[Samba] Listing Domain Local Groups from a Samba Member (NT4 PDC)
Good Morning to all, Sorry if this is spam to some of you, not sure if this is more technical or not... Considering i have been fighting for a week now on this trying all possible checks and configs out there on the net, i thought i better come to the experts. ;o) My last resort is to upgrade to latest samba ver which might help but i think the bug was not fixed in this version not sure.. :o\ I have Ubuntu version 10.04 Samba ver 3.0.28a-1ubuntu4.12 Here is the Bug/problem: I am unable to list Domain Local Groups but Domain Global Groups are fine in winbind. I would like to know winbind is working with Local Groups first before configuring apache to authenticate to a local group and the rest... I have configured a Samba Member server (Nagios) to talk to a NT Domain PDC. Here is my Samba cfg. r...@wfmmon-gbl:/downloads# testparm -s Load smb config files from /etc/samba/smb.conf Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER [global] workgroup = NAMEOFDOMAIN server string = %h server (Samba, Ubuntu) security = DOMAIN map to guest = Bad User obey pam restrictions = Yes password server = PDCSVR BDCSVR2 BDCSVR3_CF BDCSVR4 BDCSVR5_cf passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast unix extensions = No printcap name = cups disable spoolss = Yes preferred master = No local master = No domain master = No wins server = 192.168.0.0.1 #( not the real ip) usershare allow guests = Yes usershare max shares = 10 panic action = /usr/share/samba/panic-action %d idmap uid = 1000-20 idmap gid = 1000-20 template shell = /bin/bash winbind separator = + winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes invalid users = root wide links = No r...@wfmmon-gbl:/downloads# Domain Local group NAGMONGBL Domain Global group Domain Users Example: I am able to do r...@wfmmon-gbl:/downloads# wbinfo --group-info=Domain Users domain users:x:10004 r...@wfmmon-gbl:/downloads# But NOT r...@wfmmon-gbl:/downloads# wbinfo --group-info=NAGMONGBL Could not get info for group NAGMONGBL r...@wfmmon-gbl:/downloads# Checking error logs reveals r...@wfmmon-gbl:/downloads# tail -25 /var/log/samba/log.winbindd [2010/06/30 07:15:55, 1] nsswitch/winbindd_group.c:fill_grent_mem(365) could not lookup membership for group sid SIDNUMBER in domain NAMEOFDOMAIN (error: NT_STATUS_NO_SUCH_GROUP) I am able to resolve the sid to name r...@wfmmon-gbl:/downloads# wbinfo --sid-to-name=SIDNUMBER NAMEOFDOMAIN+nagmongbl 4 Additional stuff i tried with group mapping i get the same error as above with (wbinfo --group-info=NAGMONGBL): nagmongbl is our local group.. BUILTIN+users is also a local group but works :o\ r...@wfmmon-gbl:/downloads# net groupmap list nagmongbl (S-1-5-21-1420701450-S-I-D-Number) - nagmonglb Administrators (S-1-5-32-544) - BUILTIN+administrators Users (S-1-5-32-545) - BUILTIN+users r...@wfmmon-gbl:/downloads# getent group nagmonglb nagmonglb:x:10770: r...@wfmmon-gbl:/downloads# getent group nagmongbl r...@wfmmon-gbl:/downloads# r...@wfmmon-gbl:/downloads# getent group BUILTIN+users BUILTIN+users:x:10001:administrator,iusr_svr_cf,svr$,svr3$,iwam_svvr_cf,iusr_srv_cf,iwam_svr342_cf,wfmmon-gbl$ r...@wfmmon-gbl:/downloads# If it comes down to Samba version : Considering Samba upgrades what would be the best approach? to remove or install over the top of existing installation? Thanks in advance for any input, help, direction that can be provided here. Regards Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3 ldap tools
These connections that give error are stablished with the ldap system libs, not with smbldap-tools (that use perl), so you have to configure your system to use your certificates (etc/{ldap,openldap}/ldap.conf). regards. 2010/6/30 Indexer inde...@internode.on.net I am currently trying to setup my Samba server to act as a samba PDC, with ldap as a backend. I have a selfsigned CA, that has signed the certificates to my ldap server. Starting my smbd, i keep getting the message smb_ldap_setup_connection: ldap://ldap.streetgeek.lan/ Failed to issue the StartTLS instruction: Connect error Connection to LDAP server failed for the 1 try! smbldap_open: already connected to the LDAP server Failed search for base: dc=dev,dc=gamersalliance,dc=net,dc=au, error: -1 (Can't contact LDAP server) (error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)) I have set in smbldap-tools.conf to verify=allow, as well as in ldap.conf to TLS_REQCERT = allow, so i dont understand why this is happening. All of my systems are pointed to the same cacert file so i doubt that it is confusing certificates. Are there any other options i should be considering? Thanks William -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
On 06/30/10 02:17, Linda W wrote: So my final question: If I would help making a Samba-Forum, would there be anybody here who would appreciate and would like to use it? Thanks, but no, thanks. I totally agree with Linda. You'll only split up a group of people in two, so any chance of getting any help will be halfed unless you post on both the ml and the forum (and follow both). bye av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
Pedro Rafael Alves Simoes wrote: I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. Could someone give me some lights in how I can circumvent this problem? Would quota's help? Limit their space in their profiles and they'll manage the problem ? Folder redirection, as someone else mentioned -- put their desktop in drive H:\share. Might be able to CSC (ClientSideCaching) to speed up access to their desktop and such... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] xls file locked for editing by unknown user
Dave Coventry wrote: Hi Moray, thanks for the assistance! On 29 June 2010 10:41, Moray Henderson (ICT) moray.hender...@ict.om.org wrote: Which version of Samba? Samba version 3.2.5 Does smbstatus(1) list the file as being locked? If so, it should give a pid you can examine. The fuser(1) and lsof(8) commands can track which process has a file open. No. smbstatus returns No locked files If rebooting the server does not clear the lock, there's either a lock file or a cached lock record somewhere. Try /var/lib/samba/locking.tdb. Although it's binary, you can grep(1) it for the filename, or use tdbdump(8) to display the contents. According to http://wiki.samba.org/index.php/Frequently_Asked_Questions#What_are_tdb _fi les.3F, locking.tdb is not required to persist across restarts. I wouldn't try deleting this when Samba is running; even with Samba shut down I would rename it rather than deleting it. There is no file in /var/lib/samba/ called 'locking.tdb' The only files in that directory bearing a date later than 14th Dec 2009 are these three: passdb.tdb registry.tdb wins.dat The current .tdb files must be in a different location on Debian Lenny Samba 3.2.5. /var/cache/samba is another common place. Try testparm -sv | grep directory In Samba 3.4 the state directory and cache directory parameters tell you where to find them. Can't remember now if they were there in 3.2. If not, use smbd -b | less and look for STATEDIR and CACHEDIR in the Samba build options. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password policies in the LDAP server
Well, if this can help anybody, i found a workaround that is not perfect, but works fine. http://lists.fedoraproject.org/pipermail/389-users/2010-June/011685.html Regards. El 28 de junio de 2010 12:40, Juan Asensio Sánchez oke...@gmail.comescribió: Hi We have some Samba servers using LDAP (389 DS) as backend. In the LDAP server, we have defined some policies to make the passwords stronger. When a user tries to change his password (Control-Alt-Del), this message appears in the LOGs: == /var/log/samba/xptest == [2010/06/28 12:26:26, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [1001S] - [1001S] - [1001S] succeeded [2010/06/28 12:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: 1001S [2010/06/28 12:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167) init_group_from_ldap: Entry found for group: 10001 [2010/06/28 12:26:37, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167) init_group_from_ldap: Entry found for group: 10001 [2010/06/28 12:26:38, 2] passdb/pdb_ldap.c:init_ldap_from_sam(972) init_ldap_from_sam: Setting entry for user: 1001S [2010/06/28 12:26:38, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1651) ldapsam_modify_entry: LDAP Password could not be changed for user 1001S: Constraint violation Failed to update password == /var/log/dirsrv/slapd-pruebas/audit == time: 20100628122637 dn: uid=1001s,X changetype: modify delete: sambaLMPassword sambaLMPassword: 0182BD0BDBF836077A718CCDF409 - add: sambaLMPassword sambaLMPassword: 39EAD569B79C7EA2C2265B23734E0DAC - delete: sambaNTPassword sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52 - add: sambaNTPassword sambaNTPassword: 8EC60ADEA316D957D1CF532C5841758D - delete: sambaPwdLastSet sambaPwdLastSet: 1277720109 - add: sambaPwdLastSet sambaPwdLastSet: 1277720798 - replace: modifiersname modifiersname: uid=adminsamba,XXX - replace: modifytimestamp modifytimestamp: 20100628102637Z - So, the Samba passwords are changed, but the unix password is not changed because the LDAP rejects it because it is not as string as required. Is there any way to avoid this? Shouldn't the unix password be changed before the samba passwords to check if the LDAP server accepts it? Regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] xls file locked for editing by unknown user
The current .tdb files must be in a different location on Debian Lenny Samba 3.2.5. /var/cache/samba is another common place. Try testparm -sv | grep directory Or find / -name \*.tdb -print In Samba 3.4 the state directory and cache directory parameters tell you where to find them. Can't remember now if they were there in 3.2. If not, use smbd -b | less and look for STATEDIR and CACHEDIR in the Samba build options. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
Thanks, but no, thanks. I totally agree with Linda. You'll only split up a group of people in two, so any chance of getting any help will be halfed unless you post on both the ml and the forum (and follow both). winehq.org has a mechanism that syncs a mailing list and a forum automatilcally so that any messages sent to 1 go to the other. This limits the forums to 1 single forum and also prevents forum edits but other than that it works fine. I rarely go to the forum since all 20+ of my mailing list subscriptions go to my gmail account which filters each message out to its own folder. In gmail messages are threaded so as long as everyone keeps replying to the same message instead of creating new ones the thread stays together. And finally since gmail has almost 8GB of free storage I do not delete forum posts so I have years of samba posts, winehq posts, mythtv posts, openvz posts ... that I can search. -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can Map shares but cannot write
Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Did you try temporarily commenting out the valid users and write list lines. That should make it writable by default.If you are then able to write it suggests that samba is not correctly matching up the users' groups to the valid users and write list groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any deny ACE's that may be trumping the allow ACE's? In unix, 770 means user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as deny everyone some rights even if they are explicited granted rights as the user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Join W7 pro to samba PDC
Hello everyone, system: Debian squeeze samba 3.4.8 I make a samba PDC like one exist in lenny on my network XP PRO an W2K pro can join to the domain machine and users and users can log in the domain. With W7 PRO, after changing registry key : [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] “DomainCompatibilityMode”=dword:0001 “DNSNameResolutionRequired”=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] “RequireSignOrSeal”=dword: “RequireStrongKey”=dword: and modifies security policies : gpedit.msc Windows prameters / security parameters / locales policies / security options : Secutity network : Sen LM and NTLM - Use NTLM2 security session if negociated Join the pc to the domain WORKS whith a DNS error. But when i want to join the user to the domain ( screen : choice of the type of account) Standard account and i have Can't add the user, trust relation error if annyone had an idea ... thanks -- Guénolé Michel Estar Tel : 02 99 88 69 06 Email : gmic...@estar-system.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
I changed the share to look like this: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 No luck. It is not an NFS/autofs mount, it is local to the linux server. I created a share under the /home/share/students directory called 'test' and made the students group the owner, along with 777 perms: [r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Did you try temporarily commenting out the valid users and write list lines. That should make it writable by default.If you are then able to write it suggests that samba is not correctly matching up the users' groups to the valid users and write list groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any deny ACE's that may be trumping the allow ACE's? In unix, 770 means user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as deny everyone some rights even if they are explicited granted rights as the user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
[r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . The + sign is an ACL. getfacl directory Let's see what that has to say. I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Did you try temporarily commenting out the valid users and write list lines. That should make it writable by default.If you are then able to write it suggests that samba is not correctly matching up the users' groups to the valid users and write list groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any deny ACE's that may be trumping the allow ACE's? In unix, 770 means user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as deny everyone some rights even if they are explicited granted rights as the user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
[r...@vm-stusrv students]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: root # group: domain\040users user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike On Wed, Jun 30, 2010 at 9:20 AM, t...@tms3.com wrote: [r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . The + sign is an ACL. getfacl directory Let's see what that has to say. I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Did you try temporarily commenting out the valid users and write list lines. That should make it writable by default. If you are then able to write it suggests that samba is not correctly matching up the users' groups to the valid users and write list groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any deny ACE's that may be trumping the allow ACE's? In unix, 770 means user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as deny everyone some rights even if they are explicited granted rights as the user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
[r...@vm-stusrv students]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: root # group: domain\040users user::rwx group::rwx group:students:rwx mask::rwx other::rwx Gotta run, but looks ok. However, I do hate having root as an owner of user files and such. It's an unusual problem. For shts and giggles try: chown -R Windows-User(I like group supervisors):Windows Group /home/share/students Mike On Wed, Jun 30, 2010 at 9:20 AM, t...@tms3.com wrote: [r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . The + sign is an ACL. getfacl directory Let's see what that has to say. I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Did you try temporarily commenting out the valid users and write list lines. That should make it writable by default.If you are then able to write it suggests that samba is not correctly matching up the users' groups to the valid users and write list groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any deny ACE's that may be trumping the allow ACE's? In unix, 770 means user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as deny everyone some rights even if they are explicited granted rights as the user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students �� inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
On Wed, Jun 30, 2010 at 10:18 AM, Michael Lyon mjl...@gmail.com wrote: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 You can map the share but not write, can you read files? Try simplifying the share further: == [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes == And make sure there is no valid users statement in the global section. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Heh, I made myself the owner, and still can't create a file. [r...@vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike On Wed, Jun 30, 2010 at 9:31 AM, t...@tms3.com wrote: [r...@vm-stusrv students]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: root # group: domain\040users user::rwx group::rwx group:students:rwx mask::rwx other::rwx Gotta run, but looks ok. However, I do hate having root as an owner of user files and such. It's an unusual problem. For shts and giggles try: chown -R Windows-User(I like group supervisors):Windows Group /home/share/students Mike On Wed, Jun 30, 2010 at 9:20 AM, t...@tms3.com wrote: [r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . The + sign is an ACL. getfacl directory Let's see what that has to say. I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Did you try temporarily commenting out the valid users and write list lines. That should make it writable by default. If you are then able to write it suggests that samba is not correctly matching up the users' groups to the valid users and write list groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any deny ACE's that may be trumping the allow ACE's? In unix, 770 means user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as deny everyone some rights even if they are explicited granted rights as the user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students �� inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
I've simplified the share as you noted, and still have the same results. If I create a file/folder on the linux side, I can read it without a problem. Once I map as a Window$ client, I cannot write. smb.conf: [global] workgroup = DOMAIN realm = ds.domain.edu server string = Samba Server Version %v netbios name = vm-stusrv security = ADS password server = * passdb backend = tdbsam admin users = @DOMAIN+Domain Admins log level = 2 log file = /var/log/samba/log.%m max log size = 5000 interfaces = eth0 lo socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 load printers = No #printing = printcap name = /etc/printcap client use spnego = yes client ntlmv2 auth = yes winbind use default domain = yes winbind separator = + winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 allow trusted domains = yes idmap uid = 1-9 idmap gid = 1-9 #idmap backend = ad idmap domains = DOMAIN idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 1000-75999 #template shell = /bin/bash #template homedir = /home/share #server signing = enabled ;dead time = 15 getwd cache = yes nt acl support = yes acl map full control = no store dos attributes = yes map acl inherit = yes local master = yes master browser = no dns proxy = no unix extensions = no guest account = nobody [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes Mike On Wed, Jun 30, 2010 at 9:34 AM, Chris Smith smb...@chrissmith.org wrote: On Wed, Jun 30, 2010 at 10:18 AM, Michael Lyon mjl...@gmail.com wrote: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 You can map the share but not write, can you read files? Try simplifying the share further: == [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes == And make sure there is no valid users statement in the global section. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon mjl...@gmail.com wrote: I've simplified the share as you noted, and still have the same results. If I create a file/folder on the linux side, I can read it without a problem. Once I map as a Window$ client, I cannot write. You have 'public = yes' which is the synonym for 'guest ok = yes' , therefore anyone should be able to write. Let's make sure we have proper guest capabilities by adding 'username map' parameter and its associated file. For example: In global: username map = /etc/samba/smbusers Contents of /etc/samba/smbusers: root = administrator nobody = guest And as the guest account is nobody make sure that the nobody account is valid. Restart Samba and if you still have trouble it looks to be a permissions issue on the nix side. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
I've added in: username map = /etc/samba/smbusers [r...@vm-stusrv ~]# more /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator nobody = guest Restarted smb. No luck. Thanks all for the help so far though! Mike On Wed, Jun 30, 2010 at 9:59 AM, Chris Smith smb...@chrissmith.org wrote: On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon mjl...@gmail.com wrote: I've simplified the share as you noted, and still have the same results. If I create a file/folder on the linux side, I can read it without a problem. Once I map as a Window$ client, I cannot write. You have 'public = yes' which is the synonym for 'guest ok = yes' , therefore anyone should be able to write. Let's make sure we have proper guest capabilities by adding 'username map' parameter and its associated file. For example: In global: username map = /etc/samba/smbusers Contents of /etc/samba/smbusers: root = administrator nobody = guest And as the guest account is nobody make sure that the nobody account is valid. Restart Samba and if you still have trouble it looks to be a permissions issue on the nix side. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
I do not think that it is neither intended by MS nor normal to take so long. I am using roaming profiles in a network with Vista64Business clients. Although the users (mainly image processing work on a professional level) tend to have rather huge user profiles (100MB-2 GB is normal, the max what I had seen was 32GB), those login/logouts are actually speedy compared to the Win7-64-pro userprofile that I have just freshly created and that is only a few kilobytes in size. A second thing is that the problem concerns only the initial creation of the Win7 profile; it takes approx. 40 minutes). All subsequent logins/logouts are very fast and take approx. only 10-20 seconds. The comparison of those values shows that it is more but just an delay because of the creation of some kilobytes of files. The third thing is that I am having the same problem with programs that I start. Programs that are installed locally on the client! When I am starting them for the first time, I am having a delay of 5-10 Minutes until the program starts. The subsequent times I start the program, it starts instantly. I am guessing that the problem has something to do with DNS or other network-layer issues. Or maybe it is the Client searching for something on the Samba server that is not existing?? It seems like the workstation Is sending some query to samba and then waits ages for a timeout or something. There is almost no network traffic the time that I am waiting Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Do you have SELinux active? Op 30-6-2010 17:05, Michael Lyon schreef: I've added in: username map = /etc/samba/smbusers [r...@vm-stusrv ~]# more /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator nobody = guest Restarted smb. No luck. Thanks all for the help so far though! Mike On Wed, Jun 30, 2010 at 9:59 AM, Chris Smithsmb...@chrissmith.org wrote: On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyonmjl...@gmail.com wrote: I've simplified the share as you noted, and still have the same results. If I create a file/folder on the linux side, I can read it without a problem. Once I map as a Window$ client, I cannot write. You have 'public = yes' which is the synonym for 'guest ok = yes' , therefore anyone should be able to write. Let's make sure we have proper guest capabilities by adding 'username map' parameter and its associated file. For example: In global: username map = /etc/samba/smbusers Contents of /etc/samba/smbusers: root = administrator nobody = guest And as the guest account is nobody make sure that the nobody account is valid. Restart Samba and if you still have trouble it looks to be a permissions issue on the nix side. Chris -- -- Tom Reijnders TOR Informatica Chopinlaan 27 5242HM Rosmalen Tel: 073 5226191 Fax: 073 5226196 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
On Wed, Jun 30, 2010 at 11:05 AM, Michael Lyon mjl...@gmail.com wrote: I've added in: username map = /etc/samba/smbusers [r...@vm-stusrv ~]# more /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator nobody = guest Restarted smb. No luck. If the user logs into the *nix box with the same username that they use in windows can they write to the folders? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
2010/6/29 Tom H. Lautenbacher mailingli...@lautenbacher.biz I wanted to ask if there is an official Samba Forum, because I could not find any on the Project Page. If there isn't any, is there a particular reason for this not-existance? You cannot have an offline archive of a forum. That makes forums completely useless (at least for me.) There's no way someone can delete emails from my machines. Forums admins can -and actually DO- delete offensive messages from forums. Forums require more resources. Etc. Why do you want a forum? Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can access samba server via HOSTNAME not by IP
Hello, I have following problem: We have to replace Windows 2003 domain controller with Windows 2008 . Previously used version of Samba don't work properly with Windows 2008 (security issues) therefore I upgraded one of file servers(FC8) to Samba 3.0.33 (Release 0.fc8). Result seemed to be ok until I realized that I can access shares only via hostname, for example: \\smb2.mydomain.net or just \\smb2, trying to reach it via IP is impossible. Result is: Windows cannot find \\IPADDRESSblablabla I also deployed completely new machine (CentOS 5.5, Samba 3.0.33, release 3.28.el5) just to be sure that it is not because of bad upgrade process and result is the same. I need access to server just by IP as I have separated localizations(LAN's) where DNS is not always working as it should. Below my smb.conf file: [global] workgroup = MYDOMAIN realm = MYDOMAIN.NET server string = smb2 security = ADS log level = 3 log file = /var/log/samba/log.%m max log size = 50 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = Yes winbind enum groups = Yes [test1] comment = Test Dir RW All path = /Data/export/test1 read only = No [test2] comment = Some System Limited Access path = /Data/export/test2 valid users = %D+name.surname1, %D+name.surname2 read only = No Any help will do as this problem stops our domain migration. Thanks in advance. Dawid -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
Hi Linda! I wanted to ask if there is an official Samba Forum No need? Why do you need a forum with a mailing list? Because a forum IMHO has certain advantages over a mailing list. Forums are non-standard. Mailing lists have software to process them in many ways. Many are archived -- not something you get with forums. @Standard: Yes, I agree. This is a disadvantage for forums in comparison to other means of communication, such as mailing lists or usenet-news. @Software: What software is there and in which ways can you process mails? @Archive: Anybody running a forum can decide on his own, if he wants to archive things or not. Forums seems to be a 'windows' thing for users when companies want to be able to ignore their user base. Emails cause the companies too much headache because the user's emails end up in employee inboxes and cause distractions from doing real work, so they try to put users in forums, so they won't distract the companies' employees. U, well.. I am self employed and feel distracted and annoyed by all those useless emails from all those mailing-lists that I have to attend, too. My opinion is: Every means of communication has it's functional range. Mailing lists are existing since many years. They were perfect in those pioneer years, when a small group of people worked together on a small thing: Everyone needed to be informed about everything and everybody had to discuss everything. Until today mailing lists serve such small development groups very good. But as projects grow bigger and the group of users with them, IMHO there arises the need for further means of communication. Speaking for me: I am a Samba user since about 2002, using Samba as Administrator of some small-midsized Networks. I do not contribute code or help developing. From time to time I am having a problem with implementing Samba and need quick advice and help. For me now to get help, I needed to subscribe to this mailing list. From this moment on I received approx. 20 emails which do not concern me or my problem. I do not know the answer to all of those questions either, so I can't help anybody. I am just annoyed and bothered by my mailbox getting literally spammed. Since Samba is not the only open source community who's mailing list I am attending, I am receiving daily approx. 30-40 of those emails. For my case a forum would server much better. I could go there, post my question and subscribe to my thread, getting email-notification just about my question. Furthermore I could quickly browse the forum to see, if there are any open topics where I think that I could help someone else out. Given that the forum settings are saving all postings for ever, the whole forum would serve everybody as a very valuable knowledge base, making it easy to find answers for common problems, without bugging anybody or spamming everybody with the 10,000 versions of the same question. Both means of communication can easily live in harmony! Developers or hard core members, who need to stay in touch very intensively and want to participate to ALL communication can continue participating at the mailing list (although it would be easily possible to just subscribe to an analogue topic in the forum and get automatically all messages, but anyway..). Another great plus of Forums is the possibility to use HTML and other functionality. Well I know guys, all hardcore old-school guys among you roll their eyes, because you love plain text stuff. But the reality is that it does make sense and does bring communication again to a much higher level of productivity, when you are able e.g. to implement screenshots or diagrams to your answers, instead of having to e.g. draw a network diagram with ASCII art... Well there are many pros and cons to everything. Fact is, that I am having a problem with Samba to that I can't find any information, but instead get spammed with 30 emails that do not really concern me. Fact is that although Windows 7 is out for a long time now, I had to find all the information about the needed registry patches in some other forums or spread over some archived mailing-list fragments, hard to read and difficult to find. A decent userforum/knowledgebase would have served in a much more efficient way! So my final question: If I would help making a Samba-Forum, would there be anybody here who would appreciate and would like to use it? Would the official guys among you want to implement it to the samba-homepage? All the best Tom H. Lautenbacher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.0.23d - Solaris 10
Good Morning I have not been able to find the binary file(s) for Solaris. I have downloaded the tarball for 3.0.23d, but when I go to run the make all command I get the following error: make: Fatal error: Command failed for target 'dynconfig.o' I have not been able to find a workaround for it. Do you have any suggestions? I am running this on a Solaris 10 (release 11/06) box. Thanks Barb Fair Lockheed Martin Valley Forge, PA 610-531-5442 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
On 06/29/2010 07:01 PM, Tom H. Lautenbacher wrote: Hi Linda! I wanted to ask if there is an official Samba Forum No, but there is a WiKi: http://wiki.samba.org There are also the #samba and #samba-technical IRC channels. No need? Why do you need a forum with a mailing list? Because a forum IMHO has certain advantages over a mailing list. Forums are non-standard. Mailing lists have software to process them in many ways. Many are archived -- not something you get with forums. @Standard: Yes, I agree. This is a disadvantage for forums in comparison to other means of communication, such as mailing lists or usenet-news. @Software: What software is there and in which ways can you process mails? @Archive: Anybody running a forum can decide on his own, if he wants to archive things or not. Forums seems to be a 'windows' thing for users when companies want to be able to ignore their user base. Emails cause the companies too much headache because the user's emails end up in employee inboxes and cause distractions from doing real work, so they try to put users in forums, so they won't distract the companies' employees. U, well.. I am self employed and feel distracted and annoyed by all those useless emails from all those mailing-lists that I have to attend, too. My opinion is: Every means of communication has it's functional range. Mailing lists are existing since many years. They were perfect in those pioneer years, when a small group of people worked together on a small thing: Everyone needed to be informed about everything and everybody had to discuss everything. Until today mailing lists serve such small development groups very good. But as projects grow bigger and the group of users with them, IMHO there arises the need for further means of communication. Speaking for me: I am a Samba user since about 2002, using Samba as Administrator of some small-midsized Networks. I do not contribute code or help developing. From time to time I am having a problem with implementing Samba and need quick advice and help. I guess that what you are really arguing for is a quick, free, source of advice that meets your preferences for format and communications method. There are plenty of commercial support providers for Samba from whom you could almost certainly obtain quick and accurate advice. That is a key difference between free advice sources and commercial ones. By definition, in a communications world where everyone's voice is equal there is a mass of mis-information. The challenge faced by the consumer of free information is the burden of filtering out the noise. That burden applies to a mailing list as well as to a forum or a WiKi. In addition to the mass of incorrect information, most public and free information sources (for example Google search) will readily help you to locate people who have a problem, but few who post the solution. There are two key reasons for this: a) By the time the problem has been solved there is pressure to move on. Problem gone, so forget the agony - move on. b) Realization that the problem was caused by an embarrassing mistake. For me now to get help, I needed to subscribe to this mailing list. From this moment on I received approx. 20 emails which do not concern me or my problem. I do not know the answer to all of those questions either, so I can't help anybody. I am just annoyed and bothered by my mailbox getting literally spammed. Since Samba is not the only open source community who's mailing list I am attending, I am receiving daily approx. 30-40 of those emails. For my case a forum would server much better. I could go there, post my question and subscribe to my thread, getting email-notification just about my question. Furthermore I could quickly browse the forum to see, if there are any open topics where I think that I could help someone else out. Given that the forum settings are saving all postings for ever, the whole forum would serve everybody as a very valuable knowledge base, making it easy to find answers for common problems, without bugging anybody or spamming everybody with the 10,000 versions of the same question. I participate in several forums. I also receive approx. 500 emails per day (at one time this was more like 3000 per day). In all cases the noise level is over 90% - its the nature of the beast. Both means of communication can easily live in harmony! Developers or hard core members, who need to stay in touch very intensively and want to participate to ALL communication can continue participating at the mailing list (although it would be easily possible to just subscribe to an analogue topic in the forum and get automatically all messages, but anyway..). Another great plus of Forums is the possibility to use HTML and other functionality. Well I know guys, all hardcore old-school guys among you roll their eyes, because you love plain text stuff. But
Re: [Samba] Samba Forum vs. Mailing List?`!
Hi Norberto, You cannot have an offline archive of a forum. That makes forums completely useless (at least for me.) Well you can, but I agree that it is very inconvenient to do so. There's no way someone can delete emails from my machines. I agree. Forums admins can -and actually DO- delete offensive messages from forums. This depends the admin and the forum. If we would do our very own Samba-Forum it would be up to us witch rules we play.. Forums require more resources. Well yes, but I think that this someone can neglect because the need for resources is quite limited. Why do you want a forum? My arguments FOR a forum are: 1. If you come to Samba (or any other community project) as a NEW user, you could find all the previous information and communication nicely organized in the forum. The forum serves as a knowledgebase, which helps new users to integrate quickly and supports them in getting the things setup without pain. You can find the threads sorted in different subject-categories and start browsing them, or you can start a forum search, which has a much higher relevance of results, than a global google search. Opposed to this: If you join NEW to a mailing list initially you do not find ANYTHING, but have to start collecting emails in a personal archive over the years (as you do). But if you need certain information NOW, the only alternative is to do a Google-Search which is very sub-optimal to do, compared to a forum search, or the logical division of subjects in a Forum. As a result what a mailing list does is: It servers super for long-time members of a project, who have collected all emails over the last past years on their private harddisks and it makes it very difficult for new users to access information. It serves well to the hard core of a project but makes unnecessary barriers for newcomers. 2. Forum software commonly enables the threads to be enriched with binary or with html-code. Thus explanations/help/etc. can be enriched with screenshots, photos, links, diagrams, etc. 3. A Forum has the advantage that I can subscribe to certain subjects! E.g. I can say: Send me all future postings about Windows 7 Samba PDC. 4. And last but not least: Since a forum does not only gather messages but also users, with profiles, maybe even pictures, etc. helps community-spirit-building, a subject that gains importance those days. As for the CONS: I know them all. It is exactly the same discussion as with the never-ending comparison of Usenet (News servers) and Webforums. As for hybrid solutions: Also for newsservers there are exsting webfrontends. But it remains to be sub-optimal, because if you keep all the restrictions of the mailinglist (e.g. no binary) then also the forum losses it's sense. My preferred solution would be: Many people - many different needs and preferences - many means of communication. Some use email, some use telefax. Why not have a mailing list AND a forum? Some other user claimed that this would divide the users. Well yes, it would. It would divide the users in mailinglist-users, forum-users and both-users. This is not optimal, I know. But for the moment the mailing-list divides, too! It divides in mailing-list-users and users that walk away again from Samba. Think about it! All the best, Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
On 2010/06/30 19:14 (GMT+0300) Tom H. Lautenbacher composed: 1. If you come to Samba (or any other community project) as a NEW user, you could find all the previous information and communication nicely organized in the forum. The forum serves as a knowledgebase, which helps new users to integrate quickly and supports them in getting the things setup without pain. You can find the threads sorted in different subject-categories and start browsing them, or you can start a forum search, which has a much higher relevance of results, than a global google search. Any given post may or may not belong in a particular subject category, may belong in multiple categories, and may not be included in the most appropriate category. Categorization as a benefit, absent considerable involvement by the admin, is an illusion. Opposed to this: If you join NEW to a mailing list initially you do not find ANYTHING, but have to start collecting emails in a personal archive over the years (as you do). But if you need certain information NOW, the only alternative is to do a Google-Search which is very sub-optimal to do, compared to a forum search, or the logical division of subjects in a Forum. I subscribe to well in excess of 60 mailing lists. I'm aware of none of them that do not have a searchable archive, which may or may not use Google as its search engine, but nevertheless limits the searches to the archive itself at least optionally. -- The wise are known for their understanding, and pleasant words are persuasive. Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
On Wed, Jun 30, 2010 at 12:14 PM, Tom H. Lautenbacher mailingli...@lautenbacher.biz wrote: 1. If you come to Samba (or any other community project) as a NEW user, you could find all the previous information and communication nicely organized in the forum. The forum serves as a knowledgebase, which helps new users to integrate quickly and supports them in getting the things setup without pain. You can find the threads sorted in different subject-categories and start browsing them, or you can start a forum search, which has a much higher relevance of results, than a global google search. I don't find forums all that useful as a knowledge base. The search capabilities of most are generally sub-optimal and the information isn't all that well organized. Opposed to this: If you join NEW to a mailing list initially you do not find ANYTHING, but have to start collecting emails in a personal archive over the years (as you do). But if you need certain information NOW, the only alternative is to do a Google-Search which is very sub-optimal to do, compared to a forum search, or the logical division of subjects in a Forum. Not true there are other alternatives. Here's one: nntp://news.gmane.org/gmane.network.samba.general And with a good newsreader you have much flexibility. As a result what a mailing list does is: It servers super for long-time members of a project, who have collected all emails over the last past years on their private harddisks and it makes it very difficult for new users to access information. It serves well to the hard core of a project but makes unnecessary barriers for newcomers. Again: nntp://news.gmane.org/gmane.network.samba.general (and with a good newsreader you can have your own local copy) 2. Forum software commonly enables the threads to be enriched with binary or with html-code. Thus explanations/help/etc. can be enriched with screenshots, photos, links, diagrams, etc. Picasa, Flickr, your own site, etc. Pastebin for code. Links are allowed here, lets the reader decide on whether or not to use the time and bandwidth. 3. A Forum has the advantage that I can subscribe to certain subjects! E.g. I can say: Send me all future postings about Windows 7 Samba PDC. And you can star/filter a conversation or thread with email readers and news readers. 4. And last but not least: Since a forum does not only gather messages but also users, with profiles, maybe even pictures, etc. helps community-spirit-building, a subject that gains importance those days. But will you recognize them in a dark alley? As for the CONS: I know them all. It is exactly the same discussion as with the never-ending comparison of Usenet (News servers) and Webforums. I lament the loss of newsgroups - always seemed just right. Post once, read many. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net rpc file checks in 3.5.x
When doing simple: net rpc file -Untadmin With ntadmin being a user belonging to properly groupmapped domain admins, (with rid 512), including cases with ntadmin being rid=500 itself, I always get: [2010/06/30 15:06:46.272578, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [ntadmin] - [ntadmin] - [ntadmin] succeeded [2010/06/30 15:06:46.276232, 1] rpc_server/srv_srvsvc_nt.c:1039(_srvsvc_NetFileEnum) Enumerating files only allowed for administrators I've peeked into srv_srvsvc_nt.c and the main difference from earlier samba versions (in the function mentioned in logs) is the addition of the following check: if (!nt_token_check_sid(global_sid_Builtin_Administrators, p-server_info-ptok)) { DEBUG(1, (Enumerating files only allowed for administrators\n)); return WERR_ACCESS_DENIED; } Judging from variables' names it checks if a user belongs to builtin group. Assuming this kind of check is intended in this place - how to actually make [functionally working] builtin group ? groupmap allows mapping to local and builtins groups, and I've also tested some net rpc group variations - but so far to no actual effect. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] limit access to folder without mapping a new drive
We do this using msdfs root. Make /files an msdfs root. Create separate shares at the same level as /files for the folders that need to be restricted. Place msdfs links to those shares under departments/. Helen -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of John Drescher Sent: Tuesday, June 29, 2010 12:24 PM To: c cc Cc: samba@lists.samba.org Subject: Re: [Samba] limit access to folder without mapping a new drive Under our file structure, we have /files/all/departments/. We want everyone to have access to all the folders under files, but there are couple of folders in the departments directory/folder that need to limit access to only one person. Is it possible without mapping a new drive? Thanks! The way I prefer to do this is to set proper posix acls. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
Hello John I wanted to ask if there is an official Samba Forum No, but there is a WiKi: http://wiki.samba.org A Wiki is IMHO a GREAT thing. But a wiki is the database that gathers the RESULTS of discussions, i.e. the SOLUTIONS to problems. A wiki is a great 2nd step to place ready solutions, FAQs, howtos, etc. after having solved the PROBLEMS in e.g. a forum, a newsgroup or a mailing list. There are also the #samba and #samba-technical IRC channels. An IRC channel is right the opposite direction I would like to go: It makes the communication even more interactive and even more temporary, than a mailing list. I guess that what you are really arguing for is a quick, free, source of advice that meets your preferences for format and communications method. There are plenty of commercial support providers for Samba from whom you could almost certainly obtain quick and accurate advice. That is a key difference between free advice sources and commercial ones. No I do not want any commercial support. I want structured information at my fingertips :-) By definition, in a communications world where everyone's voice is equal there is a mass of mis-information. The challenge faced by the consumer of free information is the burden of filtering out the noise. That burden applies to a mailing list as well as to a forum or a WiKi. FACK. In addition to the mass of incorrect information, most public and free information sources (for example Google search) will readily help you to locate people who have a problem, but few who post the solution. There are two key reasons for this: a) By the time the problem has been solved there is pressure to move on. Problem gone, so forget the agony - move on. Well this is an interesting point. I have to say that for me I have recognized the following psychological effect, and I assume that this applies to others, too: I am realizing a higher will to contribute my solutions afterwards to the community, if I have the impression that my effort is going to be existing somewhere permanent, and not to be something of temporary character.. This is why I love to contribute to wikis, too. draw a network diagram with ASCII art... That's why we have the WiKi. http://wiki.samba.org The wiki is a very good thing! But it is another means of communication that again for itself serves other demands of communication. It serves the archiving of ready solutions, not the finding of those. But solutions found in discussion forum can be quite easily transformed to an entry in a wiki. If you want editing rights - just ask. A wiki should have editing rights for everyone. See Wikipedia. Otherwise it loses a great deal of it's idea and of it's power and momentum. Well there are many pros and cons to everything. Fact is, that I am having a problem with Samba to that I can't find any information, but instead get spammed with 30 emails that do not really concern me. Fact is that although Windows 7 is out for a long time now, I had to find all the information about the needed registry patches in some other forums or spread over some archived mailing-list fragments, hard to read and difficult to find. A decent userforum/knowledgebase would have served in a much more efficient way! Have you read the on-line documentation from the Samba web site? http://www.samba.org/samba/docs Yes. So my final question: If I would help making a Samba-Forum, would there be anybody here who would appreciate and would like to use it? Would the official guys among you want to implement it to the samba-homepage? Firstly, you do not need permission to create a Samba-Forum. If that is your passion - just do it. Secondly, what do you mean by official guys? Send me the link to your Samba-Forum and I will add it to the Samba web site. If you really need a blessing we can arrange that, but it will cost extra. :-) (Joking!!!). Well yes, sure, nobody could stop me in making some unofficial Samba-Userforum on my server. But for a forum to prosper and to become truly a great thing, it is necessary that it becomes the official forum of a project. The Samba-Forum - not the unofficial forum no. 2010320 out of 300 of some private internet nerd. With official guys I mean the core team that decides e.g. what is part of the Samba Project site www.samba.org. A plain link would not be enough to become the official forum. It should be fully integrated into the website of samba.org, becoming a part of it (no matter on what server the forum actually lives!) And then secondly it would need you guys actually want it! Because it will be up to you - the existing and already involved Samba users - to start using the forum so that it might attract others - new samba users - to join. If no one over here is actually interested in such a forum, then the whole effort is doomed right from the beginning. Best regards Tom -- To unsubscribe from this list go to the
[Samba] Samba groups membership
Hi all: I was running Samba 3.0.x (from CentOS 5 repository) integrated with OpenLDAP as a complete PDC solution that worked fine for several moths. As we needed to join Win7 computers to the domain I upgraded to Samba 3.5.3 keeping my Samba configuration the same. We find that after this upgrade the root account of the domain wasn't able to access to C$, D$ or other administrative resources of Windows Machines. After looking for a solution I found some issues that I'm not really sure if they appeared as a consequence of the upgrade. I found this: # net groupmap list returns this: users (S-1-5-21-895592719-3520082440-1574223224-2001) - jpp Account Operators (S-1-5-32-548) - Account Operators Administrators (S-1-5-32-544) - Administrators Backup Operators (S-1-5-32-551) - Backup Operators Domain Admins (S-1-5-21-895592719-3520082440-1574223224-512) - Domain Admins ... among other groups # smbldap-groupshow Domain Admins ... returns this: dn: cn=Domain Admins,ou=groups,dc=mintra,dc=gob,dc=pe cn: Domain Admins gidNumber: 512 description: Netbios Domain Administrators displayName: Domain Admins objectClass: posixGroup,sambaGroupMapping sambaGroupType: 2 sambaSID: S-1-5-21-895592719-3520082440-1574223224-512 memberUid: mescalante,jhuarancca,kaguilar,olmontero,ycabezas,arojas,secretaria_tecnica,graymundo,dpenadillo,jbarreda,lquevedo,hurquizo,mnicho,root ... so I can see that root is member of this Domain Admins group, but... # net rpc group members Domain Admins ... returns nothing! The same happens when querying other Samba groups. I don't know why this command doesn't return the list of members of this group. Well, I just tried to add a user manually: # net rpc group addmem Domain Admins someuser -U root and return this: Could not add someuser to Domain Admins: NT_STATUS_ACCESS_DENIED Does anybody know why can't add a user to the group? Why Samba net utility isn't showing the list of members of my groups? I know that the Domain Admins group determines who can take control of machines joined to the Domain, but after the upgrade to Samba 3.5.x the list of members isn't working correctly. I would appreciate some help regarding this. I don't know if I need to add some extra configuration to smb.conf. I hope someone can help me. Thanks P.D.: Sorry, my english isn't too good -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Original Message From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent: Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com Cc: samba@lists.samba.org Subject: Re: [Samba] Can Map shares but cannot write Heh, I made myself the owner, and still can't create a file. [r...@vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike Try using the default flag for setfacl. I always have this problem with setfacl: $ setfacl -m g:students:rwx foo doesn't work, but I have better luck with $ setfacl -d -m g:students:rwx foo I don't know why, it seems like it should work with the first setup but it rarely does for me. And if THAT doesn't work, I connect to the share as an admin Windows user (administrator in your case) and set the ACLs using Windows Explorer. James Zuelow Network Specialist City and Borough of Juneau MIS (907) 586-0236 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
Hallo, Tom, Du meintest am 30.06.10: No I do not want any commercial support. I want structured information at my fingertips :-) You get what you pay for. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
What happens if you try to mount a samba share via CIFS from linux (e.g. smbclient, mount -o cifs ?) Or may be mount the drive in windows with the net use command.Either way you explicitly set the domain/username. Do any of the other log files refer to issues with mapping users? What is the Host OS? Guessing some linux varient? On 06/30/2010 02:40 PM, James Zuelow wrote: Original Message From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent: Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com Cc: samba@lists.samba.org Subject: Re: [Samba] Can Map shares but cannot write Heh, I made myself the owner, and still can't create a file. [r...@vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike Try using the default flag for setfacl. I always have this problem with setfacl: $ setfacl -m g:students:rwx foo doesn't work, but I have better luck with $ setfacl -d -m g:students:rwx foo I don't know why, it seems like it should work with the first setup but it rarely does for me. And if THAT doesn't work, I connect to the share as an admin Windows user (administrator in your case) and set the ACLs using Windows Explorer. James Zuelow Network Specialist City and Borough of Juneau MIS (907) 586-0236 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
The culprit was selinux. Thanks for everyone's help! Mike On Wed, Jun 30, 2010 at 2:26 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: What happens if you try to mount a samba share via CIFS from linux (e.g. smbclient, mount -o cifs ?) Or may be mount the drive in windows with the net use command.Either way you explicitly set the domain/username. Do any of the other log files refer to issues with mapping users? What is the Host OS? Guessing some linux varient? On 06/30/2010 02:40 PM, James Zuelow wrote: Original Message From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent: Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com Cc: samba@lists.samba.org Subject: Re: [Samba] Can Map shares but cannot write Heh, I made myself the owner, and still can't create a file. [r...@vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike Try using the default flag for setfacl. I always have this problem with setfacl: $ setfacl -m g:students:rwx foo doesn't work, but I have better luck with $ setfacl -d -m g:students:rwx foo I don't know why, it seems like it should work with the first setup but it rarely does for me. And if THAT doesn't work, I connect to the share as an admin Windows user (administrator in your case) and set the ACLs using Windows Explorer. James Zuelow Network Specialist City and Borough of Juneau MIS (907) 586-0236 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
On Wed, Jun 30, 2010 at 5:10 PM, Tom H. Lautenbacher mailingli...@lautenbacher.biz wrote: I do not think that it is neither intended by MS nor normal to take so long. I am using roaming profiles in a network with Vista64Business clients. Although the users (mainly image processing work on a professional level) tend to have rather huge user profiles (100MB-2 GB is normal, the max what I had seen was 32GB), those login/logouts are actually speedy compared to the Win7-64-pro userprofile that I have just freshly created and that is only a few kilobytes in size. A second thing is that the problem concerns only the initial creation of the Win7 profile; it takes approx. 40 minutes). All subsequent logins/logouts are very fast and take approx. only 10-20 seconds. The comparison of those values shows that it is more but just an delay because of the creation of some kilobytes of files. The third thing is that I am having the same problem with programs that I start. Programs that are installed locally on the client! When I am starting them for the first time, I am having a delay of 5-10 Minutes until the program starts. The subsequent times I start the program, it starts instantly. I am guessing that the problem has something to do with DNS or other network-layer issues. Or maybe it is the Client searching for something on the Samba server that is not existing?? It seems like the workstation Is sending some query to samba and then waits ages for a timeout or something. There is almost no network traffic the time that I am waiting with xp/2003 you could turn on the userenv.log, but apparently this does not work with windows 7 (http://social.technet.microsoft.com/Forums/en/winserverGP/thread/a9b36648-aa9f-4ff7-b23f-c1123b7984e9); so check the event log of the client and/or use process monitor from sysinternals to get a log of what is going on it. See this http://blogs.technet.com/b/markrussinovich/archive/2010/01/13/3305263.aspx for inspiration. good luck! -- natxo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
Ok I think it helps if I summarize my problem: Client: Windows 7 Professional, 64bit, English Server: openSUSE 11.2, running Samba 3.4.3 as a PDC Login as Local user: = First time login: Profile is being created very fast Further logins: Profile is being loaded very fast First time launch of software: Instant startup of software Further launches of software: Instant startup of software Login as domain user: = First time login: Profile creation takes AGES (30-50 minutes) Further logins: Profile is being loaded very fast (10-20 seconds) First time launch of locally installed software: Startup of software takes ages (approx 3-6 minutes) Further launches of locally installed software: Instant startup of software I'd ask on one of the windows groups -- maybe some MVP would know. Ok! that or try tracing the actions with the 'sysinternal' tools (at the ms website now)...you can use 'process monitor' to see what a process is doing -- shows you network registry and file accesses -- and its free. Their creator works for MS now ...type in sysinternals.com -- it redirects to the microsoft website now. Thank you I will check that out! I doubt it's samba -- since no one else is seeing that symptom... I think it is, since I am having this effect only when using my roaming profile! But I think that the group of users using the following combination: Samba 3.4.3 Windows 7-64bit Samba as a PDC roaming profiles using this mailing list being able to report the problem is very limited until today.. maybe some antivirus interaction? Will check with sysinternals but assume no, because oft he locally-is-everything-fine thing. the login/logouts -- read about them on MS's website...look up under profile loading ... it talks about how multi-gig profiles will really slow down first time loading. As I wrote, I am having the problem with FRESH CREATED profiles, which are just a few kilobytes of size! If you think it is a network problem, use wireshark -- it will let you observe the network traffic. (google it) it's also free. Thank you Linda. You need to become familiar with all these diagnotic tools (that and get yourself a procmail email filter so you can filter out all the garbage from all the email groups you have to subscribe to to just keep things working!)... Do you know a good windows-alternative to procmail? Isn't the new outlook 2010 able to group emails into threads? Seriously -- I have nearly 80 email groups I sub to...if I didn't filter I'd just 'lose it'...but they all go into folders and I read them when I want...if I don't, I have them setup to automatically expire after a few months... it's just like a forum, but bettersince it's all in one place! :-) Well I am attending to about 20 forums and I am having everything in one place too: My email-mailbox as soon as I am getting an answer to my postings :-) But not 1 other emails that need further processing ;-) Good luck...! Lemmy know if I can point you at any tools -- look for open source ones (or MS supported ones)... that way you have less to worry about in the way of viruses! :-) Ok, thank you! Cheers, Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
Ok I think it helps if I summarize my problem: Client: Windows 7 Professional, 64bit, English Server: openSUSE 11.2, running Samba 3.4.3 as a PDC Login as Local user: = First time login: Profile is being created very fast Further logins: Profile is being loaded very fast First time launch of software: Instant startup of software Further launches of software: Instant startup of software Login as domain user: = First time login: Profile creation takes AGES (30-50 minutes) Further logins: Profile is being loaded very fast (10-20 seconds) First time launch of locally installed software: Startup of software takes ages (approx 3-6 minutes) Further launches of locally installed software: Instant startup of software I'd ask on one of the windows groups -- maybe some MVP would know. Ok! that or try tracing the actions with the 'sysinternal' tools (at the ms website now)...you can use 'process monitor' to see what a process is doing -- shows you network registry and file accesses -- and its free. Their creator works for MS now ...type in sysinternals.com -- it redirects to the microsoft website now. Thank you I will check that out! I doubt it's samba -- since no one else is seeing that symptom... I think it is, since I am having this effect only when using my roaming profile! But I think that the group of users using the following combination: Samba 3.4.3 Windows 7-64bit Samba as a PDC roaming profiles using this mailing list being able to report the problem is very limited until today.. maybe some antivirus interaction? Will check with sysinternals but assume no, because oft he locally-is-everything-fine thing. the login/logouts -- read about them on MS's website...look up under profile loading ... it talks about how multi-gig profiles will really slow down first time loading. As I wrote, I am having the problem with FRESH CREATED profiles, which are just a few kilobytes of size! If you think it is a network problem, use wireshark -- it will let you observe the network traffic. (google it) it's also free. Thank you Linda. You need to become familiar with all these diagnotic tools (that and get yourself a procmail email filter so you can filter out all the garbage from all the email groups you have to subscribe to to just keep things working!)... Do you know a good windows-alternative to procmail? Isn't the new outlook 2010 able to group emails into threads? Seriously -- I have nearly 80 email groups I sub to...if I didn't filter I'd just 'lose it'...but they all go into folders and I read them when I want...if I don't, I have them setup to automatically expire after a few months... it's just like a forum, but bettersince it's all in one place! :-) Well I am attending to about 20 forums and I am having everything in one place too: My email-mailbox as soon as I am getting an answer to my postings :-) But not 1 other emails that need further processing ;-) Good luck...! Lemmy know if I can point you at any tools -- look for open source ones (or MS supported ones)... that way you have less to worry about in the way of viruses! :-) Ok, thank you! Cheers, Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
Hello Helmut, No I do not want any commercial support. I want structured information at my fingertips :-) You get what you pay for. With all respect, but what you write to me sounds like irony against the whole open source community idea. I certainly DO think that well structured information is something that an open source community is very well able to provide. Cheers Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
But I think that the group of users using the following combination: Samba 3.4.3 Windows 7-64bit Samba as a PDC roaming profiles using this mailing list being able to report the problem is very limited until today.. I am using roaming profiles with windows 7 64 and samba PDC / BDCs. I am not using 3.4.3 however. Currently we are running 3.5.4. I did have 3.4.6 for a few weeks just after the upgrade from 3.0.37 to support windows 7. I do not have the 40 minute initial logins. However it does take me 5 minutes to login and logout on a 100% gigabit network every single time not just the first time. At some point I will look into folder redirection on top of the trimming of the profiles that I have begun.. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
Hallo, Tom, Du meintest am 30.06.10 zum Thema RE: [Samba] Samba Forum vs. Mailing List?`!: No I do not want any commercial support. I want structured information at my fingertips :-) You get what you pay for. With all respect, but what you write to me sounds like irony against the whole open source community idea. Not against the idea - only against you. I certainly DO think that well structured information is something that an open source community is very well able to provide. I agree. But that isn't related to forums. And structuring information is work. Someone has to do it. Don't cry for other people's work, do it yourself. Or pay for it. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
I doubt it's samba -- since no one else is seeing that symptom... I think it is, since I am having this effect only when using my roaming profile! But I think that the group of users using the following combination: Samba 3.4.3 Windows 7-64bit Samba as a PDC roaming profiles using this mailing list being able to report the problem is very limited until today.. Well -- not exactly -- I have almost the same symptom -- but on logout -- it takes up to 45 minutes for my Win7 profile to be copied to my PDC.But I've tried Samba 3.5.2, 3.5.3 and 3.5.3. Hey...that's something to try.Try the latest released version and see if you have the same symptoms/problems! But I am using both a Win7-64 and WinXP client to log into my PDC and generate continuous havoc. Just wait until you try using winbind to authenticate security on your linux PDC! Ha! Warning -- keep a rescue disk around in case you get locked out of your system! ;^] On top of roaming profiles, I used the group policy client to create roaming profiles for all clients -- even if they were not part of the domain! (this was when I was having problems joining my computers to the domain reliably). Anyway -- I have long logins on Win7 (~ 4-5 minutes, vs. about 20 seconds on XP). Where I get the real long pauses are on logout -- I've seen it finsh after 45 minutes one time -- the clients are communicating to the PDC but at speeds usually 100K/s. I know that it is not likely to be samba's fault in regards to the speed, since I get *up to* 100MB read/write to samba during benchmark testing. maybe some antivirus interaction? Will check with sysinternals but assume no, because oft he locally-is-everything-fine thing. the login/logouts -- read about them on MS's website...look up under profile loading ... it talks about how multi-gig profiles will really slow down first time loading. As I wrote, I am having the problem with FRESH CREATED profiles, which are just a few kilobytes of size! --- Ok -- that's just weird. No argument! If you think it is a network problem, use wireshark -- it will let you observe the network traffic. (google it) it's also free. Thank you Linda. You need to become familiar with all these diagnotic tools (that and get yourself a procmail email filter so you can filter out all the garbage from all the email groups you have to subscribe to to just keep things working!)... Do you know a good windows-alternative to procmail? Isn't the new outlook 2010 able to group emails into threads? You can run all the linux utils -- including procmail under cygwin on windows. I missed all the linux utils so much -- I installed cygwin on windows 7 years ago and haven't done without it since! You can even run a local IMAP server on your windows box -- let your windows box download all your email from your ISP -- then connect to the local server with Outlook or Thunderbird and use IMAP. OR -- better -- use your server as an email server as well! My server downloads my email from my ISP (see linux util 'fetchmail'), then it calls my filter script (or it could call procmail). It also calls spamassassin before it tries to deliver it to me. But then my filter script (like procmail only different!) sorts the emails into folders in my home directory on the linux server under 'mail'. I then use 'dovecot' (an very fast, secure IMAP server) to serve my email to my windows clients. Since I have multiple machines, I don't want the email coming to one of the windows machines. It stays on the server in my home directory. I have well over 100 file folders -- only about 70 of them actively receive email (some are just archives/sorting bins). But in my email clients I see all the folders by email list -- I read them when I have time -- so I don't get interrupts. I think you'll find it's better to leave the email on the server -- that way if you can try differnt clients (I can switch between outlook and tbird if I was so perverse). Both will read my active mail. Groups that have new messages in Tbird light up in blue. Seriously -- I have nearly 80 email groups I sub to...if I didn't filter I'd just 'lose it'...but they all go into folders and I read them when I want...if I don't, I have them setup to automatically expire after a few months... it's just like a forum, but bettersince it's all in one place! :-) Well I am attending to about 20 forums and I am having everything in one place too: My email-mailbox as soon as I am getting an answer to my postings :-) But not 1 other emails that need further processing ;-) But you can't keep track of the 20-80 forums when you want -- in your email client -- you have to find the websites for each of them. And just now (and day before yesterday). when I wanted to respond to someone in forums (I read forums too -- no choice for some groups) -- I have to 'sign
Re: [Samba] Samba3 to samba4 migration
On 29/06/2010 19:14, Luciano Andre Baramarchi wrote: Hi, I'm testing samba 4 in my organization. I have a samba3 domain with LDAP backend. I'm trying migrate workstations and users from old samba to samba4. Is this possible? Thanks, Luciano luci...@multitasknet.com.br Hi, We are in the same situation with large user/group/machine set needed to be ported to the new s4 world. The only solution i can see at the moment would be to dump the contents of the appropriate LDAP sections (it being users/group/machines/etc) into ldif(s) in a format acceptable by s4 and then add them using ldbadd (and possbly sync using ldbmodify later on). Would it be a worthwhile to add yet another net cmd utility to allow importing stuff from existing LDAP infrastructure (maybe conceptually simmilar to existing vampire cmd)? Regards Luk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
Hello John, I am using roaming profiles with windows 7 64 and samba PDC / BDCs. I am not using 3.4.3 however. Currently we are running 3.5.4. I did have 3.4.6 for a few weeks just after the upgrade from 3.0.37 to support windows 7. I do not have the 40 minute initial logins. However it does take me 5 minutes to login and logout on a 100% gigabit network every single time not just the first time. At some point I will look into folder redirection on top of the trimming of the profiles that I have begun.. To me this sounds like a normal case of overcrowded user profiles. What I could witness in one of my networks (Samba 3 + Vista64Business) is that the userprofiles grew very huge even thoug literally ANY userspace data is being saved to those profiles. What I mean is: ALL data that the people at the workstations process is mounted on samba-shares on the server (which I connect via script as network drives to their profiles). But jet again the user profiles grew tremendously, reaching up to 32GB in one case, what resulted in 1h logon/logoff times. In my case the error was one of the programs that they used: Adobe Bridge. This program generates tons of cache data, which - senseless! - is being saved into the C:\Users\Username\appdata\roaming folder, instead of the C:\Users\Username\appdata\local folder. Another such program is Adobe Lightroom which generates huge thumbnail databases. Etc. What I want to say is: Have a look into the profiles and analyze what the source for growing profiles is, if you have placed normal userspace data already into normal shares so that they move out of the profile. All the best tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Listing Domain Local Groups from a Samba Member (NT4 PDC)
On 6/30/2010 2:30 AM, Mark Sheard wrote: I have Ubuntu version 10.04 Samba ver 3.0.28a-1ubuntu4.12 I just did a fresh install of 10.04 x86 32-bit, and smbd reports version 3.4.7. How did you end up with 3.0.28? Try smbd -version and see what that reports. -- Guy Rouillier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Long delays when launching programs for the first timein my Windows 7 Profile (Samba 3.4.3 as PDC)
Well -- not exactly -- I have almost the same symptom -- but on logout -- it takes up to 45 minutes for my Win7 profile to be copied to my PDC.But I've tried Samba 3.5.2, 3.5.3 and 3.5.3. Hey...that's something to try.Try the latest released version and see if you have the same symptoms/problems! I've not had these problems. (I don't call it a problem if someone with a 10GB profile has slow login logout times...anywho). But I typically place profiles on a mount that does not have ACL's turned on. More recently on ZFS volumes. Be interesting to see network traffic. TMS III But I am using both a Win7-64 and WinXP client to log into my PDC and generate continuous havoc. Just wait until you try using winbind to authenticate security on your linux PDC! Ha! Warning -- keep a rescue disk around in case you get locked out of your system! ;^] On top of roaming profiles, I used the group policy client to create roaming profiles for all clients -- even if they were not part of the domain! (this was when I was having problems joining my computers to the domain reliably). Anyway -- I have long logins on Win7 (~ 4-5 minutes, vs. about 20 seconds on XP). Where I get the real long pauses are on logout -- I've seen it finsh after 45 minutes one time -- the clients are communicating to the PDC but at speeds usually 100K/s. I know that it is not likely to be samba's fault in regards to the speed, since I get *up to* 100MB read/write to samba during benchmark testing. maybe some antivirus interaction? Will check with sysinternals but assume no, because oft he locally-is-everything-fine thing. the login/logouts -- read about them on MS's website...look up under profile loading ... it talks about how multi-gig profiles will really slow down first time loading. As I wrote, I am having the problem with FRESH CREATED profiles, which are just a few kilobytes of size! --- Ok -- that's just weird. No argument! If you think it is a network problem, use wireshark -- it will let you observe the network traffic. (google it) it's also free. Thank you Linda. You need to become familiar with all these diagnotic tools (that and get yourself a procmail email filter so you can filter out all the garbage from all the email groups you have to subscribe to to just keep things working!)... Do you know a good windows-alternative to procmail? Isn't the new outlook 2010 able to group emails into threads? You can run all the linux utils -- including procmail under cygwin on windows. I missed all the linux utils so much -- I installed cygwin on windows 7 years ago and haven't done without it since! You can even run a local IMAP server on your windows box -- let your windows box download all your email from your ISP -- then connect to the local server with Outlook or Thunderbird and use IMAP. OR -- better -- use your server as an email server as well! My server downloads my email from my ISP (see linux util 'fetchmail'), then it calls my filter script (or it could call procmail). It also calls spamassassin before it tries to deliver it to me. But then my filter script (like procmail only different!) sorts the emails into folders in my home directory on the linux server under 'mail'. I then use 'dovecot' (an very fast, secure IMAP server) to serve my email to my windows clients. Since I have multiple machines, I don't want the email coming to one of the windows machines. It stays on the server in my home directory. I have well over 100 file folders -- only about 70 of them actively receive email (some are just archives/sorting bins). But in my email clients I see all the folders by email list -- I read them when I have time -- so I don't get interrupts. I think you'll find it's better to leave the email on the server -- that way if you can try differnt clients (I can switch between outlook and tbird if I was so perverse). Both will read my active mail. Groups that have new messages in Tbird light up in blue. Seriously -- I have nearly 80 email groups I sub to...if I didn't filter I'd just 'lose it'...but they all go into folders and I read them when I want...if I don't, I have them setup to automatically expire after a few months... it's just like a forum, but bettersince it's all in one place! :-) Well I am attending to about 20 forums and I am having everything in one place too: My email-mailbox as soon as I am getting an answer to my postings :-) But not 1 other emails that need further processing ;-) But you can't keep track of the 20-80 forums when you want -- in your email client -- you have to find the websites for each of them. And just now (and day before yesterday). when I wanted to respond to someone in forums (I read forums too -- no choice for some groups) -- I have to 'sign up', but then I get told that my message is going to be moderated because I don't post enough -- so then I have
Re: [Samba] Samba3 to samba4 migration
Hi, We are in the same situation with large user/group/machine set needed to be ported to the new s4 world. The only solution i can see at the moment would be to dump the contents of the appropriate LDAP sections (it being users/group/machines/etc) into ldif(s) in a format acceptable by s4 and then add them using ldbadd (and possbly sync using ldbmodify later on). Would it be a worthwhile to add yet another net cmd utility to allow importing stuff from existing LDAP infrastructure (maybe conceptually simmilar to existing vampire cmd)? Slightly off topic, but is Samba4 planning to support openLDAP as a backend, potentially, able to convert a live running samba3 PDC with OpenLDAP to samba4 with no change (for the negative) to users or machines etc? I am just finishing deploying samba3 as a PDC with OpenLDAP, but the organisation I am doing this for wants to keep OpenLDAP in long term use, with hopefully no disruptions to the Users. The ability to upgrade to samba4 on top of this would be exactly something that we have in mind (hopefully!) Thank you four all your continued work, it is greatly appreciated and keeps me running one less heater i mean windows server. William -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo recognises my username, smbclient does not
Hello folks. Brand new 3.5.4 install of samba, on a brand new redhat 5.5 install, trying to connect to a windows domain and allow AD users access. I used a series of how-tos to set things up, and modified the smb.conf and krb5.conf files from an existing (working, 3.2.8) system. I apparently join the domain ok, and I can authenticate an AD user using wbinfo, but when I try to use the same user with smbclient I get a NT_STATUS_NO_SUCH_USER response. I thought perhaps that smbclient was somehow not associating the username with the correct domain, but explicitly stating the domain didn't help. Googling about on the problem found me (among a lot of dross) someone with similar symptoms who claimed to fix his problem by adding client NTLMv2 auth = Yes to his smb.conf, so I tried that, but got no joy there either. Much diagnostic text follows; apologies for the bulk, but figured its better to put too much in than leave too much out. Any suggestions would be most appreciated; thanks. - rob. [r...@dev-acadprtsrv3 log]# kinit -V rmoser Password for rmo...@students.froot.nau.edu: Authenticated to Kerberos v5 [r...@dev-acadprtsrv3 log]# klist -5 Ticket cache: FILE:/tmp/krb5cc_0 Default principal: rmo...@students.froot.nau.edu Valid starting ExpiresService principal 06/30/10 14:19:56 07/01/10 00:20:00 krbtgt/students.froot.nau@students.froot.nau.edu renew until 07/01/10 14:19:56 [r...@dev-acadprtsrv3 log]# net ads testjoin -U rmoser Join is OK [r...@dev-acadprtsrv3 log]# wbinfo -t checking the trust secret for domain NAU-STUDENTS via RPC calls succeeded [r...@dev-acadprtsrv3 log]# wbinfo -a NAU-STUDENTS\\rmoser Enter NAU-STUDENTS\rmoser's password: plaintext password authentication succeeded Enter NAU-STUDENTS\rmoser's password: challenge/response password authentication succeeded [r...@dev-acadprtsrv3 log]# smbclient -d3 -U NAU-STUDENTS\\rmoser -L dev-acadprtsrv3.ucc.nau.edu lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface eth0 ip=fe80::9015:73ff:fe64:54cf%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth0 ip=134.114.138.189 bcast=134.114.138.255 netmask=255.255.255.0 Client started (version 3.5.4). Enter NAU-STUDENTS\rmoser's password: resolve_lmhosts: Attempting lmhosts lookup for name dev-acadprtsrv3.ucc.nau.edu0x20 resolve_wins: Attempting wins lookup for name dev-acadprtsrv3.ucc.nau.edu0x20 resolve_wins: using WINS server 134.114.138.35 and tag '*' Got a positive name query response from 134.114.138.35 ( 134.114.138.189 ) Connecting to 134.114.138.189 at port 445 Doing spnego session setup (blob length=131) got OID=1.2.840.113554.1.2.2 got OID=1.2.840.48018.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=cifs/dev-acadprtsrv3.ucc.nau@students.froot.nau.edu Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE [r...@dev-acadprtsrv3 log]# tail /var/log/samba/log.smbd [2010/06/30 14:12:22.530813, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [rmoser] - [rmoser] FAILED with error NT_STATUS_NO_SUCH_USER [2010/06/30 14:22:52.071828, 0] lib/util_sock.c:1505(matchname) matchname: host name/address mismatch: :::134.114.138.189 != dev-acadprtsrv3.ucc.nau.edu [2010/06/30 14:22:52.072189, 0] lib/util_sock.c:1626(get_peer_name) Matchname failed on dev-acadprtsrv3.ucc.nau.edu :::134.114.138.189 [2010/06/30 14:22:52.072281, 2] lib/access.c:406(check_access) Allowed connection from UNKNOWN (:::134.114.138.189) [2010/06/30 14:22:52.113502, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [rmoser] - [rmoser] FAILED with error NT_STATUS_NO_SUCH_USER [r...@dev-acadprtsrv3 log]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [printers] Processing section [print$] Processing section [tmp] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = NAU-STUDENTS realm = STUDENTS.FROOT.NAU.EDU netbios aliases = dev-acadprtsrv3.ucc.nau.edu server string = Samba Server security = ADS client NTLMv2 auth = Yes log level = 2 max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 SO_KEEPALIVE printcap name = cups wins server = 134.114.138.35 idmap alloc backend = tdb idmap uid = 1 - 400 idmap gid = 1 -
Re: [Samba] Samba3 to samba4 migration
Hi, I'm testing samba 4 in my organization. I have a samba3 domain with LDAP backend. I'm trying migrate workstations and users from old samba to samba4. Is this possible? Thanks, Luciano luci...@multitasknet.com.br Hi, We are in the same situation with large user/group/machine set needed to be ported to the new s4 world. The only solution i can see at the moment would be to dump the contents of the appropriate LDAP sections (it being users/group/machines/etc) into ldif(s) in a format acceptable by s4 and then add them using ldbadd (and possbly sync using ldbmodify later on). Would it be a worthwhile to add yet another net cmd utility to allow importing stuff from existing LDAP infrastructure (maybe conceptually simmilar to existing vampire cmd)? Regards Luk Hello! I am in the same boat as well. I am on a fresh Samba 3.5 / OpenLDAP system and I need to get to Samba4.I have S4-alpha12 running successfully, but I need to get my accounts migrated. ++AMARU -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba as a Client Accessing Windows 2008 Roaming Profiles
Hello, I am using Samba on Linux as a CLIENT which is accessing Windows Server 2008 and I am trying to setup roaming profiles on the Linux/Samba client. My Linux distribution is openSUSE 11.3 RC1/Factory and YaST does a very good job at setting up Kerberos/Samba to join the domain. It all seems to work, except the Linux profile isn't synchronized back to the Windows domain server. I assume this is working-as-intended using the configuration I have setup, but for the life of me I cannot find any configuration information on how to synchronize Linux profiles so it can be used in a roaming environment. I realize that what I'm asking for is likely a hack-job since roaming profiles are fairly ugly to begin with, but unfortunately there's not many other options. I am not the network admin, nor do I have admin privileges, but I am working on this project with the approval of my network admin. There is some room for minor setup modifications, especially if I can prove it works, but I would like to do this with as few network-level modifications as possible. The setup in my office currently consists of all Windows XP machines using roaming profiles, but we have some older machines we would like to convert to Linux in order to avoid spending money on new systems. Because we do not have enough computers for each user to have their own, we are forced to allow people to share computers and sit where ever they can (we are a 24-hour call center). Because of this I need the Linux computers to be able to roam within the network as well. Items preserved just need to include documents and Linux/Windows settings. Any suggestions (beyond scrap it all and start over with the proper solution) are greatly appreciated. Thanks, Nick Betcher, CPhT Certified Pharmacy Technician -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba as a Client Accessing Windows 2008 Roaming Profiles
Any suggestions (beyond scrap it all and start over with the proper solution) are greatly appreciated. Openfiler (http://www.openfiler.com/ Linux based) or FreeNAS (http://sourceforge.net/projects/freenas/ FreeBSD based) as an NFS server. You should be able to use pam_winbind winbind AD domain joining and idmaping to manage ID's across the Linux WS's and the NAS. Have the Linux WS's mount the /home (or whatever you're using for the *nix users) directory as an NFS share from the NAS. Cheers, TMS III Thanks, Nick Betcher, CPhT Certified Pharmacy Technician -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Wed Jun 30 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-06-29 00:00:02.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-06-30 00:00:21.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Tue Jun 29 06:00:01 2010 +Build status as of Wed Jun 30 06:00:01 2010 Build counts: Tree Total Broken Panic
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6abfe89... s4:schema/schema_set.c - free LDB message diffs via 2821abe... s4:auth/session.c - free group_string when not needed from 32b8b40... s4:dsdb Fix possible schema segfaults for DRS-replication based schema http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6abfe8904a1024512c0ea8bb4844e4409e8d994b Author: Anatoliy Atanasov anatoliy.atana...@postpath.com Date: Thu Jun 24 20:48:07 2010 +0300 s4:schema/schema_set.c - free LDB message diffs Especially the frees after ldb_msg_diff are very important since the diff message is allocated on the long-living LDB context. Signed-off-by: Matthias Dieter Wallnöfer m...@samba.org commit 2821abee1f85c5d9a191a9880808b7022ac2e0b1 Author: Anatoliy Atanasov anatoliy.atana...@postpath.com Date: Thu Jun 24 20:48:07 2010 +0300 s4:auth/session.c - free group_string when not needed Signed-off-by: Matthias Dieter Wallnöfer m...@samba.org --- Summary of changes: source4/auth/session.c |2 +- source4/dsdb/schema/schema_set.c |2 ++ 2 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/session.c b/source4/auth/session.c index 29ba13e..1be9874 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -178,7 +178,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, group_dn = talloc_asprintf(tmp_ctx, SID=%s, group_string); NT_STATUS_HAVE_NO_MEMORY_AND_FREE(group_dn, server_info); - + talloc_free(group_string); group_blob = data_blob_string_const(group_dn); /* This function takes in memberOf values and expands diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index 0e04f5b..b5d8ae4 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -140,6 +140,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem if (mod_msg-num_elements 0) { ret = dsdb_replace(ldb, mod_msg, 0); } + talloc_free(mod_msg); } if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) { @@ -168,6 +169,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem if (mod_msg-num_elements 0) { ret = dsdb_replace(ldb, mod_msg, 0); } + talloc_free(mod_msg); } if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) { /* We might be on a read-only DB */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bf844ae... s4:auth/session.c - suppress a warning when freeing group_string from 6abfe89... s4:schema/schema_set.c - free LDB message diffs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bf844aed5b6ad6a9a5287ebd9b7da121fa9dd1a8 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Jun 30 09:37:08 2010 +0200 s4:auth/session.c - suppress a warning when freeing group_string --- Summary of changes: source4/auth/session.c |8 +--- 1 files changed, 5 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/session.c b/source4/auth/session.c index 1be9874..e14644d 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -170,15 +170,17 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, } for (i = 0; i server_info-n_domain_groups; i++) { - const char *group_string; + char *group_string; const char *group_dn; DATA_BLOB group_blob; - group_string = dom_sid_string(tmp_ctx, server_info-domain_groups[i]); + + group_string = dom_sid_string(tmp_ctx, + server_info-domain_groups[i]); NT_STATUS_HAVE_NO_MEMORY_AND_FREE(group_string, server_info); group_dn = talloc_asprintf(tmp_ctx, SID=%s, group_string); - NT_STATUS_HAVE_NO_MEMORY_AND_FREE(group_dn, server_info); talloc_free(group_string); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(group_dn, server_info); group_blob = data_blob_string_const(group_dn); /* This function takes in memberOf values and expands -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 45fc728... libcli: Fixed a build warning for a missing prototype. from bf844ae... s4:auth/session.c - suppress a warning when freeing group_string http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 45fc7284982f3d6d3f5757f2e7336c878c4a6519 Author: Andreas Schneider a...@samba.org Date: Wed Jun 30 10:19:07 2010 +0200 libcli: Fixed a build warning for a missing prototype. --- Summary of changes: libcli/auth/schannel_state_tdb.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index 0dcc336..4b83a33 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -27,6 +27,7 @@ #include ../lib/util/util_tdb.h #include ../libcli/auth/libcli_auth.h #include ../libcli/auth/schannel_state.h +#include ../libcli/auth/schannel_proto.h #include ../librpc/gen_ndr/ndr_schannel.h #if _SAMBA_BUILD_ == 4 #include tdb_wrap.h -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 14f8953... s4:dsdb: move dsdb python tests from lib/ldb/ to dsdb/ via 19d93c6... s4:ldb/python: make it possible to run tests standalone from 45fc728... libcli: Fixed a build warning for a missing prototype. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 14f8953aa4f000173a051b8010252063db5295c1 Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 30 11:09:10 2010 +0200 s4:dsdb: move dsdb python tests from lib/ldb/ to dsdb/ metze commit 19d93c6a1e810dbd634f35cf440412c1ff958448 Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 30 10:57:37 2010 +0200 s4:ldb/python: make it possible to run tests standalone metze --- Summary of changes: source4/dsdb/tests/python/acl.py | 1042 source4/dsdb/tests/python/deletetest.py| 201 ++ source4/dsdb/tests/python/dsdb_schema_info.py | 213 ++ source4/dsdb/tests/python/ldap.py | 2688 source4/dsdb/tests/python/ldap_schema.py | 556 source4/dsdb/tests/python/passwords.py | 615 + source4/dsdb/tests/python/sec_descriptor.py| 1979 ++ source4/dsdb/tests/python/urgent_replication.py| 386 +++ source4/lib/ldb/tests/python/acl.py| 1039 source4/lib/ldb/tests/python/deletetest.py | 201 -- source4/lib/ldb/tests/python/dsdb_schema_info.py | 210 -- source4/lib/ldb/tests/python/ldap.py | 2685 --- source4/lib/ldb/tests/python/ldap_schema.py| 553 source4/lib/ldb/tests/python/passwords.py | 612 - source4/lib/ldb/tests/python/sec_descriptor.py | 1976 -- source4/lib/ldb/tests/python/urgent_replication.py | 385 --- source4/selftest/tests.sh | 16 +- 17 files changed, 7688 insertions(+), 7669 deletions(-) create mode 100755 source4/dsdb/tests/python/acl.py create mode 100755 source4/dsdb/tests/python/deletetest.py create mode 100755 source4/dsdb/tests/python/dsdb_schema_info.py create mode 100755 source4/dsdb/tests/python/ldap.py create mode 100755 source4/dsdb/tests/python/ldap_schema.py create mode 100755 source4/dsdb/tests/python/passwords.py create mode 100755 source4/dsdb/tests/python/sec_descriptor.py create mode 100755 source4/dsdb/tests/python/urgent_replication.py delete mode 100755 source4/lib/ldb/tests/python/acl.py delete mode 100755 source4/lib/ldb/tests/python/deletetest.py delete mode 100755 source4/lib/ldb/tests/python/dsdb_schema_info.py delete mode 100755 source4/lib/ldb/tests/python/ldap.py delete mode 100755 source4/lib/ldb/tests/python/ldap_schema.py delete mode 100755 source4/lib/ldb/tests/python/passwords.py delete mode 100755 source4/lib/ldb/tests/python/sec_descriptor.py delete mode 100755 source4/lib/ldb/tests/python/urgent_replication.py Changeset truncated at 500 lines: diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py new file mode 100755 index 000..5bf3ff9 --- /dev/null +++ b/source4/dsdb/tests/python/acl.py @@ -0,0 +1,1042 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# This is unit with tests for LDAP access checks + +import optparse +import sys +import base64 +import re + +sys.path.append(bin/python) +import samba +samba.ensure_external_module(subunit, subunit/python) +samba.ensure_external_module(testtools, testtools) + +import samba.getopt as options + +from ldb import ( +SCOPE_BASE, LdbError, ERR_NO_SUCH_OBJECT, ERR_INSUFFICIENT_ACCESS_RIGHTS) + +from samba.ndr import ndr_pack, ndr_unpack +from samba.dcerpc import security + +from samba.auth import system_session +from samba import gensec +from samba.samdb import SamDB +from samba.credentials import Credentials +import samba.tests +from subunit.run import SubunitTestRunner +import unittest + +parser = optparse.OptionParser(ldap [options] host) +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) + +# use command line creds if available +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +opts, args = parser.parse_args() + +if len(args) 1: +parser.print_usage() +sys.exit(1) + +host = args[0] + +lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) +creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL) + +# +# Tests start here +# + +class AclTests(samba.tests.TestCase): + +def delete_force(self, ldb, dn): +try: +ldb.delete(dn) +except LdbError, (num, _): +self.assertEquals(num, ERR_NO_SUCH_OBJECT) + +def find_basedn(self, ldb): +res = ldb.search(base=, expression=, scope=SCOPE_BASE, +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6961048... s4-smbtorture: in extended setvalue winreg test, reduce max random buffer length to 16 bytes. via 17ddefe... s3-docs: try to make default case explanation a little clearer. via 6625aad... s3-libsmb: move change_trust_account_password out of smbd into libsmb. via e1c185d... s4-smbtorture: enable QueryMultipleValues{2} torture tests against samba3. via 2a4bd64... s3-winreg: implement _winreg_QueryMultipleValues(). via de0d9e0... s3-winreg: implement _winreg_QueryMultipleValues2(). via 21869f5... s3-registry: add reg_querymultiplevalues() to reg_api. via a329dd0... s4-smbtorture: add some more multiple_values_tests to RPC-WINREG. from 14f8953... s4:dsdb: move dsdb python tests from lib/ldb/ to dsdb/ http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 69610484872bb8c9d52cd1b12c56a3bf99be78ae Author: Günther Deschner g...@samba.org Date: Wed Jun 30 17:13:42 2010 +0200 s4-smbtorture: in extended setvalue winreg test, reduce max random buffer length to 16 bytes. Guenther commit 17ddefef8a3dd299fd318a9e3908396beba62cbb Author: Günther Deschner g...@samba.org Date: Wed Jun 30 13:25:28 2010 +0200 s3-docs: try to make default case explanation a little clearer. Guenther commit 6625aada8174d61f52d6ef22d49edefa15f4a9bb Author: Günther Deschner g...@samba.org Date: Wed Jun 30 12:10:55 2010 +0200 s3-libsmb: move change_trust_account_password out of smbd into libsmb. Guenther commit e1c185d07db69827435812227a392e711bc06db0 Author: Günther Deschner g...@samba.org Date: Wed Jun 30 02:07:15 2010 +0200 s4-smbtorture: enable QueryMultipleValues{2} torture tests against samba3. Guenther commit 2a4bd64973252d87b34f90e14872285ed12135ed Author: Günther Deschner g...@samba.org Date: Wed Jun 30 16:31:46 2010 +0200 s3-winreg: implement _winreg_QueryMultipleValues(). Guenther commit de0d9e0bff7d39c3f784112bd043095aeaa1042a Author: Günther Deschner g...@samba.org Date: Wed Jun 30 02:03:27 2010 +0200 s3-winreg: implement _winreg_QueryMultipleValues2(). Guenther commit 21869f5ed00af5a05f1d109339cd8b725fcc7d61 Author: Günther Deschner g...@samba.org Date: Wed Jun 30 02:02:43 2010 +0200 s3-registry: add reg_querymultiplevalues() to reg_api. Guenther commit a329dd02674010e673fbcc7acf369a19befb6738 Author: Günther Deschner g...@samba.org Date: Wed Jun 30 17:13:14 2010 +0200 s4-smbtorture: add some more multiple_values_tests to RPC-WINREG. Guenther --- Summary of changes: docs-xml/manpages-3/smb.conf.5.xml | 10 ++-- source3/Makefile.in|2 +- source3/include/proto.h|5 +- source3/include/registry.h |6 ++ source3/libsmb/trusts_util.c | 74 +++ source3/registry/reg_api.c | 50 + source3/rpc_server/srv_winreg_nt.c | 138 +--- source3/smbd/change_trust_pw.c | 102 -- source4/torture/rpc/winreg.c | 20 -- 9 files changed, 280 insertions(+), 127 deletions(-) delete mode 100644 source3/smbd/change_trust_pw.c Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/smb.conf.5.xml b/docs-xml/manpages-3/smb.conf.5.xml index 5df579e..7423fc4 100644 --- a/docs-xml/manpages-3/smb.conf.5.xml +++ b/docs-xml/manpages-3/smb.conf.5.xml @@ -628,11 +628,11 @@ chmod 1770 /usr/local/samba/lib/usershares termdefault case = upper/lower/term listitempara controls what the default case is for new filenames (ie. files that don't currently exist in the filesystem). - Default emphasislower/emphasis. IMPORTANT NOTE: This option will be used to modify the case of - emphasisall/emphasis incoming client filenames, not just new filenames if the options smbconfoption - name=case sensitiveyes/smbconfoption, smbconfoption name=preserve caseNo/smbconfoption, - smbconfoption name=short preserve caseNo/smbconfoption are set. This change is needed as part of the - optimisations for directories containing large numbers of files. + Default emphasislower/emphasis. IMPORTANT NOTE: As part of the optimizations for directories containing + large numbers of files, the following special case applies. If the options + smbconfoption name=case sensitiveyes/smbconfoption, smbconfoption name=preserve caseNo/smbconfoption, and + smbconfoption name=short preserve caseNo/smbconfoption are set, then the case of emphasisall/emphasis + incoming client filenames, not just new filenames, will be
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 74721bf... s3-registry: fix malloc/talloc mismatch upon free in reg_enumvalue(). from 6961048... s4-smbtorture: in extended setvalue winreg test, reduce max random buffer length to 16 bytes. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 74721bf706371d3fdc5783995a60808763fc7e6d Author: Günther Deschner g...@samba.org Date: Thu Jul 1 01:22:11 2010 +0200 s3-registry: fix malloc/talloc mismatch upon free in reg_enumvalue(). Guenther --- Summary of changes: source3/registry/reg_api.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c index 1954fb5..65118b9 100644 --- a/source3/registry/reg_api.c +++ b/source3/registry/reg_api.c @@ -369,7 +369,7 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key, if (pname !(*pname = talloc_strdup( mem_ctx, regval_name(blob { - SAFE_FREE(val); + TALLOC_FREE(val); return WERR_NOMEM; } -- Samba Shared Repository