Re: [Samba] Samba doesn't ask for a password

[Andrew Bartlett]

On Sat, 2004-07-10 at 12:52, Tim Tait wrote:
> Udo wrote:
> 
> >and I can see and edit the files of this users' home directory on the Linux
> >(Samba) server. I can even open \\vovo\horst, which is the other users'
> >home, but read-only in that case. But I need samba to ask for a password,
> >  
> >
> I had the same problem. You need to add a path statement to the [homes] 
> share: "path = /home/%U" for example. That forces it to be the directory 
> of the logged in user (%U).

This is really bad advise.  If you want to restrict access to home
directories, they appropriate syntax is:

[homes]
valid users = %S

Once a user is correctly authenticated with 'user level' security, it is
not possible for Samba to force re-authentication, only access control.

If you set 'security=share' (and accept the consequences that imposes)
then passwords are required per-share, which may be closer to what is
wanted here.

Andrew Bartlett


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba doesn't ask for a password

[Tim Tait]

Udo wrote:
and I can see and edit the files of this users' home directory on the Linux
(Samba) server. I can even open \\vovo\horst, which is the other users'
home, but read-only in that case. But I need samba to ask for a password,
 

I had the same problem. You need to add a path statement to the [homes] 
share: "path = /home/%U" for example. That forces it to be the directory 
of the logged in user (%U).

Tim
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: How can Windows 2000 mount a share as a service?

[Michael Lueck]

OK, welcome to Windows security 101.
Services typically run at System level authority, and M$ does not like to have system 
authority programs participate in File&Print activities.
To test your scripts, I suggest you invent something on your box that will pop you a system level CMD session so you can test batch and other programs right in that session. One way to do this is to 
install the RSHD that comes with the Win2KRK (rshsvc they call it) and then rexec to localhost and crank up a cmd session. Just make sure rshsvc is set to allow desktop interaction and you will see 
your cmd session.

Last I knew, System also didn't like drive letter based mappings. So try "NET USE 
\\SERVER\SHARENAME passWORD /user:DOMAIN\UserID /PERSIST:NO"
PERSIST NO is critical in System level shares or else you get the share stuck in System's restart connections at boot list... but it doesn't have the ID/pw any more... most annoying to get those 
cleared. Actually you need only add NET USE /PERSIST:NO to the begining of your script, not each net use.

Then, you are stuck using UNC for everything, if you have a non UNC friendly program, 
SORRY!
The other thing you might run into which is most annoying on Windows is that if (I forget if this is separate between System and users on the box or global to the box) Windows does not like multiple 
credentials being used. If it is box wide, then a user logging in to the desktop and trying to attach to the same Samba server would have to match credentials... if it is separate between users and 
System, then at least everything system does would have to have the same credentials used. You might run into issues with things (IPC$ maybe) where M$ did deem networking at System level was an OK 
Idea is using System credentials to network, and here you come with a file share and different credentials...

Anyway start with a System level CMD session so you can hack around with what 
works and what does not for you... write down what works and what does not... hack on!
--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] XP Pro is fast and XP Home is slow

[Andrew Gaffney]

I run a small network with 3 computers: 2 XP Home, 1 XP Pro. All 3 run a program 
called PCLaw that access a bunch of different databases on a Slackware server 
running Samba. I was running Samba 2.2.4 earlier I just upgraded to 3.0.4. Even 
with the upgrade, the XP Pro machine is nice and fast when accessing and 
manipulating the databases. Both of the XP Home machines are very, very slow. 
They are all on a 100base-T network hooked to the same router. They are all 
running the same version of the PCLaw application. Can anyone think of any ideas 
why the Pro box would be speedy and the Home boxes not? One of the XP Home boxes 
has a 2.4GHz P4 processor, so that is not the problem.

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How can Windows 2000 mount a share as a service?

[Craig White]

On Fri, 2004-07-09 at 17:11, Malcolm Baldridge wrote:
> I've asked every M$ expert I know, trolled through M$ TechNet, experimented
> with SRVANY/INSTSRV login scripts which hard-code username/passwords to
> login to a Samba 2.2.8a SMB server.  I've experiment with and without the
> "Allow service to interact with Desktop" switch turned on.
> 
> I am stuck. :(   I can find no way to mount a share as a service, so that
> IIS can serve web-pages from a shared content directed located on a network
> drive.
> 
> When I run my login script when I'm logged in as the Administrator or
> another user, the script works fine.  The share's mounted and available as
> the specified drive letter specified in the script.
> 
> I'm using just the standard "net use" as follows:
> 
> net use z: \\192.168.0.1\Web mypassword /user:webuser
> 
> I've fiddled with adding a domain name to the user, to no avail. I've
> experimented with using the samba server's "Netbios" name as well as DNS
> name, to no avail.
> 
> The script only seems to work when SOMEONE is logged into the machine.  When
> it's run as a service, no dice.  It just fails with a single digit error
> code (5, I think).  The error is opaque and non-descriptive.  It's as if SMB
> mounting was specifically prohibited by the OS at some internal bowel juncture.
> 
> This is insane.  Surely, people running web-server clusters behind load
> balancers don't manually synchronise their content!  My web application
> accepts user-uploaded files, so I can't use the "manual resync" method
> anyway.  The upload area needs to be shared by all web-server members.
> 
> There must be a solution for this very common requirement.  I don't want or
> need a "SAN" block-device-level solution, I want a file-level solution.
> 
> If anyone can share some ideas or experise, I would be very grateful.  This
> must be a solved problem somewhere.
-
Microsoft DFS (supported by Samba)



Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How can Windows 2000 mount a share as a service?

[tms3]

Well, Windoze mounted network shares are user specific.  Each user 
profile stores the share that that user uses.  Or in your case when the 
LOGON script is run.  Note LOGON script.  What it looks like you need to 
do is try using DFS.  Add the samba shares to the DFS and have IIS pull 
the shared data from DFS.  I'm fairly certain w2k/2k3 server machines 
can do this.  I've only experimented with DFS so far, but having samba 
shares in DFS is not a problem in my test environment.  You may need to 
use Samba 3.0.4+ for it to work, though I'm not sure.

Malcolm Baldridge wrote:
I've asked every M$ expert I know, trolled through M$ TechNet, experimented
with SRVANY/INSTSRV login scripts which hard-code username/passwords to
login to a Samba 2.2.8a SMB server.  I've experiment with and without the
"Allow service to interact with Desktop" switch turned on.
I am stuck. :(   I can find no way to mount a share as a service, so that
IIS can serve web-pages from a shared content directed located on a network
drive.
When I run my login script when I'm logged in as the Administrator or
another user, the script works fine.  The share's mounted and available as
the specified drive letter specified in the script.
I'm using just the standard "net use" as follows:
net use z: \\192.168.0.1\Web mypassword /user:webuser
I've fiddled with adding a domain name to the user, to no avail. I've
experimented with using the samba server's "Netbios" name as well as DNS
name, to no avail.
The script only seems to work when SOMEONE is logged into the machine.  When
it's run as a service, no dice.  It just fails with a single digit error
code (5, I think).  The error is opaque and non-descriptive.  It's as if SMB
mounting was specifically prohibited by the OS at some internal bowel juncture.
This is insane.  Surely, people running web-server clusters behind load
balancers don't manually synchronise their content!  My web application
accepts user-uploaded files, so I can't use the "manual resync" method
anyway.  The upload area needs to be shared by all web-server members.
There must be a solution for this very common requirement.  I don't want or
need a "SAN" block-device-level solution, I want a file-level solution.
If anyone can share some ideas or experise, I would be very grateful.  This
must be a solved problem somewhere.
=MB=
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] How can Windows 2000 mount a share as a service?

[Malcolm Baldridge]

I've asked every M$ expert I know, trolled through M$ TechNet, experimented
with SRVANY/INSTSRV login scripts which hard-code username/passwords to
login to a Samba 2.2.8a SMB server.  I've experiment with and without the
"Allow service to interact with Desktop" switch turned on.

I am stuck. :(   I can find no way to mount a share as a service, so that
IIS can serve web-pages from a shared content directed located on a network
drive.

When I run my login script when I'm logged in as the Administrator or
another user, the script works fine.  The share's mounted and available as
the specified drive letter specified in the script.

I'm using just the standard "net use" as follows:

net use z: \\192.168.0.1\Web mypassword /user:webuser

I've fiddled with adding a domain name to the user, to no avail. I've
experimented with using the samba server's "Netbios" name as well as DNS
name, to no avail.

The script only seems to work when SOMEONE is logged into the machine.  When
it's run as a service, no dice.  It just fails with a single digit error
code (5, I think).  The error is opaque and non-descriptive.  It's as if SMB
mounting was specifically prohibited by the OS at some internal bowel juncture.

This is insane.  Surely, people running web-server clusters behind load
balancers don't manually synchronise their content!  My web application
accepts user-uploaded files, so I can't use the "manual resync" method
anyway.  The upload area needs to be shared by all web-server members.

There must be a solution for this very common requirement.  I don't want or
need a "SAN" block-device-level solution, I want a file-level solution.

If anyone can share some ideas or experise, I would be very grateful.  This
must be a solved problem somewhere.

=MB=
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Urgent help to Samba 2.0.7 with Microsoft Windows XP and 98

[Jeremy Allison]

On Fri, Jul 02, 2004 at 02:41:48PM +0800, hank_chu wrote:
> Dear Sir :
> 
>Nice to meet you.
>We are using the Samba v2.0.7 ported from uClinux to build the Samba server for 
> Network Storage.
>Currently, we met several strange problems as below :
>  1) Under Windows XP :
> The Windows backup function cannot work.
>   But the BackUp function works well under Windows 2000.
> 
>  2) Under Windows 98/98SE,  we cannot copy a file which size is bigger than 
> 500KB or more to the Samba server.
>   But the smaller files are OK to be copied.
> 
>  3) Under Windows XP, we create a empty file in Samba server (like TXT file).
>  When we use Microsoft Notepad or UltraEdit to edit it, type some characters 
> , and save back, Samba server replys as "Access Denied".
>   But if we do so with Microsoft Word, it is OK.
> 
>Could you do us a favor to advise us if any hints or comments ?
>Thank you.
> 
> Best Regards.
> Hank Chu

Hi Hank,

2.0.7 is a very old release of Samba. Is there a more modern version
you can use ? We're currently testing the 3.0.5 release.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] strange browsing problem w/ Samba 3.0 - I am lost

[Klaus K.]

Hallo Samba experts out there,
I do have a very strange problem with Samba 3.0.4-1.12 on SuSE 9.1 (kernel
2.6.5-7.75-smp)

Samba is configured as a PDC and WINS server. DNS (bind 9) also works
correctly on the linux box (acting as a forwarder to the ISP's DNS
servers) -
foward and reverse lookups work flawlessly from the box and from XP clients.

When browsing the network neigbourhood from XP clients (XP Pro, SP 1,
all security patches) all available XP clients of the domain show up, only
the Samba Server (which - as indicated above - acts as the WINS Server)
is missing and it does also not appear after some time.

The file browser.dat (on linux) however includes the samba server as well as
all other (XP) computers belonging to the domain.

Strangely enough it IS POSSIBLE to mount shares on the samba box if the
syntax
net use \\server\share is used from XP. Even a search for the server with
XP's
"find computers" dialogue box works flawlessly and quick. The results even
indicates
that the server should be located within the domain - even though it is
still not there
(i.e. not visible) after the search.

At the moment I am clueless and would appreciate any hints / ideas.
Searching with
google and within the groups did not reveal any results.

I am sure there's some expert out there who is able to help.

Thanks in advance,

Klaus

Below please do find my smb.conf file for your reference:

[global]
workgroup = WORKGROUP
netbios name = XEON
browseable = Yes
passdb backend = tdbsam
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
/bin/false %m$
logon script = scripts/logon.bat

logon path = \\%L\profiles\%U
logon drive = Z:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
local master = Yes
domain master = Yes
idmap uid = 15000-2
idmap gid = 15000-2

server string = Samba server
interfaces = eth1 lo
bind interfaces only = Yes
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_KEEPALIVE
security = user
encrypt passwords = Yes
username map = /etc/samba/smbusers
hosts allow = 192.168.xx.

map to guest = Bad User
guest account = nobody
wins support = Yes
time server = Yes
log level = 0
syslog = 0
name resolve order = wins host
utmp = Yes
store dos attributes = Yes

[netlogon]
comment = Samba network logon share
path = /var/lib/samba/netlogon
guest ok = yes
read only = Yes
write list = ntadmin
share modes = no

[homes]
preexec = sh -c '/etc/samba/login.msg %u %m' &
comment = Home Directories
path = /home/%S/Documents
valid users = %S
browseable = No
read only = No
inherit permissions = Yes
guest ok = No
printable = No
create mask = 0600
directory mask = 0700

[profiles]
comment = Roaming Profiles share
path = /var/lib/samba/profiles
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
browseable = Yes
guest ok = No
printable = No
profile acls = Yes

[further shares]


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Veto Files - need more examples

[Jim C.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I need to have a better idea of how veto files are processed.
In particular I wanted to use something like:
*[^.lnk]
What this does when used with ls is list all files EXCEPT files ending
in .lnk Unfortunately it does not seem to work.
Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7xw157L0B7uXm9oRAmwBAJ9ulVAR8Z68m1PxW5bou02YtnvBUgCfccWG
dDoxv1FR0OYitaNa3vJjMUM=
=fo1G
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] tdb_mmap

[Mike Peterson]

Hi Mike,
I'm having exactly the same problem you had - did you find
a solution?
Thanks,
Mike.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Any Windows XP SP2 RC2 Experience?

[Jason Balicki]

Earlier today I installed Windows XP SP2 RC2 onto
two of my production machines.  My test boxes were
fine, but the two production machines I installed
them on failed to print in Adobe Reader and IE.

I've got a Samba 2.2.9 DC with a CUPS printing
backend.

Anyway, I've backed off the SP on both production
machines, and I'm going to try to replicate the
issue with another test box, but I was wondering
if anyone has any experience with this service
pack and a Samba based network?  Any hints or
gotchas you want to share?

--J(K)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] NTLMv2 Authentication fails on domain member servers

[Neal K . Groothuis]

Hello,
I'm having some issues with getting NTLMv2 authentication working, and 
I thought you might be able to help.  I've got a Windows XP
Pro client machine trying to access shares on a domain member server 
running Samba.  (Both the domain member server and the PDC
are running Samba 3.0.4.)  The XP machine is by default configured to 
use NTLMv2 for authentication, but that fails when I'm trying to access
shares on the domain member server.  However, it works when I'm 
accessing shares on the PDC itself.  Alternatively, this works if I 
allow the
XP machine to use NTLM authentication.  Has anyone else run into this 
issue and/or have any workarounds for it?  I know that there were
issues previously with using NTLMv2 only with a Samba PDC, but 
according to the Changelog, that bug was fixed in 3.0.3.

Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Terpstra-led Samba Workshops Announced

[Alex Monteiro]

Just wanted to get the word out that we announced US-based Samba training
workshops instructed by John H. Terpstra in San Jose, Los Angeles,
Boston and Atlanta through the end of the year.

http://freedomtechnologycenter.org/news/samba.shtml

Mention that you're a Samba-list member and you will be entitled to a 10%
discount.

Thanks,
Alex

--
Alex Monteiro
Program Manager - Freedom Technology Center
Toll Free:  866-643-3733  Fax: 650-964-4223

Offering the world's best in Open Source training.
http://www.freedomtechnologycenter.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Regarding net groupmap

[Jim C.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom Skeren wrote:
| Well, my Samba 3.0.4 is joined to a w2k AD and works fairly well so far,
| as it's not in a production environment yet.  I am now testing it for
| such a release and have encountered a permission problem.  Unless I
| chmod -R 777 the Samba share directroy, users can only read files on the
| share, including the ADS users in Domain Admins.  Reading the Samba
| online manual, I figured the groupmap function would solve this.  I did
| as the manual suggested and got teh following errors:
|
|> fskkweb# net groupmap add ntgroup="Domain Admins" unixgroup=domadm
|> No rid or sid specified, choosing algorithmic mapping
Some users and groups have fixed rid's (i.e. they are the same
everywhere).  These are all the basic well-known ones like "Guest",
"Administrator" etc.  If you look you'll find a table of these.  Search
through "The official samba 3 howto guid and reference".
You need to set the rid for a Domain Admin group.  It is 500.
net groupmap add rid=500 ntgroup="Domain Admins" unixgroup=domadm
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
|>  ldap_connect_system: Failed to retrieve password from secrets.tdb
You haven't set the password and dn that samba will use to talk to the
ldap database with in secrets.tdb file yet.
smbpasswd -w [place ldap managers password here]
|> [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
|>  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
|> (unknown) (Invalid credentials)
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
|>  ldap_connect_system: Failed to retrieve password from secrets.tdb
|> [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
|>  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
|> (unknown) (Invalid credentials)
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
|>  ldap_connect_system: Failed to retrieve password from secrets.tdb
|> [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
|>  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
|> (unknown) (Invalid credentials)
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
|>  ldap_connect_system: Failed to retrieve password from secrets.tdb
|> [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
|>  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
|> (unknown) (Invalid credentials)
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> adding entry for group Domain Admins failed!
|>
| This is snipped but the errors repeat over and over for several pages.
| Anyone have any thoughts.
|
| TMS III
|
|
|
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7vRe57L0B7uXm9oRAiyxAJ0cYU46ntgPL2OTQldWIklz/Y72LQCffjkX
JIzepd5XxJgrgSx5P0/KzRg=
=SqED
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: group add and groupmap with ldapsam

[Jim C.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Have you used this yet?:
smbpasswd -w [place managers password here]
If I were you, I would let smbldap-populate sort out the built-in and
well-known users and groups.  Be warned of the following when useing
these however:
I've found that smbldap-populate REQUIRES settings for userSmbHome and
userProfile but the scripts are not flexible enough to properly deal
with these settings anyway.  In the short term, this is just a problem
with the Administrator account as it is the only user added by
smbldap-populate. The rest are all group maps. What I do is set
userSmbHome and userProfile in smbldap_conf.pm to something, run
smbldap-populate, fix the broken userSmbHome and userProfile in the
Administrator's users account record using gq and then comment
userSmbHome and userProfile out in smbldap_conf.pm.  This means that
future users will have blank settings for these and so the default
settings in smb.conf will be used instead. Note that on my setup ALL
users have blank userSmbHome and userProfile settings so that the
defaults will be used.
When you run the script you may get errors because somethings have
already been created.  This is fine *if* they were created properly:
| [EMAIL PROTECTED] samba]# smbldap-populate
| Using builtin directory structure
| adding new entry: dc=j9starr,dc=net
| failed to add entry: Already exists at /usr/bin/smbldap-populate line
323,  line 2.
| adding new entry: ou=People,dc=j9starr,dc=net
| failed to add entry: Already exists at /usr/bin/smbldap-populate line
323,  line 3.
...
So it tried to create the base "dc=j9starr,dc=net" and then it tried to
create ou=People,dc=j9starr,dc=net but it failed because I've already
got those set up.
After this, all you have to remember is that users must belong to the
"Domain Users" group and that administrators belong to the "Domain
Admins" group.
If you are not using it, make sure you comment out this line in smb.conf:
~ username map = /etc/samba/smbusers
If you are using it, be warned that you don't want to re-map any of the
newly created accounts or groups.  You'll get errors. I think this map
is really just for folks who want to use files for storeing users, anyway.
Jim C.
andreas burger wrote:
| hello,
|
| trying to set up an pdc with 3.0.4 on solaris with openldap
|
| creating groups and adding groupmaps does not work.
|
| net group add asks the password for the ldap-manager, comes back without
| any message, but the group does not exist after that.
|
| if i try to make a groupmap without adding a wingroup first, the result
| is the following (no question for the password!)
|
| /usr/local/samba/bin/net groupmap add ntgroup=ttgruppe unixgroup=tt
| type=d rid=552
| [2004/07/09 11:12:18, 3] param/loadparm.c:lp_load(3877)
|   lp_load: refreshing parameters
| ...
| [2004/07/09 11:12:18, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
|   ldapsam_getgroup: Did not find group
| [2004/07/09 11:12:18, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
|   ldapsam_getgroup: Did not find group
| [2004/07/09 11:12:18, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
|   ldapsam_getgroup: Did not find group
| adding entry for group ttgruppe failed!
| [2004/07/09 11:12:18, 2] utils/net.c:main(792)
|   return code = -1
|
| unix-passwd-base ist nis+
|
|
| snipp from samba-conf:
| ...
| passdb backend = ldapsam:ldaps://localhost
| ldap admin dn = "cn=Manager,dc=agrl,dc=ethz"
| ldap idmap suffix =
| ldap group suffix = ou=groups
| ldap user suffix = ou=people
| ldap machine suffix =
| ldap suffix = dc=agrl,dc=ethz
|
|
| so first: any hints?
|
| and second: i still searching a detailed description about
| groups in a samba-pdc-domain.
|
|
| thanks for any hint andreas
|
|
|
|
|
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7vIf57L0B7uXm9oRAhm+AJ9XDJotbWZuPSyXMx2OzD3eM3oPbwCfbFsO
7hZUiBqdXeVHULRYgH2qhUw=
=LEqn
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: NT doesn't like that, you should fix it

[Jim C.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| This is a simple problem, but it took me a while to find the answer
also.
|
| man net
|
| and look for GROUPMAP basically you need to map your unix groups to
| samba/windows groups.  I have a poor understanding of it all so you will
| probably want to read up on google, but that should get you started.
|
| Miles
|
|
|
|>Dear all,
|>I have this in my /var/log/messages (pls mind the line wrap):
|>smbd3[3660]: [2004/07/09 15:31:26, 0]
|>rpc_server/srv_util.c:get_domain_user_groups(372)
|>
|>smbd3[3660]:   get_domain_user_groups: primary gid of user [fajar] is not
|>a
|>Domain group !
Using the net command, you need to map the group you intend to use for
unix users to "Domain Users" with an rid of 513.
net groupmap add rid=513 unixgroup=(place unix group here)
(there's also: net groupmap list, net groupmap delete, net groupmap
modify, etc.)
If I were you, I would let smbldap-populate sort out the built-in and
well-known users and groups.  Be warned of the following when useing
these however:
I've found that smbldap-populate REQUIRES settings for userSmbHome and
userProfile but the scripts are not flexible enough to properly deal
with these settings anyway.  In the short term, this is just a problem
with the Administrator account as it is the only user added by
smbldap-populate. The rest are all group maps. What I do is set
userSmbHome and userProfile in smbldap_conf.pm to something, run
smbldap-populate, fix the broken userSmbHome and userProfile in the
Administrator's users account record using gq and then comment
userSmbHome and userProfile out in smbldap_conf.pm.  This means that
future users will have blank settings for these and so the default
settings in smb.conf will be used instead. Note that on my setup ALL
users have blank userSmbHome and userProfile settings so that the
defaults will be used.
When you run the script you may get errors because somethings have
already been created.  This is fine *if* they were created properly:
| [EMAIL PROTECTED] samba]# smbldap-populate
| Using builtin directory structure
| adding new entry: dc=j9starr,dc=net
| failed to add entry: Already exists at /usr/bin/smbldap-populate line
323,  line 2.
| adding new entry: ou=People,dc=j9starr,dc=net
| failed to add entry: Already exists at /usr/bin/smbldap-populate line
323,  line 3.
...
So it tried to create the base "dc=j9starr,dc=net" and then it tried to
create ou=People,dc=j9starr,dc=net but it failed because I've already
got those set up.
After this, all you have to remember is that users must belong to the
"Domain Users" group and that administrators belong to the "Domain
Admins" group.
If you are not using it, make sure you comment out this line in smb.conf:
~ username map = /etc/samba/smbusers
If you are using it, be warned that you don't want to re-map any of the
newly created accounts or groups.  You'll get errors. I think this map
is really just for folks who want to use files for storeing users, anyway.
Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7vB857L0B7uXm9oRAlR2AJ9l554WiNFzn97f2IfB2f9/K5PCQACdGybN
GReLMGRgpApEfDmQ8faR3W4=
=Kh33
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] net groupmap list errors

[Juliano Krieger]

Hello,
Weeks ago i mapped my nt groups to posix groups, all works fine. My 
samba PDC works fine today but i cant see my group list definition 
anymore...

SAMBA 3.0.4 (my own compilation)
samba-client-3.0.4-0.5.1 rpm
RH 9.0 (2.6.4)
# net groupmap list
[2004/07/05 15:30:14, 0] param/loadparm.c:map_parameter(2423)
Unknown parameter encountered: "client code page"
[2004/07/05 15:30:14, 0] param/loadparm.c:lp_do_parameter(3119)
Ignoring unknown parameter "client code page"
[2004/07/05 15:30:14, 0] param/loadparm.c:map_parameter(2423)
Unknown parameter encountered: "character set"
[2004/07/05 15:30:14, 0] param/loadparm.c:lp_do_parameter(3119)
Ignoring unknown parameter "character set"
[2004/07/05 15:30:14, 0] param/loadparm.c:map_parameter(2423)
Unknown parameter encountered: "domain admin group"
[2004/07/05 15:30:14, 0] param/loadparm.c:lp_do_parameter(3119)
Ignoring unknown parameter "domain admin group"
[2004/07/05 15:30:14, 0] param/loadparm.c:map_parameter(2423)
Unknown parameter encountered: "domain admin users"
[2004/07/05 15:30:14, 0] param/loadparm.c:lp_do_parameter(3119)
Ignoring unknown parameter "domain admin users"
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Admins (S-1-5-21-3088386051-2538255017-882613707-512) -> -1
Domain Guests (S-1-5-21-3088386051-2538255017-882613707-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3088386051-2538255017-882613707-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
What is wrong in my system env?
Thank You, Juliano.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] roaming profiles in win xp

[The Zeidlers]

is there anyway to disable roaming profiles in xp and it taking "years" for xp machine 
to logon to samba and would like to see if it the 2meg profile dat something is going 
wrong there :?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: sambaAcctFlags automatically DUX when logon

[Jim C.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Problem is on one machine or all machines?
Tried leaveing domain, deleteing machine account, resetting flags and
then re-joinging?
| as I wrote yesterday I've set up a samba3.0.3 as pdc for my w2k-domain
with
| ldapsam-backend
| (cyrus-sasl, heimdal) on suse9.0.
| everything worked fine. but yesterday the /dev/sda1 (/homes; xfs file
| system) crashed, when I created a new user with smbldap-useradd. I could
| repair the xfs file system and everything seemed fine.
|
| to test the system I've created a new user. but the new user cannot logon.
|   "error: The system could not log you on..."
|
| I found that the new created user get now by default a sambaAcctFlags DUX
| not UX. when I change the flag to UX and try to logon the flag
automatically
| switches to DUX. so I cannot logon.
|
| How can I solve this problem? only old users can logon.
|
| thanks
| marian
|
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7uaY57L0B7uXm9oRAjeqAJ9AzvFuh67h3mXUcnV1zDFu9c9JdwCfcP4J
jllPbrUTYehG3Mwfdnzn4ko=
=9w8j
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: AW: Re: new user cannot logon

[Jim C.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| well, but it wasn't. with idxldapaccounts I switched the account to
disabled
| and then re-enabled it but to no avail.
|
| at least the logon procedure knows, that something happened with the
| password. but what gives the wrong information about disabled/enabled
| account?
My guess: sambaAcctFlags
Compare the problem user's settings with a non-problem user.
If you can read Perl, and sometimes even if you can't ( I can't ), you
might also be able to get clues from the script itself. All you have to
trace are the "-I" and "-J" flaggs for smbldap-usermod
If they truely don't work, you may be on to a genuine bug here that
needs to be reported.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7uXa57L0B7uXm9oRAs1KAJwMWOFLRs55ISno96sXr+FOU9W43ACfYDtp
k9SqRWAHDjXlLqfyoUNGCyQ=
=KhoX
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Restricting file types

[Jim C.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've been trying to glob up a veto that will block everything *except*
files of a certain type.  Specifically, the exception is desktop
shortcuts, i,e. "*.lnk".  Here is what I've come up with but it is not
working.  It *does* work from the command line with the ls command:
veto files = /*[^.lnk]/
Any ideas?
I've also got a nifty setup that dumps all user files that *are not*
desktop links into the users trash bin in thier unix home directory.
These files, of course, can be found on the homes share if they were
important but they are no longer downloaded every doggone time the user
logs in.
Have a look.  You can find it here under "Performance issues":
http://mandrake.vmlinuz.ca/bin/view/Main/SambaThreeDomainController
Note that the install script is distro specific, but there are only 2
files of interest anyway.
Jim C.
| This works well for file servers only, but there is a way round it which
| might be good to bear in mind -
| Say you have blocked /*.php/*.asp/ to prevent samba users making scripts
| on your web server (i am guessing that you have shared your webroot?)
| Now make a php file, rename it to file.txt and move it to the server -
| no problem. Once it is on the server, rename it to file.php. The file
| disappears, but only to samba users - the file is still there named
| file.php and can be accessed by anything other than samba (ie apache)
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7uOp57L0B7uXm9oRAiZkAJ9UZILaJf0AerNk206GXwnFeDH7cgCeJJ2+
ZX7Us7T1EwT1E84YEa6e9fM=
=zals
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Access Denied touching shared CUPS printer

[Michael Lueck]

Most Ugly! In Google'ing around it seems this "Access Denied" is a known issue with 
Win2K/XP clients, CUPS printers, etc...
So, use printerui.dll to force install the printer driver and assign to a local LPT1 port. Add a port registry key, and the update the port in two spots under the printer instance. Finally stop/start 
the spooler task. Scrptable yet ugly.

Most Ugly! Ah, Samba team... does this topic need some pizza applied to it? Please 
advise.
What's the bug anyway? Something to do with CUPS? It seems there are not "lots" of people bumping into this, thus makes me think other printing methods are not affected. I was quite pleased with HOW 
EASY this setup was going along, until slamming into the Access Denied issue. RAW spooling looked way cool, Samba enum'ing the CUPS queues, etc...

--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] NT doesn't like that, you should fix it

[Miles Scruggs]

This is a simple problem, but it took me a while to find the answer also.  

man net

and look for GROUPMAP basically you need to map your unix groups to
samba/windows groups.  I have a poor understanding of it all so you will
probably want to read up on google, but that should get you started.

Miles


> Dear all,
> I have this in my /var/log/messages (pls mind the line wrap):
> smbd3[3660]: [2004/07/09 15:31:26, 0]
> rpc_server/srv_util.c:get_domain_user_groups(372)
> 
> smbd3[3660]:   get_domain_user_groups: primary gid of user [fajar] is not
> a
> Domain group !
> 
> smbd3[3660]:   get_domain_user_groups: You should fix it, NT doesn't like
> that
> 
> Why is that? However, the operation is normal, I can logon into the
> domain,
> download the profiles, etc.
> 
> This is my smb.conf:
> [global]
> workgroup = samba3
> netbios name = centrino
> server string = Samba Server %v
> message command = /usr/bin/linpopup "%f" "%m" %s; rm %s
> printcap name = cups
> load printers = yes
> printing = cups
> printer admin = @adm
> log file = /var/log/samba3/log.%m
> log level = 3
> map to guest = bad user
> security = user
> encrypt passwords = yes
> smb passwd file = /etc/samba3/smbpasswd
> unix password sync = Yes
> pam password change = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
> *passwd:*all*authentication*tokens*updated*successfully*
> username map = /etc/samba3/smbusers
> include = /etc/samba3/smb.conf.%m
>   winbind uid = 1-2
>   winbind gid = 1-2
>   winbind separator = +
>   winbind use default domain = yes
> template homedir = /home/%D/%U
>   obey pam restrictions = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> remote announce = 192.168.0.255
> local master = yes
> os level = 33
> domain master = yes
> preferred master = yes
> domain logons = yes
> logon script = %m.bat
> logon script = %U.bat
> logon path = \\%L\Profiles\%U
> logon home = \\%L\%U\.profile
> add user script = /usr/sbin/useradd -s /bin/false '%u'
> delete user script = /usr/sbin/userdel '%s'
> add user to group script = /usr/bin/gpasswd -a '%u' '%g'
> delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
> set primary group script = /usr/sbin/usermod -g '%g' '%u'
> add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F:
> '{print
> $3}'
> delete group script = /usr/sbin/groupdel '%g'
> add machine script = /usr/sbin/useradd -d /dev/null -g machines -c
> 'Machine
> Account' -s /bin/false -M %u
> dns proxy = no
> [homes]
>comment = Home Directories
>browseable = no
>writable = yes
> # You can enable VFS recycle bin on a per share basis:
> # Uncomment the next 2 lines (make sure you create a
> # .recycle folder in the base of the share and ensure
> # all users will have write access to it. See
> # examples/VFS/recycle/REAME in samba-doc for details
> ;   vfs object = /usr/lib/samba3/vfs/recycle.so
> 
> # Un-comment the following and create the netlogon directory for Domain
> Logons
> [netlogon]
>comment = Network Logon Service
>path = /var/lib/samba3/netlogon
>guest ok = yes
>writable = yes
>browseable = no
> 
> #Uncomment the following 2 lines if you would like your login scripts to
> #be created dynamically by ntlogon (check that you have it in the correct
> #location (the default of the ntlogon rpm available in contribs)
> ;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d
> /var/lib/samba3/netlogon
> ;root postexec = rm -f /var/lib/samba3/netlogon/%U.bat
> 
> # Un-comment the following to provide a specific roving profile share
> # the default is to use the user's home directory
> [Profiles]
> path = /var/lib/samba3/profiles
> browseable = no
> guest ok = yes
> writable = yes
> # This script can be enabled to create profile directories on the fly
> # You may want to turn off guest acces if you enable this, as it
> # hasn't been thoroughly tested.
> root preexec = PROFILE=/var/lib/samba3/profiles/%u; if [ ! -e $PROFILE ];
> \
> then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi
> 
> # NOTE: If you have a CUPS print system there is no need to
> # specifically define each individual printer.
> # You must configure the samba printers with the appropriate Windows
> # drivers on your Windows clients or upload the printer driver to the
> # server from Windows (NT/2000/XP). On the Samba server no filtering is
> # done. If you wish that the server provides the driver and the clients
> # send PostScript ("Generic PostScript Printer" under Windows), you have
> # to use 'printcap name = cups' or swap the 'print command' line below
> # with the commented one. Note that print commands only work if not using
> # 'printing=cups'
> [printers]
>comment = All Printers
>path = /var/spool/samba3
>browseable = no
> # to allow user 'guest account' to print.
>guest ok = yes
>writable = no
>printable = yes
>create mode = 0700
> # =

Re: [Samba] best settings for share with databases

[Craig White]

On Fri, 2004-07-09 at 09:07, Andrew Gaffney wrote:
> I have a Slackware box set up with Samba 2.2.4. One of the shares holds a bunch 
> of .DAT database (I don't know what kind) files that are used by multiple users 
> at once with the PCLaw application, and we've been experiencing some minor 
> corruption. What are the ideal settings for a share with databases like this? 
> Also, if a newer version handles this kind of thing better, I have no problem 
> with upgrading to a 3.0.x version. Thanks for any help.

I would recommend samba 3.0.x

for database files...


Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind weirdness, seems to join wrong domain

[Tony Scholes]

Hi

Samba/NT Domain controller newbie... please be gentle :^)

I'm trying to configure a customer RH EL 3 server running samba 3.0.2 to use
winbind to enable samba (and indeed sshd or telnet etc.) to authenticate
users against MS NT Domain controllers..

The domain the samba server should join is named LEEDS, note that the NT
systems (there are several BDC's on the local subnet) are out of my control,
I have only the information they give me...

I've configured nsswitch.conf as below

passwd : files winbind
group : files winbind

and I have the following in /etc/samba/smb.conf

workgroup = LEEDS
security = domain
password server = *
winbind separator = +
idmap uid = 1-3
idmap gid = 1-3
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%D/%U
template shell = /bin/bash

plus a bunch of other stuff, but that's the key stuff I think..

Now when I start samba & winbindd I get the following in the log :-
[2004/07/08 11:10:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain LEEDS S-0-0
[2004/07/08 11:10:50, 1] nsswitch/winbindd_util.c:init_domain_list(300)
Could not fetch sid for our domain LEEDS
[2004/07/08 11:10:51, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain PETERBOROUGH S-1-5-21-1924550896-1794974960-1843927889
[2004/07/08 11:10:52, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain GLASGOW S-1-5-21-1869554387-1463681392-310601177
[2004/07/08 11:10:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain DELHI S-1-5-21-1819564497-1012815030-1537874043
[2004/07/08 11:10:54, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain GALWAY S-1-5-21-1615016180-1255304292-3473557
[2004/07/08 11:10:54, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain HAWK S-1-5-21-1515194898-1513702235-1536833037
[2004/07/08 11:10:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain BORO S-1-5-21-1401908901-789471090-526660263
[2004/07/08 11:10:56, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain ROMFORD S-1-5-21-1290616231-1997170506-3473557

and so on where several more trusted domains are added, but crucially it
doesn't seem to become a member of LEEDS

Typing 'net join -UAdminstrator%password' (with the correct password of
course) results in "Unable to find a suitable server"

Bizarrely, if I type wbinfo -u it reports with a list of users from the
ROMFORD domain! And it seems that all is fine I can chown files to users in
the ROMFORD domain

Now, If I change workgroup = ROMFORD

I get

[2004/07/08 17:21:56, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain ROMFORD S-0-0
[2004/07/08 17:21:56, 1] nsswitch/winbindd_util.c:init_domain_list(300)
Could not fetch sid for our domain ROMFORD
[2004/07/08 17:21:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain IPSWICH S-1-5-21-52631187-1515129459-924725345
[2004/07/08 17:21:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain LEEDS S-1-5-21-2004697519-1606166301-941251304
[2004/07/08 17:21:58, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain WINEBAR S-1-5-21-1032389125-999773415-926709054

i.e. it now adds LEEDS as a trusted domain (and a few others but not as many
as before), I still can't use net join in any meaningful way, and if I type
wbinfo -u it gives a list of users in the LEEDS domain!!

What is going on here? Any clues?

Why is it picking ROMFORD as the domain when I ask for LEEDS and vice versa?
Why not any of the others? Why can't it actually join the domain when I use
'net join'? I beleive I have valid user accounts and

passwords (of users with domain administrator privileges although that could
be open to doubt)

TIA

--
Tony Scholes
[EMAIL PROTECTED]

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.712 / Virus Database: 468 - Release Date: 27/06/2004


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind & client services

[Terrill Yuhas]

Hi,

We're running Samba 3.0.4 compiled from the srpms and they're setup as PDC
for two domains (tdbsam backend).  Both servers are working fine for
domain authentication.  Previously we hadn't been using winbind but
decided to try the extra functionality and fired it up.  The only change
that we can see is that now when the clients login, a whole mess of
services fail like Computer Browser due to not being able to contact the
domain controller (per the event viewer).  These services can be started
manually and then it's business-as-usual.

Not sure if this is related but we'd also tried to set up interdomain
trusts between those two Samba PDCs. By all accounts, it seems that it
should be working: entries in the secrets.tdb, net rpc trustdom list, and
(when we run winbind) wbinfo -m give output consistent with the docs as
far as a working trust relationship.  

Both domains are set up to trust each other.  When I am logged into one
domain (the domain the computer is a client of) and try to do something
that requires admin privileges, I get a login box.  At that point if I
just log in to the other domain, things continue but it definitely appears
the trust isn't working.  I'm at log level = 3 but I can't find anything
in the log that looks obviously wrong.

Maybe one of the tdb files is messed up?  I've seen other posts where
people suggest rebuilding the secrets.tdb file.  The only problem I can
see with that is that a new SID is generated which would require rejoining
all the clients to the domain.  The only docs I can find on changing a
domain SID is by sucking it off a PDC but nothing on modifying the domain
SID if it's on a PDC.

Thanks for any ideas!

Terrill  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] best settings for share with databases

[Andrew Gaffney]

I have a Slackware box set up with Samba 2.2.4. One of the shares holds a bunch 
of .DAT database (I don't know what kind) files that are used by multiple users 
at once with the PCLaw application, and we've been experiencing some minor 
corruption. What are the ideal settings for a share with databases like this? 
Also, if a newer version handles this kind of thing better, I have no problem 
with upgrading to a 3.0.x version. Thanks for any help.

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Regarding net groupmap

[Tom Skeren]

Well, my Samba 3.0.4 is joined to a w2k AD and works fairly well so far, 
as it's not in a production environment yet.  I am now testing it for 
such a release and have encountered a permission problem.  Unless I 
chmod -R 777 the Samba share directroy, users can only read files on the 
share, including the ADS users in Domain Admins.  Reading the Samba 
online manual, I figured the groupmap function would solve this.  I did 
as the manual suggested and got teh following errors:

fskkweb# net groupmap add ntgroup="Domain Admins" unixgroup=domadm
No rid or sid specified, choosing algorithmic mapping
[2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
 fetch_ldap_pw: neither ldap secret retrieved!
[2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
 ldap_connect_system: Failed to retrieve password from secrets.tdb
[2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) 
(Invalid credentials)
[2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
 fetch_ldap_pw: neither ldap secret retrieved!
[2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
 ldap_connect_system: Failed to retrieve password from secrets.tdb
[2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) 
(Invalid credentials)
[2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
 fetch_ldap_pw: neither ldap secret retrieved!
[2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
 ldap_connect_system: Failed to retrieve password from secrets.tdb
[2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) 
(Invalid credentials)
[2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
 fetch_ldap_pw: neither ldap secret retrieved!
[2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
 ldap_connect_system: Failed to retrieve password from secrets.tdb
[2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) 
(Invalid credentials)
[2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
 fetch_ldap_pw: neither ldap secret retrieved!
adding entry for group Domain Admins failed!
This is snipped but the errors repeat over and over for several pages.  
Anyone have any thoughts.

TMS III

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 2003 AD and winbind

[rjholtz]

Ok here's the setup:

Windows 2003 Active Directory
Mandrake 10 running Samba 3 with winbind
Clients: Win 95/98/me/nt4/2000/xp  I'll worry about getting the win 9x
working later, but what I write below happens with winXP and 2000 clients.

When we setup a home directory in a user's AD properties 2 things happen. 
 1: a popup comes up from the AD saying that the user doesn't have rights
to create '\\sambaserver\%username%' (which would be '/home/%username%' on
the linux box).  2:  On the client a user can type '\\sambaserver' into
windows explorer and see a public share, and a %username% share.  They can
enter the public share,  but when they try to open their personal share,
it says 'Incorrect password or unknown username for
\\sambaserver\%username%'.

I have a good feeling that username and password are not being passed
correctly between the AD domain controller and the sambaserver.  However I
cannot find out how to fix it.  Anyone have any ideas?

I was not the originator of this project.  The intern before me set this
up and couldn't get it completely working, and when I started my
internship I was assigned the project. I would really appreciate any help
anyone can send my way.  Let me know any questions you have about this.

Thanks,
Ray
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] FW: Point and Print

[chris]

As an updatee to my last post, things are still not working! The drivers
did get added but I'm still not sure whether I achieved this via the Add
Printer Wizard or despite error messages the rpcclient adddriver did
work. I did wonder if the lsa_io_sec_qos: length c does not match size 8
error is because the printer name is too long, especially as when I
tried a shorter name such as HP2300 - with no spaces the files did end
up in the correct directory!!  
 
I therefore attempted the setdriver command and still get error messages
such as WERR_ACCESS_DENIED. Looking at Google I can see lots of posts
and the suggestion that use client driver = yes in smb.conf should be
altered to use client driver = no . Well I tried this with no success
and even tried once again with the add printer wizard but this time I am
unable to change any of the properties. I also tried changing the
permissions on the /etc/cups/printcap file but it made no difference.
 
I am starting to conclude that either these commands do not work at all
or I am being remarkably thick! I suppose it is possible that the
rpcclient binary is corrupt or the version I am using has a bug in it. I
would very much like to hear if anyone has succeeded in getting this
process to work, particularly with PCL5/6 based printers.
 
As a alternative, I would consider downloading and compiling Samba but I
am curious as to how I can identfy what option were specified when the
packages were built i.e.is it possible to query the packaged version and
identify the compile options originally used.
 
 
Regards,
 
Chris
 
Christopher Moss
Murray McIntosh O'Brien
Wellesley House
204 London Road
Waterlooville
PO7 7AN
 
023 9223 1006
-Original Message-
From: chris [mailto:[EMAIL PROTECTED] 
Sent: 07 July 2004 17:24
To: '[EMAIL PROTECTED]'
Subject: Point and Print
 
I recently posted regarding problems configuring Samba. These have all
been fixed but I am now struggling with the point and print facility. I
have attempted to upload the drivers from Windows XP workstations but
this seems to do nothing. So plan B was to manually copy the files to
the appropriate print$ share folder, so far so good. The problem I now
have is that the rpcclient utility simply doesn't work. 
 
Without a debug level set I either get a usage prompt or a DOS code of
0x003
 
If I set debug to level 3 it produces the following error:
 
added interface ip=10.0.0.3 bcast=10.0.0.255 nmask=255.255.255.0
Password:
Connecting to host=localhost
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
lsa_io_sec_qos: length c does not match size 8
 
I have Googled with this error and noticed a number of posts but so far
not found an answer
 
The printer concerned is an HP 2300 PCL6 which has a whole string of
file dependencies (48 files in total). The result being that I've had a
lot of trouble with quoting errors (Unix skill still abit rusty) but I
seem to have got to the bottom of that problem.
 
N.B. System is Suse 9.1 running Samba 3.0.4 - (update downloaded this
morning to see if it would solve the problem). Printing is via Cups -
not sure of the version.
 
I would greatly appreciate any help with this problem as it is driving
me mad!!!
 
Regards,
 
Chris
 
Christopher Moss
Murray McIntosh O'Brien
Wellesley House
204 London Road
Waterlooville
PO7 7AN
 
023 9223 1006
 

---
Disclaimer

Privileged or confidential information may be contained in this message. 
If you are not the addressee of this message please notify the sender
 by return and delete it, and you may not use, copy, disclose or rely
 on the information contained in it. Internet e-mail may be susceptible 
to data corruption, interception and unauthorised amendment for which 
Murray McIntosh O'Brien does not accept liability. Likewise whilst we 
have taken reasonable precautions to ensure that this e-mail and any 
attachments have been swept for viruses, Murray McIntosh O'Brien 
does not accept liability for any losses caused as a result of viruses. 
Statements in this message that do not relate to the business of Murray 
McIntosh O'Brien are neither given nor endorsed by it or the Directors 
of Murray McIntosh O'Brien. A list of the Directors of Murray McIntosh 
O'Brien is available for inspection at our offices.

--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Printer driver: different options with samba

[gilles . massen]

Hi,

You're most certainly right. I don't have an option for restricting output 
to 'raw', but disabling the enhanced features brings the NT and Samba 
server to the same level.

And now that I know what to look for I have a lot of reading to do (and 
installing CUPS...).

Thanks,
Gilles

--
RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473


[...]

| I was wondering about the behaviour of printer drivers, in relation with
| Samba. The printer is installed, printing on Samba goes via lprng, and
| Windows printer drivers are installed on the Samba server. On the other
| hand I have an NT4 server with the same drivers (same version)
printing to
| the same printer over the same protocol (LPD). (BTW, the printer is an 
HP
| Laserjet 4200, in case it matters).
|
| Now what is weird is that not all options that I have
| when printing via  the NT4 server appear when I print over
| Samba (e.g. "Multiple pages per  sheet" is missing). Same behavior
| with PCL or PS drivers.

Probably a RAW vs. EMF printing issue.  Some features only
available when you are using the print processor (which is
used when used enable 'advanced features' of the driver
(i.e. EMF)).

Try setting the NT print server to use RAW printing only and
see if the options don't match what you see on the Samba server.

Printer Prop -> General Tab -> Print Processor..." ->
 [X] Always Spool RAW datatype


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] validate root locally with winbind

[Ramon Casha]

> I don't know about *only* against shadow. But I've got winbind setup,
> and it authenticates users first against the domain, but if that fails
> resorts to the local password database.
>
> Here are the relavent lines from my
> /etc/pam.d/system-auth
>
> auth    Ârequired   Â/lib/security/pam_env.so
> auth    Âsufficient  Â/lib/security/pam_winbind.so
> auth    Âsufficient  Â/lib/security/pam_unix.so likeauth nullok
> use_first_pa ss
> auth    Ârequired   Â/lib/security/pam_deny.so

Can I reverse that so that it checks local files first? That way if the user 
(eg "root") is local it doesn't have to check the domain.

-- 
Ramon Casha
Malta Linux User Group (http://linux.org.mt)
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Semaphore Time Expired

[Derek Smith]

At 08:37 AM 6/30/2004, you wrote:
I am running Debian 'woody' with Samba 3.0.2 and am having a sparatic 
problem on my network.
Some users will suddenly lose their connections to the samba shares and 
when trying to log in
to the system again will get an error that windows cannot locate their 
roaming profile - "Semaphore time period has expired".
It seems that if they wait for about 15 minutes they can then successfully 
log back in.

Please help. I am not even sure where to start. I have been googling for 
an answer for about a
day and while I have found other people with the same problem, I haven't 
found many solutions.

Derek
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
Well after many many days of banging my head I figured out a way to fix 
these problems.
I am not sure if it is the best way but it seems to have worked well.

I edited the /etc/nsswitch.conf file:
[OLD HOSTS LINE]
hosts:   files dns
[NEW HOSTS LINE]
hosts: files
Taking out the dns worked. Since I am running a small network that does not 
span mutliple
sub-nets I do not use DNS to resolve hostnames.  For some reason Samba 
3.0.2a didn't
like it when DNS couldn't resolve an IP into a host name.

Hope this helps someone.
Derek 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re[2]: [Samba] Is there a way to allow empty user (NULL) to connect to samba3 as nobody/guest from W2K/XP workstations?

[Vlad Borisoff]

Hello Gerald,

Currently only guest logins work, anonymous work only from UNIX
clients i.e. both cmds work ok:
smbclient //server/share -U%
smbclient //server/share -N

But, W2k clients can't login just by pressing OK button in login
prompts (empty user, empty pass) - only by specifying nobody or guest
as username.

> 'map to guest = bad user' doesn't do what you want ?
Not quite. Currently I use it as as workaround, but in this case samba
doesn't ask for a password - it just compares with currently logged in
user credentials on Windows workstation and if user is unknown maps it
to  guest. But I need it to ask for a password if user credentials are
not  valid  and to accept empty user (with empty pass) mapping it to a
guest user.
-- 
Thanks,
Vlad Borisoff

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Printer driver: different options with samba

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| I was wondering about the behaviour of printer drivers, in relation with
| Samba. The printer is installed, printing on Samba goes via lprng, and
| Windows printer drivers are installed on the Samba server. On the other
| hand I have an NT4 server with the same drivers (same version)
printing to
| the same printer over the same protocol (LPD). (BTW, the printer is an HP
| Laserjet 4200, in case it matters).
|
| Now what is weird is that not all options that I have
| when printing via  the NT4 server appear when I print over
| Samba (e.g. "Multiple pages per  sheet" is missing). Same behavior
| with PCL or PS drivers.
Probably a RAW vs. EMF printing issue.  Some features only
available when you are using the print processor (which is
used when used enable 'advanced features' of the driver
(i.e. EMF)).
Try setting the NT print server to use RAW printing only and
see if the options don't match what you see on the Samba server.
Printer Prop -> General Tab -> Print Processor..." ->
[X] Always Spool RAW datatype


cheers, jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7qxYIR7qMdg1EfYRArnaAKCuVMaGCznDOFU1qxnJzZ8g/AxU4ACeLO5P
i8COtP2gn2kGBSpt7JLxWWQ=
=1uKc
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Access Denied touching shared CUPS printer

[Michael Lueck]

I am now getting around to setting up a test printer.
CUPS is installed in RAW mode and a test print work A-OK. I also set the CUPS printer 
que as default.
Below are my printer related smb.conf lines for this PDC.
[global]
...
## NT Domain Related ##
   admin users = pianoman ldsinst
...
## Printing ##
   printcap name = CUPS
   printing = CUPS
[printers]
   comment = SMB Print Spool
   path = /var/spool/samba
   printable = Yes
   guest ok = Yes
   read only = no
   use client driver = Yes
   browseable = No
   create mode = 0600
...
And I did create /var/spool/samba as follows:
mkdir /var/spool/samba
chmod 0777 /var/spool/samba
chmod o+t /var/spool/samba
I am logged it with both local Admin permissions on the Win2K client and domain admin 
in Samba, per above.
Ideas why when going through the add printer wizard, browsing, touching the que it 
says access denied?
TIA!
--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows users can create files but Linux users can not?

[Jacob Friis Larsen]

I still think the problem has to do with the way you are using smbfs.  I 
suspect that you have mounted the remote filesystem in such a way that the 
account you are using does not have write access.

After you mount this filesystem, do a "ls -ld /mnt/jfl".  What is the 
result?
[EMAIL PROTECTED]:~$ ls -ld /mnt/jfl
drwxr-xr-x1 root root 4096 Jul  9 13:31 /mnt/jfl
When I create a dir as root, it works, but when I try to delete it I get
"rm: cannot remove directory `test': Device or resource busy"
Does it appear that the current user (whoever it is) has 
appropriate unix filesystem permissions?  In other words, if you are 
running as user "jfl", is the directory /mnt/jfl "owned" by jfl, and/or is 
there group or other write permission?
When nothing is mounted at /mnt/jfl it is owned by jfl. When mounted it 
is owned by root.
I think it is because I need to tell fstab that ordinary users can mount 
the drive. Could that be it? If so how do I do that?

Remember, smbfs does not actually map the remote filesystem's file 
ownership and permision information onto the client system (with the 
exception of read-only permission) - you have to specify the apparent 
owner and group and access mask at mount time.  Truthfully, Smbfs is a 
LOUSY way to do unix to unix filesystem sharing.
How do I do this?
Thanks,
Jacob
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] best filesystem choice for samba

[José Ildefonso Camargo Tolosa]

Hi!
Malcolm Baldridge wrote:
Quoting Mark Lidstone <[EMAIL PROTECTED]>:
 

ARGH!  I'm wondering if airing thoughts about VFAT performance publicly
was a good idea.
   

I doubt VFAT's case insensitivity would be worth dealing with its terrible
linear-search-time directory lookup methods.
The reason I suggested reiserfs (or ext3 with directory hashing) is to
reduce the high costs of locating a directory entry within a directory of
many (> 10,000) files.
msdos/vfat does not offer superior directory lookup times, and from my
limited testing, neither does NTFS.
ext2/ext3 in stock configuration is also slow, though it appears very recent
kernels/ext2fsutils offer an FFS-like "directory hashing" option which needs
a format-time decision to be made upon setting up the filesystem.
 

You can enable it with tune2fs:
obelix:~# tune2fs -O dir_index /dev/hda3
See man tune2fs for more help.
<>
I have no knowledge about XFS or JFS and how they compare. I know both are
"industrial" filesystems brought down from the Ivory Towers onto the
pipsqueak platforms.
As for "horror stories", well, each filesystem has had their respective
tales of misery and woe... ext3 had shocking and fatal dataloss bugs 
in the
adolescent versions of 2.4.x., and some RAID + reiserfs configs saw some
real wowsers as well. From bug reports/changelogs, I've seen similar tales
of woe for XFS and JFS if you trigger just the right combination of 
things.
>From my own experiences, things have matured and stabilised with reiserfs
and ext3 to the point where using either is fine for my purposes.
I had very bad experience with reiser: 4 servers installed with reiser, 
4 server died due to filesystem corruption in a time that varied from 
two to six months  (the last one had UPS, the others not).  I 
reinstalled them with ext3: almost a year since I reinstalled the first: 
no problems.

The decision comes down to:
1) Do you need quotas?  If yes, you cannot use reiserfs.
2) Do you need ACLs?  If yes, only ext2/ext3 has well-tested seamless
support, though I think there are wildcat patches to bring this to XFS (and
maybe others) as well.  I'm not sure about the stability of this.
ext3 used with -O dir_index *MAY* provide better performance for large
directory list lookups, but I've never tested it.  It requires Linux 2.6 for
starters for the kernel-side stuff to actually support it properly. 
grepping the linux 2.4 source shows no mention of hashing b-trees or
dir_index options for ext[23].

This is a RECENT addition to ext3, and I don't think the support actually
exists within 2.4 yet.  I've seen mention of "special backported patches"
but this smells scarier to me than using filesystems which have been
seamlessly integrated for over a year or so now.
So in terms of viable performance-driven alternatives, I see it being
reiserfs, xfs, or jfs.
 

In my experience: the fourth server (the one with the ups): Dual XEON 
2Gb RAM, 3x36Gb scsi disk in raid-5 array smart array 5300, running 
squid: it was slower then (with reiser), than now (with ext3).  I have 
only saw reiser to be faster when I delete a LARGE file (>1Gb).  I'm 
going to test ext3 with the dir_index option.

vfat/dos isn't faster, even with case insensitive semantics, for directory
sizes of 20,000 or more.
 

I agree.
Ildefonso
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with winbind an samba Domain

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Klaus Steinberger wrote:
| I get the following problem with winbind from samba 3.0.3 as
| well as 3.0.4:
|
| [EMAIL PROTECTED] root]# wbinfo -u
| Error looking up domain users
| [EMAIL PROTECTED] root]#
|
|  From /var/log/messages:
|
| Jun 24 16:02:23 bagheera winbind: winbindd startup succeeded
| Jun 24 16:02:23 bagheera winbindd[28278]: [2004/06/24 16:02:23, 0]
| rpc_client/cli_pipe.c:rpc_auth_pipe(256)
| Jun 24 16:02:23 bagheera winbindd[28278]:   BAD auth level
| 6 (should be 5)
|
|
| The Domaincontroller is a Samba 3.0.2 on a Redhat 7.3 machine.
you either have to (a) upgrade the DC to 3.0.4 as well, or (b)
set 'client schannel = no' in the domain member's smb.conf as a
temporary workaround.

cheers, jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7pchIR7qMdg1EfYRAl2iAKDFXedqCbiurR2RF9FCfHva1rlHqACg2wAX
pL6kWU2kXq3GSAxDlcdrPvE=
=oLSw
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Is there a way to allow empty user (NULL) to connect to samba3 as nobody/guest from W2K/XP workstations?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vlad Borisoff wrote:
|>After   switching  to  samba3  I've  noticed  that  it  doesn't  allow
|>connections  with empty usernames with security = user anymore.
Are you sure?  Do you mean real anonymous logins or just guest
logins?  There's a difference.  What is happening in the
SMBsessetup&X exchange?
| Does anybody know how to map empty user logins to nobody user in samba3?
'map to guest = bas user' doesn't do what you want ?


cheer,s jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7pTiIR7qMdg1EfYRAo00AKDK4ybz4feqoVeKj/exMTAnkj1hBQCfRD16
NBuiw1IFnchigOlhGLxwfcA=
=I2fG
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]

[Chris Garrigues]

> From:  Chris Garrigues <[EMAIL PROTECTED]>
> Date:  Fri, 02 Jul 2004 13:25:23 -0500
>
> Looks good so far.  I've been running it for several hours and both Jeff and I 
> are trying to break it.  Assuming I don't crash and burn, I'll push it out to 
> my customer site tonight and if they don't see any issues when the get back to 
> work on Tuesday, I'll declare this fixed by Wednesday.

It took me a few extra days to declare it fixed, but one of our unhappiest 
users just reported that he hasn't had any problems all week long!

Thanks again, Jeremy!

Chris

-- 
Chris Garrigues http://www.DeepEddy.Com/~cwg/
Trinsic Solutions   http://www.trinsics.com
1611-B West 6th Street
Austin, TX  78703-5074  512-322-0180

If you don't apply what you've learned, you haven't 
   learned anything.




pgpKcTrM2cj2k.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Win2k SP3 join a Samba 3.0.4 LDAP domain but still cannot log on !!

[Sandro]

Hello.

I've tried a lot but i cannot solve this crazy problem...
anyone can help me ??

I've configured Samba 3.0.4 as PDC with LDAP support
everything works fine and i can easily join from linux
machine.

The problem born when i try to join my w2k machine, the
join sequence success but i can't log to the domain after
reboot.

I've modified the signorseal registry key but nothing change,
i cannot log into my domain.

uff... a coffee for anyone can suggest me a solution !! =)

Lool 

Spx²
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Printer driver: different options with samba

[gilles . massen]

Hello everyone,

I was wondering about the behaviour of printer drivers, in relation with 
Samba. The printer is installed, printing on Samba goes via lprng, and 
Windows printer drivers are installed on the Samba server. On the other 
hand I have an NT4 server with the same drivers (same version) printing to 
the same printer over the same protocol (LPD). (BTW, the printer is an HP 
Laserjet 4200, in case it matters).

Now what is weird is that not all options that I have when printing via 
the NT4 server appear when I print over Samba (e.g. "Multiple pages per 
sheet" is missing). Same behavior with PCL or PS drivers.

Does anyone know where this comes from? Who/what makes the difference 
between the servers, if the driver is the same? Do I have to live with it?

While I found related questions on the mailing list, I failed to see an 
answer on the issue. If I'm wrong, any pointer to related readings are 
most welcome

Best,
Gilles

--
RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] validate root locally with winbind

[Shannon Johnson]

It sounds like your /etc/nsswitch.conf is set up to only use winbind.
Change it to:

Passwd: files winbind
Group:  files winbind

That'll check the local files first, then resort to winbind if nothing
local matches.

Shannon


 
Shannon Johnson
Network Support Specialist / Systems Administrator
Dept. of Mechanical and Nuclear Engineering
224 Reber Building
University Park, PA 16802
Phone: (814) 865-8267

 

> -Original Message-
> From: Ramon Casha [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 09, 2004 2:32 AM
> To: [EMAIL PROTECTED]
> Subject: [Samba] validate root locally with winbind
> 
> I have set up winbind successfully, but every time I need to perform
any
> task
> as root, winbind tries to login via the domain server, which gives an
> "incorrect password" error. Is there a way to set things up so that
the
> root
> user is only checked against the local passwd/shadow files?
> 
> --
> Ramon Casha
> Malta Linux User Group (http://linux.org.mt)
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba Digest, Vol 19, Issue 12

[samba]

This is an automatic reply

I will be away until 5 to 9 July 2004

I will check email while I'm away.

Please don't send attachments to me during that time, as my mailbox
might fill up and overflow and I'll miss the mail entirely.

Thanks


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Is there a way to allow empty user (NULL) to connect to samba3 as nobody/guest from W2K/XP workstations?

[Vlad Borisoff]

> After   switching  to  samba3  I've  noticed  that  it  doesn't  allow
> connections  with empty usernames with security = user anymore.
> Samba2  mapped  empty  user  to nobody, is there a way to achieve such
> behavior?  It  is needed for compatibility - we still have lots of W2k
> workstations  that  allow passing empty usernames in login prompts (as
> opposed to XP).

> Adding null/NULL to smbusers file didn't help.
> Searching documentation & googing didn't give me an answer for this issue.
auth methods = guest sam
Doesn't help either.

Does anybody know how to map empty user logins to nobody user in samba3?
--
Thanks in advance,
Vlad Borisoff

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows users can create files but Linux users can not?

[Jacob Friis Larsen]

[EMAIL PROTECTED] wrote:
I have a Samba server running on a Fedora Core 1 Linux server, and my 
problem is that Windows users can create files but Linux users can not.

This is my smb.conf file on the Samba server:
[global]
   workgroup = IDG_DK
   server string = WebDev
   log file = /var/log/samba/%m.log
   max log size = 50
[jfl]
   path = /var/www/websites/jfl
   valid users = jfl
   read only = No

I'm confused by your question.  Did you leave out part of the smb.conf 
file?  Did you leave out part of the question?
No.
Given the information 
you've given, user "jfl" should have read-write access to \\webdev\jfl, 
and no one else should have any access.  This is true whether you are 
connecting from a Windows system or another Linux system.
I can read and change files, but not create new files or dirs.
I'm not sure in what context "Linux users" cannot create files.  ARe you 
using smbfs or cifs to connect from one Linux system to another?  Is the 
connection being made as user "jfl"?  Are the smbfs/cifs parameters set up 
right?
I am using smbfs. I connect via /etc/fstab like this:
//fedora.idg.dk/jfl/mnt/jflsmbfs   username=jfl,password=xxx 
   0   0

Or are you saying that Linux users logged on to this system cannot create 
files in /var/www/websites/jfl?  If so, that sounds like a matter of 
filesystem permissions.
If I login to the server via ssh as jfl I can create files and dirs.
When I try via the share i get "Access denied to /mnt/jfl/test"
This is my smb.conf on my Linux client:
[global]
workgroup = IDG_DK
server string = %h server (Samba %v)
obey pam restrictions = Yes
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
panic action = /usr/share/samba/panic-action %d
invalid users = root

[homes]
comment = Home Directories
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /tmp
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
Thanks,
Jacob
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] group add and groupmap with ldapsam

[andreas burger]

hello,
trying to set up an pdc with 3.0.4 on solaris with openldap
creating groups and adding groupmaps does not work.
net group add asks the password for the ldap-manager, comes back without 
any message, but the group does not exist after that.

if i try to make a groupmap without adding a wingroup first, the result 
is the following (no question for the password!)

/usr/local/samba/bin/net groupmap add ntgroup=ttgruppe unixgroup=tt 
type=d rid=552
[2004/07/09 11:12:18, 3] param/loadparm.c:lp_load(3877)
  lp_load: refreshing parameters
...
[2004/07/09 11:12:18, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
  ldapsam_getgroup: Did not find group
[2004/07/09 11:12:18, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
  ldapsam_getgroup: Did not find group
[2004/07/09 11:12:18, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
  ldapsam_getgroup: Did not find group
adding entry for group ttgruppe failed!
[2004/07/09 11:12:18, 2] utils/net.c:main(792)
  return code = -1

unix-passwd-base ist nis+
snipp from samba-conf:
...
passdb backend = ldapsam:ldaps://localhost
ldap admin dn = "cn=Manager,dc=agrl,dc=ethz"
ldap idmap suffix =
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix =
ldap suffix = dc=agrl,dc=ethz
so first: any hints?
and second: i still searching a detailed description about
groups in a samba-pdc-domain.
thanks for any hint andreas


--

Andreas Burger
Eidgenoessische Technische Hochschule Zuerich
Departement AgrL  ISG
LFW A2  8092 Zuerich  632 68 54
[EMAIL PROTECTED]
_
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba looses its print share

[Joern Knechtel]

Karel De Vriendt wrote:
 
 > I am using Samba 3.0.4-1.12 under SuSE 9.1 to make my printer (an HP
 > PSC950) available to the rest of the family (that is using Windows
 > machines).  The printer is configured via CUPS.
 > 
 > OK except for one thing: regularly, Samba seems to loose the print share
 > (printer no longer reachable from the Windows machines, printer no
 > longer listed as shared when I do "smbclient -L localhost -U%".
 > 
 > Stopping and restarting smb (./smb stop and ./smb start as root)
 > normally cures the problem.
 > 
 > Happens every couple of days.
 
 Have the same problem on several servers too.
 Did some kinda workaround by writing a samba reload into a
 cronjob every day prior the working hours.
 Not very elegant but helps. Maybe someone can put a light
 on us :-)
 
 jk

PS: Running a combo of Debian & Samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] URGENT:problem with charset - migrating from 2.2.8a to 3.0.2a

[Dominic Clarke]

Hello all

we have just carried out the above muigration . Our PDC is a Solaris 7 machine ( Sun 
E450 ) , our clients are
Windows 2000 machines.

When logging on to client PCs some users get messages about being unable to copy 
various 'Favourites' .
Upon examination of the profiles ( which are stored on the PDC ) we noted unusual 
characters in the
offending entries. When these entries were examined from a telnet session initiated 
from a client PC
the characters appeared correctly , when examined directly on the server  , these 
characters were
displayed differently.

We have just added the following lines to smb.conf

   unix charset = ASCII
   dos charset = UTF8

But we are still getting the same messages at login , despite having restarted the 
samba services.

Also , we are finding that users are loosing there network drives to a degree which 
makes it
impossible for them to do there work.

Thanks in advance for any assistance

Dominic Clarke

www.foe.co.uk




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Wrong file size

[Drlik Zbynek]

I have kernel 2.6.7 and samba 3.0.4 running.
When I mount on same server itself shares, there is problem that files 
what have about 2-3 MB are 1-3GB big and all my programs what are depend 
on size are crashing.
I tryed kernel 2.4.26 and there it was OK.
If I mount.smbfs to another smb server it was wrong on kernel 2.6.7
If I mount.cifs to another smb server it was Ok
If I mount.cifs itself smb server it was wrong

Plese help to solve this problem.
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Restricting file types

[Hamish]

This works well for file servers only, but there is a way round it which 
might be good to bear in mind -
Say you have blocked /*.php/*.asp/ to prevent samba users making scripts 
on your web server (i am guessing that you have shared your webroot?)
Now make a php file, rename it to file.txt and move it to the server - 
no problem. Once it is on the server, rename it to file.php. The file 
disappears, but only to samba users - the file is still there named 
file.php and can be accessed by anything other than samba (ie apache)

Mike Stewart wrote:
Yes, and very useful it is too :-)
In the Globals section I put this to stop all users cluttering up the server
with mp3 files. You can put it in each required share definition rather than
globals though.
veto files = /*.mp3/
basically it starts with a / then file name and type and then ends with /
so,  veto files = /*.bat/*.scr/mike.*/
would stop all bat and scr files, and any file called mike with any ext.
I use SWAT for configuring my Samba shares and the help file explains it
well.
HTH
Mike
- Original Message - 
From: "Bruce Embrey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 08, 2004 2:36 PM
Subject: [Samba] Restricting file types

Samba List:

Is it possible to limit what filename extensions can be stored in a
samba share? We use samba to allow our windows web designers to use drag
and drop when deploying new pages on our website. We want to be able to
limit which filename extensions can be saved to these shares. Is this
possible and if not and alternatives?

Bruce Embrey

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba3.0 linux server and OS/2 Warp4 client Failure

[David Paupe]

Hi,
   I have a samba3.0.4-r1 server on a linux Gentoo OS, and a OS2/ Warp4 
client which mount (with net use command) a smb partition without 
problem... I can acceded it, create, modify and delete files on it.

But this smb mount, is use by the OS/2 client to perfom a compilation 
(write the .lib file of the compliation of a lib library with the 
ilib.exe program). The .lib file must be created with several .c files, 
but after having creating the .lib file to the compilation of the first 
.c file, I have this message :
   "LIB0009: Error : Unable to write "
But when I look in the directory where the .lib file must be, I can see 
him. The compilation Stop after the perform of the first .c file.

When I use a samba2.2 server I haven't this PB...
Someone can help me ? What's the difference between Samb2.2 and 
Samba3.0.4 which can perform the problem ? There is a new option I must 
defined ?

Best regards
David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] NT doesn't like that, you should fix it

[Fajar Priyanto]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dear all,
I have this in my /var/log/messages (pls mind the line wrap):
smbd3[3660]: [2004/07/09 15:31:26, 0] 
rpc_server/srv_util.c:get_domain_user_groups(372)

smbd3[3660]:   get_domain_user_groups: primary gid of user [fajar] is not a 
Domain group !

smbd3[3660]:   get_domain_user_groups: You should fix it, NT doesn't like that

Why is that? However, the operation is normal, I can logon into the domain, 
download the profiles, etc. 

This is my smb.conf:
[global]
workgroup = samba3
netbios name = centrino
server string = Samba Server %v
message command = /usr/bin/linpopup "%f" "%m" %s; rm %s
printcap name = cups
load printers = yes
printing = cups
printer admin = @adm
log file = /var/log/samba3/log.%m
log level = 3
map to guest = bad user
security = user
encrypt passwords = yes
smb passwd file = /etc/samba3/smbpasswd
unix password sync = Yes
pam password change = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
*passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba3/smbusers
include = /etc/samba3/smb.conf.%m
  winbind uid = 1-2
  winbind gid = 1-2
  winbind separator = +
  winbind use default domain = yes
template homedir = /home/%D/%U
  obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote announce = 192.168.0.255
local master = yes
os level = 33
domain master = yes 
preferred master = yes
domain logons = yes
logon script = %m.bat
logon script = %U.bat
logon path = \\%L\Profiles\%U
logon home = \\%L\%U\.profile
add user script = /usr/sbin/useradd -s /bin/false '%u'
delete user script = /usr/sbin/userdel '%s'
add user to group script = /usr/bin/gpasswd -a '%u' '%g'
delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
set primary group script = /usr/sbin/usermod -g '%g' '%u'
add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print 
$3}'
delete group script = /usr/sbin/groupdel '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine 
Account' -s /bin/false -M %u
dns proxy = no 
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
# You can enable VFS recycle bin on a per share basis:
# Uncomment the next 2 lines (make sure you create a
# .recycle folder in the base of the share and ensure
# all users will have write access to it. See
# examples/VFS/recycle/REAME in samba-doc for details
;   vfs object = /usr/lib/samba3/vfs/recycle.so

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba3/netlogon
   guest ok = yes
   writable = yes
   browseable = no
   
#Uncomment the following 2 lines if you would like your login scripts to
#be created dynamically by ntlogon (check that you have it in the correct
#location (the default of the ntlogon rpm available in contribs)
;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba3/netlogon
;root postexec = rm -f /var/lib/samba3/netlogon/%U.bat

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /var/lib/samba3/profiles
browseable = no
guest ok = yes
writable = yes
# This script can be enabled to create profile directories on the fly
# You may want to turn off guest acces if you enable this, as it
# hasn't been thoroughly tested.
root preexec = PROFILE=/var/lib/samba3/profiles/%u; if [ ! -e $PROFILE ]; \
then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi

# NOTE: If you have a CUPS print system there is no need to 
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients or upload the printer driver to the
# server from Windows (NT/2000/XP). On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you have
# to use 'printcap name = cups' or swap the 'print command' line below 
# with the commented one. Note that print commands only work if not using 
# 'printing=cups'
[printers]
   comment = All Printers
   path = /var/spool/samba3
   browseable = no
# to allow user 'guest account' to print.
   guest ok = yes
   writable = no
   printable = yes
   create mode = 0700
# =
# print command: see above for details.
# =
   print command = lpr-cups -P %p -o raw %s -r   # using client side printer 
drivers.
;   print command = lpr-cups -P %p %s # using cups own drivers (use generic 
PostScript on clients).

# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need writ

[Samba] sambaAcctFlags automatically DUX when logon

[Marian Chowanetz]

hi all,

as I wrote yesterday I've set up a samba3.0.3 as pdc for my w2k-domain with
ldapsam-backend
(cyrus-sasl, heimdal) on suse9.0.
everything worked fine. but yesterday the /dev/sda1 (/homes; xfs file
system) crashed, when I created a new user with smbldap-useradd. I could
repair the xfs file system and everything seemed fine.

to test the system I've created a new user. but the new user cannot logon.
"error: The system could not log you on..."

I found that the new created user get now by default a sambaAcctFlags DUX
not UX. when I change the flag to UX and try to logon the flag automatically
switches to DUX. so I cannot logon.

How can I solve this problem? only old users can logon.

thanks
marian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] best filesystem choice for samba (was: new user cannotlogon)

[rruegner]

Hi,
i have running ext3 with quota lvm acl support and samba,
with no problems on suse 9 , but i dont have trillards of files or files 
bigger than 2G to test.
The Story seems to be that filesystems arent implemented same good on 
every distro / kernels, so i was not able to implement xfs and samba on 
suse 9 , but i know this works with debian sarge ( cant remember the 
kernel ) . I have a few share partitions with reiserfs and acl which 
works very nice with suse 9.
Suse 9.1 seems to have major Problems with xfs.
( suse 9.1 is not a big shoot, you should only use it for needing kernel 
 2.2.6 features )
So i recommend to use ext3 as the best deal ( maybe dont i special 
cases, ie. large shares with millions of files here xfs is the better one )
VFAT is a simply outdated system, as the only thing which may make you 
happy that you can mount it under any win system, this might be helpfull
on small portable usb/firewire storages which can be used for backup in 
smaller filestores with samba.
Best Regards

Malcolm Baldridge schrieb:
Quoting Mark Lidstone <[EMAIL PROTECTED]>:

ARGH!  I'm wondering if airing thoughts about VFAT performance publicly
was a good idea.

I doubt VFAT's case insensitivity would be worth dealing with its terrible
linear-search-time directory lookup methods.
The reason I suggested reiserfs (or ext3 with directory hashing) is to
reduce the high costs of locating a directory entry within a directory of
many (> 10,000) files.
msdos/vfat does not offer superior directory lookup times, and from my
limited testing, neither does NTFS.
ext2/ext3 in stock configuration is also slow, though it appears very recent
kernels/ext2fsutils offer an FFS-like "directory hashing" option which needs
a format-time decision to be made upon setting up the filesystem.
I have no knowledge about XFS or JFS and how they compare.  I know both are
"industrial" filesystems brought down from the Ivory Towers onto the
pipsqueak platforms.
As for "horror stories", well, each filesystem has had their respective
tales of misery and woe... ext3 had shocking and fatal dataloss bugs in the
adolescent versions of 2.4.x., and some RAID + reiserfs configs saw some
real wowsers as well.  From bug reports/changelogs, I've seen similar tales
of woe for XFS and JFS if you trigger just the right combination of things.

From my own experiences, things have matured and stabilised with reiserfs
and ext3 to the point where using either is fine for my purposes.
The decision comes down to:
1) Do you need quotas?  If yes, you cannot use reiserfs.
2) Do you need ACLs?  If yes, only ext2/ext3 has well-tested seamless
support, though I think there are wildcat patches to bring this to XFS (and
maybe others) as well.  I'm not sure about the stability of this.
ext3 used with -O dir_index *MAY* provide better performance for large
directory list lookups, but I've never tested it.  It requires Linux 2.6 for
starters for the kernel-side stuff to actually support it properly. 
grepping the linux 2.4 source shows no mention of hashing b-trees or
dir_index options for ext[23].

This is a RECENT addition to ext3, and I don't think the support actually
exists within 2.4 yet.  I've seen mention of "special backported patches"
but this smells scarier to me than using filesystems which have been
seamlessly integrated for over a year or so now.
So in terms of viable performance-driven alternatives, I see it being
reiserfs, xfs, or jfs.
vfat/dos isn't faster, even with case insensitive semantics, for directory
sizes of 20,000 or more.
=MB=
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

AW: [Samba] Re: new user cannot logon

[Marian Chowanetz]

-Ursprungliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Auftrag
von Jim C.
Gesendet: Donnerstag, 8. Juli 2004 20:32
An: [EMAIL PROTECTED]
Betreff: [Samba] Re: new user cannot logon


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

| I've set up a samba3.0.3 as pdc for my w2k-domain with ldapsam-backend
...
| in the log file I found:
| [2004/07/08 13:08:15, 3] auth/auth.c:check_ntlm_password(219)
|   check_ntlm_password:  Checking password for unmapped user
[EMAIL PROTECTED]
| with the new password interface
| [2004/07/08 13:08:15, 3] auth/auth.c:check_ntlm_password(222)
|   check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
| does this mean, samba cannot find the user?
| when I do a "pdbedit -Lv" everything seems o.k. and the user can also
logon
| directly on the linux system.

No it probably means that user VERBUND was found and not re-mapped to a
Unix account in /etc/smbusers, so there must be a different problem.

One thing I noticed was that the smbldap-passwd scripts *DO NOT* set the
users windows passwords when you use "smbldap-useradd -a -P" where "-P"
sets only the unix password.  smbldap-passwd on the other hand sets both.

Ans: Try re-setting the users password with smbldap-passwd.


I've already tried this. I've created users with smbldap-useradd and with
the idxldap-accounts-tool in webmin. in both cases I changed the password
and in both cases when I tried to logon on w2k the answer was:
your account is disabled

well, but it wasn't. with idxldapaccounts I switched the account to disabled
and then re-enabled it but to no avail.

at least the logon procedure knows, that something happened with the
password. but what gives the wrong information about disabled/enabled
account?

thanks in advance

marian





Jim C.
- --

- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA7ZM757L0B7uXm9oRAq9JAJwN4vtA9u9rMNJri46tLfkeq+GE8QCfWXgp
U0YPivrpD8QLC7WfODFI5l4=
=NByd
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] validate root locally with winbind

[Chris Jensen]

> Is there a way to set things up so that the root
> user is only checked against the local passwd/shadow files?

I don't know about *only* against shadow. But I've got winbind setup,
and it authenticates users first against the domain, but if that fails
resorts to the local password database.

Here are the relavent lines from my
/etc/pam.d/system-auth

authrequired  /lib/security/pam_env.so
authsufficient/lib/security/pam_winbind.so
authsufficient/lib/security/pam_unix.so likeauth nullok use_first_pa
ss
authrequired  /lib/security/pam_deny.so
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba