunderstood your requirements post some more details of what you need to achieve, thanks Andy. Thanks a lot, Andy, and tell me if I got something wrong... But try wbinfo -t both with a valid ticket and without. Doesn't seem to make a difference, unless you change the userdata on the ADS server... Any ideas? I would be so happy if I were wrong... ## Yes wbinfo -t as wbinfo -u should rely on a trust established by net ads join ## not a kerberos ticket to both should work as would wbinfo -g etc. etc. Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the userdata with password from some account in the Administrator group. - Filetransfer and Name services and winbind work flawlessly, as long as there is a valid ticket. I have googled and read in mailing lists, and became good advice (thanks chris!) on how to get a ticket wih a cronjob and a keytab file: - On the ADS-KDC I created a user, to whose account the new kerberos principal is to be mapped, - which I did by typing ktpass -princ host/[EMAIL PROTECTED] -mapuser username -pass password -out keyfile, like microsoft explains on their techinfo sites. - Then I transferred the keyfile to the linux box and tried to use it for kinit with the -k and -t switches. BUT: All I got is: Additional pre-authentication required. (which seems to be the least explanatory of all samba errors...) Here follow my tries: --SCHNIPP linux-router:~ # kinit --use-keytab -t /etc/krb5.keytab kinit: krb5_get_init_creds: Additional pre-authentication required
Re: [Samba] clients logout and client creating users
On Tue, Mar 16, 2004 at 05:15:09AM -0800, Max Waterman wrote: 2) We have a W2K server as PDC. The admin for that m/c ... Is there a way I can use the scripting capabilities of the RH9 box (perl, for example) to create users on the W2K PDC? If you're using Samba 3.0, you might be able to do something with the net rpc user add command. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Blocking network browsing for certain users
Hi. I'm using Samba 3.0 with LDAP back end. I set up three NT groups: - Domain Users - Domain Admins - Domain Guests I want to limit a user that is member of 'Domain Guests' NT group so that he will not be able to browse the Windows network (All Network / Computer near me). I guess that this can be implemented by using Windows Policies (poledit and stuff). The problem is that I didn't find any suitable Administrative template (.adm) that can set those settings. Any sugestion? If anyone have any link to a repository of .afm files (for any purpose), please share it with me. Regards, Dezo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind x LDAP x Kerberos
Hi people, What are the pros and cons of Winbind, LDAP and Kerberos in a Samba 3.0.2 plus Active Directory environment ? What could be the best design for this scenario ? Estevam Henrique = Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao devera utilizar, copiar, alterar, divulgar a informacao nela contida ou tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperacao. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, change, take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 30. upgrade
Can anyone give me a english version, step for step, of how to up grade Samba in Linux 9.0 ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Popular Samba Password Backend Survey
Hi, I have been reading this news group for quite a while and have never run accross any kind of discussion on What is the best choice for the password backend of your samba server and why do you feel so strongly about that? Thanks -- Jeff Davies [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] VMware Printing Problem - Access Denied, Unable To Connect
More detailed:
/etc/samba/smb.conf:
#
# /etc/samba/smb.conf ist the main samba configuration file. Cf. the
# manual page of smb.conf and the included documantation in
# /usr/share/doc/packages/samba in order to understand the options
# listed here and many more features.
#
# Lines in this example which starts with ; and # are ignored comment
# ones. # indicates a comment and ; a deactivated example line.
#
# We suggest to use the command 'testparm' after any changes you made.
#
# Copyright (c) 1999 - 2001 SuSE GmbH Nuernberg, Germany.
#
# Please send bugfixes or comments to [EMAIL PROTECTED]
#
[global]
printing = cups
map to guest = Bad User
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
security = share
workgroup = werkgroep
client code page = 850
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
character set = ISO8859-15
guest account = nobody
load printers = Yes
os level = 32
printcap name = /etc/printcap
wins support = No
nt acl support = no
domain logons = no
#[homes]
#comment = Home Directories
#read only = No
#create mask = 0640
#directory mask = 0750
#browseable = No
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
guest ok = yes
I use the same smb.conf in etc/vmware/vmnet1/smb.
My /etc/cups/cupsd.conf has the next section:
#
# Access permissions for each directory served by the scheduler.
# Locations are relative to DocumentRoot...
#
# AuthType: the authorization to use:
#
#None - Perform no authentication
#Basic - Perform authentication using the HTTP Basic method.
#Digest - Perform authentication using the HTTP Digest method.
#
#(Note: local certificate authentication can be substituted by
# the client for Basic or Digest when connecting to the
# localhost interface)
#
# AuthClass: the authorization class; currently only Anonymous, User,
# System (valid user belonging to group SystemGroup), and Group
# (valid user belonging to the specified group) are supported.
#
# AuthGroupName: the group name for Group authorization.
#
# Order: the order of Allow/Deny processing.
#
# Allow: allows access from the specified hostname, domain, IP address,
# network, or interface.
#
# Deny: denies access from the specified hostname, domain, IP address,
# network, or interface.
#
# Both Allow and Deny accept the following notations for addresses:
#
# All
# None
# *.domain.com
# .domain.com
# host.domain.com
# nnn.*
# nnn.nnn.*
# nnn.nnn.nnn.*
# nnn.nnn.nnn.nnn
# nnn.nnn.nnn.nnn/mm
# nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
# @LOCAL
# @IF(name)
#
# The host and domain address require that you enable hostname lookups
# with HostNameLookups On above.
#
# The @LOCAL address allows or denies from all non point-to-point
# interfaces. For example, if you have a LAN and a dial-up link,
# @LOCAL could allow connections from the LAN but not from the dial-up
# link. Similarly, the @IF(name) address allows or denies from the
# named network interface, e.g. @IF(eth0) under Linux. Interfaces are
# refreshed automatically (no more than once every 60 seconds), so
# they can be used on dynamically-configured interfaces, e.g. PPP,
# 802.11, etc.
#
# Encryption: whether or not to use encryption; this depends on having
# the OpenSSL library linked into the CUPS library and scheduler.
#
# Possible values:
#
# Always - Always use encryption (SSL)
# Never- Never use encryption
# Required - Use TLS encryption upgrade
# IfRequested - Use encryption if the server requests it
#
# The default value is IfRequested.
#
Location /
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 127.0.0.2
Allow From @LOCAL
Allow From 192.168.1.50
Allow From 192.168.1.80
/Location
The last two lines are the local host and the Vmware (winxp) host.
Furthermore cups has to be told to use raw printing; next sections is
from /etc/cups/mime.types
#
# Raw print file support...
#
# Uncomment the following type and the application/octet-stream
# filter line in mime.convs to allow raw file printing without the
# -oraw option.
#
application/octet-stream
#
# End of $Id: mime.types,v 1.28 2003/04/07 18:03:27 mike Exp $.
#
And last but not least: define your local printer as a raw device using:
http://localhost:631.
Hope this will do.
Don't be confused Winxp still says Access denied, unable to connect, but
it will print.
--
Groetjes/Regards
Kees van Hoof
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing
I have samba running on RH 9 as a PDC. I want to print from teh windows box to the Linux machine... excerpt from smb.conf: [printers] comment = All Printers path = /var/spool/cups/ browseable = yes public = yes printable = yes writeable = yes excerpt from printcap: # This file was automatically generated by cupsd(8) from the # /etc/cups/printers.conf file. All changes to this file # will be lost. printer: lp0: So, when I print it does put something in /var/spool/cups but how do I get it to print? When I print locally to the pritner it puts a file in /var/spool/cups so I assume that's the proper directory? -- Michael S. Dunsavage -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Sorry about the VMWARE printing problem
Samba Users, I am not a subscriber of this list and I found this thread using Google. So I was happy to post a solustion, not being aware of the fact it did not belong to any Thread. Sorry about that. hope the solution will be usefull anayway -- Groetjes/Regards Kees van Hoof -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hi all, I'm building a Linux application server to replace 98% of the windows workstations in an enterprise. I'm using Winbind to auth users logging into the server (through kdm/xdmcp) against the existing win2k AD PDC. There are more than 50 different login scripts for the different users and groups. Because this company has no in house Linux support I want to keep it as simple and easy as possible for their existing NT admin to work with the new application server, and I want him to be able to admin the login scripts the same way he has always done. The main thing that the login scripts are used for is mounting drives. So what I am thinking of doing is somehow downloading the login scripts when a user goes to log in, piping that through some fancy python and creating the links to the relevant shares on the relevant servers on their KDE desktop. The thing that I am stuck on is how to retrieve the name of the login script that should be run when a user logs in. Since I cannot find any information on how to do this I am thinking of talking directly to the PDC's LDAP and retrieving the record from there. Unless of course you Samba gurus have already implemented a way to do this easily and painlessly ;) Thanks in advance, Tom Hibbert Technical Specialist Phone: +64-9-306-0230 DDI: +64-9-306-0234 Mobile: +64-27-430-7784 Email: [EMAIL PROTECTED] Website: http://www.nsp.co.nz The information in this email and any attachments is confidential. This information may be subject to legal, professional, or other privilege. It must not be disclosed to any person without our authority. If you are not the intended recipient you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. Please return this message to the sender immediately and delete any and all copies from your system. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Popular Samba Password Backend Survey
On Tue, 16 Mar 2004, Jeff Davies wrote: Hi, I have been reading this news group for quite a while and have never run accross any kind of discussion on What is the best choice for the password backend of your samba server and why do you feel so strongly about that? I believe this is well addressed in the Samba-HOWTO-Collection.pdf, also published by Prentice Hall (available from Amazon.Com) as The Official Samba-3 HOWTO Reference Guide. There is an entire chapter on this subject called, Account Information Databases. In short, the best backend for Samba-3 for sites that do not need BDCs is the tdbsam that is new to Samba-3. Large sites (those that need BDCs) should use the LDAP bases ldapsam. There is a lot of noise on this list due to the large number here who insist on using LDAP. There are many reasons for this choice, not the least of which is that LDAP appears to be the closest alternative to Microsoft Active Directory. I have covered the details of deployment of tdbsam and LDAP based ldapsam with detailed fully worked examples in my new book, Samba-3 by Example. This book is available from Amazon.Com and will start shipping March 26th. Cheers, John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 30. upgrade
Crawford, John Mr. OTC/Contractor wrote on Wednesday, 17 March 2004 9:17 a.m.: Can anyone give me a english version, step for step, of how to up grade Samba in Linux 9.0 ? I presume you mean Red Hat Linux 9.0. The upgrade procedure is going to depend on what you are trying to achieve in your setup. Could you describe the environment in which the Samba server is being used? (domain controller or just a file server, version of Windows being used, etc.) Cheers, Paul - Paul Eggleton Ph:+64-9-4154790 Software Developer Fax: +64-9-4154791 CJN Technologies Ltd. DDI: +64-9-4154795 http://www.cjntech.co.nz Email: [EMAIL PROTECTED] - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print Queues Dying!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff Umbach wrote: | It started with one networked printer but it appears to have | spread to another and now all networked printers occasionally | go down. We have several JetDirect boxes and one | NetGear PS101 printer server served by CUPS, | the Windows computers access the print queues via Samba | 3.0.2 on RedHat Enterprise Server 3. | | This is a very problematic issue and it is getting worse. | We used this same type of set up with LPD at other | installations without issue. Is this a known issue with | Samba and CUPS or just a CUPS issue? I'm trying to get LPD | installed to see if it works better. | please try the patches in https://bugzilla.samba.org/show_bug.cgi?id=1147 https://bugzilla.samba.org/show_bug.cgi?id=1007 cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAV4F7IR7qMdg1EfYRAuizAJ95hNE4sgeZBsirX9YYWNLRr3Pb1QCfepaY GgGdV7Cn4hLKBcsq0czPJTU= =oGDW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: tdb_fetch failed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lee Thao wrote: | I was able to stop smb services, run tdbbackup, run tdbbackup | -v, and made sure file permissions were the same for all tdbs | under /var/liv/samba and /etc/samba. Tdbbackup -v just list how | many records are in the tdbs, no error messages. I restart smb | and am still getting the tdb_fetch failed messages. What's up? I think it is a false negative. I tried to run it down earlier today and got distracted by other bugs. My gutfeeling after looking at the routine was that you will get this message on the first call to store the message flags. I doubt it is really causing anything other than alarm at this point. But I will work on it some more tomorrow if I can. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAV4JIIR7qMdg1EfYRAmpJAKC7R1SY4CFgEGzOLOusVKHGXKd00QCg2wdg x4volFyNw2w/DMXFCT6G/JI= =YwbX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: tdb_fetch failed
Thanks! Like I said, printing is fine. The only reason for concern is that it takes CPU util (according to older threads in samba archive), and my logs are flooded with these messages. Lee. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 4:40 PM To: Lee Thao Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: tdb_fetch failed -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lee Thao wrote: | I was able to stop smb services, run tdbbackup, run tdbbackup -v, and | made sure file permissions were the same for all tdbs under | /var/liv/samba and /etc/samba. Tdbbackup -v just list how many | records are in the tdbs, no error messages. I restart smb and am | still getting the tdb_fetch failed messages. What's up? I think it is a false negative. I tried to run it down earlier today and got distracted by other bugs. My gutfeeling after looking at the routine was that you will get this message on the first call to store the message flags. I doubt it is really causing anything other than alarm at this point. But I will work on it some more tomorrow if I can. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAV4JIIR7qMdg1EfYRAmpJAKC7R1SY4CFgEGzOLOusVKHGXKd00QCg2wdg x4volFyNw2w/DMXFCT6G/JI= =YwbX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] access 2003 clients can't print to samba 3 server (access 2000 can)
[EMAIL PROTECTED] wrote: Has anyone else heard of or had any issues printing with Access 2003 to samba servers? Other office 2003 products print fine, and Access 2000 worked, but Access 2003 will not print to a samba server here. In order to get access 2003 to print, I have to change default printer to something on a windows server, and then it works? Anybody heard/seen anything? Thanks, ~ Daniel That sounds more than a little suspicious. What sort of setup do you have? Samba == CUPS? Raw print queue or the CUPS driver? I have had some issues printing reports from Access to some of our printers that claim to be PCL6 compatible ( and have PCL6 drivers ), but only work with the PCL5 drivers. What happens when you try to print? Dan -- Daniel Kasak IT Developer NUS Consulting Group Level 5, 77 Pacific Highway North Sydney, NSW, Australia 2060 T: (+61) 2 9922-7676 / F: (+61) 2 9922 7989 email: [EMAIL PROTECTED] website: http://www.nusconsulting.com.au -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, CUPS A StarDocPrinter call was not issued.
Hi all, I am using Samba -3.0.2a with cups on SuSe 9.0. Samba PDC works fine, but I have some problem with CUPS PDF Printer printing. From Linux I was able print the test page. From 2000 workstation I was able add and print the document as root user. If I login as ordinary user, not able to print anything (not even testing) I received the following errors: From NotePad: A StarDocPrinter call was not issued. From OpenOffice: Could not start printer. Please check your printer configuration Any tips to fix this problem. Note: Same setup and configuration works at my home. I was able to print the document from Windows 2000 Client. -Sundaram -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba, CUPS A StarDocPrinter call was not issued.
Sundaram Ramasamy wrote: Hi all, I am using Samba -3.0.2a with cups on SuSe 9.0. Samba PDC works fine, but I have some problem with CUPS PDF Printer printing. From Linux I was able print the test page. From 2000 workstation I was able add and print the document as root user. If I login as ordinary user, not able to print anything (not even testing) I received the following errors: From NotePad: A StarDocPrinter call was not issued. From OpenOffice: Could not start printer. Please check your printer configuration Any tips to fix this problem. Note: Same setup and configuration works at my home. I was able to print the document from Windows 2000 Client. -Sundaram Maybe a permissions problem on the destination directory? -- Daniel Kasak IT Developer NUS Consulting Group Level 5, 77 Pacific Highway North Sydney, NSW, Australia 2060 T: (+61) 2 9922-7676 / F: (+61) 2 9922 7989 email: [EMAIL PROTECTED] website: http://www.nusconsulting.com.au -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] profil problem
Hello I've got a Samba 2.2.7a configured as a PDC. Some Windows 2000 connect to that PDC. I configure the profile of each users. but some times i've got some messages like that smbd/service.c:make_connection(599) poste2 (192.168.71.2) Can't change directory to /webcafe/nt_profils_perso/nobody (No such file or directory) : 4 Time(s) smbd/service.c:make_connection(599) poste22 (192.168.71.22) Can't change directory to /webcafe/nt_profils_perso/nobody (No such file or directory) : 2 Time(s) smbd/service.c:make_connection(599) poste31 (192.168.71.31) Can't change directory to /webcafe/nt_profils_perso/nobody (No such file or directory) : 5 Time(s) smbd/service.c:make_connection(599) poste33 (192.168.71.33) Can't change directory to /webcafe/nt_profils_perso/nobody (No such file or directory) : 4 Time(s) smbd/service.c:make_connection(599) poste34 (192.168.71.34) Can't change directory to /webcafe/nt_profils_perso/nobody (No such file or directory) : 4 Time(s) smbd/service.c:make_connection(599) poste7 (192.168.71.7) Can't change directory to /webcafe/nt_profils_perso/nobody (No such file or directory) : 4 Time(s) /webcafe/ntp_profils_perso/ is the folder of the profiles of each users. What's the problem Thanks == NEFF Yannick - Administrateur Réseau Webcafe EURL 34 rue de la Motte 71100 Chalon Sur Saône Fax : 03 85 41 26 34 Tel : 06 68 72 42 81 [EMAIL PROTECTED] [EMAIL PROTECTED] Intranet : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: M$ W2K Clients get requests to change samba password -- PDC is a samba 2.2.8a
On 2004-03-16, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On 16 Mar 2004 at 3:36, JustFillBug wrote: Yes, it is very hard to find out how to change expire date on the net. Bad document or document organization on Samba. You have to use 'pdbedit' to control that. And this should be in FAQ. All the talk about shadow password and pam are misleading. Ahhthere is no pbedit in Samba 2.2.8a It is pdbedit not pbedit. And it exists in Debian's samba 2.2.3a package. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] configure samba -RH 7.3
good day to all sambba guru.. im encountering problem witth my installation/configure of samba. after the ./configure and make and make install i do this: TESTING SAMBA SERVER [EMAIL PROTECTED] samba]# smbclient -L Hobbit added interface ip=172.16.0.107 bcast=172.16.0.255 nmask=255.255.255.0 error connecting to 127.0.0.107:139 (Connection refused) Error connecting to 127.0.0.107 (Connection refused) Connection to Hobbit failed CONNECTING TO MY UNIX CLIENT [EMAIL PROTECTED] samba]# smbclient //POLMAP/pchome added interface ip=172.16.0.107 bcast=172.16.0.255 nmask=255.255.255.0 wins_srv_died(): Could not mark WINS server 127.0.0.1 down. Address not found in server list. Connection to POLMAP failed This is the content of my smb.conf after issuing testparm /etc/samba/smb.conf [EMAIL PROTECTED] bin]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [public] Processing section [raymndb] Processing section [pchome] Processing section [myshare] Loaded services file OK. # Global parameters [global] coding system = client code page = 850 code page directory = /usr/share/samba/codepages workgroup = POLMAP netbios name = HOBBIT netbios aliases = netbios scope = server string = Samba Server interfaces = bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = Yes password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = No lanman auth = Yes use rhosts = No log level = 2 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = /etc/printcap disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = Yes wins hook = kernel oplocks = Yes oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide
[Samba] Re: read and write list
As there is no answers I will try to be more specific: 1) I installed newer version of Samba after reading http://lists.samba.org/archive/samba/2003-April/065184.html 2) My share configuration now looks like: [web_applications_ams_development] comment = Web Application AMS Development path = /var/ams guest ok = Yes write list = @AMITY+Domain Admins write list = @Domain Admins read only = No volume = WEB_APPLICATION_AMS_DEVELOPMENT I do not belong to group Domain Admins but still can write to share. Igor Kryltsov [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I can not find information how to configure a share to allow everyone read access and users of specific NT group write access. Now my smb.conf looks like: [global] log level = 2 syslog = 2 workgroup = AMITY netbios name = AMITYDEVEL guest account = nobody security = server password server = AMDATA hosts allow = 10. local master = yes socket options = TCP_NODELAY writable = yes guest ok = yes syslog only = yes max log size = 1000 [web_applications_ams_development] path = /var/ams comment = Web Application AMS Development volume = WEB_APPLICATION_AMS_DEVELOPMENT guest ok = no # read only = yes # writable = no # read list = guest # write list = igork # write list = @AMITY+AWS_AMS_Update # write list = @AMITY+Domain Admins # valid groups = @AMITY+AWS_AMS_Update valid groups = @AMITY+Domain Admins .. and I am lost. Please help, if you can. Thank you, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Anyone have account lockouts working on a Samba PDC?
According to the documentation, Samba 3 supports account lockouts (ie: bad password attempt 5 times will result in the PDC returning an NT_STATUS_ACCOUNT_LOCKED_OUT message, until the account is manually reset with pdbedit). This syntax I'm using appears to be correct, but I'm not actually getting actual account lockouts: pdbedit -P bad lockout attempt -C 5 - and - pdbedit -P bad lockout attempt ...prints the right response. So does anyone have account lockouts working with Samba 3 acting as a PDC? I've tried the tdbsam backend without any luck (and building Samba with MySQL support yields the dreaded Could not determine network interfaces error message). Thanks in advance for any responses. Robert Giles rgiles at mail dot utexas punto edu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] fujipub.com information
Thank you for your interest in Fuji Publishing Group - home of the number one cigar page on the planet. Because we receive over 1000 email messages every day, we have built this autoresponder to let you know that your email message was received and will be responded to as soon as possible. We provide complete turnkey web solutions for tobacconists, cigar related manufacturers, wine shops and wine and spirits manufacturers. We can do everything from setup and design of your own domain name to providing just a link on our award winning cigar and wine pages. We were the first multi vendor cigar page in existence. We have designed and produced more tobacco related sites than anyone in the world. We need to know something about your company before we can quote prices. Are you a shop, manufacturer or otherwise? The more detail you provide, the more information we can send you. Sending email to [EMAIL PROTECTED] again will result in you getting this autoresponder, so feel free to email Bobby Holstein at [EMAIL PROTECTED] Feel free to call Bobby Holstein at 253/305-0740 for immediate assistance. If you are asking about how to order cigars or accessories, we do not sell anything. We are web page designers specializing in cigars, wines and spirits. Contact information is available on the individual web pages. If they have an email address, it will be on the page. If not, please call them for further information. Thank you. The staff and management of Fuji Publishing Group -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] login to domain from linux workstation
So far we have samba server (RedHat), that manages with users and network drives (users login to domain). All machines in the network are Win95/98/2000/XP. But now we are trying to test some Linux (RedHat at the moment) workstations... How can users login to domain in the Linux machine, so that the same username-passwords are used and appropriate network-drives are automaticly mapped (every user has his home directory (which resides actually on another server) and some network-drives are mapped according to groups)? Well I can do local account in the linux-box with the same username and use authconfig to configure SMB authentication. So login is possible with same username/password this way, but is it neccesary to create local account in linux-box for every user? And mapping network-drives is easy using smbmount when there is one user... But how can mapping be done, when there is more than one user?? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 3.0.1 Client for OS/2 and eCS
Hi all, I'm happy to announce that we ported the latest SAMBA Client to OS/2 and eCS. It is not a 1:1 port of the Unix stuff, we implemented it as a NetDrive Plugin which is a very handy way on OS/2 to map network drives. We also plan to port SAMBA Server in a second stage. For sure the full source is released under the GPL, including our NetDrive plugin. You can get the binaries and the source at http://samba.netlabs.org/ Thanks to the SAMBA team for all the work! BTW, according to the GPL, do I have to make a zip/tar file of the source or is it sufficent if people can access it on CVS? cu Adrian Gschwend netlabs.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
CVS update: samba/source/auth
Date: Tue Mar 16 16:41:54 2004 Author: jerry Update of /data/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv18875/auth Modified Files: Tag: SAMBA_3_0 auth_server.c auth_util.c auth_unix.c Log Message: BUG 1165, 1126: Fix bug with secondary groups (security = ads) and winbind use default domain = yes Revisions: auth_server.c 1.21.2.11 = 1.21.2.12 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_server.c.diff?r1=1.21.2.11r2=1.21.2.12 auth_util.c 1.39.2.53 = 1.39.2.54 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_util.c.diff?r1=1.39.2.53r2=1.39.2.54 auth_unix.c 1.19.2.6 = 1.19.2.7 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_unix.c.diff?r1=1.19.2.6r2=1.19.2.7
CVS update: samba/source/smbd
Date: Tue Mar 16 16:41:54 2004 Author: jerry Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv18875/smbd Modified Files: Tag: SAMBA_3_0 sesssetup.c Log Message: BUG 1165, 1126: Fix bug with secondary groups (security = ads) and winbind use default domain = yes Revisions: sesssetup.c 1.50.2.47 = 1.50.2.48 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/sesssetup.c.diff?r1=1.50.2.47r2=1.50.2.48
CVS update: samba/source/auth
Date: Tue Mar 16 16:44:54 2004 Author: jerry Update of /data/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv19133/auth Modified Files: auth_server.c auth_util.c auth_unix.c Log Message: BUG 1165, 1126: Fix bug with secondary groups (security = ads) and winbind use default domain = yes Revisions: auth_server.c 1.36 = 1.37 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_server.c.diff?r1=1.36r2=1.37 auth_util.c 1.89 = 1.90 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_util.c.diff?r1=1.89r2=1.90 auth_unix.c 1.29 = 1.30 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_unix.c.diff?r1=1.29r2=1.30
CVS update: samba/source/smbd
Date: Tue Mar 16 16:44:54 2004 Author: jerry Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv19133/smbd Modified Files: sesssetup.c Log Message: BUG 1165, 1126: Fix bug with secondary groups (security = ads) and winbind use default domain = yes Revisions: sesssetup.c 1.119 = 1.120 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/sesssetup.c.diff?r1=1.119r2=1.120
CVS update: samba/source/printing
Date: Tue Mar 16 17:06:11 2004 Author: jerry Update of /data/cvs/samba/source/printing In directory dp.samba.org:/tmp/cvs-serv23609/printing Modified Files: Tag: SAMBA_3_0 printing.c Log Message: merging print change notify fix from HP appliance. Also might address some one the issues in BUG 1007 Revisions: printing.c 1.139.2.47 = 1.139.2.48 http://www.samba.org/cgi-bin/cvsweb/samba/source/printing/printing.c.diff?r1=1.139.2.47r2=1.139.2.48
CVS update: samba/source/rpc_server
Date: Tue Mar 16 17:06:11 2004 Author: jerry Update of /data/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv23609/rpc_server Modified Files: Tag: SAMBA_3_0 srv_spoolss_nt.c Log Message: merging print change notify fix from HP appliance. Also might address some one the issues in BUG 1007 Revisions: srv_spoolss_nt.c1.277.2.78 = 1.277.2.79 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_spoolss_nt.c.diff?r1=1.277.2.78r2=1.277.2.79
CVS update: samba/source/printing
Date: Tue Mar 16 17:07:18 2004 Author: jerry Update of /data/cvs/samba/source/printing In directory dp.samba.org:/tmp/cvs-serv23868/printing Modified Files: printing.c Log Message: merging print change notify fix from HP appliance. Also might address some one the issues in BUG 1007 Revisions: printing.c 1.205 = 1.206 http://www.samba.org/cgi-bin/cvsweb/samba/source/printing/printing.c.diff?r1=1.205r2=1.206
CVS update: samba/source/rpc_server
Date: Tue Mar 16 17:07:18 2004 Author: jerry Update of /data/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv23868/rpc_server Modified Files: srv_spoolss_nt.c Log Message: merging print change notify fix from HP appliance. Also might address some one the issues in BUG 1007 Revisions: srv_spoolss_nt.c1.412 = 1.413 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_spoolss_nt.c.diff?r1=1.412r2=1.413
CVS update: samba/source/lib
Date: Tue Mar 16 17:18:57 2004 Author: ab Update of /home/cvs/samba/source/lib In directory dp.samba.org:/tmp/cvs-serv26085/source/lib Modified Files: Tag: SAMBA_3_0 charcnv.c Log Message: Fix check_path_syntax() for multibyte encodings which have no '\' as second byte. This is intermediate fix as discussed with Jeremy until we move check_path_syntax() to UCS2 internally where all ambiguity is resolved. Please add other encodings into charcnv.c with such property.' ' Revisions: charcnv.c 1.55.2.55 = 1.55.2.56 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/charcnv.c.diff?r1=1.55.2.55r2=1.55.2.56
CVS update: samba/source/smbd
Date: Tue Mar 16 17:18:58 2004 Author: ab Update of /home/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv26085/source/smbd Modified Files: Tag: SAMBA_3_0 reply.c Log Message: Fix check_path_syntax() for multibyte encodings which have no '\' as second byte. This is intermediate fix as discussed with Jeremy until we move check_path_syntax() to UCS2 internally where all ambiguity is resolved. Please add other encodings into charcnv.c with such property.' ' Revisions: reply.c 1.381.2.75 = 1.381.2.76 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/reply.c.diff?r1=1.381.2.75r2=1.381.2.76
CVS update: samba/source/lib
Date: Tue Mar 16 17:21:06 2004 Author: ab Update of /home/cvs/samba/source/lib In directory dp.samba.org:/tmp/cvs-serv26897/source/lib Modified Files: charcnv.c Log Message: Fix check_path_syntax() for multibyte encodings which have no '\' as second byte. This is intermediate fix as discussed with Jeremy until we move check_path_syntax() to UCS2 internally where all ambiguity is resolved. Please add other encodings into charcnv.c with such property. Revisions: charcnv.c 1.97 = 1.98 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/charcnv.c.diff?r1=1.97r2=1.98
CVS update: samba/source/smbd
Date: Tue Mar 16 17:21:06 2004 Author: ab Update of /home/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv26897/source/smbd Modified Files: reply.c Log Message: Fix check_path_syntax() for multibyte encodings which have no '\' as second byte. This is intermediate fix as discussed with Jeremy until we move check_path_syntax() to UCS2 internally where all ambiguity is resolved. Please add other encodings into charcnv.c with such property. Revisions: reply.c 1.456 = 1.457 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/reply.c.diff?r1=1.456r2=1.457
CVS update: samba/source/smbd
Date: Tue Mar 16 19:06:30 2004 Author: jerry Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv14821/smbd Modified Files: quotas.c Log Message: BUG 979 -- fix quota display on AIX; patch from [EMAIL PROTECTED] (Heinrich Mislik) Revisions: quotas.c1.57 = 1.58 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/quotas.c.diff?r1=1.57r2=1.58
CVS update: samba/packaging/SGI
Date: Tue Mar 16 19:43:04 2004 Author: jerry Update of /data/cvs/samba/packaging/SGI In directory dp.samba.org:/tmp/cvs-serv21668 Modified Files: Tag: SAMBA_3_0 samba.rc Log Message: BUG 768 - patch from [EMAIL PROTECTED] (James Peach); accept profileing arg to init script Revisions: samba.rc1.2 = 1.2.14.1 http://www.samba.org/cgi-bin/cvsweb/samba/packaging/SGI/samba.rc.diff?r1=1.2r2=1.2.14.1
CVS update: samba/source/auth
Date: Tue Mar 16 20:28:47 2004 Author: jerry Update of /data/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv29750/auth Modified Files: Tag: SAMBA_3_0 auth_util.c Log Message: fix overlapping memory bug when copying username Revisions: auth_util.c 1.39.2.54 = 1.39.2.55 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_util.c.diff?r1=1.39.2.54r2=1.39.2.55
CVS update: samba/source/auth
Date: Tue Mar 16 20:32:14 2004 Author: jerry Update of /data/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv30802/auth Modified Files: auth_util.c Log Message: merges from 3.0 Revisions: auth_util.c 1.90 = 1.91 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_util.c.diff?r1=1.90r2=1.91
CVS update: samba/source/nsswitch
Date: Tue Mar 16 20:32:14 2004 Author: jerry Update of /data/cvs/samba/source/nsswitch In directory dp.samba.org:/tmp/cvs-serv30802/nsswitch Modified Files: winbindd.c winbindd_group.c Log Message: merges from 3.0 Revisions: winbindd.c 1.114 = 1.115 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/winbindd.c.diff?r1=1.114r2=1.115 winbindd_group.c1.78 = 1.79 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/winbindd_group.c.diff?r1=1.78r2=1.79
CVS update: samba/source/smbd
Date: Wed Mar 17 02:08:27 2004 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv25006/smbd Modified Files: reply.c Log Message: Change check_path_syntax() to use the new next_mb_char_size() function to make it generic. Remove the mb-codepage blacklist. Alexander, please check this fix as it reverts your blacklist changes, but I'm hoping it fixes the problem in a more generic way for all charsets. I'm not trying to trample on your (excellent!) work here, just make things more generic without special cases. Jeremy. Revisions: reply.c 1.458 = 1.459 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/reply.c.diff?r1=1.458r2=1.459
