date:20100630





The current .tdb files must be in a different location on Debian Lenny
Samba 3.2.5.  /var/cache/samba is another common place.  Try

   testparm -sv | grep directory


Or

find / -name \*.tdb -print




In Samba 3.4 the state directory and cache directory parameters 
tell

you where to find them.  Can't remember now if they were there in 3.2.
If not, use

   smbd -b | less

and look for STATEDIR and CACHEDIR in the Samba build options.


Moray.
To err is human.  To purr, feline





--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

2010-06-30 Thread John Drescher

 Thanks, but no, thanks.
 I totally agree with Linda.
 You'll only split up a group of people in two, so any chance of getting any
 help will be halfed unless you post on both the ml and the forum (and follow
 both).


winehq.org has a mechanism that syncs a mailing list and a forum
automatilcally so that any messages sent to 1 go to the other. This
limits the forums to 1 single forum and also prevents forum edits but
other than that it works fine. I rarely go to the forum since all 20+
of my mailing list subscriptions go to my gmail account which filters
each message out to its own folder. In gmail messages are threaded so
as long as everyone keeps replying to the same message instead of
creating new ones the thread stays together. And finally since gmail
has almost 8GB of free storage I do not delete forum posts so I have
years of samba posts, winehq posts, mythtv posts, openvz posts ...
that I can search.


-- 
John M. Drescher
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Can Map shares but cannot write

Here is the scenario:

AD-authentication is functioning fine.  I can query users and group info
from wbinfo and getent just fine.

The clients can map to the shares, but cannot write to the shares.  I have
tried variations of chmod 777 on absolute paths to enable read/write access
to no avail.

The share is configured as such:

[student]
comment = Test share
path = /home/share/students
public = yes
writeable = yes
browseable = yes
create mask = 0770
force create mode  = 0770
directory mask = 02770
force directory mode = 02770
directory security mask = 0775
admin users = DOMAIN\Administrator
valid users = @students
write list = @students
inherit permissions = yes
inherit acls = yes

The error log reports:
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
  open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
  open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
  open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
  open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
  open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED

Mike
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

2010-06-30 Thread Gaiseric Vandal

Did you try  temporarily commenting out the valid users and write 
list lines.  That should make it writable by default.If you are 
then able to write it suggests that samba is not correctly matching up 
the users' groups to the valid users and write list groups.   
Although if this were the case then you would probably have been denied 
write permissions.



Is /home/share/students an NFS/autofs mount?  What happens if you create 
a subdirectory (via unix) under students,  with group owner students, 
permissions 777. Can users create files under that? If you look 
at the advanced permissions of the directories or files in windows, do 
you see any deny ACE's that may be trumping the allow ACE's?   In 
unix, 770  means user and group has full access, and no one else has 
rights unless they are the user or group.  However in Windows this may 
be getting interpreted as deny everyone some rights even if they are 
explicited granted rights as the user or group.  ( I ran into this with 
Samba 3.0.x with Solaris 10 and ZFS ACL's.)









On 06/30/2010 09:21 AM, Michael Lyon wrote:

Here is the scenario:

AD-authentication is functioning fine.  I can query users and group info
from wbinfo and getent just fine.

The clients can map to the shares, but cannot write to the shares.  I have
tried variations of chmod 777 on absolute paths to enable read/write access
to no avail.

The share is configured as such:

[student]
 comment = Test share
 path = /home/share/students
 public = yes
 writeable = yes
 browseable = yes
 create mask = 0770
 force create mode  = 0770
 directory mask = 02770
 force directory mode = 02770
 directory security mask = 0775
 admin users = DOMAIN\Administrator
 valid users = @students
 write list = @students
 inherit permissions = yes
 inherit acls = yes

The error log reports:
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED

Mike
   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Join W7 pro to samba PDC

2010-06-30 Thread Guenole Michel


Hello everyone,

system:
Debian squeeze
samba 3.4.8

I make a samba PDC like one exist in lenny on my network
XP PRO an W2K pro can join to the domain machine and users and users can 
log in the domain.


With W7 PRO, after changing registry key :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
“DomainCompatibilityMode”=dword:0001
“DNSNameResolutionRequired”=dword:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOrSeal”=dword:
“RequireStrongKey”=dword:

and modifies security policies :
gpedit.msc
Windows prameters / security parameters / locales policies / security 
options :
Secutity network : Sen LM and NTLM - Use NTLM2 security session if 
negociated


Join the pc to the domain WORKS whith a DNS error.
But when i want to join the user to the domain ( screen : choice of the 
type of account)

Standard account and i have Can't add the user, trust relation error

if annyone had an idea ... thanks

--
Guénolé Michel
Estar
Tel : 02 99 88 69 06
Email : gmic...@estar-system.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

I changed the share to look like this:
[student]
comment = Test share
path = /home/share/students
public = yes
writeable = yes
browseable = yes
create mask = 0770
force create mode  = 0770
directory mask = 02770
force directory mode = 02770
directory security mask = 0775

No luck.

It is not an NFS/autofs mount, it is local to the linux server.  I created a
share under the /home/share/students directory called 'test' and made the
students group the owner, along with 777 perms:

[r...@vm-stusrv students]# ls -latrh
total 20K
drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 ..
drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test
drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 .

I still cannot create files under the 'test' directory I created.

Windows is reporting for the share that the owner and groups have 'Special'
permissions.  Drilling down into their 'special' permissions reveals that
both 'domain users' and 'students' do have Create Folders/Write data checked
under the 'Allow' column.  (I'll attach the picture.)


Mike


On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:

 Did you try  temporarily commenting out the valid users and write list
 lines.  That should make it writable by default.If you are then able to
 write it suggests that samba is not correctly matching up the users' groups
 to the valid users and write list groups.   Although if this were the
 case then you would probably have been denied write permissions.


 Is /home/share/students an NFS/autofs mount?  What happens if you create a
 subdirectory (via unix) under students,  with group owner students,
 permissions 777. Can users create files under that? If you look at
 the advanced permissions of the directories or files in windows, do you see
 any deny ACE's that may be trumping the allow ACE's?   In unix, 770  means
 user and group has full access, and no one else has rights unless they are
 the user or group.  However in Windows this may be getting interpreted as
 deny everyone some rights even if they are explicited granted rights as the
 user or group.  ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS
 ACL's.)









 On 06/30/2010 09:21 AM, Michael Lyon wrote:

 Here is the scenario:

 AD-authentication is functioning fine.  I can query users and group info
 from wbinfo and getent just fine.

 The clients can map to the shares, but cannot write to the shares.  I have
 tried variations of chmod 777 on absolute paths to enable read/write
 access
 to no avail.

 The share is configured as such:

 [student]
 comment = Test share
 path = /home/share/students
 public = yes
 writeable = yes
 browseable = yes
 create mask = 0770
 force create mode  = 0770
 directory mask = 02770
 force directory mode = 02770
 directory security mask = 0775
 admin users = DOMAIN\Administrator
 valid users = @students
 write list = @students
 inherit permissions = yes
 inherit acls = yes

 The error log reports:
 [2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
   open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED

 Mike



 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write










[r...@vm-stusrv students]# ls -latrh
total 20K
drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 ..
drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test
drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 .


The + sign is an ACL.

getfacl directory

Let's see what that has to say.




I still cannot create files under the 'test' directory I created.

Windows is reporting for the share that the owner and groups have 
'Special'
permissions.  Drilling down into their 'special' permissions reveals 
that
both 'domain users' and 'students' do have Create Folders/Write data 
checked

under the 'Allow' column.  (I'll attach the picture.)


Mike


On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:



Did you try  temporarily commenting out the valid users and write 
list
lines.  That should make it writable by default.If you are then 
able to
write it suggests that samba is not correctly matching up the users' 
groups
to the valid users and write list groups.   Although if this were 
the

case then you would probably have been denied write permissions.


Is /home/share/students an NFS/autofs mount?  What happens if you 
create a

subdirectory (via unix) under students,  with group owner students,
permissions 777. Can users create files under that? If you 
look at
the advanced permissions of the directories or files in windows, do 
you see
any deny ACE's that may be trumping the allow ACE's?   In unix, 770  
means
user and group has full access, and no one else has rights unless 
they are
the user or group.  However in Windows this may be getting interpreted 
as
deny everyone some rights even if they are explicited granted rights 
as the
user or group.  ( I ran into this with Samba 3.0.x with Solaris 10 
and ZFS

ACL's.)









On 06/30/2010 09:21 AM, Michael Lyon wrote:



Here is the scenario:

AD-authentication is functioning fine.  I can query users and group 
info

from wbinfo and getent just fine.

The clients can map to the shares, but cannot write to the shares.  I 
have

tried variations of chmod 777 on absolute paths to enable read/write
access
to no avail.

The share is configured as such:

[student]
 comment = Test share
 path = /home/share/students
 public = yes
 writeable = yes
 browseable = yes
 create mask = 0770
 force create mode  = 0770
 directory mask = 02770
 force directory mode = 02770
 directory security mask = 0775
 admin users = DOMAIN\Administrator
 valid users = @students
 write list = @students
 inherit permissions = yes
 inherit acls = yes

The error log reports:
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED

Mike




--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

[r...@vm-stusrv students]# getfacl /home/share/students/
getfacl: Removing leading '/' from absolute path names
# file: home/share/students/
# owner: root
# group: domain\040users
user::rwx
group::rwx
group:students:rwx
mask::rwx
other::rwx

Mike


On Wed, Jun 30, 2010 at 9:20 AM, t...@tms3.com wrote:






 [r...@vm-stusrv students]# ls -latrh
 total 20K
 drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 ..
 drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test
 drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 .

 The + sign is an ACL.

 getfacl directory

 Let's see what that has to say.



 I still cannot create files under the 'test' directory I created.

 Windows is reporting for the share that the owner and groups have 'Special'
 permissions. Drilling down into their 'special' permissions reveals that
 both 'domain users' and 'students' do have Create Folders/Write data
 checked
 under the 'Allow' column. (I'll attach the picture.)


 Mike


 On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal
 gaiseric.van...@gmail.comwrote:

 Did you try temporarily commenting out the valid users and write list
 lines. That should make it writable by default. If you are then able to
 write it suggests that samba is not correctly matching up the users' groups
 to the valid users and write list groups. Although if this were the
 case then you would probably have been denied write permissions.


 Is /home/share/students an NFS/autofs mount? What happens if you create a
 subdirectory (via unix) under students, with group owner students,
 permissions 777. Can users create files under that? If you look at
 the advanced permissions of the directories or files in windows, do you see
 any deny ACE's that may be trumping the allow ACE's? In unix, 770 means
 user and group has full access, and no one else has rights unless they are
 the user or group. However in Windows this may be getting interpreted as
 deny everyone some rights even if they are explicited granted rights as
 the
 user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS
 ACL's.)









 On 06/30/2010 09:21 AM, Michael Lyon wrote:

 Here is the scenario:

 AD-authentication is functioning fine. I can query users and group info
 from wbinfo and getent just fine.

 The clients can map to the shares, but cannot write to the shares. I have
 tried variations of chmod 777 on absolute paths to enable read/write
 access
 to no avail.

 The share is configured as such:

 [student]
   comment = Test share
   path = /home/share/students
   public = yes
   writeable = yes
   browseable = yes
   create mask = 0770
   force create mode = 0770
   directory mask = 02770
   force directory mode = 02770
   directory security mask = 0775
   admin users = DOMAIN\Administrator
   valid users = @students
   write list = @students
   inherit permissions = yes
   inherit acls = yes

 The error log reports:
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED

 Mike



 --
 To unsubscribe from this list go to the following URL and read the
 instructions: https://lists.samba.org/mailman/options/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write









[r...@vm-stusrv students]# getfacl /home/share/students/
getfacl: Removing leading '/' from absolute path names
# file: home/share/students/
# owner: root
# group: domain\040users
user::rwx
group::rwx
group:students:rwx
mask::rwx
other::rwx
Gotta run, but looks ok.  However, I do hate having root as an owner 
of user files and such.  It's an unusual problem.  For shts and 
giggles try:


chown -R Windows-User(I like group supervisors):Windows Group  
/home/share/students



Mike



On Wed, Jun 30, 2010 at 9:20 AM, t...@tms3.com wrote:











[r...@vm-stusrv students]# ls -latrh
total 20K
drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 ..
drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test
drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 .


The + sign is an ACL.

getfacl directory

Let's see what that has to say.







I still cannot create files under the 'test' directory I created.

Windows is reporting for the share that the owner and groups have 
'Special'
permissions.  Drilling down into their 'special' permissions reveals 
that
both 'domain users' and 'students' do have Create Folders/Write data 
checked

under the 'Allow' column.  (I'll attach the picture.)


Mike


On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:



Did you try  temporarily commenting out the valid users and write 
list
lines.  That should make it writable by default.If you are then 
able to
write it suggests that samba is not correctly matching up the users' 
groups
to the valid users and write list groups.   Although if this were 
the

case then you would probably have been denied write permissions.


Is /home/share/students an NFS/autofs mount?  What happens if you 
create a

subdirectory (via unix) under students,  with group owner students,
permissions 777. Can users create files under that? If you 
look at
the advanced permissions of the directories or files in windows, do 
you see
any deny ACE's that may be trumping the allow ACE's?   In unix, 770  
means
user and group has full access, and no one else has rights unless 
they are
the user or group.  However in Windows this may be getting interpreted 
as
deny everyone some rights even if they are explicited granted rights 
as the
user or group.  ( I ran into this with Samba 3.0.x with Solaris 10 
and ZFS

ACL's.)









On 06/30/2010 09:21 AM, Michael Lyon wrote:



Here is the scenario:

AD-authentication is functioning fine.  I can query users and group 
info

from wbinfo and getent just fine.

The clients can map to the shares, but cannot write to the shares.  I 
have

tried variations of chmod 777 on absolute paths to enable read/write
access
to no avail.

The share is configured as such:

[student]
 comment = Test share
 path = /home/share/students
 public = yes
 writeable = yes
 browseable = yes
 create mask = 0770
 force create mode  = 0770
 directory mask = 02770
 force directory mode = 02770
 directory security mask = 0775
 admin users = DOMAIN\Administrator
 valid users = @students
 write list = @students
  ��  inherit permissions = yes
 inherit acls = yes

The error log reports:
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED
[2010/06/29 09:42:45,  2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
NT_STATUS_ACCESS_DENIED

Mike




--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba









--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

2010-06-30 Thread Chris Smith

On Wed, Jun 30, 2010 at 10:18 AM, Michael Lyon mjl...@gmail.com wrote:
 [student]
    comment = Test share
    path = /home/share/students
    public = yes
    writeable = yes
    browseable = yes
    create mask = 0770
    force create mode  = 0770
    directory mask = 02770
    force directory mode = 02770
    directory security mask = 0775

You can map the share but not write, can you read files?

Try simplifying the share further:
==
[student]
   comment = Test share
   path = /home/share/students
   public = yes
   writeable = yes
   browseable = yes
==

And make sure there is no valid users statement in the global section.

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

Heh, I made myself the owner, and still can't create a file.

[r...@vm-stusrv test]# getfacl /home/share/students/
getfacl: Removing leading '/' from absolute path names
# file: home/share/students/
# owner: mlyon
# group: students
user::rwx
group::rwx
group:students:rwx
mask::rwx
other::rwx

Mike


On Wed, Jun 30, 2010 at 9:31 AM, t...@tms3.com wrote:





 [r...@vm-stusrv students]# getfacl /home/share/students/
 getfacl: Removing leading '/' from absolute path names
 # file: home/share/students/
 # owner: root
 # group: domain\040users
 user::rwx
 group::rwx
 group:students:rwx
 mask::rwx
 other::rwx


 Gotta run, but looks ok.  However, I do hate having root as an owner of
 user files and such.  It's an unusual problem.  For shts and giggles try:

  chown -R Windows-User(I like group supervisors):Windows Group
 /home/share/students


 Mike


 On Wed, Jun 30, 2010 at 9:20 AM, t...@tms3.com wrote:






 [r...@vm-stusrv students]# ls -latrh
 total 20K
 drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 ..
 drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test
 drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 .

 The + sign is an ACL.

 getfacl directory

 Let's see what that has to say.



 I still cannot create files under the 'test' directory I created.

 Windows is reporting for the share that the owner and groups have
 'Special'
 permissions. Drilling down into their 'special' permissions reveals that
 both 'domain users' and 'students' do have Create Folders/Write data
 checked
 under the 'Allow' column. (I'll attach the picture.)


 Mike


 On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal
 gaiseric.van...@gmail.comwrote:

 Did you try temporarily commenting out the valid users and write list
 lines. That should make it writable by default. If you are then able to
 write it suggests that samba is not correctly matching up the users'
 groups
 to the valid users and write list groups. Although if this were the
 case then you would probably have been denied write permissions.


 Is /home/share/students an NFS/autofs mount? What happens if you create a
 subdirectory (via unix) under students, with group owner students,
 permissions 777. Can users create files under that? If you look at
 the advanced permissions of the directories or files in windows, do you
 see
 any deny ACE's that may be trumping the allow ACE's? In unix, 770 means
 user and group has full access, and no one else has rights unless they
 are
 the user or group. However in Windows this may be getting interpreted as
 deny everyone some rights even if they are explicited granted rights as
 the
 user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS
 ACL's.)









 On 06/30/2010 09:21 AM, Michael Lyon wrote:

 Here is the scenario:

 AD-authentication is functioning fine. I can query users and group info
 from wbinfo and getent just fine.

 The clients can map to the shares, but cannot write to the shares. I have
 tried variations of chmod 777 on absolute paths to enable read/write
 access
 to no avail.

 The share is configured as such:

 [student]
   comment = Test share
   path = /home/share/students
   public = yes
   writeable = yes
   browseable = yes
   create mask = 0770
   force create mode = 0770
   directory mask = 02770
   force directory mode = 02770
   directory security mask = 0775
   admin users = DOMAIN\Administrator
   valid users = @students
   write list = @students
��  inherit permissions = yes
   inherit acls = yes

 The error log reports:
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED
 [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
 open_directory: unable to create New folder. Error was
 NT_STATUS_ACCESS_DENIED

 Mike



 --
 To unsubscribe from this list go to the following URL and read the
 instructions: https://lists.samba.org/mailman/options/samba






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

I've simplified the share as you noted, and still have the same results.  If
I create a file/folder on the linux side, I can read it without a problem.
 Once I map as a Window$ client, I cannot write.

smb.conf:

[global]
   workgroup = DOMAIN
   realm = ds.domain.edu
   server string = Samba Server Version %v
   netbios name = vm-stusrv
   security = ADS
   password server = *
   passdb backend = tdbsam
   admin users = @DOMAIN+Domain Admins
   log level = 2
   log file = /var/log/samba/log.%m
   max log size = 5000
   interfaces = eth0 lo
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288
SO_SNDBUF=524288
   load printers = No
   #printing =
   printcap name = /etc/printcap
   client use spnego = yes
   client ntlmv2 auth = yes
   winbind use default domain = yes
   winbind separator = +
   winbind nested groups = Yes
   winbind enum users = yes
   winbind enum groups = yes
   winbind nss info = rfc2307
   allow trusted domains = yes
   idmap uid = 1-9
   idmap gid = 1-9
   #idmap backend = ad
   idmap domains = DOMAIN
   idmap config DOMAIN:backend = ad
   idmap config DOMAIN:schema_mode = rfc2307
   idmap config DOMAIN:range = 1000-75999
   #template shell = /bin/bash
   #template homedir = /home/share
   #server signing = enabled
   ;dead time = 15
   getwd cache = yes
   nt acl support = yes
   acl map full control = no
   store dos attributes = yes
   map acl inherit = yes
   local master = yes
   master browser = no
   dns proxy =  no
   unix extensions = no
   guest account = nobody

[student]
comment = Test share
path = /home/share/students
public = yes
writeable = yes
browseable = yes

Mike


On Wed, Jun 30, 2010 at 9:34 AM, Chris Smith smb...@chrissmith.org wrote:

 On Wed, Jun 30, 2010 at 10:18 AM, Michael Lyon mjl...@gmail.com wrote:
  [student]
 comment = Test share
 path = /home/share/students
 public = yes
 writeable = yes
 browseable = yes
 create mask = 0770
 force create mode  = 0770
 directory mask = 02770
 force directory mode = 02770
 directory security mask = 0775

 You can map the share but not write, can you read files?

 Try simplifying the share further:
 ==
 [student]
   comment = Test share
   path = /home/share/students
   public = yes
   writeable = yes
   browseable = yes
 ==

 And make sure there is no valid users statement in the global section.

 Chris

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

2010-06-30 Thread Chris Smith

On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon mjl...@gmail.com wrote:
 I've simplified the share as you noted, and still have the same results.  If
 I create a file/folder on the linux side, I can read it without a problem.
  Once I map as a Window$ client, I cannot write.

You have 'public = yes' which is the synonym for 'guest ok = yes' ,
therefore anyone should be able to write. Let's make sure we have
proper guest capabilities by adding 'username map' parameter and its
associated file. For example:
In global:
username map = /etc/samba/smbusers

Contents of  /etc/samba/smbusers:
root = administrator
nobody = guest

And as the guest account is nobody make sure that the nobody account is valid.

Restart Samba and if you still have trouble it looks to be a
permissions issue on the nix side.

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

I've added in: username map = /etc/samba/smbusers

[r...@vm-stusrv ~]# more /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator
nobody = guest

Restarted smb.

No luck.

Thanks all for the help so far though!

Mike


On Wed, Jun 30, 2010 at 9:59 AM, Chris Smith smb...@chrissmith.org wrote:

 On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon mjl...@gmail.com wrote:
  I've simplified the share as you noted, and still have the same results.
  If
  I create a file/folder on the linux side, I can read it without a
 problem.
   Once I map as a Window$ client, I cannot write.

 You have 'public = yes' which is the synonym for 'guest ok = yes' ,
 therefore anyone should be able to write. Let's make sure we have
 proper guest capabilities by adding 'username map' parameter and its
 associated file. For example:
 In global:
 username map = /etc/samba/smbusers

 Contents of  /etc/samba/smbusers:
 root = administrator
 nobody = guest

 And as the guest account is nobody make sure that the nobody account is
 valid.

 Restart Samba and if you still have trouble it looks to be a
 permissions issue on the nix side.

 Chris

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)

I do not think that it is neither intended by MS nor normal to take so long.

I am using roaming profiles in a network with Vista64Business clients.
Although the users (mainly image processing work on a professional level)
tend to have rather huge user profiles (100MB-2 GB is normal, the max what I
had seen was 32GB), those login/logouts are actually speedy compared to the
Win7-64-pro userprofile that I have just freshly created and that is only a
few kilobytes in size.

A second thing is that the problem concerns only the initial creation of the
Win7 profile; it takes approx. 40 minutes). All subsequent logins/logouts
are very fast and take approx. only 10-20 seconds.
The comparison of those values shows that it is more but just an delay
because of the creation of some kilobytes of files.

The third thing is that I am having the same problem with programs that I
start. Programs that are installed locally on the client! When I am starting
them for the first time, I am having a delay of 5-10 Minutes until the
program starts. The subsequent times I start the program, it starts
instantly.

I am guessing that the problem has something to do with DNS or other
network-layer issues. Or maybe it is the Client searching for something on
the Samba server that is not existing?? It seems like the workstation Is
sending some query to samba and then waits ages for a timeout or something.
There is almost no network traffic the time that I am waiting


Tom

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

2010-06-30 Thread Tom Reijnders


Do you have SELinux active?

Op 30-6-2010 17:05, Michael Lyon schreef:

I've added in: username map = /etc/samba/smbusers

[r...@vm-stusrv ~]# more /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator
nobody = guest

Restarted smb.

No luck.

Thanks all for the help so far though!

Mike


On Wed, Jun 30, 2010 at 9:59 AM, Chris Smithsmb...@chrissmith.org  wrote:

   

On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyonmjl...@gmail.com  wrote:
 

I've simplified the share as you noted, and still have the same results.
   

  If
 

I create a file/folder on the linux side, I can read it without a
   

problem.
 

  Once I map as a Window$ client, I cannot write.
   

You have 'public = yes' which is the synonym for 'guest ok = yes' ,
therefore anyone should be able to write. Let's make sure we have
proper guest capabilities by adding 'username map' parameter and its
associated file. For example:
In global:
username map = /etc/samba/smbusers

Contents of  /etc/samba/smbusers:
root = administrator
nobody = guest

And as the guest account is nobody make sure that the nobody account is
valid.

Restart Samba and if you still have trouble it looks to be a
permissions issue on the nix side.

Chris

 


--
--

Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

2010-06-30 Thread John Drescher

On Wed, Jun 30, 2010 at 11:05 AM, Michael Lyon mjl...@gmail.com wrote:
 I've added in: username map = /etc/samba/smbusers

 [r...@vm-stusrv ~]# more /etc/samba/smbusers
 # Unix_name = SMB_name1 SMB_name2 ...
 root = administrator
 nobody = guest

 Restarted smb.

 No luck.


If the user logs into the *nix box with the same username that they
use in windows can they write to the folders?

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

2010-06-30 Thread zoolook

2010/6/29 Tom H. Lautenbacher mailingli...@lautenbacher.biz

 I wanted to ask if there is an official Samba Forum, because I could not
 find any on the Project Page. If there isn't any, is there a particular
 reason for this not-existance?


You cannot have an offline archive of a forum. That makes forums completely
useless (at least for me.)

There's no way someone can delete emails from my machines. Forums admins can
-and actually DO- delete offensive messages from forums.

Forums require more resources.

Etc.


Why do you want a forum?


Regards,
Norberto
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Can access samba server via HOSTNAME not by IP

2010-06-30 Thread Dawid Kuźba

Hello,

I have following problem:

We have to replace Windows 2003 domain controller with Windows 2008 .
Previously used version of Samba don't work properly with Windows 2008
(security issues) therefore I upgraded one of file servers(FC8) to Samba
3.0.33 (Release 0.fc8).

Result seemed to be ok until I realized that I can access shares only via
hostname, for example: \\smb2.mydomain.net or just \\smb2, trying to reach
it via IP is impossible. Result is: Windows cannot find
\\IPADDRESSblablabla

I also deployed completely new machine (CentOS 5.5, Samba 3.0.33, release
3.28.el5) just to be sure that it is not because of bad upgrade process and
result is the same.

I need access to server just by IP as I have separated localizations(LAN's)
where DNS is not always working as it should.

Below my smb.conf file:

 

[global]

workgroup = MYDOMAIN

realm = MYDOMAIN.NET

server string = smb2

security = ADS

log level = 3

log file = /var/log/samba/log.%m

max log size = 50

idmap uid = 1-2

idmap gid = 1-2

winbind separator = +

winbind enum users = Yes

winbind enum groups = Yes

 

[test1]

comment = Test Dir RW All

path = /Data/export/test1

read only = No

 

[test2]

comment = Some System Limited Access

path = /Data/export/test2

valid users = %D+name.surname1, %D+name.surname2

read only = No

 

Any help will do as this problem stops our domain migration.

Thanks in advance.

Dawid



 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

Hi Linda!

  I wanted to ask if there is an official Samba Forum

   No need?
   Why do you need a forum with a mailing list?

Because a forum IMHO has certain advantages over a mailing list.

 Forums are non-standard.  Mailing lists have software to process
 them in many ways.  Many are archived -- not something you get with
forums.

@Standard: Yes, I agree. This is a disadvantage for forums in comparison to
other means of communication, such as mailing lists or usenet-news.
@Software: What software is there and in which ways can you process mails?
@Archive: Anybody running a forum can decide on his own, if he wants to
archive things or not.

 Forums seems to be a 'windows' thing for users when companies want
 to be able to ignore their user base.
 Emails cause the companies too much headache because the user's
 emails
 end up in employee inboxes and cause distractions from doing real work,
 so they
 try to put users in forums, so they won't distract the companies'
 employees.

U, well.. I am self employed and feel distracted and annoyed by all
those useless emails from all those mailing-lists that I have to attend,
too.

My opinion is:
Every means of communication has it's functional range.

Mailing lists are existing since many years. They were perfect in those
pioneer years, when a small group of people worked together on a small
thing: Everyone needed to be informed about everything and everybody had to
discuss everything. Until today mailing lists serve such small development
groups very good.

But as projects grow bigger and the group of users with them, IMHO there
arises the need for further means of communication.

Speaking for me: I am a Samba user since about 2002, using Samba as
Administrator of some small-midsized Networks. I do not contribute code or
help developing. From time to time I am having a problem with implementing
Samba and need quick advice and help.

For me now to get help, I needed to subscribe to this mailing list. From
this moment on I received approx. 20 emails which do not concern me or my
problem. I do not know the answer to all of those questions either, so I
can't help anybody. I am just annoyed and bothered by my mailbox getting
literally spammed. Since Samba is not the only open source community who's
mailing list I am attending, I am receiving daily approx. 30-40 of those
emails.

For my case a forum would server much better. I could go there, post my
question and subscribe to my thread, getting email-notification just about
my question. Furthermore I could quickly browse the forum to see, if there
are any open topics where I think that I could help someone else out.
Given that the forum settings are saving all postings for ever, the whole
forum would serve everybody as a very valuable knowledge base, making it
easy to find answers for common problems, without bugging anybody or
spamming everybody with the 10,000 versions of the same question.

Both means of communication can easily live in harmony! Developers or hard
core members, who need to stay in touch very intensively and want to
participate to ALL communication can continue participating at the mailing
list (although it would be easily possible to just subscribe to an analogue
topic in the forum and get automatically all messages, but anyway..).

Another great plus of Forums is the possibility to use HTML and other
functionality. Well I know guys, all hardcore old-school guys among you
roll their eyes, because you love plain text stuff.

But the reality is that it does make sense and does bring communication
again to a much higher level of productivity, when you are able e.g. to
implement screenshots or diagrams to your answers, instead of having to e.g.
draw a network diagram with ASCII art...


Well there are many pros and cons to everything.

Fact is, that I am having a problem with Samba to that I can't find any
information, but instead get spammed with 30 emails that do not really
concern me. Fact is that although Windows 7 is out for a long time now, I
had to find all the information about the needed registry patches in some
other forums or spread over some archived mailing-list fragments, hard to
read and difficult to find. A decent userforum/knowledgebase would have
served in a much more efficient way!

So my final question:
If I would help making a Samba-Forum, would there be anybody here who would
appreciate and would like to use it? Would the official guys among you
want to implement it to the samba-homepage?

All the best
Tom H. Lautenbacher

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.0.23d - Solaris 10

2010-06-30 Thread Fair, Barbara

Good Morning

I have not been able to find the binary file(s) for Solaris.  I have downloaded 
the tarball for 3.0.23d, but when I go to run the make all command I get the 
following error:

  make: Fatal error: Command failed for target 'dynconfig.o'

I have not been able to find a workaround for it.  Do you have any suggestions?
I am running this on a Solaris 10 (release 11/06) box.

Thanks
Barb Fair
Lockheed Martin
Valley Forge, PA
610-531-5442


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

2010-06-30 Thread John H Terpstra

On 06/29/2010 07:01 PM, Tom H. Lautenbacher wrote:
 Hi Linda!
 
 I wanted to ask if there is an official Samba Forum

No, but there is a WiKi: http://wiki.samba.org

There are also the #samba and #samba-technical IRC channels.

  No need?
  Why do you need a forum with a mailing list?
 
 Because a forum IMHO has certain advantages over a mailing list.
 
 Forums are non-standard.  Mailing lists have software to process
 them in many ways.  Many are archived -- not something you get with
 forums.
 
 @Standard: Yes, I agree. This is a disadvantage for forums in comparison to
 other means of communication, such as mailing lists or usenet-news.
 @Software: What software is there and in which ways can you process mails?
 @Archive: Anybody running a forum can decide on his own, if he wants to
 archive things or not.
 
 Forums seems to be a 'windows' thing for users when companies want
 to be able to ignore their user base.
 Emails cause the companies too much headache because the user's
 emails
 end up in employee inboxes and cause distractions from doing real work,
 so they
 try to put users in forums, so they won't distract the companies'
 employees.
 
 U, well.. I am self employed and feel distracted and annoyed by all
 those useless emails from all those mailing-lists that I have to attend,
 too.
 
 My opinion is:
 Every means of communication has it's functional range.
 
 Mailing lists are existing since many years. They were perfect in those
 pioneer years, when a small group of people worked together on a small
 thing: Everyone needed to be informed about everything and everybody had to
 discuss everything. Until today mailing lists serve such small development
 groups very good.
 
 But as projects grow bigger and the group of users with them, IMHO there
 arises the need for further means of communication.
 
 Speaking for me: I am a Samba user since about 2002, using Samba as
 Administrator of some small-midsized Networks. I do not contribute code or
 help developing. From time to time I am having a problem with implementing
 Samba and need quick advice and help.

I guess that what you are really arguing for is a quick, free, source of
advice that meets your preferences for format and communications method.

There are plenty of commercial support providers for Samba from whom you
could almost certainly obtain quick and accurate advice.  That is a key
difference between free advice sources and commercial ones.

By definition, in a communications world where everyone's voice is equal
there is a mass of mis-information.  The challenge faced by the consumer
of free information is the burden of filtering out the noise. That
burden applies to a mailing list as well as to a forum or a WiKi.

In addition to the mass of incorrect information, most public and free
information sources (for example Google search) will readily help you to
locate people who have a problem, but few who post the solution.  There
are two key reasons for this:

a) By the time the problem has been solved there is pressure to move on.
Problem gone, so forget the agony - move on.

b) Realization that the problem was caused by an embarrassing mistake.


 For me now to get help, I needed to subscribe to this mailing list. From
 this moment on I received approx. 20 emails which do not concern me or my
 problem. I do not know the answer to all of those questions either, so I
 can't help anybody. I am just annoyed and bothered by my mailbox getting
 literally spammed. Since Samba is not the only open source community who's
 mailing list I am attending, I am receiving daily approx. 30-40 of those
 emails.
 
 For my case a forum would server much better. I could go there, post my
 question and subscribe to my thread, getting email-notification just about
 my question. Furthermore I could quickly browse the forum to see, if there
 are any open topics where I think that I could help someone else out.
 Given that the forum settings are saving all postings for ever, the whole
 forum would serve everybody as a very valuable knowledge base, making it
 easy to find answers for common problems, without bugging anybody or
 spamming everybody with the 10,000 versions of the same question.

I participate in several forums. I also receive approx. 500 emails per
day (at one time this was more like 3000 per day). In all cases the
noise level is over 90% - its the nature of the beast.

 Both means of communication can easily live in harmony! Developers or hard
 core members, who need to stay in touch very intensively and want to
 participate to ALL communication can continue participating at the mailing
 list (although it would be easily possible to just subscribe to an analogue
 topic in the forum and get automatically all messages, but anyway..).
 
 Another great plus of Forums is the possibility to use HTML and other
 functionality. Well I know guys, all hardcore old-school guys among you
 roll their eyes, because you love plain text stuff.
 
 But

Re: [Samba] Samba Forum vs. Mailing List?`!

Hi  Norberto,

 You cannot have an offline archive of a forum. That makes forums
completely useless (at least for me.)

Well you can, but I agree that it is very inconvenient to do so.


 There's no way someone can delete emails from my machines.

I agree.

 Forums admins can -and actually DO- delete offensive messages from forums.

This depends the admin and the forum. If we would do our very own
Samba-Forum it would be up to us witch rules we play..

 Forums require more resources.

Well yes, but I think that this someone can neglect because the need for
resources is quite limited.


 Why do you want a forum?

My arguments FOR a forum are:

1. If you come to Samba (or any other community project) as a NEW user, you
could find all the previous information and communication nicely organized
in the forum. The forum serves as a knowledgebase, which helps new users to
integrate quickly and supports them in getting the things setup without
pain. You can find the threads sorted in different subject-categories and
start browsing them, or you can start a forum search, which has a much
higher relevance of results, than a global google search.

Opposed to this: If you join NEW to a mailing list initially you do not find
ANYTHING, but have to start collecting emails in a personal archive over the
years (as you do). But if you need certain information NOW, the only
alternative is to do a Google-Search which is very sub-optimal to do,
compared to a forum search, or the logical division of subjects in a Forum.

As a result what a mailing list does is: It servers super for long-time
members of a project, who have collected all emails over the last past years
on their private harddisks and it makes it very difficult for new users to
access information. It serves well to the hard core of a project but makes
unnecessary barriers for newcomers.

2. Forum software commonly enables the threads to be enriched with binary or
with html-code. Thus explanations/help/etc. can be enriched with
screenshots, photos, links, diagrams, etc. 

3. A Forum has the advantage that I can subscribe to certain subjects! E.g.
I can say: Send me all future postings about Windows 7  Samba PDC.

4. And last but not least: Since a forum does not only gather messages but
also users, with profiles, maybe even pictures, etc. helps
community-spirit-building, a subject that gains importance those days.


As for the CONS:
I know them all. It is exactly the same discussion as with the never-ending
comparison of Usenet (News servers) and Webforums.

As for hybrid solutions: Also for newsservers there are exsting
webfrontends. But it remains to be sub-optimal, because if you keep all the
restrictions of the mailinglist (e.g. no binary) then also the forum losses
it's sense.

My preferred solution would be:
Many people - many different needs and preferences - many means of
communication. Some use email, some use telefax.
Why not have a mailing list AND a forum? Some other user claimed that this
would divide the users. Well yes, it would. It would divide the users in
mailinglist-users, forum-users and both-users.
This is not optimal, I know.
But for the moment the mailing-list divides, too! It divides in
mailing-list-users and users that walk away again from Samba. Think about
it!

All the best,
Tom


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

2010-06-30 Thread Felix Miata

On 2010/06/30 19:14 (GMT+0300) Tom H. Lautenbacher composed:

 1. If you come to Samba (or any other community project) as a NEW user, you
 could find all the previous information and communication nicely organized
 in the forum. The forum serves as a knowledgebase, which helps new users to
 integrate quickly and supports them in getting the things setup without
 pain. You can find the threads sorted in different subject-categories and
 start browsing them, or you can start a forum search, which has a much
 higher relevance of results, than a global google search.

Any given post may or may not belong in a particular subject category, may
belong in multiple categories, and may not be included in the most
appropriate category. Categorization as a benefit, absent considerable
involvement by the admin, is an illusion.

 Opposed to this: If you join NEW to a mailing list initially you do not find
 ANYTHING, but have to start collecting emails in a personal archive over the
 years (as you do). But if you need certain information NOW, the only
 alternative is to do a Google-Search which is very sub-optimal to do,
 compared to a forum search, or the logical division of subjects in a Forum.

I subscribe to well in excess of 60 mailing lists. I'm aware of none of them
that do not have a searchable archive, which may or may not use Google as its
search engine, but nevertheless limits the searches to the archive itself at
least optionally.
-- 
The wise are known for their understanding, and pleasant
words are persuasive. Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409

Felix Miata  ***  http://fm.no-ip.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

2010-06-30 Thread Chris Smith

On Wed, Jun 30, 2010 at 12:14 PM, Tom H. Lautenbacher
mailingli...@lautenbacher.biz wrote:
 1. If you come to Samba (or any other community project) as a NEW user, you
 could find all the previous information and communication nicely organized
 in the forum. The forum serves as a knowledgebase, which helps new users to
 integrate quickly and supports them in getting the things setup without
 pain. You can find the threads sorted in different subject-categories and
 start browsing them, or you can start a forum search, which has a much
 higher relevance of results, than a global google search.

I don't find forums all that useful as a knowledge base. The search
capabilities of most are generally sub-optimal and the information
isn't all that well organized.

 Opposed to this: If you join NEW to a mailing list initially you do not find
 ANYTHING, but have to start collecting emails in a personal archive over the
 years (as you do). But if you need certain information NOW, the only
 alternative is to do a Google-Search which is very sub-optimal to do,
 compared to a forum search, or the logical division of subjects in a Forum.

Not true there are other alternatives. Here's one:
nntp://news.gmane.org/gmane.network.samba.general

And with a good newsreader you have much flexibility.

 As a result what a mailing list does is: It servers super for long-time
 members of a project, who have collected all emails over the last past years
 on their private harddisks and it makes it very difficult for new users to
 access information. It serves well to the hard core of a project but makes
 unnecessary barriers for newcomers.

Again:
nntp://news.gmane.org/gmane.network.samba.general
(and with a good newsreader you can have your own local copy)

 2. Forum software commonly enables the threads to be enriched with binary or
 with html-code. Thus explanations/help/etc. can be enriched with
 screenshots, photos, links, diagrams, etc.

Picasa, Flickr, your own site, etc. Pastebin for code. Links are
allowed here, lets the reader decide on whether or not to use the time
and bandwidth.

 3. A Forum has the advantage that I can subscribe to certain subjects! E.g.
 I can say: Send me all future postings about Windows 7  Samba PDC.

And you can star/filter a conversation or thread with email readers
and news readers.

 4. And last but not least: Since a forum does not only gather messages but
 also users, with profiles, maybe even pictures, etc. helps
 community-spirit-building, a subject that gains importance those days.

But will you recognize them in a dark alley?

 As for the CONS:
 I know them all. It is exactly the same discussion as with the never-ending
 comparison of Usenet (News servers) and Webforums.

I lament the loss of newsgroups - always seemed just right. Post once,
read many.

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] net rpc file checks in 3.5.x

2010-06-30 Thread Michal Soltys

When doing simple:

net rpc file -Untadmin

With ntadmin being a user belonging to properly groupmapped domain admins,
 (with rid 512), including cases with ntadmin being rid=500 itself, 
I always get:

[2010/06/30 15:06:46.272578,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [ntadmin] - [ntadmin] - 
[ntadmin] succeeded
[2010/06/30 15:06:46.276232,  1] 
rpc_server/srv_srvsvc_nt.c:1039(_srvsvc_NetFileEnum)
  Enumerating files only allowed for administrators


I've peeked into srv_srvsvc_nt.c and the main difference from earlier 
samba versions (in the function mentioned in logs) is the addition 
of the following check:

if (!nt_token_check_sid(global_sid_Builtin_Administrators,
p-server_info-ptok)) {
DEBUG(1, (Enumerating files only allowed for 
  administrators\n));
return WERR_ACCESS_DENIED;
}

Judging from variables' names it checks if a user belongs to builtin group. 
Assuming 
this kind of check is intended in this place - how to actually make 
[functionally 
working] builtin group ? groupmap allows mapping to local and builtins groups, 
and 
I've also tested some net rpc group variations - but so far to no actual 
effect. 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] limit access to folder without mapping a new drive

2010-06-30 Thread Nulty, Helen P

We do this using msdfs root.

Make /files an msdfs root.
Create separate shares at the same level as /files for the folders that need to 
be restricted.
Place msdfs links to those shares under departments/.

Helen

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of John Drescher
Sent: Tuesday, June 29, 2010 12:24 PM
To: c cc
Cc: samba@lists.samba.org
Subject: Re: [Samba] limit access to folder without mapping a new drive

 Under our file structure, we have /files/all/departments/. We want
 everyone to have access to all the folders under files, but there are
 couple of folders in the departments directory/folder that need to
 limit access to only one person. Is it possible without mapping a new
 drive? Thanks!


The way I prefer to do this is to set proper posix acls.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

Hello John

  I wanted to ask if there is an official Samba Forum
 
 No, but there is a WiKi: http://wiki.samba.org

A Wiki is IMHO a GREAT thing.

But a wiki is the database that gathers the RESULTS of discussions, i.e. the
SOLUTIONS to problems. A wiki is a great 2nd step to place ready solutions,
FAQs, howtos, etc. after having solved the PROBLEMS in e.g. a forum, a
newsgroup or a mailing list.

 There are also the #samba and #samba-technical IRC channels.

An IRC channel is right the opposite direction I would like to go: It makes
the communication even more interactive and even more temporary, than a
mailing list.

 I guess that what you are really arguing for is a quick, free, source of
 advice that meets your preferences for format and communications method.
 
 There are plenty of commercial support providers for Samba from whom you
 could almost certainly obtain quick and accurate advice.  That is a key
 difference between free advice sources and commercial ones.

No I do not want any commercial support. I want structured information at my
fingertips :-)
 
 By definition, in a communications world where everyone's voice is equal
 there is a mass of mis-information.  The challenge faced by the consumer
 of free information is the burden of filtering out the noise. That
 burden applies to a mailing list as well as to a forum or a WiKi.

FACK.

 In addition to the mass of incorrect information, most public and free
 information sources (for example Google search) will readily help you to
 locate people who have a problem, but few who post the solution.  There
 are two key reasons for this:
 
 a) By the time the problem has been solved there is pressure to move on.
 Problem gone, so forget the agony - move on.

Well this is an interesting point. I have to say that for me I have
recognized the following psychological effect, and I assume that this
applies to others, too:

I am realizing a higher will to contribute my solutions afterwards to the
community, if I have the impression that my effort is going to be existing
somewhere permanent, and not to be something of temporary character..
This is why I love to contribute to wikis, too.
 
  draw a network diagram with ASCII art...
 
 That's why we have the WiKi. http://wiki.samba.org

The wiki is a very good thing! But it is another means of communication that
again for itself serves other demands of communication. It serves the
archiving of ready solutions, not the finding of those. But solutions found
in discussion forum can be quite easily transformed to an entry in a wiki.

 If you want editing rights - just ask.

A wiki should have editing rights for everyone. See Wikipedia. Otherwise it
loses a great deal of it's idea and of it's power and momentum.

  Well there are many pros and cons to everything.
  Fact is, that I am having a problem with Samba to that I can't find any
  information, but instead get spammed with 30 emails that do not really
  concern me. Fact is that although Windows 7 is out for a long time now,
I
  had to find all the information about the needed registry patches in
some
  other forums or spread over some archived mailing-list fragments, hard
to
  read and difficult to find. A decent userforum/knowledgebase would have
  served in a much more efficient way!
 Have you read the on-line documentation from the Samba web site?
 http://www.samba.org/samba/docs

Yes.

  So my final question:
  If I would help making a Samba-Forum, would there be anybody here who
 would
  appreciate and would like to use it? Would the official guys among you
  want to implement it to the samba-homepage?
 
 Firstly, you do not need permission to create a Samba-Forum.  If that is
 your passion - just do it.

 Secondly, what do you mean by official guys?
 
 Send me the link to your Samba-Forum and I will add it to the Samba web
 site. If you really need a blessing we can arrange that, but it will
 cost extra. :-)  (Joking!!!).

Well yes, sure, nobody could stop me in making some unofficial
Samba-Userforum on my server.

But for a forum to prosper and to become truly a great thing, it is
necessary that it becomes the official forum of a project. The
Samba-Forum - not the unofficial forum no. 2010320 out of 300 of some
private internet nerd.

With official guys I mean the core team that decides e.g. what is part of
the Samba Project site www.samba.org.
A plain link would not be enough to become the official forum. It should be
fully integrated into the website of samba.org, becoming a part of it (no
matter on what server the forum actually lives!)

And then secondly it would need you guys actually want it! Because it will
be up to you - the existing and already involved Samba users - to start
using the forum so that it might attract others - new samba users - to join.
If no one over here is actually interested in such a forum, then the whole
effort is doomed right from the beginning.

Best regards
Tom


-- 
To unsubscribe from this list go to the

[Samba] Samba groups membership

2010-06-30 Thread Jason Voorhees

Hi all:

I was running Samba 3.0.x (from CentOS 5 repository) integrated with
OpenLDAP as a complete PDC solution that worked fine for several
moths. As we needed to join Win7 computers to the domain I upgraded to
Samba 3.5.3 keeping my Samba configuration the same.

We find that after this upgrade the root account of the domain wasn't
able to access to C$, D$ or other administrative resources of Windows
Machines. After looking for a solution I found some issues that I'm
not really sure if they appeared as a consequence of the upgrade. I
found this:

# net groupmap list returns this:

users (S-1-5-21-895592719-3520082440-1574223224-2001) - jpp
Account Operators (S-1-5-32-548) - Account Operators
Administrators (S-1-5-32-544) - Administrators
Backup Operators (S-1-5-32-551) - Backup Operators
Domain Admins (S-1-5-21-895592719-3520082440-1574223224-512) - Domain Admins

... among other groups

# smbldap-groupshow Domain Admins ... returns this:

dn: cn=Domain Admins,ou=groups,dc=mintra,dc=gob,dc=pe
cn: Domain Admins
gidNumber: 512
description: Netbios Domain Administrators
displayName: Domain Admins
objectClass: posixGroup,sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-895592719-3520082440-1574223224-512
memberUid:
mescalante,jhuarancca,kaguilar,olmontero,ycabezas,arojas,secretaria_tecnica,graymundo,dpenadillo,jbarreda,lquevedo,hurquizo,mnicho,root

... so I can see that root is member of this Domain Admins group, but...

# net rpc group members Domain Admins ... returns nothing! The same
happens when querying other Samba groups.

I don't know why this command doesn't return the list of members of
this group. Well, I just tried to add a user manually:

# net rpc group addmem Domain Admins someuser -U root and return this:

Could not add someuser to Domain Admins: NT_STATUS_ACCESS_DENIED

Does anybody know why can't add a user to the group? Why Samba net
utility isn't showing the list of members of my groups? I know that
the Domain Admins group determines who can take control of machines
joined to the Domain, but after the upgrade to Samba 3.5.x the list of
members isn't working correctly.

I would appreciate some help regarding this. I don't know if I need to
add some extra configuration to smb.conf. I hope someone can help me.

Thanks

P.D.: Sorry, my english isn't too good
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

2010-06-30 Thread James Zuelow

Original Message
From: samba-boun...@lists.samba.org
[mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent:
Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com
Cc: samba@lists.samba.org
Subject: Re: [Samba] Can Map shares but cannot write

 Heh, I made myself the owner, and still can't create a file.

 [r...@vm-stusrv test]# getfacl /home/share/students/
 getfacl: Removing leading '/' from absolute path names
 # file: home/share/students/
 # owner: mlyon
 # group: students
 user::rwx
 group::rwx
 group:students:rwx
 mask::rwx
 other::rwx

 Mike

Try using the default flag for setfacl.  I always have this problem with 
setfacl:

$ setfacl -m g:students:rwx foo

doesn't work, but I have better luck with

$ setfacl -d -m g:students:rwx foo

I don't know why, it seems like it should work with the first setup but it 
rarely does for me.

And if THAT doesn't work, I connect to the share as an admin Windows user 
(administrator in your case) and set the ACLs using Windows Explorer.

James Zuelow
Network Specialist
City and Borough of Juneau MIS
(907) 586-0236
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

2010-06-30 Thread Helmut Hullen

Hallo, Tom,

Du meintest am 30.06.10:

 No I do not want any commercial support. I want structured
 information at my fingertips :-)

You get what you pay for.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

2010-06-30 Thread Gaiseric Vandal

What happens if you try to mount a samba share via CIFS from linux (e.g. 
smbclient, mount -o cifs ?)   Or may be mount the drive in windows with 
the net use command.Either way you explicitly set the domain/username.


Do any of the other log files refer to issues with mapping users?

What is the Host OS?  Guessing some linux varient?



On 06/30/2010 02:40 PM, James Zuelow wrote:

Original Message
From: samba-boun...@lists.samba.org
[mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent:
Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com
Cc: samba@lists.samba.org
Subject: Re: [Samba] Can Map shares but cannot write

   

Heh, I made myself the owner, and still can't create a file.

[r...@vm-stusrv test]# getfacl /home/share/students/
getfacl: Removing leading '/' from absolute path names
# file: home/share/students/
# owner: mlyon
# group: students
user::rwx
group::rwx
group:students:rwx
mask::rwx
other::rwx

Mike

 

Try using the default flag for setfacl.  I always have this problem with 
setfacl:

$ setfacl -m g:students:rwx foo

doesn't work, but I have better luck with

$ setfacl -d -m g:students:rwx foo

I don't know why, it seems like it should work with the first setup but it 
rarely does for me.

And if THAT doesn't work, I connect to the share as an admin Windows user 
(administrator in your case) and set the ACLs using Windows Explorer.

James Zuelow
Network Specialist
City and Borough of Juneau MIS
(907) 586-0236
   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can Map shares but cannot write

The culprit was selinux.

Thanks for everyone's help!

Mike


On Wed, Jun 30, 2010 at 2:26 PM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:

 What happens if you try to mount a samba share via CIFS from linux (e.g.
 smbclient, mount -o cifs ?)   Or may be mount the drive in windows with the
 net use command.Either way you explicitly set the domain/username.

 Do any of the other log files refer to issues with mapping users?

 What is the Host OS?  Guessing some linux varient?




 On 06/30/2010 02:40 PM, James Zuelow wrote:

 Original Message
 From: samba-boun...@lists.samba.org
 [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent:
 Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com
 Cc: samba@lists.samba.org
 Subject: Re: [Samba] Can Map shares but cannot write



 Heh, I made myself the owner, and still can't create a file.

 [r...@vm-stusrv test]# getfacl /home/share/students/
 getfacl: Removing leading '/' from absolute path names
 # file: home/share/students/
 # owner: mlyon
 # group: students
 user::rwx
 group::rwx
 group:students:rwx
 mask::rwx
 other::rwx

 Mike



 Try using the default flag for setfacl.  I always have this problem with
 setfacl:

 $ setfacl -m g:students:rwx foo

 doesn't work, but I have better luck with

 $ setfacl -d -m g:students:rwx foo

 I don't know why, it seems like it should work with the first setup but it
 rarely does for me.

 And if THAT doesn't work, I connect to the share as an admin Windows user
 (administrator in your case) and set the ACLs using Windows Explorer.

 James Zuelow
 Network Specialist
 City and Borough of Juneau MIS
 (907) 586-0236



 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)

2010-06-30 Thread Natxo Asenjo

On Wed, Jun 30, 2010 at 5:10 PM, Tom H. Lautenbacher
mailingli...@lautenbacher.biz wrote:
I do not think that it is neither intended by MS nor normal to take so long.

I am using roaming profiles in a network with Vista64Business clients.
Although the users (mainly image processing work on a professional level)
tend to have rather huge user profiles (100MB-2 GB is normal, the max what I
had seen was 32GB), those login/logouts are actually speedy compared to the
Win7-64-pro userprofile that I have just freshly created and that is only a
few kilobytes in size.

A second thing is that the problem concerns only the initial creation of the
Win7 profile; it takes approx. 40 minutes). All subsequent logins/logouts
are very fast and take approx. only 10-20 seconds.
The comparison of those values shows that it is more but just an delay
because of the creation of some kilobytes of files.

The third thing is that I am having the same problem with programs that I
start. Programs that are installed locally on the client! When I am starting
them for the first time, I am having a delay of 5-10 Minutes until the
program starts. The subsequent times I start the program, it starts
instantly.

I am guessing that the problem has something to do with DNS or other
network-layer issues. Or maybe it is the Client searching for something on
the Samba server that is not existing?? It seems like the workstation Is
sending some query to samba and then waits ages for a timeout or something.
There is almost no network traffic the time that I am waiting

with xp/2003 you could turn on the userenv.log, but apparently this
does not work with windows 7
(http://social.technet.microsoft.com/Forums/en/winserverGP/thread/a9b36648-aa9f-4ff7-b23f-c1123b7984e9);
so check the event log of the client and/or use process monitor from
sysinternals to get a log of what is going on it. See this
http://blogs.technet.com/b/markrussinovich/archive/2010/01/13/3305263.aspx
for inspiration.

good luck!

--
natxo
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)

Ok I think it helps if I summarize my problem:

Client: Windows 7 Professional, 64bit, English
Server: openSUSE 11.2, running Samba 3.4.3 as a PDC

Login as Local user:
=
First time login: Profile is being created very fast
Further logins: Profile is being loaded very fast
First time launch of software: Instant startup of software
Further launches of software: Instant startup of software

Login as domain user:
=
First time login: Profile creation takes AGES (30-50 minutes)
Further logins: Profile is being loaded very fast (10-20 seconds)
First time launch of locally installed software: Startup of software takes
ages (approx 3-6 minutes)
Further launches of locally installed software: Instant startup of software


 I'd ask on one of the windows groups -- maybe some MVP would know.

Ok!

 that or try tracing the actions with the 'sysinternal' tools
 (at the ms website now)...you can use 'process monitor' to
 see what a process is doing -- shows you network registry and file
 accesses -- and its free.
 
 Their creator works for MS now ...type in sysinternals.com -- it
 redirects to the microsoft website now.

Thank you I will check that out!

 I doubt it's samba -- since no one else is seeing that symptom...

I think it is, since I am having this effect only when using my roaming
profile!
But I think that the group of users using the following combination:
Samba 3.4.3  Windows 7-64bit  Samba as a PDC  roaming profiles  using
this mailing list  being able to report the problem
is very limited until today..
 
 maybe some antivirus interaction?
Will check with sysinternals but assume no, because oft he
locally-is-everything-fine thing.

 the login/logouts -- read about them on MS's website...look up
 under profile loading ... it talks about how multi-gig profiles
 will really slow down first time loading.

As I wrote, I am having the problem with FRESH CREATED profiles, which are
just a few kilobytes of size!

 If you think it is a network problem,
 use wireshark -- it will let you observe the network traffic.
 
 (google it) it's also free.

Thank you Linda.

 You need to become familiar with all these diagnotic tools
 (that and get yourself a procmail email filter so you  can filter
 out all the garbage from all the email groups you have to subscribe
 to to just keep things working!)...

Do you know a good windows-alternative to procmail? Isn't the new outlook
2010 able to group emails into threads?

  Seriously -- I have nearly 80 email groups I sub to...if I didn't filter
 I'd just 'lose it'...but they all go into folders and I read them when
 I want...if I don't, I have them setup to automatically expire after
 a few months...  it's just like a forum, but bettersince it's
 all in one place!  :-)

Well I am attending to about 20 forums and I am having everything in one
place too: My email-mailbox as soon as I am getting an answer to my postings
:-) But not 1 other emails that need further processing ;-)

 Good luck...!  Lemmy know if I can point you at any
 tools -- look for open source ones (or MS supported ones)...
 
 that way you have less to worry about in the way of viruses!  :-)

Ok, thank you!

Cheers,
Tom

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)

Ok I think it helps if I summarize my problem:

Client: Windows 7 Professional, 64bit, English
Server: openSUSE 11.2, running Samba 3.4.3 as a PDC

Login as Local user:
=
First time login: Profile is being created very fast
Further logins: Profile is being loaded very fast
First time launch of software: Instant startup of software
Further launches of software: Instant startup of software

Login as domain user:
=
First time login: Profile creation takes AGES (30-50 minutes)
Further logins: Profile is being loaded very fast (10-20 seconds)
First time launch of locally installed software: Startup of software takes
ages (approx 3-6 minutes)
Further launches of locally installed software: Instant startup of software


 I'd ask on one of the windows groups -- maybe some MVP would know.

Ok!

 that or try tracing the actions with the 'sysinternal' tools
 (at the ms website now)...you can use 'process monitor' to
 see what a process is doing -- shows you network registry and file
 accesses -- and its free.
 
 Their creator works for MS now ...type in sysinternals.com -- it
 redirects to the microsoft website now.

Thank you I will check that out!

 I doubt it's samba -- since no one else is seeing that symptom...

I think it is, since I am having this effect only when using my roaming
profile!
But I think that the group of users using the following combination:
Samba 3.4.3  Windows 7-64bit  Samba as a PDC  roaming profiles  using
this mailing list  being able to report the problem
is very limited until today..
 
 maybe some antivirus interaction?
Will check with sysinternals but assume no, because oft he
locally-is-everything-fine thing.

 the login/logouts -- read about them on MS's website...look up
 under profile loading ... it talks about how multi-gig profiles
 will really slow down first time loading.

As I wrote, I am having the problem with FRESH CREATED profiles, which are
just a few kilobytes of size!

 If you think it is a network problem,
 use wireshark -- it will let you observe the network traffic.
 
 (google it) it's also free.

Thank you Linda.

 You need to become familiar with all these diagnotic tools
 (that and get yourself a procmail email filter so you  can filter
 out all the garbage from all the email groups you have to subscribe
 to to just keep things working!)...

Do you know a good windows-alternative to procmail? Isn't the new outlook
2010 able to group emails into threads?

  Seriously -- I have nearly 80 email groups I sub to...if I didn't filter
 I'd just 'lose it'...but they all go into folders and I read them when
 I want...if I don't, I have them setup to automatically expire after
 a few months...  it's just like a forum, but bettersince it's
 all in one place!  :-)

Well I am attending to about 20 forums and I am having everything in one
place too: My email-mailbox as soon as I am getting an answer to my postings
:-) But not 1 other emails that need further processing ;-)

 Good luck...!  Lemmy know if I can point you at any
 tools -- look for open source ones (or MS supported ones)...
 
 that way you have less to worry about in the way of viruses!  :-)

Ok, thank you!

Cheers,
Tom

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

Hello Helmut,

  No I do not want any commercial support. I want structured
  information at my fingertips :-)
 
 You get what you pay for.

With all respect, but what you write to me sounds like irony against the
whole open source  community idea.
I certainly DO think that well structured information is something that an
open source community is very well able to provide.

Cheers
Tom

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)

2010-06-30 Thread John Drescher

 But I think that the group of users using the following combination:
 Samba 3.4.3  Windows 7-64bit  Samba as a PDC  roaming profiles  using
 this mailing list  being able to report the problem
 is very limited until today..


I am using roaming profiles with windows 7 64 and samba PDC / BDCs. I
am not using 3.4.3 however. Currently we are running 3.5.4. I did have
3.4.6 for a few weeks just after the upgrade from 3.0.37 to support
windows 7. I do not have the 40 minute initial logins. However it does
take me 5 minutes to login and logout on a 100% gigabit network every
single time not just the first time. At some point I will look into
folder redirection on top of the trimming of the profiles that I have
begun..

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Forum vs. Mailing List?`!

2010-06-30 Thread Helmut Hullen

Hallo, Tom,

Du meintest am 30.06.10 zum Thema RE: [Samba] Samba Forum vs. Mailing List?`!:

 No I do not want any commercial support. I want structured
 information at my fingertips :-)

 You get what you pay for.

 With all respect, but what you write to me sounds like irony against
 the whole open source  community idea.

Not against the idea - only against you.

 I certainly DO think that well structured information is something
 that an open source community is very well able to provide.

I agree. But that isn't related to forums. And structuring information  
is work. Someone has to do it.

Don't cry for other people's work, do it yourself. Or pay for it.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)

2010-06-30 Thread Linda W






I doubt it's samba -- since no one else is seeing that symptom...


I think it is, since I am having this effect only when using my roaming
profile!
But I think that the group of users using the following combination:
Samba 3.4.3  Windows 7-64bit  Samba as a PDC  roaming profiles  using
this mailing list  being able to report the problem
is very limited until today..


Well -- not exactly -- I have almost the same symptom -- but
on logout -- it takes up to 45 minutes for my Win7 profile to be
copied to my PDC.But I've tried Samba 3.5.2, 3.5.3 and 3.5.3.
Hey...that's something to try.Try the latest released version and
see if you have the same symptoms/problems!

	But I am using both a Win7-64 and WinXP client to log into my 
PDC and generate continuous havoc.  Just wait until you try using winbind

to authenticate security on your linux PDC!  Ha!  Warning -- keep
a rescue disk around in case you get locked out of your system!  ;^]

	On top of roaming profiles, I used the group policy client 
to create roaming profiles for all clients -- even if they were

not part of the domain!  (this was when I was having problems
joining my computers to the domain reliably).

	Anyway --  I have long logins on Win7 (~ 4-5 minutes, 
vs. about 20 seconds on XP).  Where I get the real long pauses are

on logout -- I've seen it finsh after 45 minutes one time -- the
clients are communicating to the PDC but at speeds usually 100K/s.

I know that it is not likely to be samba's fault in regards
to the speed, since I get *up to* 100MB read/write to samba during
benchmark testing.


 

maybe some antivirus interaction?

Will check with sysinternals but assume no, because oft he
locally-is-everything-fine thing.


the login/logouts -- read about them on MS's website...look up
under profile loading ... it talks about how multi-gig profiles
will really slow down first time loading.


As I wrote, I am having the problem with FRESH CREATED profiles, which are
just a few kilobytes of size!

---
Ok -- that's just weird.  No argument!





If you think it is a network problem,
use wireshark -- it will let you observe the network traffic.

(google it) it's also free.


Thank you Linda.


You need to become familiar with all these diagnotic tools
(that and get yourself a procmail email filter so you  can filter
out all the garbage from all the email groups you have to subscribe
to to just keep things working!)...


Do you know a good windows-alternative to procmail? Isn't the new outlook
2010 able to group emails into threads?


You can run all the linux utils -- including procmail under
cygwin on windows.  I missed all the linux utils so much -- I installed cygwin
on windows 7 years ago and haven't done without it since!  You can even run
a local IMAP server on your windows box -- let your windows box download all 
your
email from your ISP -- then connect to the local server with Outlook or 
Thunderbird
and use IMAP.

OR -- better -- use  your server as an email server as well!
My server downloads my email from my ISP  (see linux util 'fetchmail'), then it 
calls my filter script (or it could call procmail).  It also calls spamassassin

before it tries to deliver it to me.  But then my filter script (like procmail 
only
different!) sorts the emails into folders in my home directory on the
linux server under 'mail'.  I then use 'dovecot' (an very fast, secure IMAP 
server) to serve my email to my windows clients.  Since I have multiple machines,

I don't want the email coming to one of the windows machines.  It stays on the
server in my home directory.  I have well over 100 file folders -- only about 
70 of them
actively receive email (some are just archives/sorting bins).  But in my email
clients I see all the folders by email list -- I read them when I have time --
so I don't get interrupts.  


I think you'll find it's better to leave the email on the server -- 
that way
if you can try differnt clients (I can switch between outlook and tbird if I 
was so
perverse).  Both will read my active mail.  Groups that have new messages in 
Tbird
light up in blue.



Seriously -- I have nearly 80 email groups I sub to...if I didn't filter

I'd just 'lose it'...but they all go into folders and I read them when
I want...if I don't, I have them setup to automatically expire after
a few months...  it's just like a forum, but bettersince it's
all in one place!  :-)


Well I am attending to about 20 forums and I am having everything in one
place too: My email-mailbox as soon as I am getting an answer to my postings
:-) But not 1 other emails that need further processing ;-)


But you can't keep track of the 20-80 forums when you want -- in your
email client -- you have to find the websites for each of them.  And just now
(and day before yesterday). when I wanted to respond to someone in forums (I
read forums too -- no choice for some groups) -- I have to 'sign

Re: [Samba] Samba3 to samba4 migration

2010-06-30 Thread Lukasz Zalewski


On 29/06/2010 19:14, Luciano Andre Baramarchi wrote:

Hi,

I'm testing samba 4 in my organization. I have a samba3 domain with LDAP 
backend. I'm trying migrate workstations and users
from old samba to samba4. Is this possible?

Thanks,

Luciano
luci...@multitasknet.com.br





Hi,
We are in the same situation with large user/group/machine set needed to 
be ported to the new s4 world. The only solution i can see at the moment 
would be to dump the contents of the appropriate LDAP sections (it being 
users/group/machines/etc) into ldif(s) in a format acceptable by s4 and 
then add them using ldbadd (and possbly sync using ldbmodify later on).
Would it be a worthwhile to add yet another net cmd utility to allow 
importing stuff from existing LDAP infrastructure (maybe conceptually 
simmilar to existing vampire cmd)?


Regards

Luk
























--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)

Hello John,
 
 I am using roaming profiles with windows 7 64 and samba PDC / BDCs. I
 am not using 3.4.3 however. Currently we are running 3.5.4. I did have
 3.4.6 for a few weeks just after the upgrade from 3.0.37 to support
 windows 7. I do not have the 40 minute initial logins. However it does
 take me 5 minutes to login and logout on a 100% gigabit network every
 single time not just the first time. At some point I will look into
 folder redirection on top of the trimming of the profiles that I have
 begun..

To me this sounds like a normal case of overcrowded user profiles.

What I could witness in one of my networks (Samba 3 + Vista64Business) is
that the userprofiles grew very huge even thoug literally ANY userspace data
is being saved to those profiles.

What I mean is:
ALL data that the people at the workstations process is mounted on
samba-shares on the server (which I connect via script as network drives to
their profiles).

But jet again the user profiles grew tremendously, reaching up to 32GB in
one case, what resulted in 1h logon/logoff times.

In my case the error was one of the programs that they used: Adobe Bridge.
This program generates tons of cache data, which - senseless! - is being
saved into the C:\Users\Username\appdata\roaming folder, instead of the
C:\Users\Username\appdata\local folder.
Another such program is Adobe Lightroom which generates huge thumbnail
databases.

Etc.
What I want to say is: Have a look into the profiles and analyze what the
source for growing profiles is, if you have placed normal userspace data
already into normal shares so that they move out of the profile.

All the best
tom

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Listing Domain Local Groups from a Samba Member (NT4 PDC)

2010-06-30 Thread Guy Rouillier


On 6/30/2010 2:30 AM, Mark Sheard wrote:

I have Ubuntu version 10.04
Samba ver  3.0.28a-1ubuntu4.12


I just did a fresh install of 10.04 x86 32-bit, and smbd reports version 
3.4.7.  How did you end up with 3.0.28?  Try smbd -version and see 
what that reports.


--
Guy Rouillier
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first timein my Windows 7 Profile (Samba 3.4.3 as PDC)









Well -- not exactly -- I have almost the same symptom -- but
on logout -- it takes up to 45 minutes for my Win7 profile to be
copied to my PDC.But I've tried Samba 3.5.2, 3.5.3 and 3.5.3.
Hey...that's something to try.Try the latest released version and
see if you have the same symptoms/problems!


I've not had these problems.  (I don't call it a problem if someone 
with a 10GB profile has slow login logout times...anywho).  But I 
typically place profiles on a mount that does not have ACL's turned 
on.  More recently on ZFS volumes.


Be interesting to see network traffic.

TMS III




But I am using both a Win7-64 and WinXP client to log into my
PDC and generate continuous havoc.  Just wait until you try using 
winbind

to authenticate security on your linux PDC!  Ha!  Warning -- keep
a rescue disk around in case you get locked out of your system!  ;^]

On top of roaming profiles, I used the group policy client
to create roaming profiles for all clients -- even if they were
not part of the domain!  (this was when I was having problems
joining my computers to the domain reliably).

Anyway --  I have long logins on Win7 (~ 4-5 minutes,
vs. about 20 seconds on XP).  Where I get the real long pauses are
on logout -- I've seen it finsh after 45 minutes one time -- the
clients are communicating to the PDC but at speeds usually 100K/s.

I know that it is not likely to be samba's fault in regards
to the speed, since I get *up to* 100MB read/write to samba during
benchmark testing.







maybe some antivirus interaction?

Will check with sysinternals but assume no, because oft he
locally-is-everything-fine thing.



the login/logouts -- read about them on MS's website...look up
under profile loading ... it talks about how multi-gig profiles
will really slow down first time loading.


As I wrote, I am having the problem with FRESH CREATED profiles, which 
are

just a few kilobytes of size!

---
Ok -- that's just weird.  No argument!







If you think it is a network problem,
use wireshark -- it will let you observe the network traffic.

(google it) it's also free.


Thank you Linda.



You need to become familiar with all these diagnotic tools
(that and get yourself a procmail email filter so you  can filter
out all the garbage from all the email groups you have to subscribe
to to just keep things working!)...


Do you know a good windows-alternative to procmail? Isn't the new 
outlook

2010 able to group emails into threads?


You can run all the linux utils -- including procmail under
cygwin on windows.  I missed all the linux utils so much -- I 
installed cygwin
on windows 7 years ago and haven't done without it since!  You can 
even run
a local IMAP server on your windows box -- let your windows box 
download all your
email from your ISP -- then connect to the local server with Outlook 
or Thunderbird

and use IMAP.

OR -- better -- use  your server as an email server as well!
My server downloads my email from my ISP  (see linux util 
'fetchmail'), then it
calls my filter script (or it could call procmail).  It also calls 
spamassassin
before it tries to deliver it to me.  But then my filter script (like 
procmail only

different!) sorts the emails into folders in my home directory on the
linux server under 'mail'.  I then use 'dovecot' (an very fast, secure 
IMAP
server) to serve my email to my windows clients.  Since I have 
multiple machines,
I don't want the email coming to one of the windows machines.  It 
stays on the
server in my home directory.  I have well over 100 file folders -- 
only about 70 of them
actively receive email (some are just archives/sorting bins).  But in 
my email
clients I see all the folders by email list -- I read them when I have 
time --

so I don't get interrupts.

I think you'll find it's better to leave the email on the server -- 
that way
if you can try differnt clients (I can switch between outlook and 
tbird if I was so
perverse).  Both will read my active mail.  Groups that have new 
messages in Tbird

light up in blue.








Seriously -- I have nearly 80 email groups I sub to...if I didn't 
filter

I'd just 'lose it'...but they all go into folders and I read them when
I want...if I don't, I have them setup to automatically expire after
a few months...  it's just like a forum, but bettersince it's
all in one place!  :-)


Well I am attending to about 20 forums and I am having everything in 
one
place too: My email-mailbox as soon as I am getting an answer to my 
postings

:-) But not 1 other emails that need further processing ;-)


But you can't keep track of the 20-80 forums when you want -- in your
email client -- you have to find the websites for each of them.  And 
just now
(and day before yesterday). when I wanted to respond to someone in 
forums (I
read forums too -- no choice for some groups) -- I have to 'sign up', 
but then
I get told that my message is going to be moderated because I don't 
post
enough -- so then I have

Re: [Samba] Samba3 to samba4 migration

2010-06-30 Thread Indexer


 
 Hi,
 We are in the same situation with large user/group/machine set needed to be 
 ported to the new s4 world. The only solution i can see at the moment would 
 be to dump the contents of the appropriate LDAP sections (it being 
 users/group/machines/etc) into ldif(s) in a format acceptable by s4 and then 
 add them using ldbadd (and possbly sync using ldbmodify later on).
 Would it be a worthwhile to add yet another net cmd utility to allow 
 importing stuff from existing LDAP infrastructure (maybe conceptually 
 simmilar to existing vampire cmd)?
 

Slightly off topic, but is Samba4 planning to support openLDAP as a backend, 
potentially, able to convert a live running samba3 PDC with OpenLDAP to samba4 
with no change (for the negative) to users or machines etc? I am just finishing 
deploying samba3 as a PDC with OpenLDAP, but the organisation I am doing this 
for wants to keep OpenLDAP in long term use, with hopefully no disruptions to 
the Users. The ability to upgrade to samba4 on top of this would be exactly 
something that we have in mind (hopefully!)

Thank you four all your continued work, it is greatly appreciated and keeps me 
running one less heater i mean windows server.

William
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] wbinfo recognises my username, smbclient does not

2010-06-30 Thread Rob Moser

Hello folks.

Brand new 3.5.4 install of samba, on a brand new redhat 5.5 install,
trying to connect to a windows domain and allow AD users access.  I used
a series of how-tos to set things up, and modified the smb.conf and
krb5.conf files from an existing (working, 3.2.8) system.  I apparently
join the domain ok, and I can authenticate an AD user using wbinfo, but
when I try to use the same user with smbclient I get a
NT_STATUS_NO_SUCH_USER response.  I thought perhaps that smbclient was
somehow not associating the username with the correct domain, but
explicitly stating the domain didn't help.  Googling about on the
problem found me (among a lot of dross) someone with similar symptoms
who claimed to fix his problem by adding client NTLMv2 auth = Yes to
his smb.conf, so I tried that, but got no joy there either.  Much
diagnostic text follows; apologies for the bulk, but figured its better
to put too much in than leave too much out.

Any suggestions would be most appreciated; thanks.

 - rob.

[r...@dev-acadprtsrv3 log]# kinit -V rmoser
Password for rmo...@students.froot.nau.edu:
Authenticated to Kerberos v5

[r...@dev-acadprtsrv3 log]# klist -5
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: rmo...@students.froot.nau.edu
Valid starting ExpiresService principal
06/30/10 14:19:56  07/01/10 00:20:00
krbtgt/students.froot.nau@students.froot.nau.edu
renew until 07/01/10 14:19:56

[r...@dev-acadprtsrv3 log]# net ads testjoin -U rmoser
Join is OK

[r...@dev-acadprtsrv3 log]# wbinfo -t
checking the trust secret for domain NAU-STUDENTS via RPC calls succeeded

[r...@dev-acadprtsrv3 log]# wbinfo -a NAU-STUDENTS\\rmoser
Enter NAU-STUDENTS\rmoser's password:
plaintext password authentication succeeded
Enter NAU-STUDENTS\rmoser's password:
challenge/response password authentication succeeded

[r...@dev-acadprtsrv3 log]# smbclient -d3 -U NAU-STUDENTS\\rmoser -L
dev-acadprtsrv3.ucc.nau.edu
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file /etc/samba/smb.conf
Processing section [global]
added interface eth0 ip=fe80::9015:73ff:fe64:54cf%eth0
bcast=fe80:::::%eth0 netmask=:::::
added interface eth0 ip=134.114.138.189 bcast=134.114.138.255
netmask=255.255.255.0
Client started (version 3.5.4).
Enter NAU-STUDENTS\rmoser's password:
resolve_lmhosts: Attempting lmhosts lookup for name
dev-acadprtsrv3.ucc.nau.edu0x20
resolve_wins: Attempting wins lookup for name
dev-acadprtsrv3.ucc.nau.edu0x20
resolve_wins: using WINS server 134.114.138.35 and tag '*'
Got a positive name query response from 134.114.138.35 ( 134.114.138.189 )
Connecting to 134.114.138.189 at port 445
Doing spnego session setup (blob length=131)
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.48018.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=cifs/dev-acadprtsrv3.ucc.nau@students.froot.nau.edu
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

[r...@dev-acadprtsrv3 log]# tail /var/log/samba/log.smbd
[2010/06/30 14:12:22.530813,  2] auth/auth.c:314(check_ntlm_password)
  check_ntlm_password:  Authentication for user [rmoser] - [rmoser]
FAILED with error NT_STATUS_NO_SUCH_USER
[2010/06/30 14:22:52.071828,  0] lib/util_sock.c:1505(matchname)
  matchname: host name/address mismatch: :::134.114.138.189 !=
dev-acadprtsrv3.ucc.nau.edu
[2010/06/30 14:22:52.072189,  0] lib/util_sock.c:1626(get_peer_name)
  Matchname failed on dev-acadprtsrv3.ucc.nau.edu :::134.114.138.189
[2010/06/30 14:22:52.072281,  2] lib/access.c:406(check_access)
  Allowed connection from UNKNOWN (:::134.114.138.189)
[2010/06/30 14:22:52.113502,  2] auth/auth.c:314(check_ntlm_password)
  check_ntlm_password:  Authentication for user [rmoser] - [rmoser]
FAILED with error NT_STATUS_NO_SUCH_USER

[r...@dev-acadprtsrv3 log]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section [printers]
Processing section [print$]
Processing section [tmp]
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
workgroup = NAU-STUDENTS
realm = STUDENTS.FROOT.NAU.EDU
netbios aliases = dev-acadprtsrv3.ucc.nau.edu
server string = Samba Server
security = ADS
client NTLMv2 auth = Yes
log level = 2
max log size = 50
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192 SO_KEEPALIVE
printcap name = cups
wins server = 134.114.138.35
idmap alloc backend = tdb
idmap uid = 1 - 400
idmap gid = 1 -

Re: [Samba] Samba3 to samba4 migration

2010-06-30 Thread Amaru Netapshaak

 Hi,

 I'm testing samba 4 in my organization. I have a samba3 domain with LDAP 
 backend. I'm trying migrate workstations and 
users
 from old samba to samba4. Is this possible?

 Thanks,

 Luciano
 luci...@multitasknet.com.br



Hi,
We are in the same situation with large user/group/machine set needed to 
be ported to the new s4 world. The only solution i can see at the moment 
would be to dump the contents of the appropriate LDAP sections (it being 
users/group/machines/etc) into ldif(s) in a format acceptable by s4 and 
then add them using 
ldbadd (and possbly sync using ldbmodify later on).
Would it be a 
worthwhile to add yet another net cmd utility to allow 
importing 
stuff from existing LDAP infrastructure (maybe conceptually 
simmilar to existing vampire cmd)?

Regards

Luk


Hello!

I am in the same boat as well.  I am on a fresh Samba 3.5 / OpenLDAP system and 
I need to get to Samba4.I have S4-alpha12 running successfully, but I need 
to
get my accounts migrated. 

++AMARU


  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba as a Client Accessing Windows 2008 Roaming Profiles

2010-06-30 Thread Nicholas Betcher

Hello,
I am using Samba on Linux as a CLIENT which is accessing Windows Server 2008
and I am trying to setup roaming profiles on the Linux/Samba client. My
Linux distribution is openSUSE 11.3 RC1/Factory and YaST does a very good
job at setting up Kerberos/Samba to join the domain. It all seems to work,
except the Linux profile isn't synchronized back to the Windows domain
server. I assume this is working-as-intended using the configuration I have
setup, but for the life of me I cannot find any configuration information on
how to synchronize Linux profiles so it can be used in a roaming
environment.

I realize that what I'm asking for is likely a hack-job since roaming
profiles are fairly ugly to begin with, but unfortunately there's not many
other options. I am not the network admin, nor do I have admin privileges,
but I am working on this project with the approval of my network admin.
There is some room for minor setup modifications, especially if I can prove
it works, but I would like to do this with as few network-level
modifications as possible.

The setup in my office currently consists of all Windows XP machines using
roaming profiles, but we have some older machines we would like to convert
to Linux in order to avoid spending money on new systems. Because we do not
have enough computers for each user to have their own, we are forced to
allow people to share computers and sit where ever they can (we are a
24-hour call center). Because of this I need the Linux computers to be able
to roam within the network as well. Items preserved just need to include
documents and Linux/Windows settings.

Any suggestions (beyond scrap it all and start over with the proper
solution) are greatly appreciated.

Thanks,
Nick Betcher, CPhT
Certified Pharmacy Technician
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba as a Client Accessing Windows 2008 Roaming Profiles