Re: [Samba] Re: Logon Hours problems (really stuck)
Hi Christoph, Thanks for your help with this. I will go onsite to the check the time/timezone settings on the client PCs on Monday and see where things are going wrong. I'm sure I'll track it down. Your assistance is greatly appreciated. Keep well. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. - Original Message - From: Christoph Scheeder [EMAIL PROTECTED] To: David Wilson [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Saturday, February 05, 2005 10:51 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, yes that definitly sounds like a problem with the timezone-settings on the local server, or a mismatch between timezones set on the server and the clients. Doubblecheck they are consistent and in sync. Last year i had on client pc of a customer beleave it was summertime but in fact that ended a week before. Result were, all files from this client stored to the samba server got timestamps 2 hours back in time. I guess if they had defined kickofftimes this machine would have been kicked 2 hours too early. doesn't that sound a little familiar to you? Fixed the clients timesetting and all was fine again. Christoph David Wilson schrieb: Hi Christoph, I haven't tried what you suggested yet however there is definitely something wrong with the time on my Samba server: In my smb.conf I have the following under my [netlogon] share which creates a log indicating user login times: preexec = echo %u logged into %h from %m (%I) at %T running %a. /tmp/samba-login.log What is interesting is that the time indicated in my /tmp/samba-login.log is two hours behind the actual time on the server (which is synched to an international time server). This is what I get in the log: aw088 logged into tux from lab4_6_208 (10.0.6.208) at 2005/02/04 08:39:25 running WinXP. If I type date on the server this is what I get: Fri Feb 4 10:39:06 SAST 2005 As you can see, Samba believes it's two hours behind the actual (correct) time of the server. The time offset = 120 option in the smb.conf does not seem to make any difference. Is this still related to the hardware clock issues etc. you've mentioned below ? Thanks for all your help so far, greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. - Original Message - From: Christoph Scheeder [EMAIL PROTECTED] To: David Wilson [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Thursday, February 03, 2005 11:44 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, what i do is the following setup for linux-servers and time: 1.) set hardware-clock to GMT, 2.) tell the system the hardwareclock is set to GMT (how depends on distro) 3.) set local timezone to GMT+2 (again, depends on distro) 4.) check all win-Clients to have the correct timezone set after that your system-clock should be showing the correct time in linux, and samba should use the correct kickoff times. as a sideefect it gives you the possibility to use ntp to sync your clock with any timeserver out there in the internet. Christoph David Wilson schrieb: Hi guys, Unfortunately this is still happening I've tried restarting Samba. Users who should be denied access after 21:00 are being denied access at 19:00. Our time zone in South Africa is GMT+2. Perhaps I should set the timezone on the server to UTC/GMT ? Do you think this will help ? Should I then leave the time set to the current time in South Africa ? Or should I set the time to the time at UTC/GMT ? There's something I must be missing here. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Logon Hours problems (Slackware)
Hi, Thanks for your reply. I'll check /etc/localtime and see if it's a similar thing to what you had. Thanks for your assistance. Just for reference this is a Slackware-10.0 box and the timezone was set to GMT+2 (SAST) by using timeconfig. Perhaps someone else has picked up this issue when using Slackware too ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. - Original Message - From: [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 04, 2005 1:45 PM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) I had some similar time problems with some versions of glibc. The solution was to point the link /etc/localtime from Sofia to Athens (we are in the same time zone). May be you could point that to some other city in the same time zone? On Thursday 03 February 2005 10:23, David Wilson wrote: Hi guys, Unfortunately this is still happening I've tried restarting Samba. Users who should be denied access after 21:00 are being denied access at 19:00. Our time zone in South Africa is GMT+2. Perhaps I should set the timezone on the server to UTC/GMT ? Do you think this will help ? Should I then leave the time set to the current time in South Africa ? Or should I set the time to the time at UTC/GMT ? There's something I must be missing here. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. - Original Message - From: David Wilson [EMAIL PROTECTED] To: david rankin [EMAIL PROTECTED]; samba samba@lists.samba.org Sent: Monday, January 31, 2005 8:48 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi David, Nice name ! :) Thanks for your reply. I'm pretty sure I did restart Samba, to double check I will restart it again this evening. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. - Original Message - From: david rankin [EMAIL PROTECTED] To: samba samba@lists.samba.org Sent: Saturday, January 29, 2005 5:40 PM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi guys, The time offset option unfortunately did not solve my problem. Users that are meant to be kicked off at 21:00 keep getting kicked off at 19:00. The time on the server is right. What else could be causing my problem ? If you made changes, did you remember to restart samba? (stranger things have happened) -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- - Original Message - From: David Wilson [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Saturday, January 29, 2005 5:01 AM Subject: [Samba] Re: Logon Hours problems (really stuck) Hi guys, I'm really sorry to bother you with this but I'm really battling and can't find any info to solve my problem. Please have a look at my issue below and give me some guidance as to what could be causing it. Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Thursday, January 27, 2005 3:43 PM Subject: Re: Logon Hours problems Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 10:16 PM Subject: Re: Logon Hours problems I've found the time offset option from the smb.conf man page. In South Africa we are GMT+2, so I've set time offset = 120 in my smb.conf. Do you think this is the right thing to do ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED]
Re: [Samba] Re: Delayed Write Failed and other similar errors on Windows machines
On Saturday 05 February 2005 13:25, Jeremy Allison wrote: Looks like it might be a hardware problem on your network then. I noticed that moving the offending folder and files on the Windoze end to another folder on the Samba share, the problem seemed to go away. I haven't had time to run any other tests, but if the the problem shows back up, I'll do an etherreal capture to see what can be learned. For now, case closed. Thanks. -- Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Is Samba running?
Ok... samba was not running. If I run the following line '/etc/rc.d/init.d/smb start' the Samba share appears in the XP box network browser. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: domingo, 6 de Fevereiro de 2005 3:12 To: samba@lists.samba.org Subject: RE: [Samba] Is Samba running? I think I'm running samba 3 because I installed it with Fedora 3 setup. Smbstatus gives me the following: Sessionid.tdb not initialized /var/cach/samba/connection.tdb not initialized ... ... Failed to open byte range locking database ERROR: Failed to initialize locking database ps -wuax | grep -E smb|nmb gives me the following: Warning: bad syntax, perhaps a bogus '-'? see. My 'smb.conf' goes like this: global] workgroup = WORKGROUP netbios name = HOBBIT security = share [data] comment = Data path = /export read only = Yes guest ok = Yes thaks Rui -Original Message- From: Jeff [mailto:[EMAIL PROTECTED] Sent: domingo, 6 de Fevereiro de 2005 2:49 To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Is Samba running? [EMAIL PROTECTED] wrote: I'm trying to see my Fedora box with a samba share in the XP Network browser but no luck so far and I don't know where to start to solve the problem. So I thought Samba was not running... but do not know how to check it... What version of samba are you running? How did you install it? configure or rpm? What errors are you getting when you try to map a drive? You'll have to supply some more information first, run those two commands from the shell, on your Fedora box. and tell us what they output. Do you know that samba is started? the command `ps -wuax | grep -E smb|nmb` should return two differnt processes - smbd and nmbd. Also the command `smbstatus` will give you info about samba shares. are you seeing anything in your log files on Fedora from the xp box, which would be log.machinename or log.ip.address and are most likely stored in /var/log or /var/log/samba. If so what do they say? HTH Jeff -Original Message- From: Jeff [mailto:[EMAIL PROTECTED] Sent: domingo, 6 de Fevereiro de 2005 2:13 To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Is Samba running? [EMAIL PROTECTED] wrote: Hi all, How can I know if Samba is running properly? What exactly are you trying to determine? ps -wuax | grep -E smb|nmb - will show you if/what the processes are running what does smbstatus show? - this will show the status of all things samba Jeff Thanks Rui -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how can I run samba in Startup?
Hi, How can I put Samba to start in the FC3 boot? Thanks Rui -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Please help printing from CUPS to XP shared printer via smb
Sorry if this is a stupid question but I tried reading, studying and finding solution but am not making it alone :) On my home lan I have a Linux (Debian sid) box (192.168.174.244) running 3.0.10 samba and cups 1.1.23. My objective is to print from this box to the other home PC which is running XP (192.168.174.242) and sharing an Epson R200 printer. Follows the troubleshooting I could do by myself including an ethereal trace. I would be grateful if any of you could help me understand what am I doing wrong which I suspect is related to a wrong authentication ??? TIA, Bob 1) This is the first anomaly. What are those messages at the bottom ? It's reason ? [EMAIL PROTECTED]:~$ smbclient -I 192.168.174.242 -L fenice-nf7-maxt -N Domain=[FENICE-NF7-MAXT] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- P$ Disk Default share IPC$IPC Remote IPC print$ Disk Printer Drivers SharedDocs Disk R200Printer R200 Z$ Disk Default share ADMIN$ Disk Remote Admin C$ Disk Default share timeout connecting to 192.168.174.242:139 Error connecting to 192.168.174.242 (Operation already in progress) Connection to fenice-nf7-maxt failed NetBIOS over TCP disabled -- no workgroup available 2) I proceeded to define the printer to my linux CUPS (127.0.0.1:631) and this is what I see with ethereal on either box. In particular I see a Tree Connect AndX Request, Path: \\192.168.174.242\R200 in frame 9 going from linux to xp and Tree Connect AndX Response, Error: STATUS_ACCESS_DE as the reply from xp to linux in frame 10 the Reason ? No. TimeSourceDestination Protocol Info 1 0.00192.168.174.244 192.168.174.242 TCP 57074 microsoft-ds [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=73543465 TSER=0 WS=2 Frame 1 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: 00:09:6b:53:12:f1, Dst: 00:04:4b:80:80:03 Internet Protocol, Src Addr: 192.168.174.244 (192.168.174.244), Dst Addr: 192.168.174.242 (192.168.174.242) Transmission Control Protocol, Src Port: 57074 (57074), Dst Port: microsoft-ds (445), Seq: 0, Ack: 0, Len: 0 No. TimeSourceDestination Protocol Info 2 0.000267192.168.174.242 192.168.174.244 TCP microsoft-ds 57074 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 Frame 2 (78 bytes on wire, 78 bytes captured) Ethernet II, Src: 00:04:4b:80:80:03, Dst: 00:09:6b:53:12:f1 Internet Protocol, Src Addr: 192.168.174.242 (192.168.174.242), Dst Addr: 192.168.174.244 (192.168.174.244) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 57074 (57074), Seq: 0, Ack: 1, Len: 0 No. TimeSourceDestination Protocol Info 3 0.000338192.168.174.244 192.168.174.242 TCP 57074 microsoft-ds [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=73543465 TSER=0 Frame 3 (66 bytes on wire, 66 bytes captured) Ethernet II, Src: 00:09:6b:53:12:f1, Dst: 00:04:4b:80:80:03 Internet Protocol, Src Addr: 192.168.174.244 (192.168.174.244), Dst Addr: 192.168.174.242 (192.168.174.242) Transmission Control Protocol, Src Port: 57074 (57074), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. TimeSourceDestination Protocol Info 4 0.015363192.168.174.244 192.168.174.242 SMB Negotiate Protocol Request Frame 4 (249 bytes on wire, 249 bytes captured) Ethernet II, Src: 00:09:6b:53:12:f1, Dst: 00:04:4b:80:80:03 Internet Protocol, Src Addr: 192.168.174.244 (192.168.174.244), Dst Addr: 192.168.174.242 (192.168.174.242) Transmission Control Protocol, Src Port: 57074 (57074), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 183 NetBIOS Session Service SMB (Server Message Block Protocol) Frame 5 (155 bytes on wire, 155 bytes captured) Ethernet II, Src: 00:04:4b:80:80:03, Dst: 00:09:6b:53:12:f1 Internet Protocol, Src Addr: 192.168.174.242 (192.168.174.242), Dst Addr: 192.168.174.244 (192.168.174.244) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 57074 (57074), Seq: 1, Ack: 184, Len: 89 NetBIOS Session Service SMB (Server Message Block Protocol) No. TimeSourceDestination Protocol Info 6 0.016445192.168.174.244 192.168.174.242 TCP 57074 microsoft-ds [ACK] Seq=184 Ack=90 Win=5840 Len=0 TSV=73543481 TSER=5887 Frame 6 (66 bytes on wire, 66 bytes captured) Ethernet II, Src: 00:09:6b:53:12:f1, Dst: 00:04:4b:80:80:03 Internet Protocol, Src Addr: 192.168.174.244 (192.168.174.244), Dst Addr: 192.168.174.242 (192.168.174.242) Transmission Control Protocol, Src Port: 57074 (57074), Dst Port: microsoft-ds (445), Seq: 184, Ack: 90, Len: 0
Re: [Samba] how can I run samba in Startup?
[EMAIL PROTECTED] wrote: How can I put Samba to start in the FC3 boot? You'll need to determine which runlevel you're you boot into, which can be seen in /etc/inittab in a line that looks like `id:3:initdefault:`. The 3 means the system boots into runlevel 3. So in /etc/rc3.d create the symbolic links to your smb script that you used to start samba ln -s /path/to/smb K01samba ln -s /path/to/smb S98samba the K is for the shutdown the S is for the startup The numbers after are the order in they are executed. An ls -l in the rc3.d directory will show already installed scripts looking like S90crond - ../init.d/crond HTH Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Invitation to Italy and USA 2005; c/ka
Dear Dr. Samba, On behalf of the organizing committee, I would like to extend a cordial invitation for you to attend one or both of the upcoming IPSI BgD multidisciplinary, interdisciplinary, and transdisciplinary conferences. The first one will take place in Cambridge, Massachusetts, USA: IPSI-2005 USA [EMAIL PROTECTED], Cambridge (arrival: 7 July 05 / departure: 10 July 05) New deadlines: 20 February 05 (abstract) / 15 April 05 (full paper) The second one will take place in Loreto Aprutino, Italy: IPSI-2005 ITALY Hotel Castello Chiola (arrival: 27 July 05 / departure: 1 August 05) New deadlines: 20 February 05 (abstract) / 15 April 05 (full paper) All IPSI BgD conferences are non-profit. They bring together the elite of the world science; so far, we have had seven Nobel Laureates speaking at the opening ceremonies. The conferences always take place in some of the most attractive places of the world. All those who come to IPSI conferences once, always love to come back (because of the unique professional quality and the extremely creative atmosphere); lists of past participants are on the web, as well as details of future conferences. These conferences are in line with the newest recommendations of the US National Science Foundation and of the EU research sponsoring agencies, to stress multidisciplinary, interdisciplinary, and transdisciplinary research (M.I.T. research). The speakers and activities at the conferences truly support this type of scientific interaction. One of the main topics of this conference is E-education and E-business with Special Emphasis on Semantic Web and Web Datamining Other topics of interest include, but are not limited to: * Internet * Computer Science and Engineering * Mobile Communications/Computing for Science and Business * Management and Business Administration * Education * e-Medicine * e-Oriented Bio Engineering/Science and Molecular Engineering/Science * Environmental Protection * e-Economy * e-Law * Technology Based Art and Art to Inspire Technology Developments * Internet Psychology If you would like more information on either conference, please reply to this e-mail message. If you plan to submit an abstract and paper, please let us know immediately for planning purposes. Note that you can submit your paper also to the IPSI Transactions journal. Sincerely Yours, Prof. V. Milutinovic, Chairman, IPSI BgD Conferences * * * CONTROLLING OUR E-MAILS TO YOU * * * If you would like to continue to be informed about future IPSI BgD conferences, please reply to this e-mail message with a subject line of SUBSCRIBE. If you would like to be removed from our mailing list, please reply to this e-mail message with a subject line of REMOVE. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how can I run samba in Startup?
On Sun, 2005-02-06 at 09:16 -0500, Jeff wrote: [EMAIL PROTECTED] wrote: How can I put Samba to start in the FC3 boot? You'll need to determine which runlevel you're you boot into, which can be seen in /etc/inittab in a line that looks like `id:3:initdefault:`. The 3 means the system boots into runlevel 3. So in /etc/rc3.d create the symbolic links to your smb script that you used to start samba ln -s /path/to/smb K01samba ln -s /path/to/smb S98samba the K is for the shutdown the S is for the startup The numbers after are the order in they are executed. An ls -l in the rc3.d directory will show already installed scripts looking like S90crond - ../init.d/crond all redhat systems employ chkconfig to handle this. It's simple and much more understandable for users. The above might be effective for Slackware or other BSD type systems. chkconfig smb on #turns samba on at boot in runlevels 2,3,4 5 Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'ldap passwd sync' not working
Adam Tauno Williams: [...] My guess: the behaviour of 3.0.11 is more correct, and something is clearly wrong with your DSA - the client cannot read the rootDSE. Possibly you've got an ACL doing something you don't intend; it doesn't look like a Samba problem. The rootDSE is used to determine features supported by the DSA, included the password-modify extended operation. Me too. I've just (couple of weeks) been playing with and implementing Samba (3.0.7 and 3.0.9). High school has to integrate a Windows 2000/collection into an already established Linux network, on the basis of OL 2.2.17. What's surprised me, is the utter correlation between what happens and the Samba crew documentation. However, the only LDAP documentation that I've found is the CTI, University of Navarra stuff, and whilst helpful, this is directly misleading in many cases and following it blindly can lead to misconfigured systems (in general, most HOWTOs suck, if one follows them literally). In fact, the ldapsam backend is phantastik; if correctly configured it can do nothing wrong and the pdbedit (always use rather than smbpasswd) is an eye-opener. Bottom line is, that to run the ldapsam backend with Samba, one has to be an (open)LDAP guru, long before one tries to run ldapsam. To which extent kalamazoo helped me, as I've told you before, no end. Keep posting the links to the unwashed ;) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] using printer on linux from windows
tj: [...] Which version of Samba are you using? 3.0.9 Red Hat. Also, how is a Linux user setup to allow samba logins and how to specify that on the Windows XP machine? I don't understand the question. Just follow the docs. I use an ldapsam tdb backend. When the Windows machine joins the domain as a trusted computer (in which all the Samba domain Unix users have already been taken up into the windows hierarchy, with pdbedit or smbpasswd), they will automatically be able to log on to the Windows machine, unless they are deliberately excluded in the domain policy (i.e. they may only log on from certain workstations(. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] password ldap clarification requested...
Dear list, I would like to know if the following statements are true, just to make sure that my understanding of passwords/ldap stuff is correct... Vampireing passwords from an nt4 pdc only populates the ldap server with windows passwords, and not the (linux) userPassword. Authenticating linux logons against this ldap server is therefore only possible using winbind. 'Normal' ldap enabled software can NOT authenticate against this ldap, because they expect a userPassword, and by simply vampireing this password is left blank. The ldap passwd sync = yes smb.conf option makes sure that when updating the 'windows' password (via idealx scripts, for example) the (linux) userPassword get's updated as well. So: suppose I migrate our domain to samba, and on the first samba day, I set all accounts to 'required to change password upon first login' I would end up having new passwords for everybody, both for windows and linux. And all normal ldap enabled software would then be able to use that ldap directory to authenticate to. Are these assumptions correct? Thanks very much for feedback. Yours, Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble with virtual server configuration
Greetings, I've been trying to use Samba in a virtual server configuration on one of my linux boxes and am running into trouble. My intention is to get a single samba server to act as 3 seperate servers (netbios names 'Audio', 'Video', 'Pictures') so that later they can be migrated to different machines with little effort. In reading the docs, lists, and available books I've come to configure it in the following way: linux server /etc/samba/smb.conf: #Global parameters [global] workgroup = mshome netbios aliases = audio video pictures security = share server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 encrypt passwords = yes # disable printer and faxes disable spoolss = yes # include shares from actual NETBIOS name include = /etc/samba/%L.conf /etc/samba/video.conf: [Video] comment = Video browseable = yes path = /data/Video force user = nobody force group = nobody read only = No guest ok = Yes /etc/conf/audio.conf [Audio] comment = Audio browseable = yes path = /data/Audio force user = nobody force group = nobody read only = No guest ok = Yes /etc/conf/pictures.conf [Pictures] comment = Pictures browseable = yes path = /data/Pictures force user = nobody force group = nobody read only = No guest ok = Yes The trouble I'm having is that eventually each virtual server shows the shares from all the others. When I first startup samba on the server and connect to the servers 'audio', 'video', 'pictures' from a WinXP system all is well (each server only shows its single share). Then after a short period of time (minutes?) each of those servers shows all three shares (Audio, Video, Pictures). Any ideas what is going on or how I can fix this? Thanks, Tim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password ldap clarification requested...
I would like to know if the following statements are true, just to make sure that my understanding of passwords/ldap stuff is correct... Vampireing passwords from an nt4 pdc only populates the ldap server with windows passwords, and not the (linux) userPassword. Yes. Authenticating linux logons against this ldap server is therefore only possible using winbind. Not entirely true. 'Normal' ldap enabled software can NOT authenticate against this ldap, because they expect a userPassword, and by simply vampireing this password is left blank. Yes, but recent OpenLDAP servers support authenticating binds against a LANMAN hash. The ldap passwd sync = yes smb.conf option makes sure that when updating the 'windows' password (via idealx scripts, for example) the (linux) userPassword get's updated as well. Yep, via password-modify extended operation. So: suppose I migrate our domain to samba, and on the first samba day, I set all accounts to 'required to change password upon first login' I would end up having new passwords for everybody, both for windows and linux. Yes. And all normal ldap enabled software would then be able to use that ldap directory to authenticate to. Yes. Are these assumptions correct? Thanks very much for feedback. More or less. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password ldap clarification requested...
Adam Tauno Williams rta: I would like to know if the following statements are true, just to make sure that my understanding of passwords/ldap stuff is correct... Vampireing passwords from an nt4 pdc only populates the ldap server with windows passwords, and not the (linux) userPassword. Yes. Authenticating linux logons against this ldap server is therefore only possible using winbind. Not entirely true. 'Normal' ldap enabled software can NOT authenticate against this ldap, because they expect a userPassword, and by simply vampireing this password is left blank. Yes, but recent OpenLDAP servers support authenticating binds against a LANMAN hash. And what could be more inetresting, you could have a Heimdal Kerberos authenticating against the NT hash, see https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap for the details The ldap passwd sync = yes smb.conf option makes sure that when updating the 'windows' password (via idealx scripts, for example) the (linux) userPassword get's updated as well. Yep, via password-modify extended operation. So: suppose I migrate our domain to samba, and on the first samba day, I set all accounts to 'required to change password upon first login' I would end up having new passwords for everybody, both for windows and linux. Yes. And all normal ldap enabled software would then be able to use that ldap directory to authenticate to. Yes. Are these assumptions correct? Thanks very much for feedback. More or less. Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'ldap passwd sync' not working
On Sunday 06 February 2005 09:55, Tony Earnshaw wrote: Adam Tauno Williams: [...] My guess: the behaviour of 3.0.11 is more correct, and something is clearly wrong with your DSA - the client cannot read the rootDSE. Possibly you've got an ACL doing something you don't intend; it doesn't look like a Samba problem. The rootDSE is used to determine features supported by the DSA, included the password-modify extended operation. Me too. I've just (couple of weeks) been playing with and implementing Samba (3.0.7 and 3.0.9). High school has to integrate a Windows 2000/collection into an already established Linux network, on the basis of OL 2.2.17. What's surprised me, is the utter correlation between what happens and the Samba crew documentation. However, the only LDAP documentation that I've found is the CTI, University of Navarra stuff, and whilst helpful, this is directly misleading in many cases and following it blindly can lead to misconfigured systems (in general, most HOWTOs suck, if one follows them literally). The Samba-HOWTO-Collection is literally intended to be correct and capable of being followed literally! Please document what sucks and help us to improve our documentation. I encourage you to file a bug report with details of what needs to be fixed. You can file a bug report on https://bugzilla.samba.org - John T. In fact, the ldapsam backend is phantastik; if correctly configured it can do nothing wrong and the pdbedit (always use rather than smbpasswd) is an eye-opener. Bottom line is, that to run the ldapsam backend with Samba, one has to be an (open)LDAP guru, long before one tries to run ldapsam. To which extent kalamazoo helped me, as I've told you before, no end. Keep posting the links to the unwashed ;) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining Windows machine to domain managed by Samba PDC
Hi, I am running into a problem that seems to occur to a lot of people, but I haven't yet worked out what the solution is. I have Samba version 3.0.3 installed in a Linux box (let's call it linuxserver) and I want it to run a Windows domain so that I can manage machines and users. I have a Windows box (call it windowsclient, running Windows 2003 Server) that I'd like to join to the domain (call the domain mydomain). 1. I have the following relevant parameters (among lots of others) set in my smb.conf file: workgroup = mydomain netbios name = linuxserver local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes wins support = yes 2. I have added the windowsclient machine to Samba using a command along the lines of: useradd -g machines windowsclient$ 3. From the windowsclient machine, I can browse directories on the linux server as I would expect. However, this is what happens when I try to join the windowsclient to mydomain: a. I right click on the My Computer icon. b. Select Properties. c. Click the Compter Name tab. d. Click Change. e. Click the Domain radio button. f. Enter mydomain in the Domain field and click OK. An error message is displayed along these lines: A domain controller for the mydomain domain could not be contacted. The more detailed error message says: The error was: DNS name does not exist. (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.MYDOMAIN Common causes of this error include the following:... My impression is that a lot of people hit this problem, but after reading FAQs and googling, I don't understand what the solution: I think I don't have a good conceptual map of what needs to be fixed. I have tried to follow suggestions such as to fix various settings such as WINS and DNS, but to no avail. Can someone give me a step-by-step approach to fixing this? Thanks in advance for your understanding... Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining Windows machine to domain managed by Samba PDC
Hi, I am running into a problem that seems to occur to a lot of people, but I haven't yet worked out what the solution is. I have Samba version 3.0.3 installed in a Linux box (let's call it linuxserver) and I want it to run a Windows domain so that I can manage machines and users. I have a Windows box (call it windowsclient, running Windows 2003 Server) that I'd like to join to the domain (call the domain mydomain). 1. I have the following relevant parameters (among lots of others) set in my smb.conf file on linuxserver: workgroup = mydomain netbios name = linuxserver local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes wins support = yes 2. I have added the windowsclient machine to Samba using a command along the lines of: useradd -g machines windowsclient$ 3. From the windowsclient machine, I can browse directories on the linux server as I would expect. However, this is what happens when I try to join the windowsclient to mydomain: a. I right click on the My Computer icon. b. Select Properties. c. Click the Computer Name tab. d. Click Change. e. Click the Domain radio button. f. Enter mydomain in the Domain field and click OK. An error message is displayed along these lines: A domain controller for the mydomain domain could not be contacted. The more detailed error message says: The error was: DNS name does not exist. (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.MYDOMAIN Common causes of this error include the following:... My impression is that a lot of people hit this problem, but after reading FAQs and googling, I don't understand what the solution is: I think I don't have a good conceptual map of what needs to be fixed. I have tried to follow suggestions such as to fix various settings such as WINS and DNS, but to no avail. Can someone give me a step-by-step approach to fixing this? Thanks in advance for your understanding... Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cann't get cups printrers visible to windows XP
I am having an awful time getting a cups printer on a linux system visible to windows XP. I have the printer, a brother hl1440 laser, working on Linux cups,named 1440. I then created another printer on it called raw-1440 and specified raw driver so teh Windows XP driver would be used. Here is my smb.conf entries: load printers = yes printcap name = cups printing = cups [printers] comment = All Printers path = /var/spool/samba browseable = yes public = yes guest ok = yes writable = no printable = yes and then I restart samba. I then go to the windows system and to install network printer and browse for printer. The workgroup and the samba running Linux system are listed but no printers. Where the hell is my printer? the samba user guide states: The printer drivers on the Windows clients may be installed in two functionally different ways: * Manually install the drivers locally on each client, one by one; this yields the old /LanMan/ style printing and uses a \\sambaserver\printershare type of connection. * Deposit and prepare the drivers (for later download) on the print server (Samba); this enables the clients to use /Point'n'Print/ to get drivers semi-automatically installed the first time they access the printer; with this method NT/200x/XP clients use the /SPOOLSS/MS-RPC/ type printing calls. The second method is recommended for use over the first. I am trying to use the first and have no freaking idea what the old lanman style is. Once again, linux documentation that assumes you already know everything. So, how do I get the samba printer seen by Windows? tj -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] We need help with a bug....smbldap-installer script (long)
Hi all! First of allif you haven't heard of the smbldap-installer scriptallow me to introduce it to you. Here's the latest announcement that Matt Oquist posted to the K12OS list (Matt and I are working on this togetherhe's the scripter and I'm the tester/documenter) First the announcement and then read on below to see what we need help withand some questions I have. ## Version 1.2-beta of the smbldap-installer script is available at http://majen.net/smbldap-installer-1.2-beta.tgz This version has been updated to include shell and home fields in the input to smbldap-useradd bulk. This means that you can use userinfo.start and 'make' to create users just as you could previously, but if you wish you can also manipulate the input for smbldap-useradd-bulk yourself. For example, you could use create-usernames to create your usernames, and then use a spreadsheet (or whatever else) to add customized home directories and/or shells. Then you could give that input to smbldap-useradd-bulk to create your users on the system. Both create-usernames and smbldap-useradd-bulk have inline documentation: $ create-usernames --help $ smbldap-useradd-bulk --help And, as always, you can look in the Makefile to see how it's using the two scripts. This is a beta version because: 1. the roving profiles problem we've been discussing is not solved 2. the included Samba-LDAP_smbldap-installer document is not updated to reflect the changes to smbldap-useradd-bulk 3. it has not undergone full testing Please let me know if these changes are the right changes, and of course let me know about all the bugs you find. :) --matt # Oknow for the issues we know about. First, the script right now is written to only work with Fedora Core 3 or K12LTSP 4.2 (we had to start somewhere...if you'd like to alter or repackage for another distroPLEASE do and share with us). Noweverything works in my test environment and in others...we can add usersLinux users can authenticateWindows users can authenticate.we can join Windows machines to the domain...BUT we're haveing a problem with roaming profiles. The login goes fine so we know the authentication takes placebut then Windows gives an error that it doesn't have permission to access the profiles directory and as a result is using a TEMP directory which will (and indeed does) disappear once the user logs off. We could use some help finding out why this is happening. (We'd like to have it fixed in time for Linux World in Boston next week) We are using the latest version of smbldap-tools in this script (0.86 I believe) Now for some questions There appear to be some issues with the Administrator user this time around (I have a perfectly working Samba/LDAP server in production at my school running version 0.84 of smbldap-tools and version 3.0.7-2 of Samba) and I noticed that John T. had mentioned that smbldap-populate should be run differently (See below) # Get rid of the Administrator account. Use the root account instead. You have ambiguous names that can NOT unambiguously resolve to one identity. ie: Is uid=0 root or is it Administrator? Does uid=0 map to the Administrator SID or to some other SID? Also, use: net rpc join -S 'PDC_Name' -Uroot%secret PS: It is best to populate your LDAP directory using: smbldap-populate -a root, not just the default which creates an Administrator account. - John T. If I do it this way do I join machines to the domain using root as opposed to administrator? And when I run smbpasswd -w secretpassword will that set it for root? SecondlyI noticed this when I run getent passwd on my current functioning Samba/LDAP server (production box...pre smbldap-installer) I get ... Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false Where as on a machine I just set up with smbldap-installerI get... Administrator:x:0:512:Netbios Domain Administrator:/home/Administrator:/bin/false Note the difference in home. Are you guys seeing this? I'm having issue running programs like gedit as it wants to write to /home/Administrator, but it isn't there. I wonder if this is contributing? Anyway...I could really use some help trying to debug this situationnot only for me, but for all of us. Plus I'm supposed to be teaching a class about it in 2 weeks(hence the panicking)I tested everything except roaming profiles and never would have even thought to check if it hadn't been for Jim K. I have a functioning Samba/LDAP server already thus I hadn't needed to try it, but I do need to fix this as I run Windows roaming profiles and will need it to work when I upgrade this summer. Arrrgghhh! Any help gratefully appreciatedIf you go to Linux World I'll buy you a beer. :-) David N. Trask Technology Teacher/Coordinator Vassalboro Community School [EMAIL
RE: [Samba] We need help with a bug....smbldap-installer script (long)
Can you send a copy of your smb.conf file? Have you checked the permissions on the profiles directory you've created? If I'm not mistaken the directory permissions should be 1777. What is net groupmap list reporting? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Trask Sent: Monday, 7 February 2005 12:43 PM To: samba@lists.samba.org Subject: [Samba] We need help with a bugsmbldap-installer script (long) Hi all! First of allif you haven't heard of the smbldap-installer scriptallow me to introduce it to you. Here's the latest announcement that Matt Oquist posted to the K12OS list (Matt and I are working on this togetherhe's the scripter and I'm the tester/documenter) First the announcement and then read on below to see what we need help withand some questions I have. ## Version 1.2-beta of the smbldap-installer script is available at http://majen.net/smbldap-installer-1.2-beta.tgz This version has been updated to include shell and home fields in the input to smbldap-useradd bulk. This means that you can use userinfo.start and 'make' to create users just as you could previously, but if you wish you can also manipulate the input for smbldap-useradd-bulk yourself. For example, you could use create-usernames to create your usernames, and then use a spreadsheet (or whatever else) to add customized home directories and/or shells. Then you could give that input to smbldap-useradd-bulk to create your users on the system. Both create-usernames and smbldap-useradd-bulk have inline documentation: $ create-usernames --help $ smbldap-useradd-bulk --help And, as always, you can look in the Makefile to see how it's using the two scripts. This is a beta version because: 1. the roving profiles problem we've been discussing is not solved 2. the included Samba-LDAP_smbldap-installer document is not updated to reflect the changes to smbldap-useradd-bulk 3. it has not undergone full testing Please let me know if these changes are the right changes, and of course let me know about all the bugs you find. :) --matt # Oknow for the issues we know about. First, the script right now is written to only work with Fedora Core 3 or K12LTSP 4.2 (we had to start somewhere...if you'd like to alter or repackage for another distroPLEASE do and share with us). Noweverything works in my test environment and in others...we can add usersLinux users can authenticateWindows users can authenticate.we can join Windows machines to the domain...BUT we're haveing a problem with roaming profiles. The login goes fine so we know the authentication takes placebut then Windows gives an error that it doesn't have permission to access the profiles directory and as a result is using a TEMP directory which will (and indeed does) disappear once the user logs off. We could use some help finding out why this is happening. (We'd like to have it fixed in time for Linux World in Boston next week) We are using the latest version of smbldap-tools in this script (0.86 I believe) Now for some questions There appear to be some issues with the Administrator user this time around (I have a perfectly working Samba/LDAP server in production at my school running version 0.84 of smbldap-tools and version 3.0.7-2 of Samba) and I noticed that John T. had mentioned that smbldap-populate should be run differently (See below) # Get rid of the Administrator account. Use the root account instead. You have ambiguous names that can NOT unambiguously resolve to one identity. ie: Is uid=0 root or is it Administrator? Does uid=0 map to the Administrator SID or to some other SID? Also, use: net rpc join -S 'PDC_Name' -Uroot%secret PS: It is best to populate your LDAP directory using: smbldap-populate -a root, not just the default which creates an Administrator account. - John T. If I do it this way do I join machines to the domain using root as opposed to administrator? And when I run smbpasswd -w secretpassword will that set it for root? SecondlyI noticed this when I run getent passwd on my current functioning Samba/LDAP server (production box...pre smbldap-installer) I get ... Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false Where as on a machine I just set up with smbldap-installerI get... Administrator:x:0:512:Netbios Domain Administrator:/home/Administrator:/bin/false Note the difference in home. Are you guys seeing this? I'm having issue running programs like gedit as it wants to write to /home/Administrator, but it isn't there. I wonder if this is contributing? Anyway...I could really use some help trying to debug this situationnot only for me, but for all of us. Plus I'm supposed to be teaching a class about it in 2 weeks(hence
Re: [Samba] We need help with a bug....smbldap-installer script (long)
Steve Simeonidis [EMAIL PROTECTED] on Sunday, February 6, 2005 at 8:59 PM + wrote: Can you send a copy of your smb.conf file? If you download the script you can see a copy of the smb.conf file in the templates directoryonly thing missing are the variables that are entered into the scriptthings like netbios name...domain name etc. Have you checked the permissions on the profiles directory you've created? If I'm not mistaken the directory permissions should be 1777. It's 1777 What is net groupmap list reporting? I'll have to let you know tomorrow afternoon once I get my next test going.although I'll forward/cc this to Matt to see if he has anything Thanks David N. Trask Technology Teacher/Coordinator Vassalboro Community School [EMAIL PROTECTED] (207)923-3100 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with Trusted Domains
The company I work for is split across two sites, each site has its own domain. The local end is a Samba server (DomA) with about 50 users, the remote end is NT4(DomB) with about 150 active users (400+ usernames in userlist). The two sites are connected over a VPN (Internally DomA=172.16.1.0/24, DomB=10.1.0.0/16) and the two domains trust each other. Users from either site regularly visit, and work from, the other site. When a DomA user logs in from either site, he gets the login script and profile from DomA. However, when a user from DomB logs in from the DomA site, he does not get a login script or a profile from DomB (or DomA). From the DomB site, everything works as expected. The Samba server was initially setup using 3.0.4 but the problem is still present with 3.0.11. I believe that the trusts are working properly - 'wbinfo -t' returns OK, and all authentication appears to be working. 'getent passwd/group' show all users/groups on both domains. However, I am also having problems with setfacl/getfacl when using Samba 3.0.6 or greater. With 3.0.5, there are no problems, but as soon as winbindd 3.0.6 is installed, some of the usernames from DomB are not recognised e.g. with 3.0.5, 'setfacl -m u:DomB+someuser:r-x somefile' succeeds, and 'getfacl somefile' includes 'user:DomB+someuser:r-x' in the ACL. with 3.0.6, the same setfacl command returns an error and getfacl returns 'user:10424:r-x' and 'user:DomB+anotheruser:r-x' (where idmap uids are 1-2). Is there a reason why the scripts/profiles are not being read back? Why would some DomB users not work with setfacl/getfacl when winbindd is updated to 3.0.6 or above? Has anyone else had the same problems? Samba server setup is as follows: OS: SuSE 9.0 (no updates) Samba: Updated/Compiled from sources, set as WINS server Using LDAP and IdealX 0.8.4 (? I think) scripts. Clients are Win2K and XP boxes (with varying SP levels). I'll generate some logs when I get into work and post them later. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about %a macro - Documentation bug.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I know that %a is for architecture. Either Samba, Windows XP, Windows 2K, Windows For Workgroups or Windows 95. I also know that %a will return WinXP when the client architecture is Windows XP. I know this because all of my current boxes are XP Pro boxes and testing it is pretty easy if you have a box of that type available. Problem is that I need to work on a backup plan for all architectures but I don't know what exactly the system will use for architectures other than WinXP. So... Will it be Win2000 or Win2K? What about Windows for Workgroups? Will it be WFW or Win3.11? Samba or smb? Etc. etc. Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCBuCf57L0B7uXm9oRAp3+AJ0VBUj8zInpTsOaXZ+gAmaDNh9EZQCfVPjz ELENWe9bvRahT2/y6ZLzaC4= =V+nI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] We need help with a bug....smbldap-installer script (long)
Craig White [EMAIL PROTECTED] on Sunday, February 6, 2005 at 9:57 PM + wrote: I admire your efforts but would caution you... - doesn't make much sense to start programming a solution in which you don't have the map in front of you - i.e. a complete how-to, run through each step manually and you could even grab everything you did from the 'history' command The how-to is included in the package as documentation and is on the web at http://web.vcs.u52.k12.me.us/linux/smbldap - the concept is interesting in that it attempts to promote the 'lesser skilled' into an actual working environment but of course, they won't be able to maintain it. Why not? Many folks on the K12OS list have been doing so for a couple years now since my first how-to. I've been using it for two years now and I'm not nearly as skilled as you think. - if I had any quantity of users, I am sure I wouldn't use /home as base and thus would be editing /etc/default/useradd and adjust entries in my DSA accordingly What do you consider a quantity? I have 600 users and use /homeI'm not sure where you're going with this...what's wrong with /home? I use my Samba/LDAP server for K12LTSP, Windows XP network, and Win 2003 Terminal server networkworks fine. Although I will say that the newest version of the smbldap-useradd-bulk script allows folks to get more specific about the location of home dirs. For example: Mrs. Jones class can be located in /home/mrsjones/username Alsodon't confuse Matt's annoucement about the useradd script as being what smbldap-installer is all about. The smbldap-useradd-bulk script is and add-on in addition to smbldap-installer (which sets up the server). - there are so many other files that are involved / impacted by your scenario besides the obvious smbldap_conf.pm (or whatever it is called these days...I'm still on an older version). Files such as /etc/ldap.conf, /etc/nsswitch.conf, slapd.conf and I presume that you are going to have people hand edit them and they will pull their hair out. Nothe script fills in the values for you and copies the conf files to the correct locations. That's precisely what we're trying avoid. Run the script...answer the prompts...and voila! You have a working Samba/LDAP server. We'll even take care of the exporting of /home for you if you want. It's one of the prompts. And yesthe primary audience is not the uber-geek, but rather the common IT guy employed by a school or a small to mid-sized company. - I am firmly of the opinion that no one should be running LDAP if they can't easily use tools such as ldapmodify and ldapsearch - they can't troubleshoot. There is no shortcut on knowledge on this one. I agree to some extent, but also feel that even newbies can use LDAP in a low-mission-critical environment especially if they back up data. I had a Samba/LDAP server problem earlier this fall, but since I back up the /home dirs to another serverI was able to easily rebuild the serverplug the users back incopy /home back overrerun the user creation script I use to fix permissions and away we went without skipping a beat. - You're looking at everything in a vacuum, it's likely people are going to want their server to do things other than be a samba server. Integration with openldap - well if they don't understand it, it's going to present a real challenge. I hear you, but what we're finding is that 90% of the people who asked for and are using this script (it's been out for about three weeks)are folks like methose who want to provide centralized authentication for a mixed Linux, Windows, OS X network. Mail is sometimes figured in, but often not. - I can see the need for the type of thing you are trying to do but I think it has to almost be a distro in and of itself. Probably should have a perl program that is web accessible where it writes ALL of the config files out and not just populate the DSA. By all, I mean openldap, samba, bind, dhcp padl's nsswitch ldap.conf, obviously the smbldap_conf files and of course, this is pretty much a one shot deal. The script does write out the configs. Most of the conf files are in the templates directorythe script prompts for things like domain names, passwords, etc. And then writes the configs. It also backs up your current configs. It doesn't do dhcp as that is done when you set up the server. Thanks, but I hope folks will still help us try to get over the roaming profiles issue. Baby stepslet's start with this script and grow from there. Craig David N. Trask Technology Teacher/Coordinator Vassalboro Community School [EMAIL PROTECTED] (207)923-3100 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] We need help with a bug....smbldap-installer script (long)
Craig White [EMAIL PROTECTED] on Sunday, February 6, 2005 at 11:26 PM + wrote: I'm sure I gave you the answers on the profiles issue You did give me some info and I appreciate thathere's the profiles section of my smb.conf [profiles] path = /opt/samba/profiles writeable = yes browseable = no #create mode = 0644 #directory mode = 0755 # this prevents users from browsing other peoples' profiles create mode = 0600 directory mode = 0700 Note we changed the create mode and directory mode from what was given by the folks from IDEALX in their examplein an effort to secure things. I can see in your example that you did the same. Due to the name of the smbldap_conf.pm file I'm aware that you're using an older version of smbldap-tools. This past summer I migrated from RH 9 using an older version of smbldap-tools and Samba 2 to Fedora Core 2 using Samba 3 and smbldap-tools 0.84 (what I'm using on my production server0.86 is what we use in the script). Things changed dramatically in the newer versions. Name changes...and in the latest versionlocation changes. No longer is smbldap-tools located in /etc/smbldap-toolsnor are the executables located in /usr/local/sbin.they are now in /opt/IDEALX/sbin. Anyway...in version 0.84 there was a bug or feature where in order to get smbldap-populate to work (because of the adding of the Administrator user) you had to go to smbusers and comment out the line with #root = administrator admin Once one did this...everything worked fine. I'm wondering if things have changed with the newer version of smbldap-tools and possibly the later version of samba in FC3 that make this uneccesary and perhaps naughty. My hunch is the profiles issue is a permissions problem...not in the sense that the profiles directory is not 1777 (which it is) but rather something amiss with Administrator. In earlier versions of Samba and smbldap-tools (at least in my case) root was the user that I used to join Windows machines to the domain (entered on the Windows machine)now it is Administratorbut quirky little things are making me wonder if that's not the case anymore. David N. Trask Technology Teacher/Coordinator Vassalboro Community School [EMAIL PROTECTED] (207)923-3100 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.11 - configure can't see ldap.h
So does this mean Samba can't be an AD domain member on a BSD machine? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba openldap client installation howtows
Hi all! Does anyone know a nice howto about different client single sign on setup for samba openldap. I'm intrested in all types of os accept old windows systems. Unix Windows 2000/XP Macintosh classic (not appletalk) if possible. Macintosh OS X Peter Nyberg Institutionen för Biokemi och Biofysik (DBB) Sv.Arrhenius vägen 12 106 91 Stockholm Tel: 08-16 24 69 Mobil: 070 339 24 69 Fax 08 153679 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] privileges in 3.11?
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dmitry Melekhov wrote: | I just checked latest svn with | svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE | samba-SAMBA_3_0_RELEASE | | And I still have the same problem. | | net -S dm -U root rpc rights grant 'TEST\dm' SeMachineAccountPrivilege | Password: | Failed to grant privileges for TEST\dm (NT_STATUS_ACCESS_DENIED) | | log.smb is attached... Can you send me your smb.conf, the output from `id dm`, the output from 'net groupmap list', and the output from 'net getlocalsid'? I found a reason. Problem is that I created tdbsam from smbpasswd using pdbedit. Now I tried to reproduce this and here is pdbedit output: Processing account root tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a primary group RID pdb_getsampwent And then I can't modify or add root account with the same result: tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a primary group RID This problem appears only if groupmap to unixgroup exists: ./net groupmap list Domain Admins (S-1-5-21-2314933419-357499204-1604414191-512) - root If I delete this mapping then I can add root account: Domain Admins (S-1-5-21-1953428550-3027608681-49554636-512) - -1 Unix username:root NT username: Account Flags:[U ] User SID: S-1-5-21-1953428550-3027608681-49554636-1000 Primary Group SID:S-1-5-21-1953428550-3027608681-49554636-1001 Full Name:root Home Directory: \\dm\root HomeDir Drive: Logon Script: Profile Path: \\dm\root\profile Domain: TEST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sun, 07 Feb 2106 10:28:15 GMT Kickoff time: Sun, 07 Feb 2106 10:28:15 GMT Password last set:Mon, 07 Feb 2005 11:25:49 GMT Password can change: Mon, 07 Feb 2005 11:25:49 GMT Password must change: Sun, 07 Feb 2106 10:28:15 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Looks like this problem appears if any groupmapping exists. Then if I add groupmapping all works: [EMAIL PROTECTED] bin]# ./net groupmap modify sid=S-1-5-21-1953428550-3027608681-49554636-512 unixgroup=root Updated mapping entry for Domain Admins [EMAIL PROTECTED] bin]# ./net rpc rights grant 'TEST\dm' SePrintOperatorPrivilege Password: Successfully granted rights. All this is for 3.0.11. Looks like this is problem with tdbsam... I don't know how I created root user in tdbsam before. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r5248 - in branches/SAMBA_4_0/source/include: .
Author: tridge Date: 2005-02-06 08:14:44 + (Sun, 06 Feb 2005) New Revision: 5248 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5248 Log: fixed a silly bug in DLIST_ADD_AFTER() Modified: branches/SAMBA_4_0/source/include/dlinklist.h Changeset: Modified: branches/SAMBA_4_0/source/include/dlinklist.h === --- branches/SAMBA_4_0/source/include/dlinklist.h 2005-02-06 04:34:29 UTC (rev 5247) +++ branches/SAMBA_4_0/source/include/dlinklist.h 2005-02-06 08:14:44 UTC (rev 5248) @@ -81,5 +81,6 @@ p-prev = el; \ p-next = el-next; \ el-next = p; \ + if (p-next) p-next-prev = p; \ }\ } while (0)
svn commit: samba r5249 - in branches/SAMBA_4_0/source/include: .
Author: tridge Date: 2005-02-06 08:16:18 + (Sun, 06 Feb 2005) New Revision: 5249 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5249 Log: don't include ';' in the default list separators for parsing smb.conf. It was rarely (if ever?) used, and poses problems as it is not multi-byte safe for character searches Modified: branches/SAMBA_4_0/source/include/local.h Changeset: Modified: branches/SAMBA_4_0/source/include/local.h === --- branches/SAMBA_4_0/source/include/local.h 2005-02-06 08:14:44 UTC (rev 5248) +++ branches/SAMBA_4_0/source/include/local.h 2005-02-06 08:16:18 UTC (rev 5249) @@ -47,7 +47,7 @@ #define MAX_PASS_LEN 200 /* separators for lists */ -#define LIST_SEP \t,;\n\r +#define LIST_SEP \t,\n\r /* wchar separators for lists */ #define LIST_SEP_W wchar_list_sep
svn commit: samba r5250 - in branches/SAMBA_4_0/source/libcli/nbt: .
Author: tridge Date: 2005-02-06 08:22:18 + (Sun, 06 Feb 2005) New Revision: 5250 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5250 Log: - added low level support for retrying nbt name queries, rather than having the 2nd layer functions do retries themselves. This makes the code simpler, and allows the TRN_ID to be reused in the retry (which is how it is supposed to work). - added support for WACK replies to nbt name requests. A WACK reply specifies a timeout to wait for the real reply. - added WINS name refresh async calls, supporting multiple wins servers and multiple IPs to register Modified: branches/SAMBA_4_0/source/libcli/nbt/libnbt.h branches/SAMBA_4_0/source/libcli/nbt/namequery.c branches/SAMBA_4_0/source/libcli/nbt/namerefresh.c branches/SAMBA_4_0/source/libcli/nbt/nameregister.c branches/SAMBA_4_0/source/libcli/nbt/nbtsocket.c Changeset: Sorry, the patch is too large (584 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5250
svn commit: samba r5251 - in branches/SAMBA_4_0/source/nbt_server: .
Author: tridge Date: 2005-02-06 08:25:53 + (Sun, 06 Feb 2005) New Revision: 5251 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5251 Log: - renamed the nbtd server side structures to have a nbtd_ prefix, to be consistent with the function names - added WINS client support to the NBT server. It will do initial WINS registration, and WINS refresh, automatically failing over to secondary WINS servers and handling multi-homed servers where we need to register multiple IPs. - added support for multi-homed name query replies, which are essential for multi-homed registration as the WINS server will query us to ensure we have the names when doing the secondary IPs in multi-homed registration Added: branches/SAMBA_4_0/source/nbt_server/winsclient.c Modified: branches/SAMBA_4_0/source/nbt_server/config.mk branches/SAMBA_4_0/source/nbt_server/defense.c branches/SAMBA_4_0/source/nbt_server/interfaces.c branches/SAMBA_4_0/source/nbt_server/nbt_server.c branches/SAMBA_4_0/source/nbt_server/nbt_server.h branches/SAMBA_4_0/source/nbt_server/nodestatus.c branches/SAMBA_4_0/source/nbt_server/packet.c branches/SAMBA_4_0/source/nbt_server/query.c branches/SAMBA_4_0/source/nbt_server/register.c branches/SAMBA_4_0/source/nbt_server/winsserver.c Changeset: Sorry, the patch is too large (698 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5251
svn commit: samba r5255 - in trunk/source/nsswitch: .
Author: vlendec Date: 2005-02-06 16:50:54 + (Sun, 06 Feb 2005) New Revision: 5255 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5255 Log: Reformatting, trying to understand this code. Volker Modified: trunk/source/nsswitch/winbindd_sid.c Changeset: Modified: trunk/source/nsswitch/winbindd_sid.c === --- trunk/source/nsswitch/winbindd_sid.c2005-02-06 16:04:54 UTC (rev 5254) +++ trunk/source/nsswitch/winbindd_sid.c2005-02-06 16:50:54 UTC (rev 5255) @@ -194,13 +194,15 @@ state-request.data.sid)); if (!string_to_sid(sid, state-request.data.sid)) { - DEBUG(1, (Could not get convert sid %s from string\n, state-request.data.sid)); + DEBUG(1, (Could not get convert sid %s from string\n, + state-request.data.sid)); return WINBINDD_ERROR; } - /* This gets a little tricky. If we assume that usernames are syncd between - /etc/passwd and the windows domain (such as a member of a Samba domain), - the we need to get the uid from the OS and not alocate one ourselves */ + /* This gets a little tricky. If we assume that usernames are syncd + between /etc/passwd and the windows domain (such as a member of a + Samba domain), the we need to get the uid from the OS and not + alocate one ourselves */ if ( lp_winbind_trusted_domains_only() ) { struct winbindd_domain *domain = NULL; @@ -209,7 +211,8 @@ domain = find_our_domain(); if ( !domain ) { - DEBUG(0,(winbindd_sid_to_uid: can't find my own domain!\n)); + DEBUG(0,(winbindd_sid_to_uid: can't find my own +domain!\n)); return WINBINDD_ERROR; } @@ -223,16 +226,23 @@ enum SID_NAME_USE type; struct passwd *pw = NULL; unid_t id; + NTSTATUS status; + /* ok...here's we know that we are dealing with our own domain (the one to which we are joined). And - we know that there must be a UNIX account for this user. - So we lookup the sid and the call getpwnam().*/ + we know that there must be a UNIX account for this + user. So we lookup the sid and the call + getpwnam().*/ - /* But first check and see if we don't already have a mapping */ - - if ( NT_STATUS_IS_OK(idmap_sid_to_uid(sid, (state-response.data.uid), ID_QUERY_ONLY)) ) + /* But first check and see if we don't already have a +* mapping */ + + status = idmap_sid_to_uid(sid, + (state-response.data.uid), + ID_QUERY_ONLY); + if ( NT_STATUS_IS_OK(status) ) return WINBINDD_OK; /* now fall back to the hard way */ @@ -243,8 +253,10 @@ return WINBINDD_ERROR; if ( !(pw = getpwnam(user)) ) { - DEBUG(0,(winbindd_sid_to_uid: 'winbind trusted domains only' is - set but this user [%s] doesn't exist!\n, user)); + DEBUG(0,(winbindd_sid_to_uid: 'winbind +trusted domains only' is set but +this user [%s] doesn't exist!\n, +user)); return WINBINDD_ERROR; } @@ -311,9 +323,10 @@ return WINBINDD_ERROR; } - /* This gets a little tricky. If we assume that usernames are syncd between - /etc/passwd and the windows domain (such as a member of a Samba domain), - the we need to get the uid from the OS and not alocate one ourselves */ + /* This gets a little tricky. If we assume that usernames are syncd + between /etc/passwd and the windows domain (such as a member of a + Samba domain), the we need to get the uid from the OS and not + alocate one ourselves */ if ( lp_winbind_trusted_domains_only() ) { struct winbindd_domain *domain = NULL; @@ -323,7 +336,8
svn commit: samba r5256 - in branches/SAMBA_4_0/source/libnet: .
Author: mimir Date: 2005-02-06 23:06:27 + (Sun, 06 Feb 2005) New Revision: 5256 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5256 Log: More verbose description of functions (as I learn the code). rafal Modified: branches/SAMBA_4_0/source/libnet/libnet_rpc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_rpc.c === --- branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2005-02-06 16:50:54 UTC (rev 5255) +++ branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2005-02-06 23:06:27 UTC (rev 5256) @@ -22,7 +22,15 @@ #include libcli/nbt/libnbt.h #include libnet/libnet.h -/* find a domain pdc generic */ +/** + * Finds a domain pdc (generic part) + * + * @param ctx initialised libnet context + * @param mem_ctx memory context of this call + * @param r data structure containing necessary parameters and return values + * @return nt status of the call + **/ + static NTSTATUS libnet_find_pdc_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_find_pdc *r) { @@ -51,7 +59,16 @@ return NT_STATUS_OK; } -/* find a domain pdc */ + +/** + * Finds a domain pdc function + * + * @param ctx initialised libnet context + * @param mem_ctx memory context of this call + * @param r data structure containing necessary parameters and return values + * @return nt status of the call + **/ + NTSTATUS libnet_find_pdc(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_find_pdc *r) { switch (r-generic.level) { @@ -62,7 +79,16 @@ return NT_STATUS_INVALID_LEVEL; } -/* connect to a dcerpc interface of a server */ + +/** + * Connects rpc pipe on remote server + * + * @param ctx initialised libnet context + * @param mem_ctx memory context of this call + * @param r data structure containing necessary parameters and return values + * @return nt status of the call + **/ + static NTSTATUS libnet_rpc_connect_standard(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_rpc_connect *r) { NTSTATUS status; @@ -90,7 +116,16 @@ return status; } -/* connect to a dcerpc interface of a time server */ + +/** + * Connects rpc pipe on domain pdc + * + * @param ctx initialised libnet context + * @param mem_ctx memory context of this call + * @param r data structure containing necessary parameters and return values + * @return nt status of the call + **/ + static NTSTATUS libnet_rpc_connect_pdc(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_rpc_connect *r) { NTSTATUS status; @@ -119,7 +154,16 @@ return status; } -/* connect to a dcerpc interface */ + +/** + * Connects to rpc pipe on remote server or pdc + * + * @param ctx initialised libnet context + * @param mem_ctx memory context of this call + * @param r data structure containing necessary parameters and return values + * @return nt status of the call + **/ + NTSTATUS libnet_rpc_connect(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_rpc_connect *r) { switch (r-standard.level) {
Build status as of Mon Feb 7 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-02-06 00:00:22.0 + +++ /home/build/master/cache/broken_results.txt 2005-02-07 00:00:05.0 + @@ -1,15 +1,15 @@ -Build status as of Sun Feb 6 00:00:02 2005 +Build status as of Mon Feb 7 00:00:01 2005 Build counts: Tree Total Broken Panic -ccache 36 6 0 -distcc 36 5 0 -ppp 19 4 0 -rsync35 5 0 +ccache 37 6 0 +distcc 37 5 0 +ppp 20 4 0 +rsync36 5 0 samba1 1 1 samba-docs 0 0 0 -samba4 38 14 0 -samba_3_035 11 1 +samba4 40 14 0 +samba_3_037 11 1 Currently broken builds: Host Tree Compiler Status @@ -17,22 +17,23 @@ cyberone samba4 gccok/ 2/?/? cyberone samba_3_0gcc 1/?/?/? fusberta samba4 gccok/ 2/?/? -samba-s390 samba4 gccok/ 2/?/? +rhonwynsamba4 gcc-4.0ok/ 2/?/? +rhonwynsamba_3_0gcc-4.0ok/ 2/?/? quango ccache gcc 137/?/?/? quango distcc gcc 137/?/?/? quango ppp gccok/ 2/?/? gc8samba4 gccok/ 1/?/? aretnapccache iccok/ok/ok/ 1 aretnapsamba4 iccok/ 1/?/? -gc4samba4 gcc 127/?/?/? +gc4samba4 gccok/ 1/?/? sbfrsyncgcc 1/?/?/? sbfsamba4 gccok/ 1/?/? sbfsamba_3_0gccok/ 1/?/? smartserv1 ccache gcc-4.0 77/?/?/? smartserv1 distcc gcc-4.0 77/?/?/? smartserv1 rsyncgcc-4.0 77/?/?/? -smartserv1 samba4 gcc-4.0ok/ 1/?/? -smartserv1 samba_3_0gcc-4.0ok/ok/ok/ 2 +smartserv1 samba4 gcc-4.0 77/?/?/? +smartserv1 samba_3_0gcc-4.0 77/?/?/? gwen distcc cc ok/ 1/?/? gwen samba4 cc ok/ 1/?/? gwen samba_3_0cc ok/ok/ok/ 4 @@ -46,7 +47,6 @@ sol10 samba4 gccok/ 1/?/? sun1 samba4 cc ok/ 2/?/? sun1 samba_3_0cc ok/ 2/?/? -sun1 samba_3_0gccok/ok/ok/ 2 Isis ccache cc 77/?/?/? Isis distcc cc 77/?/?/? Isis rsynccc 77/?/?/? @@ -56,7 +56,7 @@ m30ccache gccok/ok/ok/ 2 m30rsyncgccok/ok/ok/ 2 m30samba4 gccok/ 2/?/? -m30samba_3_0gccok/ok/ok/ 1 +m30samba_3_0gcc?/?/?/ 1 metze02sambagccok/ok/ok/ 1/PANIC opippp gccok/ 2/?/?